Some printers will request administrator credentials every time users try to print in Windows Point and Print environments due to a known issue caused by KB5005033 or later security updates addressing the PrintNightmare vulnerability.
This happens because, after installing these PrintNightmare patches, only administrators are allowed to install or update drivers via Point and Print.
The request for admin credentials is triggered automatically in environments where the print server has a newer driver than the client attempting to print.
"Certain printers in some environments using Point and Print might receive a prompt saying, 'Do you trust this printer' and requiring administrator credentials to install every time an app attempts to print to a print server or a print client connects to a print server," Microsoft explains.
"This is caused by a print driver on the print client and the print server using the same filename, but the server has a newer version of the file."
The complete list of impacted client and server platforms includes:
- Client: Windows 10, version 21H1; Windows 10, version 20H2; Windows 10, version 2004; Windows 10, version 1909; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise 2015 LTSB; Windows 8.1; Windows 7 SP1
- Server: Windows Server 2022; Windows Server, version 20H2; Windows Server, version 2004; Windows Server, version 1909; Windows Server, version 1809; Windows Server 2019; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
If you're not using Point and Print, you should not be affected by this issue, and you'll also be protected by default after installing security updates released since August 10.
Workaround available
Microsoft added that the known issue could be solved by ensuring that the same printer driver version is installed on the print server and all clients within your environment.
"Verify that you are using the latest drivers for all your printing devices and where possible, use the same version of the print driver on the print client and print server," the company said.
If updating printer drivers across your environment does not fix these printing problems, you should reach out to your printer manufacturer (OEM) support team.
Additional information about this issue is available in the Frequently asked questions section of the KB5005652 support document.
In related news, according to user reports, PrintNightmare security updates released as part of this month's Patch Tuesday are also breaking network printing.
Windows administrators have been experiencing wide-scale network printing problems after installing the fix for the last remaining PrintNightmare vulnerability.
BleepingComputer has reached out to Microsoft with questions about these ongoing issues but has not heard back.
Comments
doriel - 2 years ago
Very poor quality of delivered fixes. Not repairing the issue (there were few consecutive updates to fix it), complicating everyday based routine for users and breaking the network printing for certain customers recently. Pretty huge letdown for us.
.."Certain printers in some environments"..
Very technical, very usefull information. NOW WE KNOW WHATS HAPPENING :)
Muri - 2 years ago
Nothing about can't reach shared network printer and the error 0x0000011b. :-(
doriel - 2 years ago
Muri, uninstall the latest update. Many are reporting that issue.
"Start -> Settings -> Update & Security -> View Update History -> Uninstall updates -> Security Update for Microsoft Windows (KB5005565) -> Uninstall"
https://docs.microsoft.com/en-us/answers/questions/553928/error-0x0000011b-no-workgroup-printer-access-it-wo.html
Hope this will help. Then hide the update with WUSHOWHIDE tool, so it wont come back soon.
Muri - 2 years ago
Hi doriel, I am not happy with MS statement. Uninstall is not a great solution, MS should guide us in better way. MS have not fixed this print nightmare problem in a good way, after each patch tuesday since july, there is a new problem with print.
doriel - 2 years ago
I completely agree, I just wanted to share how to help you print again. This issue is getting very ridiculous. What else to say. Lousy job by Microsoft.
NoneRain - 2 years ago
Had problems in a network with legacy systems, and a few machines weren't able to update the driver without adm as stated.
As a workaround for the legacy systems, I just "reshared" the printer from an endpoint, and didn't touch the printer server for now, since I'll migrate the print service to another server soon™.
safemode_nz - 2 years ago
We have found that as long as you have a newer build of Windows 10 (1909 or higher) with the latest updates it resolves the issue.
We had to run the Windows Update Assistant on several PCs that were stuck on older builds such as 1809 and older, the second they were up to date the printing resumed.
Muri - 2 years ago
Hi safemode_nz, it's nothing to do with build versions, we are running with 20H2 and have same problems. It's impacted with all windows and server versions.
The complete list of impacted client and server platforms includes:
Client: Windows 10, version 21H1; Windows 10, version 20H2; Windows 10, version 2004; Windows 10, version 1909; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise 2015 LTSB; Windows 8.1; Windows 7 SP1
Server: Windows Server 2022; Windows Server, version 20H2; Windows Server, version 2004; Windows Server, version 1909; Windows Server, version 1809; Windows Server 2019; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
Sean133 - 2 years ago
Thanks. I was able to resolve my issues by upgrading some PCs to 21H1.
AlexandreBelanger - 2 years ago
Here is the article from microsoft.
https://support.microsoft.com/en-us/topic/kb5005652-manage-new-point-and-print-default-driver-installation-behavior-cve-2021-34481-873642bf-2634-49c5-a23b-6d8e9a302872
It explain what has been added to block user form installing driver and if you want to can disable it by using a registry entry.
New-ItemProperty -Path 'HKLM:\SOFTWARE\Policies\Microsoft\Windows NT\Printers\PointAndPrint\' -Name RestrictDriverInstallationToAdministrators -Value 0
tekknyne3 - 2 years ago
Do you add this registry key to the printer server or the Windows 10 client computers? I can't find the pointandprint registry folder on either.
tekknyne3 - 2 years ago
The issue we are seeing is that for many printers that are mapped using group policy, they flat out do not even show up. No error no nothing.
apfm141 - 2 years ago
we are also having this issue, did you by any chance find a solution? Thanks.