Microsoft patches (released in August 2021) block non-admins from installing unsigned non-packaged print drivers. This change addresses the PrintNightmare vulnerability and is related to Windows Print Spooler security issues.
You can work around the new requirements by disabling the GPO option Limit print driver installation to Administrator under Computer Configuration > Administrative Templates > Printers (should be used rarely due to security risks).
If this option is missing in the GPO console, you will need to update the administrative template (ADMX) files on the Active Directory domain controller, or you can enable this setting through the registry.
Limit print driver installation to Administrator policy sets the RestrictDriverInstallationToAdministrators registry entry under HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Printers\PointAndPrint\ to 0.
Create a new registry parameter under the GPO section Computer Configuration > Preferences > Windows Settings > Registry.
- Action: Replace
- Hive: HKEY_LOCAL_MACHINE
- Key path: Software\Policies\Microsoft\Windows NT\Printers\PointAndPrint
- Value name: RestrictDriverInstallationToAdministrators
- Value type: REG_DWORD
- Value data: 0
Once this option is set, your users will be able to connect shared network printers and install print drivers from trusted print servers.
