Driver installation not working when deploying printers via GPP
I'm trying to deploy printers via Group Policy. Posts around the internet suggest using the Group Policy Preferences approach (User/Preferences/Control Panel Settings/Printers) is the preferred method.
However, the printer is failing to deploy, and the following error appears in the event viewer:
The user 'Epson Printer' preference item in the 'Group Policy Object {GUID}' Group Policy object did not apply because it failed with error code '0x80070bcb The specified printer driver was not found on the system and needs to be downloaded.' This error was suppressed.
Various sources around the internet, including Microsoft Technet, suggest that the Point and Print Restrictions GPO policy needs to be modified in order for the drivers to be allowed to install without prompt.
This policy exists in both the User Configuration tree under User/Policies/Administrative Templates/Control Panel/Printers; and the Computer Configuration tree under Computer/Policies/Administrative Templates/Printers.
I have tried two approaches:
- Setting both User and Computer Point and Print Restrictions policy to Disabled.
- Setting both User and Computer Point and Print Restrictions policy to the configuration described in the above Technet article (screen capture of policy)
After each attempt, I performed a full directory replication, and on the test computer executed gpupdate /force from both an elevated admin and normal user command prompt, rebooted, then executed gpresult /H result.html to validate the settings have been applied.
However, I am still getting the above error in the event viewer and the printer is not installing.
If I manually add the printer with Add Printer in the control panel, the driver installs fine. Additionally if I use the "traditional" approach of deploying printer connections via Computer/Windows Settings/Deployed Printers, the printer driver and printer appear to install fine, but then I can't use some of the newer features supported by the GPP approach.
The Domain Controller is Windows Server 2012 R2 and the clients are Windows 10 Enterprise. All computers are up to date with the latest patches.
Это вызвано KB3170455 - который исправляет это: https://technet.microsoft.com/library/security/ MS16-087
Он предотвращает установку драйверов точки и принтера без предупреждения, если они не являются упакованными, подписанными драйверами. К сожалению, многие производители принтеров не выпускают упакованные драйверы.
До сих пор я не нашел никакого способа заставить принтеры автоматически устанавливаться. Изменение точки и настроек печати не исправляет. Удаление обновления исправляет его, но оставляет брешь в безопасности.
As Grant said, the issue is caused by security update KB3170455 and the exact fix is as he mentioned. However, there is a registry edit (really a hack) that may help in some situations. It involves editing the registry on the print server and incrementing the "PrinterDriverAttributes" value by one for any driver that shows as not being a packaged driver. You will still need to make sure all appropriate Group Policy settings are in place, particularly the Point and Print Restrictions and Package Point and print - Approved Servers settings.
To avoid posting a duplicate answer, please see my answer on the other question here: Registry edit for printer drivers