question

Roberto-9646 avatar image
0 Votes"
Roberto-9646 asked Roberto-9646 commented

GPO not mapping printers at times

Hello.

Our clients run Windows 10 Enterprise, and the domain controllers are still Windows Server 2012 R2.

Recently many users report that they don't see the printers when logging onto some PCs but they see them when logging onto other PCs.
This happens both for users with roaming and local profiles.
Printers are mapped for users via GPO, with option "Run in logged-on user's security context.." enabled.

When users then try to map the printer manually, they are asked for administrator credentials for installing the driver, and of course at that point they call the helpdesk.

I tried to run gpupdate/force but it didn't help.
gpresult reports the gpo has been received.
Once I install the device drivers on the client, the printers are mapped for the users.


Can anybody help me sort this out?

Thank you and best regards.
Roberto

windows-group-policywindows-server-print
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

yagmoth555 avatar image
0 Votes"
yagmoth555 answered Roberto-9646 commented

Hi

Microsoft release a new KB that affect the point and print behavior.

See that link for detail; https://support.microsoft.com/topic/873642bf-2634-49c5-a23b-6d8e9a302872

To resume it, you need new registry to make it act like before.

HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\Printers\PointAndPrint
RestrictDriverInstallationToAdministrators, 0


It was to prevent a security risk they changed the way they do it, just to state it, as making the registry change can open you to a risk.


· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Hi @yagmoth555
Hi @LimitlessTechnology-2700

Thank you. That solved the problem. :-)
Roberto

1 Vote 1 ·
LimitlessTechnology-2700 avatar image
0 Votes"
LimitlessTechnology-2700 answered

Hello Roberto,

This is due to recent updates to protect from the PrintNightmare exploit.

Microsoft released an article regarding the printer and printer driver management post patching:

https://support.microsoft.com/en-us/topic/kb5005652-manage-new-point-and-print-default-driver-installation-behavior-cve-2021-34481-873642bf-2634-49c5-a23b-6d8e9a302872

Hope it helps,



--If the reply is helpful, please Upvote and Accept as answer--

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.