Re: [Samba] KB3163912 breaks Point and Print Restrictions GPO settings for non-packaged-aware printer drivers

On 24/08/17 12:57, Marc Muehlfeld via samba wrote:
Hello Christian,

Am 24.08.2017 um 11:36 schrieb Christian Naumer via samba:
Has anyone found a workaround for Samba print servers?


If I set the GPOs as stated on the WIKI (https://wiki.samba.org/index.php/Setting_up_Automatic
_Printer_Driver_Downloads_for_Windows_Clients) Windows 10 refuses to install the driver with
"a policy forbids the installation" (translated from german). If I remove the policy I can
install everything fine (after the security prompt).
This all works with Windows 7 as expected.

Last time I verified the procedure was when I wrote the documentation
last January. It worked on 7/8.1/10 with all available updates applied.
I can re-check the procedure tonight.

What Samba and Win10 version are you using?

Which of the 2 GPOs do you refer to when you say "If I remove the policy
I can install everything fine"?

I can confirm that I seem to be experiencing the same problem. A few days ago, printers published from Samba AD and installed via GPO refused to install any more. This has been working fine for 6 months or so, since I setup the AD, until a few days ago - all according to instructions here: https://wiki.samba.org/index.php/Setting_up_Automatic_Printer_Driver_Downloads_for_Windows_Clients.

In the Event viewer on the Windows client I get the following:

EventID: 4098
Source: Group Policy Printers
Level: Warning
The user '<printer_name_on_samba_server>' preference item in the '<my_printer_installation_gpo_name>' Group Policy Object did not apply because it failed with error code '0x800704ec'. This program is blocked by group policy. For more information contact your system administrator. This error was suppressed.

Trying to browse for the printer directly on the Samba AD (from Windows workstation) I can see it, but when I double-click on it, I get the following error:

"A policy is in effect on your computer which prevents you from connecting to this printer queue"


"Operation could not be completed (error 0x00000bc4). No printers are found"

(the error message varies from machine to machine).

My setup is:

Samba ADC + print server: Samba 4.6.2
Clients: Windows 10 Pro x 3
A Samsung and a Brother printer shared on the Samba print server

Disabling the "Legacy printer driver policy" completely seems to get everything working properly, and the printers are installed correctly again by the printer installation gpo.

Follow-up: After more tests, it would appear that a recent Windows 10 update has modified the behaviour of the two print server trust GPO's. When I amended them to use the *non* FQDN name of my print server, they started working again.

Has anyone else experienced similar issues? Or maybe my findings are incorrect and the issue is somewhere else?

