Im my case I have to roll back to version 61.180.1.20062 ( 61.196.1.22169 and 61.255.1.24923 are working only on server but not from clients) on my 2016 print-server. After it all clients, connected to printer through gpo started to print. I have to mention that I have no registry tweaks. Policies are set to disable point and print settings.
Microsoft's PrintNightmare update is causing a lot of problems with network printers mapped on a print server
Dears,
the latest Windows updates is causing a lot of problems with network printers mapped on a print server.
Reference:
KB5005652—Manage new Point and Print default driver installation behavior (CVE-2021-34481)
Managing deployment of Printer RPC binding changes for CVE-2021-1678 (KB4599464)
The two recent patches (KB5004945, KB5004760, or KB5003690) causes these two main problems:
- unable for users without administrative rights to install new print drivers.
The end user receive this error
2) unable to use the print server with the new registry key RpcAuthnLevelPrivacyEnabled
The system logs reports this error: 0x0000011b
The two workarounds that you have to apply to survive and allow corporate users to be able to use the print server are:
- Even if you have a GPO with "Point and Print Restrictions=disabled", you have to apply this registry key to allow non administrative users to install the latest print drivers from the print server
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\Printers\PointAndPrint
RestrictDriverInstallationToAdministrators = 0
2) Apply this registry key to disable the new default settings related to the print spooler vulnerabilities
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Print
RpcAuthnLevelPrivacyEnabled = 0
The above workarounds are only a temporary solution to survive and allow users to print.
What is unclear to me is what should be the right way to manage these settings in a corporate environment without any end user interaction.
So, if I want to be protected and apply the recent security fixes without asking the end users to do something, what should I do?
Microsoft states that you need to set "RpcAuthnLevelPrivacyEnabled" to "1" on both Client and Print Server in order to be protected, but if you do this, you can't print.
So, what should we do in a Corporate environment to be secure and print without any end user interaction about "driver installation" etc.?
Thanks in advance
16 answers
Sort by: Most helpful
-
-
Alan Morris 1,161 Reputation points
2022-10-18T20:13:11.217+00:00 The disabling the Point and Print restriction policy should only take hold when the user is admin on the client system. For standard users I expect the popups.
-
Norbert 0 Reputation points
2023-03-14T13:30:43.47+00:00 Hi everyone,
just found this thread here. We are running a similar problem.
We use HP Printer of this type: HP PageWide Color MFP E58650
Every Printer is spooled on a WIN2019 Server
We run this driver:
We get the above failure only on one specific printer and here only on Paperfeed 3 .
Feed 1 and 2 work fine.
Yes, we tried all drivers we could find.
Curious about your answers an suggestion.
Failure still exists, Problem not solved.
Many thanks in advance.
Norbert
-
Norbert 0 Reputation points
2023-03-14T15:24:22.7466667+00:00 Hi Alan,
sorry, but it is the Standard TCP-Port
-
Norbert 0 Reputation points
2023-03-15T10:35:12.59+00:00 Ok, some more information.
Printer is equipped with one extra paper tray, called feed 3.
So
feeder 1 is manual
Tray 2 is standard built in
Tray 3 is optional
Printer is configured correctly. All trays are recognized.
Has anyone heard about problems adressing tray 3 in combination with the shown error message?
I am getting cosy with the idea, it could be a problem with the additional hardware?