Windows OS Hub
  • Windows Server
    • Windows Server 2016
    • Windows Server 2012 R2
    • Windows Server 2012
    • Windows Server 2008 R2
    • SCCM
  • Active Directory
    • Group Policies
  • Windows Clients
    • Windows 10
    • Windows 8
    • Windows 7
    • MS Office
    • Outlook
  • Virtualization
    • VMWare
    • Hyper-V
  • PowerShell
  • Exchange
  • Home
  • About

Windows OS Hub

  • Windows Server
    • Windows Server 2016
    • Windows Server 2012 R2
    • Windows Server 2012
    • Windows Server 2008 R2
    • SCCM
  • Active Directory
    • Group Policies
  • Windows Clients
    • Windows 10
    • Windows 8
    • Windows 7
    • MS Office
    • Outlook
  • Virtualization
    • VMWare
    • Hyper-V
  • PowerShell
  • Exchange

 Windows OS Hub / Windows 10 / Unable to Install Print Driver after KB3170455

October 7, 2016 Windows 10Windows 7Windows Server 2008 R2

Unable to Install Print Driver after KB3170455

We have found an unpleasant problem with one of Microsoft security updates released in July. We mean KB3170455 released on July, 12, 2016. After the installation of this update, the problem of network printer connection may appear in the domain.

The problem has manifested itself as follows: when trying to install (connect) a printer from the Print Server (running Windows Server 2008 R2) on the domain clients (Windows 10, Windows 7), the following error appears:

A policy is in effect on your computer which prevents you from connecting to this print queue.

Connect to Printer

A policy is in effect on your computer which prevents you from connecting to this print queue. Please contact your system administrator.

With some printer models, another warning appeared when trying to connect a network printer:

Do you trust this printer?

Windows needs to download and install a software driver from \\PrintServer_Name computer to print to Printer_Name. Proceed only if you trust the \\PrintServer_Name and the network

Do you trust this printer? Windows needs to download and install a software driver from \\PrintServer_Name computer to print to Printer_Name

When clicking Install driver, the UAC window appears prompting to enter the administrator login and password. Although, earlier users could easily connect these printer (the policy that allows common users to install printer drivers without the administrative privileges).

Having compared the installed updates on the problem computers, we have found that the issue appears on the computers having the KB3170455 (MS16-087: Description of the security update for Windows print spooler components: July 12, 2016) update installed. Indeed, after this update is deleted, printers are connected correctly.

wusa.exe /uninstall /kb:3170455 /quiet /norestart

Note. All ways to uninstall updates in Windows correctly

But there is nothing wrong with the update, since it fixes a certain critical vulnerability in Windows print spooler. The update also suggests showing a warning if a user tries to install untrusted or unsigned printer drivers. In Windows 10, this update is integrated into the cumulative update that couldn’t be rolled back. So you won’t be able to solve the problem by simply uninstalling the update.

The article https://support.microsoft.com/en-us/kb/3170005 specifies the criteria the printer drivers have to match to be correctly installed on the clients:

  1. The driver has to be trusted (signed with the trusted digital signature)
  2. The driver has to package-aware (Package-aware print drivers). Non-package-aware v3 printer drivers won’t be able to be installed in Point and Print Restrictions mode

So Microsoft recommends:

  1. To substitute the drivers on Print Servers for package-aware ones (Package-aware V3). You can find out whether the driver is package-aware using Print Manager. Open the Drivers section, if the driver is package-aware it will have the True status in the Packaged column. packaged printer driverYou will only have to enable Point and Print Restrictions policies (in Computer Configuration > Policies > Admin Templates > Printers and User Configuration > Policies > Admin Templates > Control Panel > Printers) and check Do not show warning or elevation prompt. In addition, specify the FQDN names of trusted Print Servers.
  2. If the drivers are obsolete and could not be updated, it is recommended to preinstall them on the client PCs. In this case, there will be no problems with printer connections.
Note. There is a little trick for Canon, Sharp, Konica Minolta printers that makes a system think that the driver is package-aware. To do it, open the HKLM\System\CurrentControlSet\Control\Print\Enviroments\Windowsx64\Drivers\…\Driver name\ branch of the registry on the Print Server and change the value of  PrinterDriverAttributes key for the specific driver by adding 1 to the current value. In my case, the attribute value has been equal to 5, and I have changed it to 6. The same has to be done for the driver attribute in HKLM\System\CurrentControlSet\Control\Print\Enviroments\Windowsx NT x86\Drivers…\Driver name\. After the restart, Canon network printers start to connect without any warnings.

1 comment
0
Facebook Twitter Google + Pinterest
previous post
Windows 10: Unable to Download WSUS (0x80244019) Upgrade Packages
next post
Granting Remote Access on SCManager to Non-admin Users

Related Reading

How to Sign a PowerShell Script (PS1) with...

February 25, 2021

How to Shadow (Remote Control) a User’s RDP...

February 22, 2021

Configuring PowerShell Script Execution Policy

February 18, 2021

Configuring Proxy Settings on Windows Using Group Policy...

February 17, 2021

Updating Group Policy Settings on Windows Domain Computers

February 16, 2021

1 comment

BL March 8, 2018 - 4:08 pm

Deploy the certificate of the signing publisher to client computers.
Local computer > Trusted publishers > Certificates

This way the driver can be installed because the publisher is trusted when using point and print.

Reply

Leave a Comment Cancel Reply

Categories

  • Active Directory
  • Group Policies
  • Exchange
  • Windows 10
  • Windows 8
  • Windows 7
  • Windows Server 2016
  • Windows Server 2012 R2
  • Windows Server 2008 R2
  • PowerShell
  • VMWare
  • MS Office

Recent Posts

  • Accessing USB Flash Drive from VMWare ESXi

    February 26, 2021
  • How to Sign a PowerShell Script (PS1) with a Code Signing Certificate?

    February 25, 2021
  • Change the Default Port Number (TCP/1433) for a MS SQL Server Instance

    February 24, 2021
  • How to Shadow (Remote Control) a User’s RDP session on RDS Windows Server 2016/2019?

    February 22, 2021
  • Configuring PowerShell Script Execution Policy

    February 18, 2021
  • Configuring Proxy Settings on Windows Using Group Policy Preferences

    February 17, 2021
  • Updating Group Policy Settings on Windows Domain Computers

    February 16, 2021
  • Managing Administrative Shares (Admin$, IPC$, C$, D$) in Windows 10

    February 11, 2021
  • Packet Monitor (PktMon) – Built-in Packet Sniffer in Windows 10

    February 10, 2021
  • Fixing “Winload.efi is Missing or Contains Errors” in Windows 10

    February 5, 2021

Follow us

woshub.com
  • Facebook
  • Twitter
  • RSS
Popular Posts
  • Unable to Connect Windows 10 Shared Printer to Windows XP
  • How to Restore Windows Photo Viewer in Windows 10
  • How to Remove Unused Drivers from Driver Store
  • How to Configure a Slideshow Screensaver Using GPO
  • Windows 10: WSUS Error 0x8024401c
  • Restore Missing CD/DVD Drive in Windows 10
  • This App Has Been Blocked for Your Protection : Windows 10
Footer Logo

@2014 - 2018 - Windows OS Hub. All about operating systems for sysadmins


Back To Top