We had the same issue, until we found this:
https://community.spiceworks.com/topic/277019-printer-deployment-via-group-policy-not-working

Okay so Microsoft as usual 'passed the buck' to others. We have all had to look at creating a Reg policy for Point and Print
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Printers\PointAndPrint
value name="RestrictDriverInstallationToAdministrators"
type=REG_DWORD
value=0

After the most recent updates MS forced the restriction and this still impacts older printer drivers even after the reg hack. After plenty of head scratching and investigations: 1.You must have Type 3 drivers 2. If you have older packages NOT classed as packaged it appears MS still doesn't allow them without issues: using kix script-even if you have disabled the Point and Print registry, the user is still prompted with the 'Trust this printer and install option', to which you need to supply and admin account . Once installed all fine the next time around. IF using GPO Targeting the printer configured in GPO doesn't appear in the printer options list when trying to print. Found the following in the event log of the client machine [even though the driver does exist on the server]

[1]The column where the Package column have 'false' against them will likely be issues:

I had been scratching my head for days testing and wondering why the Brother HL-5450DN worked but not the Brother HL-L8250CDN as there just didn't appear to be a reason for it, well there is thanks to MS. :( So, to sum up: 1. You will require new drivers from the manufacturer’s website. 2. look at ways to possibly build a 'package' to be deployed by systems like SCCM.

Just another shambles!

We experience exactly the same behaviour. I've spent one full day and I think this is a bug in how Microsoft fixed PrintNightmare vulnerability and printer deployment via Deployed Printer Connection GPO.

I'm dumping all test information here in case someone needs it. The tests where performed on Windows Server 2019 print server and Windows 10 clients with latest 2021-12 CU installed, though I don't think OS version matters that much.

First thing you need to understand is that the behaviour and how GPO settings described in this MS article https://support.microsoft.com/en-us/topic/kb5005652-manage-new-point-and-print-default-driver-installation-behavior-cve-2021-34481-873642bf-2634-49c5-a23b-6d8e9a302872 work depends on the type of the driver.

If you are using only V4 drivers there are three possible solutions (choose only one of them):

Solution 1
a) Set Computer Configuration -> Policies -> Administrative Templates -> Printers -> Only use Package Point and Print to Enabled.
b) Set Computer Configuration -> Policies -> Administrative Templates -> Printers -> Package Point and Print - Approved Servers to Enabled and specify FQDN of your print server.
c) Set Computer Configuration -> Policies -> Administrative Templates -> Printers -> Limit print driver installation to Administrators to Disabled.

This will allow to deploy printers via Deployed Printer Connection GPO targeting User Scope. I didn't find any information if this also enables PrintNightmare vulnerability. Here https://support.microsoft.com/en-us/topic/kb5005010-restricting-installation-of-new-printer-drivers-after-applying-the-july-6-2021-updates-31b91c02-05bc-4ada-a7ea-183b129578a7 Microsoft says that CVE-2021-34527 is only present if Point and Print Restrictions GPO is used and nothing about Package Point and Print. Even if it is, the vulnerability should be limited only to the attack vector coming from the FQDN specified earlier. Also, vulnerability should only be exploitable when attacker uses V3 packaged drivers, and not package-unaware drivers.

Solution 2
Use GPP instead of Deployed Printer Connection GPO to deploy printers. This will allow to deploy V4 printers without any other GPO/registry changes.

Solution 3
Change your Deployed Printer Connection GPO to use Computer Configuration instead of User Configuration and apply it to Computers OU instead of Users OU. This again will allow you to deploy V4 printers without any other GPO/registry changes.

If you are using V3 packaged drivers there is only one solution:

Solution 1
a) Set Computer Configuration -> Policies -> Administrative Templates -> Printers -> Only use Package Point and Print to Enabled.
b) Set Computer Configuration -> Policies -> Administrative Templates -> Printers -> Package Point and Print - Approved Servers to Enabled and specify FQDN of your print server.
c) Set Computer Configuration -> Policies -> Administrative Templates -> Printers -> Limit print driver installation to Administrators to Disabled.

This will allow to deploy printers via Deployed Printer Connection GPO targeting User Scope. Again, it is unclear if this enables PrintNightmare vulnerability, but even if it's so, the vulnerability should be limited only to the attack vector coming from the FQDN specified earlier. Also, vulnerability should only be exploitable when attacker uses V3 packaged drivers, and not package-unaware drivers.

If you are using very old V3 package-unaware drivers the solution is a little bit different:

Solution 1
a) Set Computer Configuration -> Policies -> Administrative Templates -> Printers -> Package Point and Print - Approved Servers to Enabled and specify FQDN of your print server.
b) Set Computer Configuration -> Policies -> Administrative Templates -> Printers -> Point and Print Restrictions to Enabled, enable User can only point and print from these servers and specify FQDN of your print server. Also, don't forget set Security Prompts to your liking.
c) Set Computer Configuration -> Policies -> Administrative Templates -> Printers -> Limit print driver installation to Administrators to Disabled.

This will allow to deploy printers via Deployed Printer Connection GPO targeting User Scope, but if you choose to disable Security Prompts in step b) it also enables PrintNightmare vulnerability. Vulnerability can be exploited when using both V3 packaged and package-unaware drivers. It is limited to the attack vector coming from the FQDN specified earlier though. If Security Prompts are enabled vulnerability cannot be exploited.

Since I'm using only V4 drivers and I think it's a bug, I went with first Solution 1 and will wait until MS hopefully comes up with another fix.

Hope this helps.

P.S. I encourage everyone to have Feedback Hub ticket filled regarding this issue. Maybe our voices will be heard at some point.

I had the same issue as this but was able to resolve it by changing the way i mapped printers in GPO.
Initially i was getting this issue when tryng to map printers via the User GPO settings in; User Configuration - Policies - Windows Settings - Deployed Printers

However when i started mapping them using the User Configuration - Preferences - Control Panel Settings - Printers
They started to map every logon and i also didnt get the gp error "Windows failed to apply the Deployed Printer Connections settings. Deployed Printer Connections settings might have its own log file. Please click on the "More information" link."

Hope this helps

Same issue, Windows 10 various versions. We manage printing by users so it's not realistic to do a computer configuration. Deployment works if the user is a local admin but this is not feasible in all circumstances obviously.

We have a few machines that the GPO fails and some that do not. What I have found is KB5005699 was installed on all the machines having an issue. The unfortunate thing is, you cannot remove a servicing stack update, which this appears to be. Servicing stack 10.0.19041.1220. Not 100% if this is the issue, but none of the machines that are working correctly have this servicing stack update. They are all on Win10 version 21h1.

RalfAzevedo-5486, imo this problem has nothing to do with GPO. Windows updates - you can read a lot about, there is option to turn it off, but it`s on your risk. I had to install the updates by myself on most devices, so far it`s not asking to repeat this task. If you have a chance to do it manually, get to each PC try to print test page and if it will ask for permission than accept it with admin login.

I started having similar problems a few weeks ago. Some users started asking for elevation to install the print server driver, something that didn't happen before. Other users from different OUs did not experience the problem.

I checked the GPOs and they are identical, the difference is the OR of each user. Printers have no security restriction, everyone can print to them.

RSOP fails 0x800702e4 in GPO deployment. I don't have the updates installed on the machines, I don't know what to do anymore. All printers are installed by machine and non-user permissions.

Anyone with any solution to help me?

A technician of us found the following solution to this:

reg add "HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\Printers\PointAndPrint" /v RestrictDriverInstallationToAdministrators /t REG_DWORD /d 0 /f

Adding the above registry key to the client seems to have solved the issue. The queue is deployed automatically and the error message when doing a gpupdate is gone.

Solutions found on:
https://www.computerworld.com/article/3630629/windows-print-nightmare-continues-enterprise.html

We are not sure about the security aspects of this solution. It may however be a better one than giving local admin rights.

So I ran into this issue as well recently and the only workaround I found was to set the user as a local admin on the machine they were using.

Once they were set as an administrator, ran GPUpdate /force, logged out and logged back in and all of the printers installed. Not a great solution, as it involved touching every machine but at least I can get it installed.