Due to new corporate security protocols, I need to get an Plug and Play printer. Any recommendations ? Thank you.

​​​​​​Any specific requirements? Plug and play is also a bit nebulous... Many older printer drivers are often included in the OS image as well as universal drivers... But they often need to be updated...

Thanks. It is just for very basic printing and low volume. The only requirement is that it cannot involve me downloading any drives, etc. - new corporate safety protocol.

You have to check and find a printer that has drivers built in to the OS you use.

For example:

https://help.brother-usa.com/app/ans...s---windows-10

Hard to go wrong with a basic Brother printer or all-in-one these days. Skip the fancy stuff, and make sure that the drivers are built into whatever OS you use.

-David

So I would recommend an HP... A slightly older model maybe. Or definitely make sure the printer supports universal drivers (unfortunately I haven't bought a printer in years) but a quick check of the HP web site vs the printer you want should be able to confirm if universal drivers support it.

Or if you want to throw it back in the corporate security team's lap, ask them for a list of printers supported in the corporate image. Kind of irresponsible of them to issue this kind of directive without creating such a list. It should list some printers in a range of prices...

I was in the same situation, bought an all-in-one HP for less than 100€, works fine for our needs

https://support.microsoft.com/en-us/...f-727e4978638b

I'd say the odds are very good that any printer you select will be able to do basic printing without the need for downloading or installing any drivers.

If the printer drivers (universal or not) are included in the initial image. Many corporate IT teams strip down/dictate to the manufacturer the image they use on their laptops. This is to save space but also control the attack surface on any device attached to their network. For home-based systems, some of the smaller manufactuers (as an example) strip out non-native language packs from their image (If you look at the chinese manufacturers, they often strip out all the language packs except for chinese and sometimes english).

If it's the legit base image from MS, then chances are it will have it. But corporate images (if the company is large enough) are a different beast.

I would probably do both of these. Get a cheap HP from Target, Walmart, Meijer and see if that works. If not, return it and tell corporate security that you tried but were unable to find a printer that meets their specifications, would it be possible for them to provide a list of printers that are verified to work.

My guess is someone in IT convinced someone in the C-suite that has zero technical knowledge or has ever set up a printer that this change needed to happen with zero thought of the ramifications.

Generally IT c-suite people tend to have at least some idea (depending on the company of course). If this were the more general c-suite teams, maybe. But in my experience, technical c-suite tend to be quite knowledgeable. What I find is more common is where the security team and the IT department identify an attack surface and then implement a policy without working their way through it (and dragging the c-suite with them). I have seen directives come down that have not had much thought provided and it doesn't get flagged as a concern until it gets to the engineering team or implementation teams.

In this case, one of the teams must have identified drivers as a vulnerability for their scenario (eg, they notice lots of unidentified devices appearing in their asset library which require specialized drivers). This likely caused a knee-jerk directive from the security team (and a potentially messy cleanup job for the support desk/engineering team). I would have suggested a review of the unidentified devices to understand what is being plugged in (categorized, reviewed for security implications and risk analysis) list what device driver packs are included in the gold image (hopefully removing obsolete, useless or risky drivers).... then publish a list of supported devices in a support portal and then broadcast the directive (there are some other steps, but you get the idea).

Industrial espionage is big business these days so it's not a surprise. It's just the implementation that is a concern. A lot of teams are running around with their heads cut off due to all the new security issues being identified (on a near daily basis it seems)