Solving Network Printing Challenges for Architects

Network printing was a solved problem a long time ago. It is straightforward to set up and mostly easy to manage. Who thought we’d have a whole episode dedicated to this in 2022? Yet, network printing became one of the most talked-about topics in Q3-Q4 of 2021. Read on to find out why. 

The “print nightmare” vulnerability 

About a year ago Microsoft discovered a very big security vulnerability in their printing stack. The bad guys could manipulate the print spooler on a print server to execute code on a remote computer. (Read more here, if you want details https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-34527 ). Once the bad guys get system privileges, they can replace the drivers with malicious code, which allows a virus, malware, or ransomware to infect every machine that prints to that server. As a result, your whole organization can potentially get infected quickly and fairly easily from a technical standpoint. It’s like having a super spreader spread a virus at a concert or another public event. 

Once Microsoft discovered this, they put a set of “fixes” to mitigate the vulnerable systems. Updates were released from July to October to get the issues under control. And it’s those updates that created the real “nightmare” for many systems administrators, IT people, and businesses.  

The updates basically broke network printing… 

How did we “fix” network printing again 

Like many other IT administrators, we started getting calls about printers not working as they used to. We had to take some measures to get printing restored right away and then figure out a long-term solution.  

Unfortunately, that first part was not easy, as the only way to restore network printing back was to work around the mitigation steps from Microsoft and revert the changes that Microsoft put in place to get functionality and sacrifice security for the short term.  

Solution: Type-4 (v4) print drivers 

At around the same time, Microsft has recommended using type-4 or v4 print drivers to resolve the network printing issues while keeping the security mitigation in place. The way the v4 driver’s work is that they don’t have actual driver files in them and just have a pointer to where the client can then download the new print drivers from the internet trusted repository. This approach mitigates the risk of a printing client downloading harmful driver files from the server. 

The v4 driver standard has been around since 2012 but has not been fully utilized by all of the printer manufacturers. In our testing, we have found that HP and Cannon v4 drivers provided full functionality for the printers, while others may not have embraced it all the way.  

One example is Ricoh, where although they have a v4 driver available for download, it uses a Microsoft native point and print driver with minimal functionality when actually installed. This becomes a problem for many architecture firms. For example, the limited driver does not include the job code, chargeback settings, or other functionality like collate, staple, etc. 

We have spent hours working with Ricoh on these issues, and finally, they agreed that we have to use a type 3 driver. Then, create a unique package and deploy that package to the machines before connecting to the print server. As you can see, that is a complex process, and not many firm owners can deal with that without outside help.  

We will love to help if you are struggling with figuring out this or other printing issues at your firm. Things like driver incompatibility, application incompatibility, or printer driver misconfiguration can really cause a lot of stress for firm owners and employees alike. Reach out to us to get a free consultation if you have network printing issues. We’ve solved it for many of our architecture clients, and we’ll solve it for you.  

If you have questions or need help please reach out to us. ArchIT specializes
in providing IT services for architecture, design, and engineering firms.

We solve IT, so you can focus on doing your best work.