Point and Print changes after installing Microsoft August 2021 security update
  1. guides
  2. en
  3. Knowledge base
  4. Other troubleshooting
  5. Software and Solutions
  6. Point and Print changes after installing Microsoft August 2021 security update

Point and Print changes after installing Microsoft August 2021 security update

Issue Description

This issue affects the Lexmark UPD (
Universal Print Driver
) 2.15.1.0 & older versions and Lexmark Generational drivers.
There is a default behavior change introduced with the release of the
latest Microsoft windows update on August CVE 2021-34481
for the
Point and Print
environment which is described in the article below.
By default,
non-administrator users will no longer be able to do the following
when using Point and Print:
  • Install new printers using drivers on a remote computer or server.
  • Update existing print drivers using drivers from remote computer or server.
Following the installation of a Windows Security update released on and after August 10, 2021, non-administrator users may see a dialog with the message "Do you trust this printer?" when trying to install a printer remotely connecting to a print server, or asking for the administrator credentials while connecting to the print server.
When the user selects '
Install driver
', any non-admin user will then be presented with an error message Connect to printer - Windows cannot connect to the printer.
Note that
this is not a Lexmark driver issue
and applies to all package-aware version 3 driver architecture in network point and print architecture.

Solution

It is recommended that end-users follow the workaround provided by the Microsoft KB article based on the applicability.
Install print drivers when the new default setting is enforced.
If the
RestrictDriverInstallationToAdministrators
 is set as "
not defined
" or "
1
", depending on your environment, then end users must use one of the following methods to install printers:
  • Provide an administrator username and password when prompted for credentials when attempting to install a print driver.
  • Include the necessary print drivers in the OS image.
  • Use Microsoft System Center, Microsoft Endpoint Configuration Manager, or an equivalent tool to remotely install print drivers.
  • Temporarily set RestrictDriverInstallationToAdministrators to 0 to install print drivers.
For environments which cannot use the current default behavior from Microsoft and/or follow any of the previous options.
It is recommended to use the workaround listed under the
"Modify the default driver installation behavior using a registry key"
 section from the Microsoft KB article (
set registry key RestrictDriverInstallationToAdministrators to 0
) to allow non-admins to connect to the print servers and install drivers similar to the previous behavior of point and print.
Also, implement the additional group policies to configure clients to only trust specific print servers and packages, as per the "
Permit users to only connect to specific print servers that you trust
" and "
Permit users to only connect to specific Package Point and Print servers that you trust
" sections of the Microsoft KB article. This reduces the chances of exploitation of the clients.
LEGACY ID:
SO9065

This site uses cookies for various purposes including enhancing your experience, analytics, and ads. By continuing to browse this site or by clicking "Accept and close", you agree to our use of cookies. For more information, read our Cookies page.