Re: Install Microsoft Enhanced Point And Print Compatibility Driver Windows XP

[Outi Foote]

The updated printer sharing mechanism is referred to as enhanced Point and Print, and it allows print clients to print to v4 shares without downloading the manufacturer-provided device driver from the print server.

Because client machines do not download the entire driver package when they connect with a print server that has enhanced Point and Print and v4 printer drivers, it is important to be aware of the following architectures. This information should help you to develop and package your v4 printer driver appropriately.

Install Microsoft Enhanced Point and Print Compatibility Driver Windows XP

Download Zip https://lomogd.com/2yN6RW

When a Windows 8 client connects to a shared print queue that is using a v4 printer driver, the client will try to obtain a driver that supports client side rendering. The client searches the local DriverStore for a driver with a HardwareID that matches the server driver's PrinterDriverID. If one is found, that driver will be installed locally. Otherwise, the client will connect using the enhanced Point and Print driver.

In both cases, the client downloads configuration data from the server using GetPrinterDataEx calls. The configuration data includes data files like generic printer description (GPD) files, PostScript printer description (PPD) files, the driver property bag, JavaScript constraints and a resource DLL. The client also downloads the CAT file that was associated with the server's driver.

The print system then examines the client and validates that the resource DLL contains no executable code. The print system also verifies that the downloaded files are valid and signed by the CAT file downloaded from the server. Any files that are untrusted will be deleted. The following diagram illustrates this configuration-related communication between a Windows 8 client and shared print servers that use the v4 printer driver.

Windows 7 clients may also connect to shared print queues that use a v4 printer driver. In this case, however, the client will always download the enhanced Point and Print driver from the server. This driver uses server side rendering to ensure that the proper printer description language (PDL) is generated for the printer.

Configuration data is downloaded from the server in the same way for Windows 7 client connections, using GetPrinterDataEx calls. If any downloaded files fail validation against the server's CAT file, they are deleted. The following diagram illustrates this configuration-related communication between a Windows 7 client and shared print servers that use the v4 printer driver.

I'm attempting to upgrade from Windows 11 21H1, build 22000.1165 to Windows 11 22H2, Windows Update does not offer the upgrade, and when I try installing the update manually, I receive an error message that links to the documentation for Windows safeguard hold ID 41332279, titled "Some installed printers might only allow default settings".

This error persists even after removing all printers and associated printer drivers in the Print Management console. The only printer drivers remaining are the x86 and x64 versions of the "Microsoft enhanced Point and Print compatibility driver". When I try to delete those drivers, I receive an error message that states "The selected driver cannot be deleted. The specified printer driver is currently in use."

I even tried deleting the registry key at HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Print\Environments\Windows NT x86\Drivers\Version-3\Microsoft enhanced Point and Print compatibility driver and rebooting, but the key was automatically recreated after the reboot.

Are your users local administrators? You may need to look into the specifics of how to allow users permissions for Point and Print to be able to download the correct drivers. There is also mention of making sure you are using v4 drivers.

If you wish to have the same driver on the client system as that installed for the shared printer on the server and you wish to use Type 4 drivers, you can preinstall the software on the client, then the connection will be created using this print driver, or you can use a Type 4 driver from Windows Update, click the Windows Update button in the Add Driver Wizard.

When you use Type 4 drivers available on Windows Update, the spooler on the clien will set up the connection to the shared printer initially using the Microsoft enhanced point and print compatibility driver but usually within a couple hours, the spooler will download the vendor driver from Windows update for the connection. This is the design when using Type 4 drivers with shared printers.

The customers IT Admin told me that in the description of this driver (he got from the over 1 GB driver package from HP's website for this model) there is mentioned that the pcl V4 driver isn't thought for sharing in a server-client architecture.

What you need is only the driver, no the package where the *.inf file is in. Once installed this driver can be shared with full rights to any user however MS. Excel doesn't properly work with this type of large format printers and the workaround if to convert the files to pdf. This is a technical printer designed to print lines and drawings from CAD software or PDF files no from MS programs which don't have the correct paper settings to print in big sizes.

the driver you suggest is the one I've used. I have installed this driver on our server here and it's the same issue as the customer has. You only get the Microsoft enhanced point and print driver on the client. Look here it seems to be a general issue with V4 drivers (independend from the printer brand):

There is no HP Designjet that will work fine with MS Word, Excel, Power Point, because they are not designed to print in large paper sizes because usually the jobs are designed in letter sizes, so before printing the job has to be created in a large size like Arch D 24 x 36 the it can be printed that size.

Keep in mind, for V4 drivers you must install the driver on the workstations and the server. V4 drivers do not download from the server and that is the reason you are getting the Microsoft driver installing.

Although PrintNightmare and its variants were theoretically all addressed by Microsoft, it is still affecting organizations to this date, mainly because of quite confusing group policies and settings. In this blog post, I want to shed a light on those configuration issues, and hopefully provide clear guidance on how to remediate them.

Following the PrintNightmare saga, Microsoft decided to address the problem globally by restricting the installation of printer drivers to administrators only, but with the possibility for system administrators to override this policy when necessary. This has been the default behavior since August 10, 2021.

Therefore, to allow regular users to install a shared printer, the policy Limits print driver installation to Administrators (Computer Configuration > Policies > Administrative Templates > Printers) must be disabled, as mentioned earlier.

In the context of an organization, if users cannot install printers that come with non package aware drivers, this could be a problem. Therefore, it might be tempting to disable the prompt we saw earlier by configuring the Point and Print Restrictions policy.

If you were to disable the Point and Print security prompts as described previously, you would allow users to install non package aware printer drivers, but you would also make the machine vulnerable to the original PrintNightmare exploit. This is documented in the KB article KB5005010.

Disabling security prompts renders other settings completely useless. So, even if you set a list of approved servers, or if you limit Point and Print to machines in the forest, the machine will still be vulnerable.

In this configuration, the exploitation is straightforward. It basically comes down to calling AddPrinterDriverEx with the appropriate flags, and passing a DRIVER_INFO structure containing the absolute path of a DLL that will be loaded by the Print Spooler service.

You will find many exploits online, but the one I would recommend is the PowerShell script CVE-2021-34527.ps1 developed by Caleb Stewart and John Hammond. You can either let the script use its embedded DLL (which creates a new local administrator account when loaded), or pass the absolute path of your own DLL. Alternatively, you could also use my own script PointAndPrint.ps1, which is highly inspired by theirs.

It should be noted that, when the exploit is successful, the payload DLL is copied to the system folder. My version of the exploit uses the flag DPD_DELETE_UNUSED_FILES when calling DeletePrinterDriverEx in order to let the Print Spooler service delete the file automatically.

In summary, if the Point and Print security prompts are disabled, a local attacker can simply load an arbitrary DLL in the context of the Print Spooler service. This is the easiest exploit variant, and it works even if a list of approved Point and Print servers is configured!

In these conditions, we saw that we cannot install a non package aware printer driver, but we can leverage Package Point and Print to install a printer shared by a print server. To better understand what happens when we do that, we first need to take a look at the list of default printer drivers (see screenshot below).

Knowing this, it is indeed easier to show that the Print Spooler downloads the appropriate driver from the remote print server, and installs it locally. The screenshot below shows a Canon driver being automatically installed in the background.

Basically, we asked the Print Spooler to connect to a remote print server, and it loaded a driver from this location. So, if we instead coerce it to connect to a server we control, we should be able to make it load a custom driver and thus execute arbitrary code as NT AUTHORITY\SYSTEM, right?

In the case of our Canon driver, we can see that it has a WHQL signature because the EKU field of its certificate contains the OID 1.3.6.1.4.1.311.10.3.5. This means that it went through a validation process before being digitally signed by Microsoft.

b1e95dc632