This message was deleted.
# _generals
Slackbot
08/25/2022, 8:22 AMThis message was deleted.
d
Dennis van Dam
08/25/2022, 8:46 AMDoes it work for non anonymous? Just asking because of printnightmare
s
Spencer Sun
08/25/2022, 12:22 PMJust curious, since anonymous users are local accounts, is the script asking for domain?
m
Michiel Roos
08/25/2022, 2:00 PMI've got a GPO which adds pointandprint-servers from which users can install printdrivers but this does not make a difference. It does work if I log on as ADMIN on the Citrix server and add the printer via my user account and also if I put the credentials in the Windows Credential manager and then add the printer via PRNMNGR.vbs
The script is asking for a domain, I've type in everything manually (account/password) but it still fails with logon failed (we even tried different accounts/people). However the anonymous accounts being local accounts might be a good reason for it not working.
d
Dennis van Dam
08/25/2022, 2:17 PMI’d first test the same with a non anonymous account to so if it still works at all without the need for any kind of elevation due to PrintNightmare. If it doesn’t work that way either the rest of your search is directly a waste of time.
a
Alain Assaf
08/25/2022, 3:22 PMIs it worth trying the mapping process using PowerShell and see if the behavior is any different?
d
Dennis van Dam
08/26/2022, 8:34 AMOr just start a desktop session and try mapping it, if it needs elevation there it’s useless to investigate the script.
m
Michiel Roos
08/26/2022, 9:15 AMWith an non anonymous account it sort of works, not with "net use" but if I go to "Devices And Printers\Add Printer" it adds a printer without problem. Of course with the anonymous account this will not add the printer with the correct credentials.
d
Dennis van Dam
08/26/2022, 9:40 AMSo that then proves it’s a waste of time to put any effort in the script I guess
m
Michiel Roos
08/26/2022, 9:40 AMI got it working without any registry changes (although RpcAuthnLevelPrivacyEnabled was already set at 0) by doing the following:
_cmdkey /add:<printserver> /user:<domain>\<username> /pass <plaintext_password>_
_C:\Windows\System32\Printing_Admin_Scripts\en-US>cscript PRNMNGR.vbs -ac -p "\\<printserver>\<printer>"_
However when I log out, the credentials are still stored in the ANON00x useraccount. So we could delete them with:
cmdkey /delete:<printserver>
Still not sure why the standard way is not working, but looking at PRNMNGR.vbs it is using WMI to add the printer.
Powershell Printmanagement module is post-2008R2
👍 1
3 Views