GPO not mapping printers at times

Question

Hello.

Our clients run Windows 10 Enterprise, and the domain controllers are still Windows Server 2012 R2.

Recently many users report that they don't see the printers when logging onto some PCs but they see them when logging onto other PCs.
This happens both for users with roaming and local profiles.
Printers are mapped for users via GPO, with option "Run in logged-on user's security context.." enabled.

When users then try to map the printer manually, they are asked for administrator credentials for installing the driver, and of course at that point they call the helpdesk.

I tried to run gpupdate/force but it didn't help.
gpresult reports the gpo has been received.
Once I install the device drivers on the client, the printers are mapped for the users.

Can anybody help me sort this out?

Thank you and best regards.
Roberto

Answer 1

Hi

Microsoft release a new KB that affect the point and print behavior.

See that link for detail; https://support.microsoft.com/topic/873642bf-2634-49c5-a23b-6d8e9a302872

To resume it, you need new registry to make it act like before.

HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\Printers\PointAndPrint
RestrictDriverInstallationToAdministrators, 0

It was to prevent a security risk they changed the way they do it, just to state it, as making the registry change can open you to a risk.

Answer 2

Hello Roberto,

This is due to recent updates to protect from the PrintNightmare exploit.

Microsoft released an article regarding the printer and printer driver management post patching:

https://support.microsoft.com/en-us/topic/kb5005652-manage-new-point-and-print-default-driver-installation-behavior-cve-2021-34481-873642bf-2634-49c5-a23b-6d8e9a302872

Hope it helps,

---

--If the reply is helpful, please Upvote and Accept as answer--