We’re collecting a standard set of instructions to follow for all consultants to save time and have a standard approach for ths;

Client Updated; Print Server Not Updated (Reported Behaviour: Dial comes up do you trust the server, then asks credentials, when trying to print)

Requires the following key on the Client

HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\Printers\PointAndPrintRestrictDriverInstallationToAdministrators = 0 (REG_DWORD)

Reboot afterwards

Then at a later date we need to review workstation patching policies

Print Server Updated; Client Not Updated  (Check for Cumulative Update September)

Requires the following key on the Server

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Print\RpcAuthnLevelPrivacyEnabled = 0 (REG_DWORD)

Restart the print spooler on the server afterwards

This key was put in place in January to mitigate cve-2021-1678 but not enforced until now.

You’re expected going to have this issue if your workstations haven’t been updated since January but I’ve seen a few cases with more recently updated workstations.

Ref: https://support.microsoft.com/en-us/topic/managing-deployment-of-printer-rpc-binding-changes-for-cve-2021-1678-kb4599464-12a69652-30b9-3d61-d9f7-7201623a8b25