How to Restrict Print Drivers from Being Installed on XenApp Servers

book

Article ID: CTX120618

calendar_today

Updated On:

Description

This article provides a workaround to prevent all print drivers from being installed on a XenApp server.

The various printing issues in Terminal Services/Remote Desktop and XenApp environments are caused by non-native, manufacturer provided, print drivers that exhibit poor multi-threaded performance. Unfortunately, print drivers can get installed on a server from many sources, including replication, RDP connections, connection to network printers, user profiles, and so on.

Instructions

For XenApp on Windows 2008 refer to CTX128786 – How to Restrict Print Drivers From Being Installed on XenApp Servers Hosted on Windows Server 2008.

Use the following steps to prevent all print drivers from being installed on a XenApp server. Remove all non-native, manufacturer provided print drivers in advance. The Print Detective utility in CTX116474 - Print Detective allows for quick filtering and deleting of these print drivers.

Caution! Refer to the Disclaimer at the end of this article before using Registry Editor.

Back up the registry before you edit it.
From the XenApp Advanced Configuration Console, select Policies > Create Policy. Name the policy and click OK.
Select the new policy, expand Printing, and expand Drivers.
Select Native printer driver auto-install.
Select Enabled and Do not automatically install drivers. This prevents the XenApp printing subsystem from attempting to install native print drivers when users connect.
Right-click the policy and select Apply this policy to.
Select the Servers filter and apply it to one or more servers in the environment, as needed.
Open the following registry key on the servers where the newly created Citrix policy is being applied:

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Print\Environments\Windows NT x86\Drivers\Version-3
Right-click the Version-3 key and set permissions for all accounts on the ACL to read.
You must copy the default inherited permissions before modifying. To prevent 64-bit print drivers from being installed (whether the system is 64-bit or not) adjust the permissions on the same Version-3 key under Windows x64 instead of Windows NT x86.

Now if a print driver installation attempt is made, it must fail and present an access denied error message. If drivers need to be installed at some point, add back the modified privilege to the appropriate accounts.

Environment

Caution! Using Registry Editor incorrectly can cause serious problems that might require you to reinstall your operating system. Citrix cannot guarantee that problems resulting from the incorrect use of Registry Editor can be solved. Use Registry Editor at your own risk. Be sure to back up the registry before you edit it.