Windows OS Hub
  • Windows Server
    • Windows Server 2022
    • Windows Server 2019
    • Windows Server 2016
    • Windows Server 2012 R2
    • Windows Server 2012
    • Windows Server 2008 R2
    • SCCM
  • Active Directory
    • Active Directory Domain Services (AD DS)
    • Group Policies
  • Windows Clients
    • Windows 11
    • Windows 10
    • Windows 8
    • Windows 7
    • Windows XP
    • MS Office
    • Outlook
  • Virtualization
    • VMWare
    • Hyper-V
    • KVM
  • PowerShell
  • Exchange
  • Cloud
    • Azure
    • Microsoft 365
    • Office 365
  • Linux
    • CentOS
    • RHEL
    • Ubuntu
  • Home
  • About

Windows OS Hub

  • Windows Server
    • Windows Server 2022
    • Windows Server 2019
    • Windows Server 2016
    • Windows Server 2012 R2
    • Windows Server 2012
    • Windows Server 2008 R2
    • SCCM
  • Active Directory
    • Active Directory Domain Services (AD DS)
    • Group Policies
  • Windows Clients
    • Windows 11
    • Windows 10
    • Windows 8
    • Windows 7
    • Windows XP
    • MS Office
    • Outlook
  • Virtualization
    • VMWare
    • Hyper-V
    • KVM
  • PowerShell
  • Exchange
  • Cloud
    • Azure
    • Microsoft 365
    • Office 365
  • Linux
    • CentOS
    • RHEL
    • Ubuntu

 Windows OS Hub / Windows 10 / Unable to Install Print Driver after KB3170455

October 7, 2016 Windows 10Windows 7Windows Server 2008 R2

Unable to Install Print Driver after KB3170455

We have found an unpleasant problem with one of Microsoft security updates released in July. We mean KB3170455 released on July, 12, 2016. After the installation of this update, the problem of network printer connection may appear in the domain.

The problem has manifested itself as follows: when trying to install (connect) a printer from the Print Server (running Windows Server 2008 R2) on the domain clients (Windows 10, Windows 7), the following error appears:

A policy is in effect on your computer which prevents you from connecting to this print queue.

Connect to Printer

A policy is in effect on your computer which prevents you from connecting to this print queue. Please contact your system administrator.

With some printer models, another warning appeared when trying to connect a network printer:

Do you trust this printer?

Windows needs to download and install a software driver from \\PrintServer_Name computer to print to Printer_Name. Proceed only if you trust the \\PrintServer_Name and the network

Do you trust this printer? Windows needs to download and install a software driver from \\PrintServer_Name computer to print to Printer_Name

When clicking Install driver, the UAC window appears prompting to enter the administrator login and password. Although, earlier users could easily connect these printer (the policy that allows common users to install printer drivers without the administrative privileges).

Having compared the installed updates on the problem computers, we have found that the issue appears on the computers having the KB3170455 (MS16-087: Description of the security update for Windows print spooler components: July 12, 2016) update installed. Indeed, after this update is deleted, printers are connected correctly.

wusa.exe /uninstall /kb:3170455 /quiet /norestart

Note. All ways to uninstall updates in Windows correctly

But there is nothing wrong with the update, since it fixes a certain critical vulnerability in Windows print spooler. The update also suggests showing a warning if a user tries to install untrusted or unsigned printer drivers. In Windows 10, this update is integrated into the cumulative update that couldn’t be rolled back. So you won’t be able to solve the problem by simply uninstalling the update.

The article https://support.microsoft.com/en-us/kb/3170005 specifies the criteria the printer drivers have to match to be correctly installed on the clients:

  1. The driver has to be trusted (signed with the trusted digital signature)
  2. The driver has to package-aware (Package-aware print drivers). Non-package-aware v3 printer drivers won’t be able to be installed in Point and Print Restrictions mode

So Microsoft recommends:

  1. To substitute the drivers on Print Servers for package-aware ones (Package-aware V3). You can find out whether the driver is package-aware using Print Manager. Open the Drivers section, if the driver is package-aware it will have the True status in the Packaged column. packaged printer driverYou will only have to enable Point and Print Restrictions policies (in Computer Configuration > Policies > Admin Templates > Printers and User Configuration > Policies > Admin Templates > Control Panel > Printers) and check Do not show warning or elevation prompt. In addition, specify the FQDN names of trusted Print Servers.
  2. If the drivers are obsolete and could not be updated, it is recommended to preinstall them on the client PCs. In this case, there will be no problems with printer connections.
Note. There is a little trick for Canon, Sharp, Konica Minolta printers that makes a system think that the driver is package-aware. To do it, open the HKLM\System\CurrentControlSet\Control\Print\Enviroments\Windowsx64\Drivers\…\Driver name\ branch of the registry on the Print Server and change the value of  PrinterDriverAttributes key for the specific driver by adding 1 to the current value. In my case, the attribute value has been equal to 5, and I have changed it to 6. The same has to be done for the driver attribute in HKLM\System\CurrentControlSet\Control\Print\Enviroments\Windowsx NT x86\Drivers…\Driver name\. After the restart, Canon network printers start to connect without any warnings.

1 comment
0
Facebook Twitter Google + Pinterest
previous post
KB3161949 Breaks SMB over NETBIOS Access Outside the Local Subnet
next post
Granting Remote Access on SCManager to Non-admin Users

Related Reading

Configure User’s Folder Redirection with Group Policy

February 3, 2023

Disable Built-in PDF Viewer in Microsoft Edge

February 3, 2023

Join a Windows Computer to an Active Directory...

February 2, 2023

Using Previous Command History in PowerShell Console

January 31, 2023

How to Install the PowerShell Active Directory Module...

January 31, 2023

1 comment

BL March 8, 2018 - 4:08 pm

Deploy the certificate of the signing publisher to client computers.
Local computer > Trusted publishers > Certificates

This way the driver can be installed because the publisher is trusted when using point and print.

Reply

Leave a Comment Cancel Reply

Categories

  • Active Directory
  • Group Policies
  • Exchange Server
  • Microsoft 365
  • Azure
  • Windows 11
  • Windows 10
  • Windows Server 2022
  • Windows Server 2019
  • Windows Server 2016
  • PowerShell
  • VMWare
  • Hyper-V
  • Linux
  • MS Office

Recent Posts

  • Configure User’s Folder Redirection with Group Policy

    February 3, 2023
  • Using Previous Command History in PowerShell Console

    January 31, 2023
  • How to Install the PowerShell Active Directory Module and Manage AD?

    January 31, 2023
  • Finding Duplicate E-mail (SMTP) Addresses in Exchange

    January 27, 2023
  • How to Delete Old User Profiles in Windows?

    January 25, 2023
  • How to Install Free VMware Hypervisor (ESXi)?

    January 24, 2023
  • How to Enable TLS 1.2 on Windows?

    January 18, 2023
  • Allow or Prevent Non-Admin Users from Reboot/Shutdown Windows

    January 17, 2023
  • Fix: Can’t Extend Volume in Windows

    January 12, 2023
  • Wi-Fi (Internet) Disconnects After Sleep or Hibernation on Windows 10/11

    January 11, 2023

Follow us

woshub.com
  • Facebook
  • Twitter
  • RSS
Popular Posts
  • Unable to Connect Windows 10 Shared Printer to Windows XP
  • How to Restore Windows Photo Viewer in Windows 10
  • Restore Missing CD/DVD Drive in Windows 10
  • How to Configure a Slideshow Screensaver Using GPO
  • Windows 10: WSUS Error 0x8024401c
  • Recovering Files from a RAW Partition using TestDisk
  • How to Run SysPrep on Upgraded Windows
Footer Logo

@2014 - 2023 - Windows OS Hub. All about operating systems for sysadmins


Back To Top