Hello and welcome to the sysadmin community! The behavior you're encountering stems from changes Microsoft implemented to enhance security in the Point and Print feature, particularly following the "PrintNightmare" vulnerabilities. These changes, introduced around August 2021, require administrative privileges for installing or updating printer drivers via Point and Print by default. Consequently, when users connect to a shared printer, the system may install the "Microsoft enhanced Point and Print compatibility driver" instead of the specific vendor driver, unless the vendor driver is already present on the client machine.
To ensure that your users can fully utilize the advanced features of your new Xerox printers, you'll need to adjust your environment to allow the installation of the specific Xerox drivers. Here's how you can address this:
1. Pre-install Xerox Drivers on Client Machines:
Since Type 4 drivers (v4) are designed to be installed on the client side and are not downloaded from the server, it's essential to have the Xerox drivers installed on each client machine. This ensures that when a user connects to the printer, the correct driver is used, providing access to all printer features.
2. Modify Group Policy Settings:
To allow non-administrative users to install specific printer drivers, you can configure Group Policy settings:
- Allow Non-Administrators to Install Specific Device Classes:
- Open the Group Policy Management Console (GPMC).
- Navigate to:
Computer Configuration > Policies > Administrative Templates > System > Device Installation > Device Installation Restrictions.
- Enable the policy "Allow installation of devices using drivers that match these device setup classes".
- Click "Show" and add the following GUIDs for printers:
- Printer:
{4658ee7e-f050-11d1-b6bd-00c04fa372a7}
- PNPPrinters:
{4d36e979-e325-11ce-bfc1-08002be10318}
- Apply the policy and ensure it's linked to the appropriate Organizational Unit (OU) containing your client computers.
This configuration allows non-administrators to install printer drivers that match the specified device setup classes. (
mylemans.online)
3. Adjust Registry Settings:
To modify the default behavior that requires administrative privileges for driver installation:
- Open the Registry Editor (
regedit.exe).
- Navigate to:
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\Printers\PointAndPrint.
- If the
PointAndPrint key doesn't exist, create it.
- Create a new
DWORD value named RestrictDriverInstallationToAdministrators.
- Set its value to
0.
Setting this value to
0 allows non-administrators to install signed and unsigned drivers to a print server but does not override the Point and Print Group Policy settings. (
support.microsoft.com)
4. Ensure Consistency Between Server and Client Drivers:
Discrepancies between server and client drivers can lead to issues. Ensure that the same version of the Xerox driver is installed on both the print server and the client machines. This consistency helps prevent the system from defaulting to the Microsoft compatibility driver.
5. Monitor and Test:
After implementing these changes, monitor the behavior to ensure that clients are receiving the correct Xerox drivers and that users can access all printer features without unnecessary prompts or restrictions.
By pre-installing the necessary drivers on client machines and adjusting Group Policy and registry settings, you can provide a seamless printing experience that leverages the full capabilities of your Xerox printers while maintaining security within your network.
