Nosotros came across a foreign consequence today on Windows 10 devices that we haven't seen since the Windows Vista days. Users take started to get prompts for User Account Control(UAC) when connecting to some printers. The Indicate and Impress characteristic is responsible for this as it hands allows standard users to install printer drivers from the trusted print server. This post describes how to gear up Windows 10 betoken print UAC problem.

The trouble appeared right after applying terminal July monthly updates. (MS16-087)

[su_box title="Description" style="drinking glass" title_color="#F0F0F0″]This security update resolves vulnerabilities in Microsoft Windows. The more severe of the vulnerabilities could let remote code execution if an attacker is able to execute a human-in-the-middle (MiTM) set on on a workstation or print server, or fix up a rogue impress server on a target network.[/su_box]

Windows 10 Indicate Print UAC Prompt Cause

Microsoft as tightened the requirement for printer drivers on print servers.

If you :

  • Are using a print server
  • Let standard user to install printer drivers using the Point and Print Group Policy
  • Are using old printer commuter that might have the following :
    • Non-bundle-aware v3 printer drivers
    • Unsigned or expired certificate validation drivers

Following MS16-087 installation, you receive a UAC prompt and a Connect to Printer mistake after a printer installation attempt. (A policy is in consequence on your reckoner which prevents y'all from connecting to this print queue. Please contact your system Administrator)

Windows 10 point print UAC
Windows 10 point print UAC

Hither's the list of the specific KB per OS that create the issue :

  • KB3163912
    •  Windows 10
  • KB3172985
    • Windows 10 v1511
  • KB3170455
    • Windows Vista
    • Windows 7
    • Windows 8.ane
    • Windows Server 2008
    • Windows Server 2008 R2
    • Windows Server 2012
    • Windows Server 2012 R2

How to fix Windows 10 indicate impress UAC

Part i

Part 1 of the solution is available in the October 2016 Preview of Monthly Quality Rollup available for all operating organization except Windows ten (October 16th). Microsoft has released an update that lets network administrators configure policies that allow the installation of print drivers that they consider are safe. This update also allows  network administrators to deploy printer connections that they consider condom.

[su_box championship="Annotation" style="drinking glass" title_color="#F0F0F0″]If you are not familiar with preview updates, have a look at the following weblog post.[/su_box]

This mean, if you lot are facing the outcome, the official set for it will be bachelor for production use on the next Patch Tuesday (November 8th) as part of the Monthly Quality Rollup.

[su_box title="Important" style="glass" box_color="#000000″ title_color="#F0F0F0″]**Update 2016/11/x** Microsoft as released an update that was in preview in Octobre 2016. KB3197868 https://support.microsoft.com/en-ca/kb/3197868 Afterward testing, it'south working as excepted. The second GPO role still required to make this work.[/su_box]

KB in preview

For Windows seven and Windows Server 2008 R2 : https://support.microsoft.com/en-ca/kb/3192403

For Windows Server 2012 : https://support.microsoft.com/en-ca/kb/3192406

For Windows viii.1 and Windows Server 2012 R2 : https://back up.microsoft.com/en-ca/kb/3192404

KB in production

For Windows 10 RTM : https://back up.microsoft.com/en-ca/kb/3192440

For Windows 10 1511 : https://support.microsoft.com/en-ca/kb/3192441

Function 2

Part 2 consist having the right GPO settings for Indicate and Print.

Two GPO settings must be practical :

  • Under Calculator Configuration / Policies / Administrative Templates / Printers, set Package Bespeak and Print – Approved server to Enabled
    • Each print server must be added to the list with the fully qualified server name
Windows 10 point print UAC
  • Under Computer Configuration / Policies / Administrative Templates / Printers, set Point and Print Restrictions to Enabled
    • Each print server must be added to the listing with the fully qualified server proper noun, seperated by semi-colons
    • When installing driver for new connexion, select Do non bear witness warning or meridian prompt
    • When installing driver for existing connection, select Do not bear witness alert or elevation prompt
Windows 10 point print UAC