Skip to Content Information Center
Lexmark MC2425

Lexmark MC2425

Point and Print changes after installing Microsoft August 2021 security update

Issue Description:

This issue affects the Lexmark UPD (Universal Print Driver) 2.15.1.0 & older versions and Lexmark Generational drivers.

There is a default behavior change introduced with the release of the latest Microsoft windows update on August CVE 2021-34481 for the Point and Print environment which is described in this article;

By default, non-administrator users will no longer be able to do the following when using Point and Print:

  • Install new printers using drivers on a remote computer or server

  • Update existing printer drivers using drivers from remote computer or server

Behavior observed:

Following installation of Windows Security update released on and after August 10th, 2021, non-administrator users may see a dialog with the message "Do you trust this printer?"

w

hen trying to install a printer remotely connecting to a print server, or asking for the administrator credentials while connecting to the print server.

When the user selects 'Install driver', any non-admin user will then be presented with an error message Connect to printer - Windows cannot connect to the printer.

Note that this is not a Lexmark driver issue and applies to all package-aware version 3 driver architecture in network point and print architecture.

A

detailed documentation can be found in the supplementary article from Microsoft:

Solution:

It is recommended that end-users follow the workaround provided by the Microsoft KB article based on the applicability.

Install print drivers when the new default setting is enforced

If the RestrictDriverInstallationToAdministrators is set as "not defined" or "1", depending on your environment, then end -users must use one of the following methods to install printers:

  • Provide an administrator username and password when prompted for credentials when attempting to install a printer driver.

  • Include the necessary printer drivers in the OS image.

  • Use Microsoft System Center, Microsoft Endpoint Configuration Manager, or an equivalent tool to remotely install printer drivers.

  • Temporarily set RestrictDriverInstallationToAdministrators to 0 to install printer drivers.

For environments which cannot use the current default behavior from Microsoft and/or follow any of the previous options

It is recommended to use the workaround listed under the "Modify the default driver installation behavior using a registry key" section from the Microsoft KB article (set registry key RestrictDriverInstallationToAdministrators to 0) to allow non-admins to connect to the print servers and install drivers similar to the previous behavior of point and print.

Also, implement the additional group policies to configure clients to only trust specific print servers and packages, as per the "Permit users to only connect to specific print servers that you trust" and "Permit users to only connect to specific Package Point and Print servers that you trust" sections of the Microsoft KB article. This will reduce the chances of exploitation of the clients.

Still Need Help?

Have the following available when calling Lexmark Technical Support;

  • Printer model(s)

  • Printer serial number

  • Operating System (OS)

  • Printer driver

LEGACY ID: SO9065

Var denne artikkelen nyttig?
Top