698 questions
This was caused by a race condition between Windows components on start-up.
KB5005652 / CVE-2021-34481: RestrictDriverInstallationToAdministrators as 0 still overrides Point and Print Group Policy settings
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(51.2, 38%, 14%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EV%3C/text%3E%3C/svg%3E)
Viajaz
96
Reputation points
KB5005652 - Manage new Point and Print default driver installation behavior (CVE-2021-34481) says:
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\Printers\PointAndPrint\RestrictDriverInstallationToAdministrators
...
Setting the value to 0 allows non-administrators to install signed and unsigned drivers to a print server but does not override the Point and Print Group Policy settings.
I have tried a clean lab with Windows Server 2019 as domain controller and fully patched Windows 10 Enterprise 20H2 system and this does not appear to be the case. The existence of the RestrictDriverInstallationToAdministrators registry item appears to disable Point and Print Group Policy settings making the alternative mitigations "Permit users to only connect to specific print servers that you trust" and "Permit users to only connect to specific Package Point and Print servers that you trust" not possible.
Is this a bug or am I doing something wrong?
Windows for business | Windows Server | User experience | Print jobs
Windows for business | Windows Client for IT Pros | User experience | Other
Accepted answer
1 additional answer
Sort by: Most helpful
-
Limitless Technology 39,921 Reputation points2021-10-12T14:11:09.41+00:00 Hi there,
This article provides a solution to an issue where the Point and Print Restrictions policies are ignored when a standard user tries to install a network printer.
https://learn.microsoft.com/en-us/troubleshoot/windows-client/group-policy/point-print-restrictions-policies-ignored------------------------------------------------------------------------------------------------------------------------
If the reply is helpful, please Upvote and Accept it as an answer
-
Viajaz 96 Reputation points
2021-10-13T00:08:44.6+00:00 The Point and Print Restrictions Policies are already under Computer Configuration in the Group Policy Object used to deploy them.
Sign in to comment -