how to fix September 2021 cumulative patch network printing

OES Tech 61 Reputation points
2021-10-14T15:53:14.74+00:00

I've got a Windows 2016 print server. It hosts some Xerox copiers, older HP Laserjet printers using native drivers, and new HP Laserjet printers using the HP universal driver.

The clients are a mixture of Windows 10 and MacOS Big sur.

I installed the September cumulative quality update and many of our users are unable to print. All of the MacOS users for sure and they are the majority of users. I had to uninstall the patch (KB5005573 and KB5006669) to allow printing to resume.

So I'm not sure where to go from here. I found many articles talking about registry hacks to bypass the changes, but they have not worked on my test print server.

I tried:
HKLM\software\policy\microsoft\Windows NT\Printers\PointAndPrint\RestrictDriverInstallationToAdministrators=0
and
HKLM\software\policy\microsoft\Windows NT\Printers\CopyFilesPolicy=1

  1. if someone could help me with the correct registry changes to remove the new changes and allow the Print nightmare vulnerability, that would be a start.
  2. But then at some point I need to fix the server so we can do network printing in a secure way. I haven't really seen anything about this. I looked at the Xerox site and the newest Color C70 driver for Windows is from 2016? So what do I do?

Help

Windows Server 2016
Windows Server 2016
A Microsoft server operating system that supports enterprise-level management updated to data storage.
2,368 questions
Windows Server Printing
Windows Server Printing
Windows Server: A family of Microsoft server operating systems that support enterprise-level management, data storage, applications, and communications.Printing: Printer centralized deployment and management, scan and fax resources management, and document services
640 questions
0 comments
Accepted answer
  1. Alan Morris 1,156 Reputation points
    2021-10-14T16:17:21.467+00:00

    Hi,

    For Windows only environments, make sure ALL Windows systems have the same patched version. Windows 7 will not get this protocol version update.

    For mixed environments, Win7 and or Macs, adding the registry key to disable the new default is the way to go.
    https://support.microsoft.com/en-us/topic/managing-deployment-of-printer-rpc-binding-changes-for-cve-2021-1678-kb4599464-12a69652-30b9-3d61-d9f7-7201623a8b25

    Add HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Print\RpcAuthnLevelPrivacyEnabled with a value of 0

    Please read the MS article on this protocol change.

    It's designed to prevent non Windows connections for printing.

    Thanks

    0 comments

3 additional answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. OES Tech 61 Reputation points
    2021-10-14T16:39:28.083+00:00

    YES! that worked on my test server. I applied that registry change you suggested from the article and my Mac can now print.

    0 comments
  2. Alex Kragh Jensen 1 Reputation point
    2021-10-15T09:45:42.117+00:00

    I also applied that registry change, but it doesn't works on macOS Big Sur but on Windows
    Any ideas ?

    0 comments
  3. Emmanuel Piquant 0 Reputation points
    2023-09-26T10:51:25.8733333+00:00

    I need fix my printer

    0 comments