Windows OS Hub
  • Windows Server
    • Windows Server 2022
    • Windows Server 2019
    • Windows Server 2016
    • Windows Server 2012 R2
    • Windows Server 2012
    • Windows Server 2008 R2
    • SCCM
  • Active Directory
    • Active Directory Domain Services (AD DS)
    • Group Policies
  • Windows Clients
    • Windows 11
    • Windows 10
    • Windows 8
    • Windows 7
    • Windows XP
    • MS Office
    • Outlook
  • Virtualization
    • VMWare
    • Hyper-V
    • KVM
  • PowerShell
  • Exchange
  • Cloud
    • Azure
    • Microsoft 365
    • Office 365
  • Linux
    • CentOS
    • RHEL
    • Ubuntu
  • Home
  • About

Windows OS Hub

  • Windows Server
    • Windows Server 2022
    • Windows Server 2019
    • Windows Server 2016
    • Windows Server 2012 R2
    • Windows Server 2012
    • Windows Server 2008 R2
    • SCCM
  • Active Directory
    • Active Directory Domain Services (AD DS)
    • Group Policies
  • Windows Clients
    • Windows 11
    • Windows 10
    • Windows 8
    • Windows 7
    • Windows XP
    • MS Office
    • Outlook
  • Virtualization
    • VMWare
    • Hyper-V
    • KVM
  • PowerShell
  • Exchange
  • Cloud
    • Azure
    • Microsoft 365
    • Office 365
  • Linux
    • CentOS
    • RHEL
    • Ubuntu

 Windows OS Hub / Windows 10 / Unable to Install Print Driver after KB3170455

October 7, 2016 Windows 10Windows 7Windows Server 2008 R2

Unable to Install Print Driver after KB3170455

We have found an unpleasant problem with one of Microsoft security updates released in July. We mean KB3170455 released on July, 12, 2016. After the installation of this update, the problem of network printer connection may appear in the domain.

The problem has manifested itself as follows: when trying to install (connect) a printer from the Print Server (running Windows Server 2008 R2) on the domain clients (Windows 10, Windows 7), the following error appears:

A policy is in effect on your computer which prevents you from connecting to this print queue.

Connect to Printer

A policy is in effect on your computer which prevents you from connecting to this print queue. Please contact your system administrator.

With some printer models, another warning appeared when trying to connect a network printer:

Do you trust this printer?

Windows needs to download and install a software driver from \\PrintServer_Name computer to print to Printer_Name. Proceed only if you trust the \\PrintServer_Name and the network

Do you trust this printer? Windows needs to download and install a software driver from \\PrintServer_Name computer to print to Printer_Name

When clicking Install driver, the UAC window appears prompting to enter the administrator login and password. Although, earlier users could easily connect these printer (the policy that allows common users to install printer drivers without the administrative privileges).

Having compared the installed updates on the problem computers, we have found that the issue appears on the computers having the KB3170455 (MS16-087: Description of the security update for Windows print spooler components: July 12, 2016) update installed. Indeed, after this update is deleted, printers are connected correctly.

wusa.exe /uninstall /kb:3170455 /quiet /norestart

Note. All ways to uninstall updates in Windows correctly

But there is nothing wrong with the update, since it fixes a certain critical vulnerability in Windows print spooler. The update also suggests showing a warning if a user tries to install untrusted or unsigned printer drivers. In Windows 10, this update is integrated into the cumulative update that couldn’t be rolled back. So you won’t be able to solve the problem by simply uninstalling the update.

The article https://support.microsoft.com/en-us/kb/3170005 specifies the criteria the printer drivers have to match to be correctly installed on the clients:

  1. The driver has to be trusted (signed with the trusted digital signature)
  2. The driver has to package-aware (Package-aware print drivers). Non-package-aware v3 printer drivers won’t be able to be installed in Point and Print Restrictions mode

So Microsoft recommends:

  1. To substitute the drivers on Print Servers for package-aware ones (Package-aware V3). You can find out whether the driver is package-aware using Print Manager. Open the Drivers section, if the driver is package-aware it will have the True status in the Packaged column. packaged printer driverYou will only have to enable Point and Print Restrictions policies (in Computer Configuration > Policies > Admin Templates > Printers and User Configuration > Policies > Admin Templates > Control Panel > Printers) and check Do not show warning or elevation prompt. In addition, specify the FQDN names of trusted Print Servers.
  2. If the drivers are obsolete and could not be updated, it is recommended to preinstall them on the client PCs. In this case, there will be no problems with printer connections.
Note. There is a little trick for Canon, Sharp, Konica Minolta printers that makes a system think that the driver is package-aware. To do it, open the HKLM\System\CurrentControlSet\Control\Print\Enviroments\Windowsx64\Drivers\…\Driver name\ branch of the registry on the Print Server and change the value of  PrinterDriverAttributes key for the specific driver by adding 1 to the current value. In my case, the attribute value has been equal to 5, and I have changed it to 6. The same has to be done for the driver attribute in HKLM\System\CurrentControlSet\Control\Print\Enviroments\Windowsx NT x86\Drivers…\Driver name\. After the restart, Canon network printers start to connect without any warnings.

1 comment
0
Facebook Twitter Google + Pinterest
previous post
KB3161949 Breaks SMB over NETBIOS Access Outside the Local Subnet
next post
Granting Remote Access on SCManager to Non-admin Users

Related Reading

Using PowerShell Behind a Proxy Server

July 1, 2022

How to Deploy Windows 10 (11) with PXE...

June 27, 2022

Checking Windows Activation Status on Active Directory Computers

June 27, 2022

Configuring Multiple VLAN Interfaces on Windows

June 24, 2022

How to Disable or Enable USB Drives in...

June 24, 2022

1 comment

BL March 8, 2018 - 4:08 pm

Deploy the certificate of the signing publisher to client computers.
Local computer > Trusted publishers > Certificates

This way the driver can be installed because the publisher is trusted when using point and print.

Reply

Leave a Comment Cancel Reply

Categories

  • Active Directory
  • Group Policies
  • Exchange Server
  • Microsoft 365
  • Azure
  • Windows 11
  • Windows 10
  • Windows 7
  • Windows Server 2019
  • Windows Server 2016
  • Windows Server 2012 R2
  • PowerShell
  • VMWare
  • Hyper-V
  • MS Office

Recent Posts

  • Using PowerShell Behind a Proxy Server

    July 1, 2022
  • How to Access VMFS Datastore from Linux, Windows, or ESXi?

    July 1, 2022
  • How to Deploy Windows 10 (11) with PXE Network Boot?

    June 27, 2022
  • Checking Windows Activation Status on Active Directory Computers

    June 27, 2022
  • Configuring Multiple VLAN Interfaces on Windows

    June 24, 2022
  • How to Disable or Enable USB Drives in Windows using Group Policy?

    June 24, 2022
  • Adding Domain Users to the Local Administrators Group in Windows

    June 23, 2022
  • Viewing a Remote User’s Desktop Session with Shadow Mode in Windows

    June 23, 2022
  • How to Create a Wi-Fi Hotspot on your Windows PC?

    June 23, 2022
  • Configuring SSH Public Key Authentication on Windows

    June 15, 2022

Follow us

woshub.com

ad

  • Facebook
  • Twitter
  • RSS
Popular Posts
  • Unable to Connect Windows 10 Shared Printer to Windows XP
  • How to Restore Windows Photo Viewer in Windows 10
  • How to Remove Unused Drivers from Driver Store
  • Restore Missing CD/DVD Drive in Windows 10
  • How to Configure a Slideshow Screensaver Using GPO
  • Recovering Files from a RAW Partition using TestDisk
  • Windows 10: WSUS Error 0x8024401c
Footer Logo

@2014 - 2018 - Windows OS Hub. All about operating systems for sysadmins


Back To Top