- Windows® Windows XP®(SP3 or greater) Windows Vista® Windows 7® Windows 8® Windows 10® Works with devices running Android®,Motorola OS, or Windows Mobile® operating systems Mac OS X® Mac OS® 10.5.8 Leopard Mac OS® 10.6 Snow Leopard Mac OS® 10.7 Lion Mac OS® 10.8 Mountain Lion Mac OS® 10.10 Yosemite Works with devices running Android®.
- The Windows Driver Kit (WDK) Version 7.1.0 is an update to the WDK 7.0.0 release and contains the tools, code samples, documentation, compilers, headers and libraries with which software developers create drivers for Windows 7, Windows Vista, Windows XP, Windows Server 2008 R2, Windows Server 2008, and Windows Server 2003.
-->Applies to
- Windows 10
KC Software is known for developing some of the most user-friendly applications for the Windows platform. And recently they brought a Driver Update Monitor program for Windows 10, 8 and 7 users. Unlike other driver update tools, this program detects required drivers based on Microsoft’s huge list of devices and drivers. This helps in reducing. To use this site to find and download updates, you need to change your security settings to allow ActiveX controls and active scripting. To get updates but allow your security settings to continue blocking potentially harmful ActiveX controls and scripting from other sites, make this site a trusted website.
Describes the best practices, location, values, and security considerations for the Devices: Prevent users from installing printer drivers security policy setting.
Reference
For a device to print to a network printer, the driver for that network printer must be installed locally. The Devices: Prevent users from installing printer drivers policy setting determines who can install a printer driver as part of adding a network printer. When you set the value to Enabled, only Administrators and Power Users can install a printer driver as part of adding a network printer. Setting the value to Disabled allows any user to install a printer driver as part of adding a network printer. This setting prevents unprivileged users from downloading and installing an untrusted printer driver.
This setting has no impact if you have configured a trusted path for downloading drivers. When using trusted paths, the print subsystem attempts to use the trusted path to download the driver. If the trusted path download succeeds, the driver is installed on behalf of any user. If the trusted path download fails, the driver is not installed and the network printer is not added.
Although it might be appropriate in some organizations to allow users to install printer drivers on their own workstations, this is not suitable for servers. Installing a printer driver on a server can cause the system to become less stable. Only administrators should have this user right on servers. A malicious user might deliberately try to damage the system by installing inappropriate printer drivers.
Possible values
- Enabled
- Disabled
- Not defined
Best practices
- It is advisable to set Devices: Prevent users from installing printer drivers to Enabled. Only users in the Administrative, Power User, or Server Operator groups will be able to install printers on servers. If this policy setting is enabled, but the driver for a network printer already exists on the local computer, users can still add the network printer. This policy setting does not affect a user's ability to add a local printer.
Location
Computer ConfigurationWindows SettingsSecurity SettingsLocal PoliciesSecurity Options
Default values
The following table lists the actual and effective default values for this policy. Default values are also listed on the policy’s property page.
| Server type or GPO | Default value |
|---|---|
| Default Domain Policy | Not defined |
| Default Domain Controller Policy | Not defined |
| Stand-Alone Server Default Settings | Enabled |
| DC Effective Default Settings | Enabled |
| Member Server Effective Default Settings | Enabled |
| Client Computer Effective Default Settings | Disabled |
Policy management
This section describes features and tools that are available to help you manage this policy.
Restart requirement
None. Changes to this policy become effective without a computer restart when they are saved locally or distributed through Group Policy.
Security considerations
This section describes how an attacker might exploit a feature or its configuration, how to implement the countermeasure, and the possible negative consequences of countermeasure implementation.
Vulnerability
It may be appropriate in some organizations to allow users to install printer drivers on their own workstations. However, you should allow only administrators, not users, to do so on servers because printer driver installation on a server may unintentionally cause the computer to become lessstable. A malicious user could install inappropriate printer drivers in a deliberate attempt to damage the computer, or a user might accidentally install malicious software that masquerades as a printer driver.
Countermeasure
Enable the Devices: Prevent users from installing printer drivers setting.
Potential impact
Only members of the Administrator, Power Users, or Server Operator groups can install printers on the servers. If this policy setting is enabled but the driver for a network printer already exists on the local computer, users can still add the network printer.
Actions Others Driver Download For Windows 10 Free
Related topics
-->Download Windows 10
Finish-install actions for a device are processed in the same way by an installer (a class installer, class co-installer, or device co-installer), regardless of whether the installation was a hardware-first installation or the installation is initiated by running an installation program such as the Found New Hardware Wizard, the Update Driver Software Wizard, or a vendor-supplied installation program (a software-first installation).
Note In Windows 8, Windows 8.1, and Windows 10, finish-install actions must be completed in the Action Center by an administrator (or a limited user that can provide administrator credentials to a UAC prompt). Users must click on 'Finish installing device software'.
Windows processes finish-install actions after all other installation operations have completed and the device has been started, including:
- Core device installation (also known as server-side installation), in which the driver for the device is installed and loaded by the system's Plug and Play (PnP) manager components.
Actions Others Driver Download For Windows 10 64
Windows completes the following steps to process an installer's finish-install actions:
Download For Windows 10 Free
At the end of core device installation, Windows calls SetupDiCallClassInstaller to send a DIF_NEWDEVICEWIZARD_FINISHINSTALL request to the installers for the device.
DIF_NEWDEVICEWIZARD_FINISHINSTALL is the only DIF code that is sent in both the context of core device installation and in the client context. Therefore, a class installer, class co-installer, or device co-installer must indicate that it has finish-install actions during DIF_NEWDEVICEWIZARD_FINISHINSTALL processing, instead of during DIF_INSTALLDEVICE processing.
If an installer provides finish-install actions, it sets the DIF_FLAGSEX_FINISHINSTALL_ACTION flag in response to a DIF_NEWDEVICEWIZARD_FINISHINSTALL request. If the DIF_FLAGSEX_FINISHINSTALL_ACTION flag is set after all the installers have processed a DIF_NEWDEVICEWIZARD_FINISHINSTALL request, the device is flagged to perform a finish install action.
For more information about this operation, see Marking a Device as having a Finish-Install Action to Perform.
After core device installation is complete for a device, Windows checks whether the device has been flagged to perform a finish-install action. If it has, Windows queues a finish-install process that performs the finish-install actions specific to the device. The process executes in the user's context.
In Windows 8 and later versions, finish-install actions are not automatically run as part of device installation. Instead, an administrator (or a limited user that can provide administrator credentials to a UAC prompt) must go to the Action Center and address the 'Finish installing device software' maintenance item for the finish-install action to run. Until then, the finish-install action will not run. For example, if a user plugs in a device that installs a driver that includes a finish-install action, the finish-install action will not automatically run at that time. The finish-install action runs at a later point when the user manually initiates it. When Windows runs the finish-install action, the action has that single opportunity to run. If the action fails then it must take appropriate steps to allow the user to try again and finish later. Installing supporting software that should accompany a driver can still be accomplished with a finish-install action, but it will also not be installed automatically.
In Windows 7, the finish-install process runs only in the context of a user with administrator credentials at one of the following times:
- The next time that a user who has administrator credentials logs on while the device is attached.
- When the device is reattached.
- When the user selects Scan for hardware changes in Device Manager.
If a user is signed in without administrative privileges, Windows prompts the user for consent and credentials to run the finish-install actions in an administrator context.
When finish-install operations run, the finish-install process starts and completes any finish-install wizard pages for the device, and then calls SetupDiCallClassInstaller to send a DIF_FINISHINSTALL_ACTION request to all installers for the device, as described in Running Finish-Install Actions.
After the installers have completed their finish-install actions, Windows runs the default finish-install action, as described in Running the Default Finish-Install Action.