Given that firms are likely to keep users without administrator rights to limit lateral movement (and quite frankly because Microsoft has told us over the years that running with administrator rights was a bad thing), we’re now having to decide to give users local administrator rights, make a registry key adjustment that weakens security, or roll back the patch until Microsoft figures out what went wrong. We’re also seeing that when the patch is on the workstation and not on the server, it’s triggering a reinstallation of the print drivers. More precisely, when the print server is on a Server 2016 server, the printers are pushed out via Group Policy, and the printer driver from the vendor is a V3 driver, it is triggering the reinstallation of print drivers. However, what we’re seeing over on the list is that anyone with a V3 style of print driver is having their users be prompted to reinstall drivers or install new drivers. Update existing printer drivers using drivers from remote computer or server”.
Install new printers using drivers on a remote computer or server.As noted in KB5005652, “by default, non-administrator users will no longer be able to do the following using Point and Print without an elevation of privilege to administrator: Microsoft made a change in how Group Policy printers are handled when it changed the default Point and Print behavior to address “PrintNightmare” vulnerabilities affecting the Windows Print Spooler service. But over the last several months you’ve made it near impossible to stay fully patched and keep printing.Ĭase in point: the August security updates.
We aren’t all paperless out here in the business world - many of us still need to click the Print button inside our business applications and print things out on an actual sheet of paper, or send something to a PDF printer.