The September 14th 2021 Monthly Rollup update KB5005613 included part of security update KB5005076 (released August 10, 2021) which changes the default privilege requirement for installing drivers when using Point and Print, which is causing headache for IT administrators with end users being prompted
“printer driver needed” requiring administrator credentials to complete task or users trying to add new printer.
Microsoft released security update KB5005076 to address vulnerability within the Windows Print Spooler (CVE-2021-34481), the security update KB5005652 from August 10th 2021 changes the default privilege requirement for installing drivers when using Point and Print, after installing this update, you must have administrative privileges to install drivers.
By default, non-administrator users will no longer be able to do the following using Point and Print without an elevation of privilege to administrator:
• Install new printers using drivers on a remote computer or server
• Update existing printer drivers using drivers from remote computer or server
It is possible to change to a registry key value to disable behaviour but note this makes system vulnerable to CVE-2021-34481 and not recommend by Microsoft, below link to mention registry key
We have reports of some customers having success deploying the printer mappings through Group Policy but instead of targeting typically users config they target the computer config and printer seems to install running under system account without prompt for elevated account credentials input.
Also seen reports where existing printer mappings users are prompted to update driver and prompted for elevated account credentials where the server does not have patch KB5005652 but client PC does or vice versa, as in theory if users PC already has driver installed it should not prompt to update driver but have also seen case where both server and client PC had patch and still prompted.
Microsoft line on this change is now to install print drivers when the new default setting is enforced users must use one of the following methods to install printers:
Below some links on further reading about topic
https://msrc-blog.microsoft.com/2021/08/10/point-and-print-default-behavior-change/
--
--
You received this message because you are subscribed to the Google
Groups "CESI-list" group.
To post to this group, send email to cesi...@googlegroups.com
To unsubscribe from this group, send email to cesi-list+...@googlegroups.com
For more options, visit this group at http://groups.google.com/group/cesi-list?hl=en-GB where all messages are archived and are publically available to non members of the list. Messages may also show up in search engines etc.
Visit the web site www.cesi.ie
Attempts to use the list for commercial purposes may result removal from the list.
---
You received this message because you are subscribed to the Google Groups "CESI-list" group.
To unsubscribe from this group and stop receiving emails from it, send an email to cesi-list+...@googlegroups.com.
To view this discussion on the web, visit https://groups.google.com/d/msgid/cesi-list/9d1dcb74-5f18-4bc0-a802-2d18124b1cf8n%40googlegroups.com.