Home
Join
check
  • mSumo wrote:

    Hi all,

    I've recently added a new printer (Xerox DocuCentre SC2020) to our network. Was 1st time I was adding one, so dont have much experience with it...

    Anyway, I've found some guidence online and all seemed to be working fine - I've added the printer to Print Server and deployed via GPO, and was able to print. When I was adding the printer to server, I had to download and install the driver to the print server as it was not available there.

    Now, users (using Win 10 or 11) can see the printer, however some of them are asked to install a driver when trying to connect to it. 

    I expected that the driver would be somehow deployed to users from Print Server? ... or what is the step that I missed here? 

    thanks ;)

    We have been doing the following on the GPOs.

    https://anthonyfontanez.com/index.php/2021/08/12/printnightmare-point-and-print/

    Spice (1) flagReport
    Was this post helpful? thumb_up thumb_down
  • View Best Answer in replies below

    13 Replies

    • From my experience, users also need the driver somehow, it isn't automatically there for them.

      Was this post helpful? thumb_up thumb_down
    • well.... those guides that I've found were mentioning that when users add the printer, it should download the driver from print server automatically.... It actually worked that way when I was adding the printer to a testing computer - driver was installed automatically.... Maybe because I was logged in as administrator and some users are missing permissions or smthing? Not sure.... :/

      Was this post helpful? thumb_up thumb_down
    • It looks like what you're looking at, is the deployment of the driver from the print server. The computers ARE downloading the driver for install by the looks of it. However, the snag you'll run in to is that if they've got standard user privileges, they will not have sufficient permission to install the driver. Some people may already have the driver installed for one reason or another, and as such, they can just add the printer (not the same as installing the driver).

      If you've got admin permissions, the act of adding a printer, and downloading the driver from the print-server first before adding the printer, will look like pretty much the same process

      Spice (2) flagReport
      1 found this helpful thumb_up thumb_down
    • mSumo wrote:

      Hi all,

      I've recently added a new printer (Xerox DocuCentre SC2020) to our network. Was 1st time I was adding one, so dont have much experience with it...

      Anyway, I've found some guidence online and all seemed to be working fine - I've added the printer to Print Server and deployed via GPO, and was able to print. When I was adding the printer to server, I had to download and install the driver to the print server as it was not available there.

      Now, users (using Win 10 or 11) can see the printer, however some of them are asked to install a driver when trying to connect to it. 

      I expected that the driver would be somehow deployed to users from Print Server? ... or what is the step that I missed here? 

      thanks ;)

      We have been doing the following on the GPOs.

      https://anthonyfontanez.com/index.php/2021/08/12/printnightmare-point-and-print/

      Spice (1) flagReport
      Was this post helpful? thumb_up thumb_down
    • Keep in mind if you are using V4 drivers they have to installed on the workstations before connecting to the print server. Drivers are not automatically downloaded from the server.

      Spice (1) flagReport
      Was this post helpful? thumb_up thumb_down
    • The Repairatrooper​ - I've just checked it and it is Type 3 driver

      SamGates1​ - yea... looks like this may be the issue. 

      dbeato - I will have a look at your link and test it, thanks.... Thought it will be easier - just to "tick" something somewhere :D... Also looks like Point and Print could pose some security issue as MS tries to   locked down that feature...

      Just wondering - is there a way to deploy Type 3 driver directly via GPO to users? Looks quite crazy that the driver has to be installed on machines only with administrator permission :? 

      Spice (1) flagReport
      Was this post helpful? thumb_up thumb_down
    • mSumo wrote..

      Just wondering - is there a way to deploy Type 3 driver directly via GPO to users? Looks quite crazy that the driver has to be installed on machines only with administrator permission :? 

      I've tended to use scripts to install the driver packages in silent mode, and attached the install script to a computer level GPO.

      Was this post helpful? thumb_up thumb_down
    • gosh... what a nightmare.... I'm not good at scripts :/

      Anyway, I've tried to add the printer as administartor on user's laptop (via administrator account) - printer was added sucessfully. However, when I switched the account back to the user, the printer was not there and again got message below. The printer doesnt have "executable" driver so can't just download and install as administrator in users account....ahhh...  


      Was this post helpful? thumb_up thumb_down
    • dbeato​ ... I've just configured the GPO as per your link... Will test it tomorrow ;)

      • local_offer Tagged Items
      • dbeatodbeato
      Spice (1) flagReport
      Was this post helpful? thumb_up thumb_down
    • dbeato​ - so I've tested it... spent hours trying to solve it, but still not working :/... I've done some additional research online and added few extra things to GPO, but didn't help either.... Below is what I have configured and results:

      • Configured extra
        • Computer Configuration > Policies > Windows Settings > Security Settings > Local Policies > Security Options. Find the policy Devices: Prevent users from installing printer drivers -> DISABLED
        • Computer Configuration > Policies > Administrative Templates > System > Driver Installation > Allow non-administrators to install drivers for these device setup classes {4658ee7e-f050-11d1-b6bd-00c04fa372a7} and {4d36e979-e325-11ce-bfc1-08002be10318}
      • then configured from your link
        • Point and Print Restrictions for Computers and also Users
        • HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Printers\PointAndPrint\ RestrictDriverInstallationToAdministrators =0
      Results:

      • When I use printer server name only (like "abc") then I get message that "We can't install this printer at the moment. Try again later or contact your network admin for help"
      • When I use FQDM of printer server, I get message "Printer isn't available because your network administrator has restricted access to it"
      • When I set Point and Print to DISABLED, I get again "Printer isn't available because your network administrator has restricted access to it"

      When I check the registry on testing machine (WINDOWS 11), I can see all the setting there under " HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Printers\PointAndPrint\" ... soo it seems to be applied correctly

      From what I've read, I should be getting some warnings when adding printer - like "Do you trust this printer" or asked for Admin credentials when adding printer. But all I get is are those messages above,,,

      What am I missing here??? 

      Here is my GPO




      • local_offer Tagged Items
      • dbeatodbeato
      Was this post helpful? thumb_up thumb_down
    • mSumo​ I am going to check today the GPO I have setup for this. 

      • local_offer Tagged Items
      • mSumomSumo
      1 found this helpful thumb_up thumb_down
    • so... I've spent another severa hours on this.... Looks like the issue is the driver (it's Type 3)... When I tried to use another one - Xerox WorkCenter driver for example - which is type 4, the printer was added to users via GPO with no issue.... However, as it is not the proper driver, it is causing some issues when printing... :/

      Was this post helpful? thumb_up thumb_down
    • finally found V4 driver for my printer and all is working fine now. Cloud not make it work with v3...
      thanks all for your help
      Was this post helpful? thumb_up thumb_down

    Read these next...

    • What laptop(s) to buy for workplaces?

      What laptop(s) to buy for workplaces?

      Hardware

      Hi everyone,At a customer they are looking for new laptops for certain workplaces.There are 2 variants involved:- Basic laptops, to perform very light tasks (internetting, e-mail, Excel/Word).- Laptops for management, these need to be a bit faster, but ar...

    • The SOC Briefing for July 1st - Summer here we go

      The SOC Briefing for July 1st - Summer here we go

      Security

      Good morning and welcome to today's briefing. Apologies for not posting last week, the weekend got ahead of me and didn't have time to post. But today we have a lot of updates from various vendors including Microsoft, QNAP (seems to be a lot here) and the...

    • Snap! SessionManager malware, Chrome pwds, PowerShell, moon base, Starlink, etc

      Snap! SessionManager malware, Chrome pwds, PowerShell, moon base, Starlink, etc

      Spiceworks Originals

      Your daily dose of tech news, in brief. While it feels almost like another lifetime, I do recall when music wasn't available on my phone to listen to. But even before that, there was a time when music on the go was not readily available. But, on Ju...

    • Spark! Pro series – 1st July 2022

      Spark! Pro series – 1st July 2022

      Spiceworks Originals

      I didn’t have a Walkman at least not until they came out with the CD version.  Nope, I had a knock off made by a company named Craig.  But, that Craig, played hours and hours of music.  I believe it still worked...

    • Change DNS zone to AD integrated

      Change DNS zone to AD integrated

      Networking

      I have a client who is running a single server 2008 that is the DC and File Server. We just added a new server 22 to replace the old server. It joined to domain fine and promoted it to dc but noticed that DNS was not replicating even though everything els...