07-29-2016 03:03 PM
So the recent print server vulnerability caused Microsoft to patch up Point and Print. Now package-unaware V3 drivers do not play nice with Group Policy.
A lot of the network printers on our print server already have packaged drivers and aren't affected. All of our Canon drivers do not, however, and this means we need to go to each user and put in administrator credentials in order for them to make a (new) printer connection to our Canon imageRunners...
Even the latest UFRII drivers for our models appear to still be unpackaged...
Does Canon offer package-aware V3 drivers? If not, do they plan to offer them? We'd like to know what Canon's doing about this so we can take the appropriate steps.
08-17-2016 05:05 PM
08-17-2016 04:49 PM
By the power of a tweak, thou shall pass the dreaded MS16-087 and letters will be put on paper once again.
You need to register at your local servant that does all your writing. See if he is current in control of his enviroment - there might be an attribute in need of a change. The attribute shall be in form of 16 and Douglas Adams was almost right, he miss it by an inch and odd the answer should be.
Enough rubbish:
If you have trouble deploying printers after applying critical updates according to MS16-087 (KB3170455) try this tweak: Edit the register on your print server. If you change the value of the key PrinterDriverAttributes under HKLM\System\CurrentControlSet\Control\Print\Enviroments\Windowsx64\Drivers\...\Driver name\ and restart the print server, you are able to make Windows treat the driver as packaged, and it will install unattended with gpo. The hex number has to be odd, i.e. 41
Restart server .
According to MS the 1 flag for PrinterDriverAttributes stands for PRINTER_DRIVER_PACKAGE_AWARE. This will treat the driver as package aware, which means a CAB package will be created, including the inf and the catalog. The package will be installed through setupapi.dll when installing the driver, validating that the catalog is trusted, and that hashes for all files are included in the catalog.
08-18-2016 01:12 AM
BTW: To keep the original settings for the printer driver and only make it Pakage aware you shold add 1 to the original value of PrinterDriverAttributes. In my print enviroment the original attribute had the value 4, so I changed it to 5 and that made it Pakage aware. Different versions of the driver (and different vendors) might need other values.
09-21-2016 05:46 PM
09-27-2016 03:55 PM
I just tried
In a nutshell:
Go to the printers inf-File an add a section
[PrinterPackageInstallation.x86]
PackageAware=TRUE
or (for 64bit driver)
[PrinterPackageInstallation.amd64]
PackageAware=TRUE
and import the driver.
You will get a lot of warnings but ignore them all.
Install your printer and deploy it with gpo like allways and have fun with it!
12-20-2016 01:00 PM
Canon's USA site still does not have Packaged drivers. I was able to find a packaged PCL6 driver (version 21.85) on the Canon's EU site, but it did not work on my C5240 or 6255. It worked on 4225.
I had success on Canon's Asia site. They have a UFR II V30 packaged driver that worked on all the above machines. It took me 3 hours to sort this out, so I hope this reaches someone in need.
http://support-asia.canon-asia.com/
UFRII_Driver_V3000_W64_ukEN_12.exe
08-18-2016 01:13 PM
Hi grei_70,
I had not seen your post yesterday when sending mine, I think we were writing at the same time!
Indeed, your tweak works perfectly. All printers is "Package" now
The deployment also works by GPO
Thank
08-22-2016 06:47 AM - edited 08-23-2016 03:45 AM
Above doesnt seem to work on Uniflow Universal PcIXL Driver v 5.3.5.529 on Windows 10
Have changed the registry setting, restarted printer server and the driver is now listed as packaged
Have set the GPO, Point and Print Restrictions to disabled on the comptuer and user object
But same GPO error (0x80070bcb), also if i select the printer manually from print server i get UAC prompted, so it doesnt seem that it cares about the GPO settings...
//Tatsumi
EDIT I suspect that the issue with the Uniflow driver is that it's not signed
08-22-2016 08:04 AM
09/26/2024: New firmware updates are available.
EOS R5 Mark II - Version 1.0.1
EOS R6 Mark II - Version 1.5.0
07/01/2024: New firmware updates are available.
04/16/2024: New firmware updates are available.
RF100-300mm F2.8 L IS USM - Version 1.0.6
RF400mm F2.8 L IS USM - Version 1.0.6
RF600mm F4 L IS USM - Version 1.0.6
RF800mm F5.6 L IS USM - Version 1.0.4
RF1200mm F8 L IS USM - Version 1.0.4
Canon U.S.A Inc. All Rights Reserved. Reproduction in whole or part without permission is prohibited.