Inside Printer Setup And Installation For Windows Vista
Download
Report
Transcript Inside Printer Setup And Installation For Windows Vista
Inside Printer Setup
And Installation For
Windows Vista
Adrian Lannin
Program Manager
Digital Documents
Microsoft Corporation
Agenda
Driver installation and…
User Account Control
Printer permissions
Driver Store
Group Policy for Devices
Printer driver installation and…
Printer Driver Packages
Localized Drivers
Point and Print
Cross-platform Installation
User Account Control
What is it?
All users, including
administrators, run as
standard users
“Elevation” points are
provided when the
user needs to perform
an operation that
truly requires
administrative rights
For example, running a
setup application is a
privileged operation
User Account Control
Printer install operations
On Windows XP, installing a printer by
plug and play or point and print does not
require administrator rights
Installing a local printer driver requires
administrator rights
Managing a printer, changing properties,
sharing a printer is an administrator task
Running a setup application is an
administrator task
Printer Installation Rights
In Windows Vista, a standard user can
Use the Add Printer Wizard (APW) to install a
local printer
When there is an inbox driver available, and
When they are physically at the machine
Permissions
The user that installs the
printer is given the
Manage Documents
permission
With this permission, they
can manage and delete a
printer that they installed
Members of the
administrators group
also have this
permission –
when elevated
Install Applications
A setup application should automatically request
permission to run with administrator rights
Windows Vista uses heuristics to detect setup.exe
If Windows Vista can't determine what rights an
application requires, it runs the application with
user rights
The user must right-click and select Run as Administrator
Recommendation: Use an application manifest
containing this attribute:
<requestedExecutionLevel
level="requireAdministrator"
uiAccess="false" />
More information: MSDN Developer Center
Scenarios Enabled
A standard user can use the APW to
install a printer using an inbox driver
Useful for non-plug and play installations
Useful when a standard user needs to print
to a printer but they don’t have the driver –
they can install a generic driver and get basic
print capability
Setup applications automatically request
administrator permission
Driver Store
What is it?
The driver store is a trusted cache of
inbox and third party drivers, on the local
hard disk
Third party drivers are copied from media to
the driver store
We call the driver and the files the
driver package
All drivers are installed from the driver store
Because drivers in the store are trusted,
standard users may install them
Printer Driver Install Phases
1. Put the driver package in the driver store
Inbox drivers are already in the driver store
Driver is copied from media
Signing is checked
If everything is good, driver is copied into the
driver store
This is a privileged operation!
2. Install the driver
Driver files are installed to their final location from the
driver store
This is NOT a privileged operation. Any user can
install a driver
Driver Versions
Driver store is a side by side store
New driver package versions co-exist with
old versions
Plug and Play ranking determines the driver selected
for installation
Use the DriverVer directive in the INF to specify driver
package version
Packages are not deleted when the drivers
are deleted
Available for reinstallation
Pnputil.exe – driver store utility
Offline support
Scenario Enabled
A print administrator adds a set of
OEM printer drivers to the driver
store on a corporate standard
Operating System image
These drivers can be installed by a
standard user because they are in the
driver store
Easier deployment
Cost savings/no help desk
assistance required
Group Policy For Devices
What is it?
Two phases of device installation
1. Admin rights: Place the driver in the driver store
2. User: Install the driver
By using Group Policy for Devices, an
administrator can delegate the privilege required
for step 1 to a standard user
Why?
Majority of corporations will run locked-down desktops
in the future
Amazing cost savings for IT departments
More reliable, secure systems
Driver Installation Policy
This policy allows digitally signed and
trusted drivers to be installed by a
standard user
Digitally signed by
Microsoft (e.g. WHQL, Windows)
A commercially acquired certificate
An internally generated or a test certificate
Trusted
The certificate that signed the driver is
present on the machine, in the
certificate store
How To Delegate Printer Driver
Installation Rights
Driver Requirements
Effective for INF-based driver packages
Printer vendors need to ensure that their
drivers are available in driver packages that
install via an INF
Many Windows XP printer drivers can be
installed when this policy is enabled
Drivers that have co-installers may not work
The co-installer does not run until an
administrator logs in
Scenario Enabled
The print administrator uses group policy
to delegate printer installation rights to an
organizational unit (OU)
Members of that group put signed printer
drivers into the driver store, when the
driver was signed by a trusted source
The administrator can obtain a certificate
and use it to sign driver packages
Driver Packages
What are they?
A Driver Package is an INF, all the files
referenced by an INF, and the CAT file
A package must be signed
A common problem is that some INFs
refer to files that do not exist
The driver store checks file dependencies
when the driver is added, and will not import
packages that have missing dependencies
Printer Installation And
Driver Packages
Windows Vista tries to install packages in
most cases
Local Installation
Remote Installation
Point and Print
Web Point and Print
When using packages is not an option,
legacy mode is used
Package Point And Print
In package point and print, the complete driver
package is put in the client's driver store
All components of the driver are installed on the client
Client installation checks signing
Result is a more secure form of point and print
Windows Vista to downlevel uses "legacy" point
and print
Dependency handling requires an INF change
This is called being "package aware"
Package-Awareness
To be package-aware
Either: Ensure that all the files in the driver
package are unique, and don't appear in
other packages
And use the PackageAware keyword
Or: Isolate the shared files into a separate
core INF
And use the core driver keywords
Example INF
Simple case
If a printer driver contains a unique set
of files
Add the section highlighted below
[DDInstall Section]
CopyFiles=...
[PrinterPackageInstallation.x86]
PackageAware=TRUE
[DestinationDirs]
...
Core File Dependencies
Shared files are placed in core
printer drivers
Using Unidrv on Windows XP
[DriverInstall]
[email protected],@OEMABC.GPD
DataFile=OEMABC.GPD
DataSection=UNIDRV_DATA
Include=NTPRINT.INF
Needs=UNIDRV.OEM,TTFSUB.OEM
Using Unidrv on Windows Vista
[DriverInstall_Vista]
[email protected],@OEMABC.GPD
DataFile=OEMABC.GPD
CoreDriverSections="{D20EA372-DD35-4950-9ED8-A6335AFE79F0},
UNIDRV.OEM, UNIDRV_DATA, TTFSUB.OEM"
Sample (Partial Sample)
[Version]
Signature="$Windows NT$"
ClassGUID={4D36E979-E325-11CE-BFC1-08002BE10318}
Class=Printer
. . .
[Manufacturer]
; Models sections for x86 driver on pre-Windows Vista
[Company.NTx86]
"Device Description" = DriverInstall, PNP_ID, ABC_Printer
; Models section for x86 driver on Windows Vista and later
[Company.NTx86.6.0]
"Device Description" = DriverInstall_Vista, PNP_ID, ABC_UniDrv5_Printer
[PrinterPackageInstallation.x86]
PackageAware=TRUE
CoreDriverDependencies={D20EA372-DD35-4950-9ED8-A6335AFE79F0}
...
[DriverInstall_Vista]
[email protected],@OEMABC.GPD
DataFile=OEMABC.GPD
CoreDriverSections="{D20EA372-DD35-4950-9ED8-A6335AFE79F0}, UNIDRV.OEM,
UNIDRV_DATA, TTFSUB.OEM"
Scenario Enabled
Printer driver vendors can ensure the
complete driver package is installed on
the client during point and print
Driver signing is checked during remote
installations, so package-aware drivers
are trusted in more install scenarios
Point and Print
Interop support
Windows Vista point and print completely
interoperates with prior versions of
Microsoft Windows
Legacy point and print (old)
Package point and print (new)
Windows Vista supports package point
and print to Windows Vista clients
Windows Vista supports legacy point and
print to pre-Windows Vista clients
Point And Print
Package-aware drivers
Package-aware
Windows Vista
Windows Vista
Legacy
Legacy
Windows XP
Package-aware on
Windows Vista
Package point and print to
Windows Vista and later
Legacy to older versions
Package-Aware Drivers
Making the driver package-aware is
fairly straightforward
When the driver is installed on
Windows Vista, the platform takes care
of the interop differences down to
Windows 2000
If the same driver package must be
installed on Windows XP, then use
Operating System version decorations to
isolate the Windows Vista INF attributes
Localized Drivers
What are they?
All drivers have localizable resources
Inbox Operating System components use .MUI files to
store resources
Inbox printer drivers need embedded resources so print
drivers have the localized language embedded
i.e. French printer DLLs contain French strings
But printer drivers also respect MUI, so installing a
language pack results in a language switch on the
local machine
Point and print clients still get the original language of the server
OEM drivers can embed multiple resources in the binary
Scenario Enabled
Language switching on the local machine
Windows Vista to Windows Vista point
and print: Language switching works for
driver packages
Point and print to downlevel machines
works as before (client gets the server
native language)
Cross-Platform Installation
What is it?
Machines share printers with other
machines that have different
processor architectures
The client needs to obtain the driver from the
server, if it doesn’t have one locally
The server needs to host a driver for
the client
Where does the hosting machine get the
correct driver?
From the appropriate media
Scenario Enabled
When the user shares a printer on an x86
computer with an x64 client, they need to
add an additional driver for that client
The user inserts the x64 media, and
installs the driver from the disk
Call To Action
Always make your driver package available as
an INF
Enables so many scenarios!
Use the package-aware mechanism in
Windows Vista
Package-aware drivers are preferred in point and
print, they are trusted, and provide more
client functionality
If you write a setup application, use an
application manifest so the Windows Vista will
automatically ask the user to run it with
elevated privileges
Call To Action
Understand your company logo goals and
review new logo requirements
Basic and Premium
At WinHEC
Practice setup dev skills in
Printer Installation Hands on Lab
Attend the Ask the Experts sessions
Attend related sessions
PRI019 Developing XPSDrv Print Drivers
DEV052 Installing Driver Packages in
Windows Vista and Windows Server Longhorn
Additional Resources
Read the Printer Package Installation white paper on
http://www.microsoft.com/whdc/device/print/default.mspx
Technical advice
Prninfo @ microsoft.com
Online
XPS Portal http://www.microsoft.com/xps
Links to relevant blogs, whitepapers, specs
WHDC Printing documents
http://www.microsoft.com/whdc/device/print/default.mspx
Print Server Information: http://www.microsoft.com/printserver
UAC development resources: http://msdn.microsoft.com
Windows Digital Documents Platform Team Newsletter
https://profile.microsoft.com/RegSysProfileCenter/subscriptionwizard.aspx
?wizid=77d9786e-9500-40a4-ba20-a4c7504d83ca&lcid=1033
© 2006 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.
The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market
conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation.
MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.