Hey Rick, thanks for the pointers. I'll definitely put this into place. Thing is, I can see the session that the printer is being installed for, and it's definitely a non-admin ICA connection. The event logs give the same sort of auto-install message for the non-native driver as they do for the native driver. Typically I expect to see a 1106 or whatever error saying the auto-creation failed, and then see that the printer is using the UPD. However with this one, the driver is being installed upon user login. It looks like Windows thinks that these drivers (canons and HPs) are Windows native drivers, and the files are cached somewhere and are being auto-installed. On 2/19/07, Rick Mack <ulrich.mack@xxxxxxxxx> wrote:
Hi Adam, There are some additional driver installation options that you can apply, but that aside, a major source of printer driver "contamination" is an administrator logging in to servers via RDP. If you've got a Canon printer at home, the culprit might even have been you ;-) It's a really good idea to firstly limit who can log on via RDP (use tsconsec during server build), and secondly to make sure that no printer autocreation takes place for the RDP listener. The following unmanged group policy will applied to all your servers will help: CATEGORY "Remote Admin (RDP) Session Settings" POLICY "Disable RDP Client Remapping" KEYNAME "SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp" PART "Disable Use connection settings from user setting" CHECKBOX VALUENAME "fInheritAutoClient" VALUEON NUMERIC 1 VALUEOFF NUMERIC 0 END PART PART "Disable Connect Client Printers on Logon" CHECKBOX VALUENAME "fDisableCpm" VALUEON NUMERIC 1 VALUEOFF NUMERIC 0 END PART PART "Disable LPT Mapping" CHECKBOX VALUENAME "fDisableLPT" VALUEON NUMERIC 1 VALUEOFF NUMERIC 0 END PART PART "Disable Clipboard Mapping" CHECKBOX VALUENAME "fDisableClip" VALUEON NUMERIC 1 VALUEOFF NUMERIC 0 END PART END POLICY ; disable rdp client capabilities END CATEGORY ; rdp settings regards, Rick -- Ulrich Mack Commander Australia On 2/20/07, Adam Granatela <agranatella@xxxxxxxxx> wrote: > Here's a nice fun one. PS4 enterprise, 3 servers. Policies are set to > grab native drives, otherwise use Citrix UPD. There are no printer > mappings, and no print drivers set to replicate. No session printers, no > imported print servers, and no login scripts that run on the Citrix servers > other than the default usrlogon.cmd files. > > I went through and deleted out all non-native MS drivers. In fact, I > wiped out all drivers except the Citrix UPD. I went into the registry and > verified that the only driver was listed under version-3 and was the Citrix > UPD. All should be good, right? > > Nope. The next time a user logged on using a Canon driver, it > auto-created, and auto-installed the driver. I can see it in the registry > listed as a driver with Canon listed as the provider, and not Microsoft. My > question to you guys, how is this driver being installed? I refreshed the > local host cache on all servers (datastore is SQL), and did an update > printer and driver information after deleting all the drivers, and verified > that in the CMC, only the UPD was listed for this particular server I'm > testing with (although it happens on all of them). > > Help! > > Adam >