Recently a client of mine updated their print drivers on the Print Server (through Print Managemnet). Users suddenly had issues printing, where Word would say “Driver Update Required“. When a user would go to right-click on the printer and click on “Update Driver“, they would get essentially a UAC prompt asking whether they trust that particular printer:
When they click Install Driver, it looks like it’s installing and then it just falls back to the same message. It looks like there’s an endless loop where users can’t print because of the driver update requirement, but they can’t install the driver either.
These printers are deployed through Print Management and are deployed via GPO. There are Point and Print restriction policies in place as well to remove any warnings or UAC prompts for installing new drivers, or updating drivers:
In theory, this should mean that there’s no warnings and the drivers should just update. I’ve had a look on the workstations and they’re applying the policy correctly and the changes are there, so it’s not an issue with applying the actual GPO. With this in mind though, the warnings are still showing up and the drivers can’t be updated.
When running the troubleshooter, it asks whether you want to install the updates with elevated privileges. When doing this, it works fine. After a lot of troubleshooting, this ticket was actually escalated to Microsoft support to look into this.
They confirmed the following:
There was a Windows Security Update recently released which targeted the security of printing. This was
KB3170455 and this was the culprit! Essentially what this update does is require drivers to meet certain criteria before they can be used. The criteria is the following:
- Package aware
- Digitally signed
- Catalogue print drivers
Apparently the official drivers we had downloaded from the Canon website did not meet this criteria. Uninstalling this update has resolved the issue for all users.
At the time of writing this blog, there is no official word from Microsoft acknowledging the issue caused by their security update other than what the support technician has told me, but they have confirmed that since the update, there have been a large number of support calls raised to their help-desk.
There’s currently only two options to get around this:
- Download another driver that meets the criteria
- Remove the Windows Security Update from all servers and workstations
Note: if you are a small enough company, you can work around this by installing the driver update with elevated privileges.
