[Samba] FW: Point-and-Print driver installation asks for confirmation on current Windows

Fri Sep 16 06:31:09 UTC 2016

Did someone say beer..  ;-)  

I’ll share what i know for now and what works for me. 

Most people wil see in there windows even log : 

The user 'Printer Name Here' preference item in the 'Group Policy Object ... error code '0x80070bcb The specified printer driver was not found on the system

Event ID 4098. 

For now i have set the following GPO setting. 

Computer Configuration\Policies\Administrative Templates\Printers

- Point and Print restriction – Enabled

      - Users can only send point and print jobs to these server – Enable

      - These servers : printserver.internal.domain.tld;printserver;printserver2.domain.tld;printeserver2 

      - New driver for connection :  dont show a warning and an elevated command 

      - Update driver for connection :  dont show a warning and an elevated command 

- Always Render Print Jobs On The Server – Disabled

The above set, applies for computer applies to win7 and above, if you have xp/vista still running set also the same in :

User Configuration\Policies\Administrative Templates\Controlpanel\Printers 

- Point and Print restriction – Enabled

      - Users can only send point and print jobs to these server – Enable

      - These servers : printserver.internal.domain.tld;printserver;printserver2.domain.tld;printserver2

      - New driver for connection :  dont show a warning and an elevated command 

      - Update driver for connection :  dont show a warning and an elevated command 

- Always Render Print Jobs On The Server – Disabled

Computer Configuration\Policies\Administrative Templates\System\Driver Installation\

- Allow non-administrators to install drivers for these device setup classes - Enabled

Klik below on Show and add : {4d36e979-e325-11ce-bfc1-08002be10318}

( other GUID’s found here : https://msdn.microsoft.com/en-us/library/windows/hardware/ff553426(v=vs.85).aspx )

      But be carefull you opening a security hole.  So do set the servers 

- Search for devicedrivers in windows update – Disabled  ( but this is because i dont use windows integrated printer drivers ) 

Test with this one what works for you.

Its not installing itself for now, but if you klik on a link  \\server.internal.domain.tld\printershare  

Which have the needed driver, it will install the driver on the lokal pc. 

Once this is done, and only needed 1 time, the GPO works again as normal. 

So i emailed a link to my users to update the driver, waited for a policy refresh and im good to go. 

Other info/tips.

- Dont use unsigned drivers. ( modifing an .inf removes the signing. ) 

- Make sure you use the latest driver from the printer supplier.  

I’m testing for example with HP universal 6.0.0 and 6.2.1 . ( 6.0.0 was on all my pc’s already by image, updating to 6.2.1 ) 

2 tests, clean pc, without drivers and test with one as imaged. 

The HP park tools have admx templates to managing the driver settings, use that. 

If possible use package-aware drivers. Search in the .INF for lines like :  PackageAware=TRUE 

Some info: 

- DriverIsolation : https://msdn.microsoft.com/en-us/library/windows/hardware/ff560836(v=vs.85).aspx 

- Packaged Driver : https://msdn.microsoft.com/en-us/library/windows/hardware/ff561043(v=vs.85).aspx ‘

- ( new polices for win10 1607 found here: https://www.microsoft.com/en-us/download/details.aspx?id=53430 

Win7 users, install this on a pc. 

The set is found here after install : C:\Program Files (x86)\Microsoft Group Policy\Windows 10 and Windows Server 2016

( Not all languages are support so check first before you update. ) 

And ALWAYS backup you sysvol : PolicyDefinitions folder before you update. 

win7 users : also look at : https://support.microsoft.com/nl-nl/kb/3179573 

>> https://support.microsoft.com/en-us/help/22801/windows-7-and-windows-server-2008-r2-update-history

And an other workaround. 

Make and installer packages that installs the printer drivers localy on the PC. 

If you modify and driver like with the PARK tools from HP, you loose the driver signing. ! 

Setup the same driver in the point and print setup and Connect. 

If the driver is already on the pc, connecting the the printer share should work as normal. 

Update-ing a driver fails since the driver isnt already on the pc. 

Greetz, 

Louis