We have a central print server which manages most of our printers, including at remote offices - the remote offices are small and the users who work in them do all their work on Server 2019 terminal servers (which are hosted in the same location as the print server). If a user goes to a remote office they don't normally use, they can just install the appropriate printer driver on their terminal server session. Likewise, if a user from a remote office logs into a domain W10 machine in the head office, they can install the driver for a printer there. All worked fine up until now, and only one place to keep drivers up to date and set printing defaults.
Unfortunately, Microsoft's attempt to fix the PrintNightmare bug (https://www.theregister.com/2021/08/11/printnightmare_mitigation/) seems to have utterly broken it.
Now, it's only possible to install a printer driver if actually logged in with an admin account. If it's a non admin account, and the user searches for a printer (using either the settings app or control panel), it find the printer on the print server, then a UAC prompt appears. This would be a pain to manage even if it worked as a screen share would be needed with an admin, but actually it doesn't work - even if valid admin credentials are entered, it still fails to install:
Both W10 and Server 2019 do exactly the same. Anyone got any suggestions? Installing local copies of the print driver on every machine is not a viable solution, nor is giving the users local admin rights (especially where the terminal servers are concerned).
Thanks