Windows GPO printer deployment not appearing for new profiles

kellyredbook

12/14/22, 1:20 PM

Old printers that have always deployed via Print Management > Deploy via GPO are now not deploying for new profiles.

the only Changes have been to my Settings GPO with regard to PrintNightmare and disallowing point and print... Under Computer>Policies>AdminTemps>Printers>Point and Print Restrictions>

Users can only point and print to these servers> disabled Users can only point and print to machines in their forest > disabled When installing drivers for a new connection > show warning and prompt When updating drivers for an existing connection > show warning and prompt

But New printers do not appear. If I try to deploy the printer via User preferences (instead of the Print management > deploy via GPO) it complains about the driver not being available on the client PC.

1790

1 + 4

windows

group-policy

shared-printers

Greg Askew

12/14/22, 3:23 PM

That may be related to the change in default behavior in Point and Print. See: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-34481 https://support.microsoft.com/en-us/topic/kb5005652-manage-new-point-and-print-default-driver-installation-behavior-cve-2021-34481-873642bf-2634-49c5-a23b-6d8e9a302872

kellyredbook

12/14/22, 4:47 PM

Okay, confirming now. How do i allow users to only install drivers from the official print server in the org? Do i have to change the default policy back?

Greg Askew

12/14/22, 6:01 PM

If you wanted to back out, add the registry value `HKLM\Software\Policies\Microsoft\Windows NT\Printers!PointAndPrintRestrictDriverInstallationToAdministrators` to 0 in a GPO. But you also should configured allowed Point and Print servers. Otherwise anyone can escalate to system in a trivial way.

kellyredbook

12/14/22, 11:10 PM

go make than an answer and i'll mark it. This helped me down the right path to solve the problem.

Score:2

Server

Greg Askew

12/14/22, 11:30 PM

If you wanted to back out, add the registry value HKLM\Software\Policies\Microsoft\Windows NT\Printers!PointAndPrintRestrictDriverInstallationToAdministrators to 0 in a GPO. But you also should configured allowed Point and Print servers. Otherwise anyone can escalate to system in a trivial way

0 + 0

Elon Musk

I sit in a Tesla and translated this thread with Ai:

EN: Windows GPO printer deployment not appearing for new profiles

TH: การปรับใช้เครื่องพิมพ์ Windows GPO ไม่ปรากฏสำหรับโปรไฟล์ใหม่

RO: Implementarea imprimantei GPO Windows nu apare pentru profilurile noi

RU: Развертывание принтера Windows GPO не отображается для новых профилей

VI: Triển khai máy in Windows GPO không xuất hiện cho cấu hình mới

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.