How to fix error code 0x0000011b

 

How to fix error code 0x0000011b that appears when printing after installing the September cumulative update KB5005565 in Windows 10. Recently, several users have reported getting error code 0x0000011b after they received the 14 September cumulative update. You might not get printed paper in return for your document when trying to print after installing KB5005565 on Windows 10 21H1, 20H2, or 2004. Commonly, the error message is “Windows cannot connect to printer” Here is easy method to fix this printer error.

Registry editor path: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Print\ New key name: RpcAuthnLevelPrivacyEnabled

Edit value to 0

Printer error fix from microsoft

Microsoft

KB5005652—Manage new Point and Print default driver installation behavior (CVE-2021-34481)

Summary

Windows updates released August 10, 2021 and later will, by default, require administrative privilege to install drivers. We made this change in default behavior to address the risk in all Windows devices, including devices that do not use Point and Print or print functionality. For more information, see Point and Print Default Behavior Change and CVE-2021-34481.  

By default, non-administrator users will no longer be able to do the following using Point and Print without an elevation of privilege to administrator:

• Install new printers using drivers on a remote computer or server

• Update existing printer drivers using drivers from remote computer or server

Note If you are not using Point and Print, you should not be affected by this change and will be protected by default after installing updates released August 10, 2021 or later.

Important Printing clients in your environment must have an update released January 12, 2021 or later before installing updates release September 14, 2021.  Please see Q2 in “Frequently asked questions” below for more information.

Modify the default driver installation behavior using a registry key

You can modify this default behavior using the registry key in the table below. However, be very careful when using a value of zero (0) because doing that makes devices vulnerable. If you must use the registry value of 0 in your environment, we recommend using it temporarily while you adjust your environment to allow Windows devices to use the value of one (1).   

Registry location	HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\Printers\PointAndPrint
DWord name	RestrictDriverInstallationToAdministrators
Value data	Default behavior: Setting this value to 1 or if the key is not defined or not present, will require administrator privilege to install any printer driver when using Point and Print. This registry key will override all Point and Print Restrictions Group Policy settings and ensures that only administrators can install printer drivers from a print server using Point and Print. Setting the value to 0 allows non-administrators to install signed and unsigned drivers to a print server but does not override the Point and Print Group Policy settings. Consequently, the Point and Print Restrictions Group Policy settings can override this registry key setting to prevent non-administrators from installing signed and unsigned print drivers from a print server. Some administrators might set the value to 0 to allow non-admins to install and update drivers after adding additional restrictions, including adding a policy setting that constrains where drivers can be installed from. Important There is no combination of mitigations that is equivalent to setting RestrictDriverInstallationToAdministrators to 1. Note Updates released July 6, 2021 or later have a default of 0 (disabled) until the installation of updates released August 10, 2021 or later.  Updates released August 10, 2021 or later have a default of 1 (enabled).
Restart requirements	No restart is required when creating or modifying this registry value.

Note Windows updates will not set or change the registry key. You can set the registry key before or after installing updates released August 10, 2021 or later.

Automate the addition of RestrictDriverInstallationToAdministrators registry value

To automate the addition of the RestrictDriverInstallationToAdministrators registry value, follow these steps:

1. Open a Command Prompt window (cmd.exe) with elevated permissions.

2. Type the following command and then press Enter:

   reg add "HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\Printers\PointAndPrint" /v RestrictDriverInstallationToAdministrators /t REG_DWORD /d 1 /f

Set RestrictDriverInstallationToAdministrators using Group Policy

After installing updates released October 12, 2021 or later, you can also set RestrictDriverInstallationToAdministrators using a Group Policy, using the following instructions:

1. Open the group policy editor tool and go to Computer Configuration > Administrative Templates > Printers. 

2. Set the Limits print driver installation to Administrators setting to "Enabled". This will set the registry value of RestrictDriverInstallationToAdministrators to 1.

Install print drivers when the new default setting is enforced

If you set RestrictDriverInstallationToAdministrators as not defined or to 1, depending on your environment, users must use one of the following methods to install printers:

• Provide an administrator username and password when prompted for credentials when attempting to install a printer driver.

• Include the necessary printer drivers in the OS image.

• Use Microsoft System Center, Microsoft Endpoint Configuration Manager, or an equivalent tool to remotely install printer drivers.

• Temporarily set RestrictDriverInstallationToAdministrators to 0 to install printer drivers.

Note If you cannot install printer drivers, even with administrator privilege, you must disable the Only use Package Point and Print Group Policy.

Recommended settings and partial mitigations for environments that cannot use the default behavior

The following mitigations can help secure all environments, but especially if you must set RestrictDriverInstallationToAdministrators to 0. These mitigations do not completely address the vulnerabilities in CVE-2021-34481.

Important There is no combination of mitigations that is equivalent to setting RestrictDriverInstallationToAdministrators to 1.

Verify that RpcAuthnLevelPrivacyEnabled is set to 1 or not defined

Verify that RpcAuthnLevelPrivacyEnabled is set to 1 or not defined as described in Managing deployment of Printer RPC binding changes for CVE-2021-1678 (KB4599464).

Verify that Security Prompts are enabled for Point and Print

Verify that Security Prompts are enabled for Point and Print as described in KB5005010: Restricting installation of new printer drivers after applying the July 6, 2021 updates. 

Permit users to only connect to specific print servers that you trust

This policy, Point and Print Restrictions, applies to Point and Print printers using a non-package-aware driver on the server. 

Use the following steps:

1. Open the Group Policy Management Console (GPMC).

2. In the GPMC console tree, go to the domain or organizational unit (OU) that stores the user accounts for which you want to modify printer driver security settings.

3. Right-click the appropriate domain or OU and click Create a GPO in this domain, and Link it here.Type a name for the new Group Policy Object (GPO) and then click OK.

4. Right-click the GPO that you created and then click Edit.

5. In the Group Policy Management Editor window, click Computer Configuration, click Policies, click Administrative Templates, and then click Printers.

6. Right-click Point and Print Restrictions, and then click Edit.

7. In the Point and Print Restrictions dialog, click Enabled.

8. Select the Users can only point and print to these servers checkbox if it is not already selected.

9. Enter the fully qualified server names. Separate each name by using a semicolon (;).

   Note After installing updates released September 21, 2021 or later, you can configure this group policy with a period or dot (.) delimited IP addresses interchangeably with fully qualified host names.

10. In the When installing drivers for a new connection box, select Show warning and Elevated Prompt.

11. In the When updating drivers for an existing connection box, select Show warning and Elevated Prompt.

12. Click OK.

Permit users to only connect to specific Package Point and Print servers that you trust

This policy, Package Point and Print - Approved servers, will restrict the client behavior to only allow Point and Print connections to defined servers that use package-aware drivers.

Use the following steps:

1. On the domain controller, select Start, select Administrative Tools, and then select Group Policy Management. Alternatively, select Start, select Run, type GPMC.MSC, and then press Enter.

2. Expand the forest and then expand the domains.

3. Under your domain, select the OU where you want to create this policy.

4. Right-click the OU and then select Create a GPO in this domain, and link it here.

5. Give the GPO a name, and then select OK.

6. Right-click the newly created Group Policy Object and then select Edit to open the Group Policy Management Editor.

7. In the Group Policy Management Editor, expand the following folders:

   1. Computer Configuration

   2. Policies

   3. Administrative Templates

   4. Local Computer Polices

   5. Printers

8. Enable Package Point and Print - Approved servers and select the Show... button.

9. Enter the fully qualified server names. Separate each name by using a semicolon (;).

   Note After installing updates released September 21, 2021 or later, you can configure this group policy with a period or dot (.) delimited IP addresses interchangeably with fully qualified host names.

Frequently asked questions

Q1: Every time I attempt to print, I receive a prompt saying, "Do you trust this printer," and it requires administrator credentials to continue.  Is this expected?

A1:Being prompted for every print job is not expected. The majority of environments or devices that experience this issue will be resolved by installing updates released October 12, 2021 or later.  These updates address an issue related to print servers and print clients not being in the same time zone. 

If you are still having this issue after installing updates released October 12, 2021 or later, you might need to contact your printer manufacturer for updated drivers.  This issue might also occur when a print driver on the print client and the print server use the same filename, but the server has a newer version of the driver file. When the print client connects to the print server, it finds a newer driver file and is prompted to update the drivers on the print client. However, the file in the package it is offered for installation does not include the newer driver file version. 

The files being compared are the drivers within the spool folder, usually in C:\Windows\System32\spool\drivers\x64\3 on both the print client and print server.  The driver package being offered for installation will usually be in C:\Windows\System32\spool\drivers\x64\PCC on the print server.  After the files in the \3 folder are compared between devices, if they do not match, the package in PCC is installed.  If the files in the print server’s \3 folder are not from the same printer driver that PCC offers to the client, the print client will compare the files and find the mismatch every time it prints. 

To mitigate this issue, verify that you are using the latest drivers for all your printing devices.  Where possible, use the same version of the print driver on the print client and print server. If updating drivers in your environment does not resolve the issue, please contact support for your printer manufacturer (OEM).

Q2: I installed updates released September 14, 2021 and some Windows devices cannot print to network printers.  Is there an order I need to install updates on print clients and print servers?

A2: Before installing updates released September 14, 2021 or later on print servers, print clients must have installed updates released January 12, 2021 or later. Windows devices will not print if they have not installed an update released January 12, 2021 or later. 

Note You do not need to install earlier updates and can install any update after January 12, 2021 on printing clients.  We recommend that you install the latest cumulative update on both clients and servers.

Resources

• Point and Print Default Behavior Change

• Introduction to Point and Print

• Add and Remove Drivers to an offline Windows Image

• Manage drivers - Configuration Manager | Microsoft Docs

• Point and Print with Driver Packages – Windows drivers | Microsoft Docs

https://support.microsoft.com/en-us/topic/kb5005652-manage-new-point-and-print-default-driver-installation-behavior-cve-2021-34481-873642bf-2634-49c5-a23b-6d8e9a302872

 

Fix printer issue by changing lan manager authentication Level

How to change LAN Manager Authentication Level in Windows 10

LAN Manager Authentication Level lets you set the authentication protocol for network logons. It is possible to change the LAN Manager authentication level using the Local Group Policy Editor and the Registry Editor. If you are using Windows 10 Home version, you can use the REGEDIT method. Otherwise, either method does the same job.

When you connect your computer to a network printer or any other computer in the same network, it requires an authentication protocol for the network logons. It is there to establish a link between your host computer and the network computer or any other device. There are six different authentication levels you can choose, and they are:

Send LM & NTLM responses

Send LM & NTLM – use NTLMv2 session security if negotiated

Send NTLM responses only

Send NTLMv2 responses only

Send NTLMv2 responses only. Refuse LM

Send NTLMv2 responses only. Refuse LM & NTLM

Now, let’s say you want to connect to a network printer, but you are ending up getting an error message saying Windows cannot connect to the printer. At such a moment, changing the LAN Manager authentication level may solve the issue.

Change LAN Manager Authentication Level

It is possible to change the LAN Manager authentication level using the Local Group Policy Editor and the Registry Editor. If you are using Windows 10 Home version, you can use the REGEDIT method. Otherwise, either method does the same job.

Using Local Group Policy Editor

Search for gpedit.msc in the Taskbar search box, and click on the result to open the Local Group Policy Editor on your computer. Next, follow this path-

Computer Configuration > Windows Settings > Security Settings > Local Policies > Security Options

Double-click on the Network security: LAN Manager authentication level policy on your right-hand side and choose the Send LM & NTLM – use NTLMv2 session security if negotiated or any other required option from the drop-down list.

Network Printer error 0x00000002,0x0000007a, 0x00004005, 0x00000057, 0x00000006

Click on the OK button to save the change.

Then, restart your computer and check if you can use your network printer or not.

Using Registry Editor

Search for registry editor in the Taskbar search box, click on the search result, and select the Yes option to open the Registry Editor on your computer.

Then, follow this path-

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa

Here you have to create a REG_DWORD value. To do so, right-click on the Lsa key, select New > DWORD (32-bit) Value, and name it LmCompatibilityLevel.

Now, enter the Value data as mentioned below.

Send LM & NTLM responses: 0

Send LM & NTLM – use NTLMv2 session security if negotiated: 1

Send NTLM responses only: 2

Send NTLMv2 responses only: 3

Send NTLMv2 responses only. Refuse LM: 4

Send NTLMv2 responses only. Refuse LM & NTLM: 5

For that, double-click on the REG_DWORD value, enter 1 or any other Value data in the box, and click the OK button.

Network Printer error 0x00000002,0x0000007a, 0x00004005, 0x00000057, 0x00000006

Next, restart your computer to get the change.

That’s it! This is how you can change LAN Manager authentication level in Windows 10.

How to turn off Windows 10 updates

How to disable Windows 10 update permanently follow the steps

Open start. 

Search for gpedit.msc. and click the top result to launch the local Group Policy editor. 

Navigate the following path. 

Computer configuration> administrative templates> Windows components> Windows update. 

After that. 

Double-click the Configure Automatic Update

Policy on the right side. Check the disabled option to turn off automatic update permanently on Windows 10. Click the play button. Click the okay button

Click Apply button, click OK button. 

How to disable automatic updates with registry. 

You can also disable automatic updates using the registry in at least two different ways. 

Like when using the local Group Policy editor, 

Warning. This is a friendly reminder that editing. The registry is risky and can cause irreversible damage to your system . If you don't do it correctly. It is recommend to make full backup of your PC before proceeding. 

Disable updates. 

To disable Windows updates, permanently modifying registry. Use the steps:

Open start. 

Search for regdit and click top result to launch the registry editor. 

Navigate to the following path. 

HKEY_LOCAL_MACHINE\SOFTWARE\POLICIES\Microsoft\Windows. 

right click the windows (folder)key. Select the NEW  submenu and then choose key option. 

Name the new key WindowsUpdate and press enter

Right-click, the newly created key and the NEW submenu and choose the key

Name the new key AU and press enter. 

Right-click the AU key select the NEW Sub menu and choose the dword (32-bit )value option. 

Name the new key NoAutoUpdate and press enter. 

Double click newly-created, key, and change, its value from 0 to 1. Click the ok button. Restart your computer

Or you can create a registry file

Copy the test below and paste it into a notepad

And save the file as.   noupdate.reg

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU]

"NoAutoUpdate"=dword:00000001

Windows 10 network Printer Problem Fix

First Uninstall Windows 10 Latest updates

After that follow the above procedures

Enable SMB V1.0

Open Search, type Windows Feature and click to open Turn Windows

features on or off

. 

 

Change value for AllowInsecureGuestAuth

 

1. Press the Windows + R keys to open the run box.

2. Type regedit and click on OK.

 

Computer\HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servi

ces\LanmanWorkstation\Parameters

4. Locate AllowInsecureGuestAuth

5. Right-click on it and select Modify

6. Change the value to 1 from 0.

7. Click on OK.

 

 

5. Enable advanced sharing

1. Go to your Local disk (C:), right-click on it and select Properties

3. Go to Advanced sharing

5. Click on Apply then OK to save changes

It is pretty common to encounter this error if the sharing property isn’t

enabled. For computers to be able to send and receive files and data, you

need to make sure your device is able to share its folders.

 

6. Change Network Security settings

1. Press Windows + R keys, type secpol.msc in the run box and click on

OK.

2. Select Local Policies from the left pane.

3. Double click on Security Options from the right pane.

4. Locate Network security: LAN Manager authentication level and

double click it.

5. From the drop-down menu choose Send LM & NTLM-use NTLMv2

session security if negotiated.

 

6. Then click on Apply and OK to save the changes

 

8. Reinstall your PC’s Network adapters

1. Right-click on the Start button and select Device Manager.

 

 

3. Locate and expand Network adapters

. 

5. Reboot your PC and check if the error persists

 

9. Use the Local Group Policy Editor

 

9.1 Enable insecure guest logons

1. Go to Search by clicking the magnifying glass from the bottom left corner

and look for gpedit.msc to open the Local Group Policy Editor. 

3. Double click on Administrative Templates.

4. Now click to open Network. 

5. Locate the Lanman Workstation and click to open it. 

6. Double click on Enable insecure guest logons.

7. Select the Enabled option to allow insecure guest logons to an SMB

server.

8. Click on Apply, then on OK to save the settings

Keep in mind that, when enabling this policy setting, the SMB client will allow

insecure guest logons, meaning it will let unauthenticated access to shared

folders.

 

9.2. Disable the Microsoft Network client

1. Now go back to Local Computer Policy > Computer Configuration, only

this time choose Windows settings.

 

2. Double click on Security Settings.

3. Open Local Policies.

4. Go to Security Options and double-click it to open.

5. Locate the Microsoft Network client: Digitally sign

communications(always) option.

6. Right-click on it, select Properties and in the newly opened windows select

Disabled as shown below.

7. Click Apply and then OK to save the settings and close the window.

 

1. Click the Start button, then type Control Panel into the search box in the

Start menu.

2. Open Control Panel and click on View by > Large icons.

3. Go to Credential Manager.

4. Click on Windows Credentials.

5. In the Windows Credential section, remove all the credentials and

restart the system.

6. After restarting, go back to the same page and click on Add a Windows

credential.

8. Click on OK to save the settings.

 

11. Check TCP/IP NetBIOS Helper service

1. Go to Search, as decribed above, type Services, and open it from the list

of the results.

2. Navigate to TCP/IP NetBIOS Helper.

3. Right-click on it and open Properties.

4. Under the Startup type section, select Automatic and confirm changes.

5. Restart your PC and look for changes.

This service should be enabled to permanently run with the system, but there

are reports that it stops after critical system changes imposed by Windows

Updates.

12. Enable NetBIOS

1. Press Windows key + R to summon the Run elevated command-line.

2. In the command-line, paste NCPA.CPL and press Enter .

3. Right-click on your default network and open Properties.

4. Go to Internet Protocol Version 4 (TCP/IPv4) and click on Properties

below.

5. Click on Advanced.

6. Select the WINS tab.

7. Click on Enable NetBIOS over TCP.

8. Confirm changes by clicking OK.

 

Finished

13. Reset Windows 10 Update components

1. Go to Search, as previously mentioned, look for Command Prompt and

click on Run as administrator.

 

2. Now, type in the following commands and press Enter after each one:

net stop wuauserv

net stop cryptSvc

net stop bits

net stop msiserver

 

3. The next thing we’re going to do is renaming the SoftwareDistribution and

Catroot2 folders by typing the commands below in the Command

Prompt. Make sure to press Enter after each command you type:

Ren C:WindowssoftwareDistribution

SoftwareDistribution.old

Ren C:WindowsSystem32catroot2 Catroot2.old

4. And finally, we’ll conclude the process with restarting the BITS,

Cryptographic, MSI Installer, and Windows Update Services:

net stop wuauserv

net stop cryptSvc

net stop bits

net stop msiserver

 

5. Now, close the Command Prompt and restart your computer.

This workaround is resetting the Windows 10 update components. As the

name says, this is an assemblage of components that basically makes

downloading and installing Windows updates possible.

So, if we reset these components, there’s a good chance we’ll resolve our

update problem.

 

1. Once again, go to Search, type Command Prompt and click on Run as

Administrator.

2. Type in the following command and press Enter :

sfc/scannow

 

3. Wait for the process to finish, as it will take some time.

4. Restart your computer.

15. Whitelist Windows Update servers

1. Click the Start button, then type Control Panel into the search box in

the Start menu.

2. Go to Control Panel and select Network & Internet.

3. Click on Internet Options.

4. Head over to the Security tab from the upper menu of the Internet

options window.

5. Select the Trusted Sites option from the Security window.

6. Click on Sites.

7. Uncheck the Require server verification (https:) for all sites in this

zone feature.

8. You will now have a box there that says Add this website to the zone.

Type in the following addresses:

9. Click the Add button after you typed in the addresses above.

10. Save the settings and restart your computer.

16. Run DISM

1. Open Search by clicking the magnifying glass from the bottom left corner,

then type Command Prompt, and click on Run as an administrator to

open it.

2.

2. In the command line, copy-paste these lines one by one and press Enter

after each:

DISM /online /Cleanup-Image / ScanHealth

DISM /Online /Cleanup-Image /RestoreHealth

3. Wait

3. Wait until the procedure ends as it might take up to 10 minutes.

4. Restart your PC.