[THIN] Re: Printers question

• From: "Rick Mack" <Rick.Mack@xxxxxxxxxxxxxx>
• To: <thin@xxxxxxxxxxxxx>
• Date: Sat, 20 May 2006 08:39:25 +1000

Hi Michael,
 
Windows NT 4.0 drivers are kernel-mode printer drivers. They are defined in the 
registry under HKLM\System\CurrentControlSet\Control\Print\Environments\Windows 
NT x86\version-2 and are installed in the folder 
%systemroot%\system32\spool\drivers\w32x86\2. Non kernal mode or user mode 
drivers (windows 2000+) are defined under a version-3 key and installed to 
w32x86/3.
 
A kernel mode driver can crash a server (or workstation). Regardless of whether 
the driver has been stable for months the potential is there. As an example, we 
had a Xerox Docucentre that gave us no troubles for 6 months until a new 
employee noticed and tried to use the stapling function which crashed any TS 
system where she tried to print. The Xerox driver was a kernel mode driver.
 
If you're not careful, it's quite easy to download and install kernel mode 
drivers. Some printer manufacturers (did I mention Xerox?) have released 
windows 200/XP "compatibile" drivers that were still kernel mode drivers. Some 
of the older barcode and label printer drivers are often kernel mode, though if 
that's the case  http://www.seagullscientific.com will probably have equivalent 
user mode (or even x64) drivers that you can use instead.
 
Drivers can also be uploaded from client workstations (depending on Citrix 
policy settings) but a major source of "undocumented" driver installation can 
also occur from admin RDP logons where printer autocreation will install 
drivers from the admin's workstations. If your file/print servers have kernel 
mode drivers installed, then those will propagate to all of your TS systems.
 
Stopping installation of kernel mode drivers on to your systems is easy. 
Windows Server 2003 has a group policy setting to disable installation of 
kernel mode drivers, but its dead simple (Via GPO) to set admin/system access 
to read only for the version-2 registry key and w32x86/2 directory to prevent 
kernel mode drivers being installed on win2k systems.
 
How to get rid of them if they're already there? 
 
First make sure they're not on your file/print servers and then get them off 
your terminal servers. There are a number of different ways to clean things up 
including scripting and freeware utilities, but the simplest thing is to open 
the printers and faxes folder, right click, select server properties > drivers 
and delete them. Of course that assumes they're not being used. If they are, 
for each printer that's using the kernel mode driver, replace the driver with 
an equivalent user mode driver, then delete the kernel mode driver. 
 
Once the kernel mode drivers are removed from all your servers, you've got a 
good chance that refreshing the printer driver list in the CMC will clear them 
out. Set a group policy to prevent installation of kernel mode drivers and 
things will stay clean.
 
regards,
 
Rick
 
Ulrich Mack 
Volante Systems 
Level 2, 30 Little Cribb Street 
Coronation Drive Office Park 
Milton Qld 4064 
tel: +61 7 32431847 
fax: +61 7 32431992 
rick.mack@xxxxxxxxxxxxxx 

________________________________

From: thin-bounce@xxxxxxxxxxxxx on behalf of Michael Boggan
Sent: Fri 19/05/2006 23:55
To: thin list
Subject: [THIN] Printers question


When I look in the CMC for XP 1.0, under the Drivers section, there are several 
Windows NT 4.0 drivers listed.  We have no NT 4.0 servers and the servers that 
are listed as having those drivers are 2003 servers.  I have gone into the 
drivers on those servers and they are not there.  Any idea why these are 
showing up in the CMC and what i can do to get rid of them?
 
Thanks,
Michael Boggan



#####################################################################################
This e-mail, including all attachments, may be confidential or privileged.  
Confidentiality or privilege is not waived or lost because this e-mail has been 
sent to you in error.  If you are not the intended recipient any use, 
disclosure or copying of this e-mail is prohibited.  If you have received it in 
error please notify the sender immediately by reply e-mail and destroy all 
copies of this e-mail and any attachments.  All liability for direct and 
indirect loss arising from this e-mail and any attachments is hereby disclaimed 
to the extent permitted by law.
#####################################################################################

Other related posts:

• » [THIN] Printers question
• » [THIN] Re: Printers question
• » [THIN] Re: Printers question
• » [THIN] Re: Printers question
• » [THIN] Re: Printers question
• » [THIN] Re: Printers question
• » [THIN] Re: Printers question
• » [THIN] Re: Printers question
• » [THIN] Re: Printers question

1. Home
2. thin
3. Archive
4. 05-2006

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---