Microsoft
MicrosoftI wish I had a simple answer...
In my recent experience I can say that my 2016+ servers and Windows 10 clients "both Fully patched" will work as long as all the registry entries (there are many) are pushed to the clients via AD\GP
I will further state that all my Windows 7 client can print regardless since all MS changes seem to be client side in "Accepting" the drivers for "security".
For older\unpatched Windows 10 clients, adding "RpcAuthnLevelPrivacyEnabled = 0" server side seem to allow them to attach to the spoolers.
The last issue is about firewalls, WANS, and authentication protocols failing, especially to older servers like 2003\Xp where RpcAuth does nothing and would be pointless because I don't think it can even handle encryption... We need a client key for "OldSchool" = 1 which would be their "overrides" reg if they could commit to it.
So the KIR is a band-aid and the printer stack needs an UnDO from MS while they try to figure out how do secure it without making it dysfunctional - Which is what they did.....
