Add Network Printer

What the network printer deployment Worklet does

This Automox Worklet™ installs a shared network printer on Windows endpoints by registering a logon-triggered scheduled task that runs Add-Printer -ConnectionName \\<prntSvr>\<shareName> in the user's session. You set three policy variables: $prntSvr (the print server name or IP, no backslashes), $shareName (the printer's share name), and $fName (a friendly-name fragment used for matching, with wildcards applied automatically).

The scheduled task is named Add_Printer_<shareName> and is registered at the root task path with PowerShell.exe -WindowStyle Hidden -EncodedCommand <Base64>. The Base64 encoding (added in version 1.0.3) is what lets share names with spaces and special characters survive the schtasks command line. The task runs as the built-in Users group with logon trigger type 9, so each interactive user picks up the printer on their next sign-in.

The Worklet is self-cleaning. Once Get-Printer on the endpoint shows the configured share installed, the next remediation cycle unregisters the scheduled task so it does not keep re-running at every logon for the life of the endpoint.

Why deploy network printers through Automox

Group Policy printer deployment only reaches Active Directory–joined endpoints whose users sign in on a domain-connected network. Entra-joined laptops, hybrid-joined Surfaces on residential Wi-Fi, and shared-warehouse workstations fall outside that scope, and the help desk ends up walking each user through Add-Printer in Settings.

Apply this Worklet through the policy that already covers your user-facing Windows endpoints, supply the print server and share, and every targeted endpoint gets the printer attached to the next interactive logon. The logon-trigger model installs the connection in the user's profile (matching the behavior users expect from a Group Policy preference) and the self-cleanup step keeps the scheduled-task surface area small once the printer is in place.

How network printer deployment works

1. Evaluation phase: Get-Printer is called and the results are filtered for ComputerName -like $prntSvr and Name -like *$fName*. If the printer is installed and the Add_Printer_<shareName> scheduled task is still present, the endpoint is flagged for cleanup (exit 2). If the printer is installed and no task exists, the endpoint is compliant (exit 0). If the printer is missing, the endpoint is flagged for remediation (exit 2).

2. Remediation phase: When the printer is already installed and the task lingers, Unregister-ScheduledTask removes Add_Printer_<shareName>. When the printer is missing, the script builds a PowerShell payload that runs Add-Printer -ConnectionName \\$prntSvr\$shareName after a Test-Connection reachability check, Base64-encodes the payload, and registers it through the Schedule.Service COM object with a logon trigger (type 9) and the Users principal. The task is created at the root task folder with RegisterTaskDefinition(..., 6, "Users", $null, 4).

Network printer deployment requirements

• Windows 10, Windows 11, or Windows Server 2016 and later with PowerShell 5.1 or PowerShell 7 and the PrintManagement module (Get-Printer, Add-Printer) available

• SYSTEM context for the Automox agent (default) so it can call Register / Unregister through the Schedule.Service COM object at the root task path

• $prntSvr set to the print server name or IP without leading backslashes (for example SERVER-WC01)

• $shareName set to the exact printer share name (spaces are supported through the Base64-encoded task command)

• $fName set to a unique partial match for the printer's installed name (typically the model number such as mx470); wildcards are applied automatically

• Network reachability from each endpoint to the print server's SMB share over TCP 445; the scheduled-task payload also runs Test-Connection before calling Add-Printer

• Printer driver available either through Windows Update Point and Print or pre-staged via a separate driver-install Worklet; the user account must have rights to download the driver from the print server when directory services are not in use

Expected printer state after deployment

After the first remediation pass, every targeted endpoint has a scheduled task named Add_Printer_<shareName> at the root task path, registered as RunAs Users with a logon trigger. On the next interactive sign-in the task fires, the Base64-encoded PowerShell payload calls Add-Printer -ConnectionName \\<prntSvr>\<shareName>, and the printer appears in the user's Devices and Printers within seconds.

On the next evaluation cycle Get-Printer reports the shared printer as installed, the Worklet flags the endpoint for cleanup, and the remediation step removes the now-unneeded scheduled task. Validate by running Get-Printer in a user session to confirm the share path, then Get-ScheduledTask -TaskName Add_Printer_<shareName> to confirm the task is gone after the cleanup pass. If a user reports the printer missing, the most common cause is that Add-Printer failed inside the scheduled task because the user does not have driver-download rights on the print server; grant the user the printer ACL on the server and the next logon will install the connection.