My colleague Grim Eide @grei have found a sweet workaround 🙂
If you have trouble deploying printers after applying critical updates according to MS16-087 (KB3170455) try this tweak: Edit the register on your print server. If you change the value of the key PrinterDriverAttributes under HKLM\System\CurrentControlSet\Control\Print\Enviroments\Windowsx64\Drivers\…\Driver name\ and restart the print server, you are able to make Windows treat the driver as packaged, and it will install unattended with gpo. The hex number has to be odd, i.e. 41
Restart server .
According to MS the 1 flag for PrinterDriverAttributes stands for PRINTER_DRIVER_PACKAGE_AWARE. This will treat the driver as package aware, which means a CAB package will be created, including the inf and the catalog. The package will be installed through setupapi.dll when installing the driver, validating that the catalog is trusted, and that hashes for all files are included in the catalog.
BTW: To keep the original settings for the printer driver and only make it Pakage aware you shold add 1 to the original value of PrinterDriverAttributes. In my print enviroment the original attribute had the value 4, so I changed it to 5 and that made it Pakage aware. Different versions of the driver (and different vendors) might need other values.
If you have Canon printers in your environment, DO NOT INSTALL the listed patches below!
- If the patch gets installed, GPO will not be able to connect to the printers ..
On pc clients the only solution is to uninstall the patch..
Canon has said there will be a solution to this before end of september 2016..
The reason why this fails is because the Canon driver is not Package aware..
HP printers no problem..
- On Citrix terminal servers you can do the following if the patch is installed:
– Create a new vdisk version , boot it up in maintenance , connect to the printer and trigger driver update for the Canon driver.
Windows 10 -1511
Windows 8.1 and older