Inside Printer Setup Inside Printer Setup And Installation For And Installation For Windows VistaWindows Vista

Adrian LanninAdrian LanninProgram ManagerProgram ManagerDigital DocumentsDigital DocumentsMicrosoft CorporationMicrosoft Corporation

Agenda Agenda

Driver installation and…Driver installation and…User Account ControlUser Account Control

Printer permissionsPrinter permissions

Driver StoreDriver Store

Group Policy for DevicesGroup Policy for Devices

Printer driver installation and…Printer driver installation and…Printer Driver PackagesPrinter Driver Packages

Localized DriversLocalized Drivers

Point and PrintPoint and Print

Cross-platform InstallationCross-platform Installation

User Account ControlUser Account ControlWhat is it?What is it?

All users, including All users, including administrators, run as administrators, run as standard usersstandard users

““Elevation” points are Elevation” points are provided when the provided when the user needs to perform user needs to perform an operation that an operation that truly requires truly requires administrative rightsadministrative rights

For example, running a For example, running a setup application is a setup application is a privileged operationprivileged operation

User Account ControlUser Account ControlPrinter install operationsPrinter install operations

On Windows XP, installing a printer by On Windows XP, installing a printer by plug and play or point and print does not plug and play or point and print does not require administrator rightsrequire administrator rights

Installing a local printer driver requires Installing a local printer driver requires administrator rightsadministrator rights

Managing a printer, changing properties, Managing a printer, changing properties, sharing a printer is an administrator tasksharing a printer is an administrator task

Running a setup application is an Running a setup application is an administrator taskadministrator task

Printer Installation RightsPrinter Installation Rights

In Windows Vista, a standard user canIn Windows Vista, a standard user canUse the Add Printer Wizard (APW) to install a Use the Add Printer Wizard (APW) to install a local printerlocal printer

When there is an inbox driver available, andWhen there is an inbox driver available, and

When they are physically at the machineWhen they are physically at the machine

PermissionsPermissions

The user that installs the The user that installs the printer is given the printer is given the Manage Documents Manage Documents permissionpermission

With this permission, they With this permission, they can manage and delete a can manage and delete a printer that they installedprinter that they installed

Members of the Members of the administrators group administrators group also have this also have this permission – permission – when elevatedwhen elevated

Install ApplicationsInstall Applications

A setup application should automatically request A setup application should automatically request permission to run with administrator rightspermission to run with administrator rights

Windows Vista uses heuristics to detect setup.exeWindows Vista uses heuristics to detect setup.exe

If Windows Vista can't determine what rights an If Windows Vista can't determine what rights an application requires, it runs the application with application requires, it runs the application with user rightsuser rights

The user must right-click and select Run as AdministratorThe user must right-click and select Run as Administrator

Recommendation: Use an application manifest Recommendation: Use an application manifest containing this attribute:containing this attribute:

More information: MSDN Developer CenterMore information: MSDN Developer Center

<requestedExecutionLevel level="requireAdministrator"uiAccess="false" />

Scenarios EnabledScenarios Enabled

A standard user can use the APW to A standard user can use the APW to install a printer using an inbox driverinstall a printer using an inbox driver

Useful for non-plug and play installationsUseful for non-plug and play installations

Useful when a standard user needs to print Useful when a standard user needs to print to a printer but they don’t have the driver – to a printer but they don’t have the driver – they can install a generic driver and get basic they can install a generic driver and get basic print capabilityprint capability

Setup applications automatically request Setup applications automatically request administrator permissionadministrator permission

Driver StoreDriver StoreWhat is it?What is it?

The The driver storedriver store is a trusted cache of is a trusted cache of inbox and third party drivers, on the local inbox and third party drivers, on the local hard diskhard disk

Third party drivers are copied from media to Third party drivers are copied from media to the driver storethe driver store

We call the driver and the files the We call the driver and the files the driver packagedriver package

All drivers are installed from the driver storeAll drivers are installed from the driver store

Because drivers in the store are trusted, Because drivers in the store are trusted, standard users may install themstandard users may install them

Printer Driver Install PhasesPrinter Driver Install Phases

1.1. Put the driver package in the driver storePut the driver package in the driver storeInbox drivers are already in the driver storeInbox drivers are already in the driver store

Driver is copied from mediaDriver is copied from media

Signing is checkedSigning is checked

If everything is good, driver is copied into the If everything is good, driver is copied into the driver storedriver store

This is a privileged operation!This is a privileged operation!

2.2. Install the driverInstall the driverDriver files are installed to their final location from the Driver files are installed to their final location from the driver storedriver store

This is NOT a privileged operation. Any user can This is NOT a privileged operation. Any user can install a driverinstall a driver

Driver VersionsDriver Versions

Driver store is a side by side storeDriver store is a side by side storeNew driver package versions co-exist with New driver package versions co-exist with old versionsold versions

Plug and Play ranking determines the driver selected Plug and Play ranking determines the driver selected for installationfor installation

Use the DriverVer directive in the INF to specify driver Use the DriverVer directive in the INF to specify driver package versionpackage version

Packages are not deleted when the drivers Packages are not deleted when the drivers are deletedare deleted

Available for reinstallation Available for reinstallation

Pnputil.exePnputil.exe – driver store utility – driver store utility

Offline supportOffline support

Scenario EnabledScenario Enabled

A print administrator adds a set of A print administrator adds a set of OEM printer drivers to the driver OEM printer drivers to the driver store on a corporate standard store on a corporate standard Operating System imageOperating System image

These drivers can be installed by a These drivers can be installed by a standard user because they are in the standard user because they are in the driver storedriver store

Easier deploymentEasier deployment

Cost savings/no help desk Cost savings/no help desk assistance requiredassistance required

Group Policy For Devices Group Policy For Devices What is it?What is it?

Two phases of device installationTwo phases of device installation1.1. Admin rights: Place the driver in the driver storeAdmin rights: Place the driver in the driver store

2.2. User: Install the driverUser: Install the driver

By using Group Policy for Devices, an By using Group Policy for Devices, an administrator can delegate the privilege required administrator can delegate the privilege required for step 1 to a standard userfor step 1 to a standard user

Why?Why?Majority of corporations will run locked-down desktops Majority of corporations will run locked-down desktops in the futurein the future

Amazing cost savings for IT departmentsAmazing cost savings for IT departments

More reliable, secure systemsMore reliable, secure systems

Driver Installation PolicyDriver Installation Policy

This policy allows digitally signed and This policy allows digitally signed and trusted drivers to be installed by a trusted drivers to be installed by a standard userstandard user

Digitally signed byDigitally signed byMicrosoft (e.g. WHQL, Windows)Microsoft (e.g. WHQL, Windows)

A commercially acquired certificateA commercially acquired certificate

An internally generated or a test certificateAn internally generated or a test certificate

TrustedTrustedThe certificate that signed the driver is The certificate that signed the driver is present on the machine, in the present on the machine, in the certificate storecertificate store

How To Delegate Printer How To Delegate Printer Driver Installation RightsDriver Installation Rights

Driver RequirementsDriver Requirements

Effective for INF-based driver packagesEffective for INF-based driver packagesPrinter vendors need to ensure that their Printer vendors need to ensure that their drivers are available in driver packages that drivers are available in driver packages that install via an INFinstall via an INF

Many Windows XP printer drivers can be Many Windows XP printer drivers can be installed when this policy is enabledinstalled when this policy is enabled

Drivers that have co-installers may not workDrivers that have co-installers may not work

The co-installer does not run until an The co-installer does not run until an administrator logs inadministrator logs in

Scenario EnabledScenario Enabled

The print administrator uses group policy The print administrator uses group policy to delegate printer installation rights to an to delegate printer installation rights to an organizational unit (OU)organizational unit (OU)

Members of that group put signed printer Members of that group put signed printer drivers into the driver store, when the drivers into the driver store, when the driver was signed by a trusted sourcedriver was signed by a trusted source

The administrator can obtain a certificate The administrator can obtain a certificate and use it to sign driver packagesand use it to sign driver packages

Driver PackagesDriver PackagesWhat are they?What are they?

A Driver Package is an INF, all the files A Driver Package is an INF, all the files referenced by an INF, and the CAT filereferenced by an INF, and the CAT file

A package must be signedA package must be signed

A common problem is that some INFs A common problem is that some INFs refer to files that do not existrefer to files that do not exist

The driver store checks file dependencies The driver store checks file dependencies when the driver is added, and will not import when the driver is added, and will not import packages that have missing dependenciespackages that have missing dependencies

Printer Installation And Printer Installation And Driver PackagesDriver Packages

Windows Vista tries to install packages in Windows Vista tries to install packages in most casesmost cases

Local InstallationLocal Installation

Remote InstallationRemote Installation

Point and PrintPoint and Print

Web Point and PrintWeb Point and Print

When using packages is not an option, When using packages is not an option, legacy mode is usedlegacy mode is used

Package Point And PrintPackage Point And Print

In package point and print, the complete driver In package point and print, the complete driver package is put in the client's driver storepackage is put in the client's driver store

All components of the driver are installed on the clientAll components of the driver are installed on the client

Client installation checks signingClient installation checks signingResult is a more secure form of point and printResult is a more secure form of point and print

Windows Vista to downlevel uses "legacy" point Windows Vista to downlevel uses "legacy" point and printand print

Dependency handling requires an INF changeDependency handling requires an INF changeThis is called being "package aware"This is called being "package aware"

Package-AwarenessPackage-Awareness

To be package-awareTo be package-awareEither:Either: Ensure that all the files in the driver Ensure that all the files in the driver package are unique, and don't appear in package are unique, and don't appear in other packagesother packages

And use the PackageAware keywordAnd use the PackageAware keyword

Or:Or: Isolate the shared files into a separate Isolate the shared files into a separate core INFcore INF

And use the core driver keywordsAnd use the core driver keywords

Example INFExample INFSimple caseSimple case

If a printer driver contains a unique set If a printer driver contains a unique set of filesof files

Add the section highlighted belowAdd the section highlighted below

[DDInstall Section]CopyFiles=...

[PrinterPackageInstallation.x86]PackageAware=TRUE

[DestinationDirs]...

Core File DependenciesCore File Dependencies

Shared files are placed in core Shared files are placed in core printer driversprinter drivers

Using Unidrv on Windows XPUsing Unidrv on Windows XP

Using Unidrv on Windows VistaUsing Unidrv on Windows Vista

[DriverInstall]CopyFiles=@OEMRES.DLL,@OEMABC.GPDDataFile=OEMABC.GPDDataSection=UNIDRV_DATAInclude=NTPRINT.INFNeeds=UNIDRV.OEM,TTFSUB.OEM

[DriverInstall_Vista]CopyFiles=@OEMRES.DLL,@OEMABC.GPDDataFile=OEMABC.GPDCoreDriverSections="{D20EA372-DD35-4950-9ED8-A6335AFE79F0}, UNIDRV.OEM, UNIDRV_DATA, TTFSUB.OEM"

Sample (Partial Sample)Sample (Partial Sample)[Version]Signature="$Windows NT$"ClassGUID={4D36E979-E325-11CE-BFC1-08002BE10318}Class=Printer. . .[Manufacturer]

; Models sections for x86 driver on pre-Windows Vista[Company.NTx86]"Device Description" = DriverInstall, PNP_ID, ABC_Printer

; Models section for x86 driver on Windows Vista and later[Company.NTx86.6.0]"Device Description" = DriverInstall_Vista, PNP_ID, ABC_UniDrv5_Printer

[PrinterPackageInstallation.x86]PackageAware=TRUECoreDriverDependencies={D20EA372-DD35-4950-9ED8-A6335AFE79F0}

...

[DriverInstall_Vista]CopyFiles=@OEMRES.DLL,@OEMABC.GPDDataFile=OEMABC.GPDCoreDriverSections="{D20EA372-DD35-4950-9ED8-A6335AFE79F0}, UNIDRV.OEM, UNIDRV_DATA, TTFSUB.OEM"

Scenario EnabledScenario Enabled

Printer driver vendors can ensure the Printer driver vendors can ensure the complete driver package is installed on complete driver package is installed on the client during point and printthe client during point and print

Driver signing is checked during remote Driver signing is checked during remote installations, so package-aware drivers installations, so package-aware drivers are trusted in more install scenariosare trusted in more install scenarios

Point and PrintPoint and PrintInterop supportInterop support

Windows Vista point and print completely Windows Vista point and print completely interoperates with prior versions of interoperates with prior versions of Microsoft WindowsMicrosoft Windows

Legacy point and print (old)Legacy point and print (old)

Package point and print (new)Package point and print (new)

Windows Vista supports package point Windows Vista supports package point and print to Windows Vista clientsand print to Windows Vista clients

Windows Vista supports legacy point and Windows Vista supports legacy point and print to pre-Windows Vista clientsprint to pre-Windows Vista clients

Point And PrintPoint And PrintPackage-aware driversPackage-aware drivers

Windows Vista

Windows XP

Windows Vista

Package-awarePackage-aware

Leg

acyL

egacy

Package-aware on Package-aware on Windows VistaWindows Vista

Package point and print to Package point and print to Windows Vista and later Windows Vista and later

Legacy to older versionsLegacy to older versions

LegacyLegacy

Package-Aware DriversPackage-Aware Drivers

Making the driver package-aware is Making the driver package-aware is fairly straightforwardfairly straightforward

When the driver is installed on When the driver is installed on Windows Vista, the platform takes care Windows Vista, the platform takes care of the interop differences down to of the interop differences down to Windows 2000Windows 2000

If the same driver package must be If the same driver package must be installed on Windows XP, then use installed on Windows XP, then use Operating System version decorations to Operating System version decorations to isolate the Windows Vista INF attributesisolate the Windows Vista INF attributes

Localized DriversLocalized DriversWhat are they?What are they?

All drivers have localizable resourcesAll drivers have localizable resourcesInbox Operating System components use .MUI files to Inbox Operating System components use .MUI files to store resourcesstore resources

Inbox printer drivers need embedded resources so print Inbox printer drivers need embedded resources so print drivers have the localized language embeddeddrivers have the localized language embedded

i.e. French printer DLLs contain French stringsi.e. French printer DLLs contain French strings

But printer drivers also respect MUI, so installing a But printer drivers also respect MUI, so installing a language pack results in a language switch on the language pack results in a language switch on the local machinelocal machine

Point and print clients still get the original language of the serverPoint and print clients still get the original language of the server

OEM drivers can embed multiple resources in the binaryOEM drivers can embed multiple resources in the binary

Scenario EnabledScenario Enabled

Language switching on the local machineLanguage switching on the local machine

Windows Vista to Windows Vista point Windows Vista to Windows Vista point and print: Language switching works for and print: Language switching works for driver packagesdriver packages

Point and print to downlevel machines Point and print to downlevel machines works as before (client gets the server works as before (client gets the server native language)native language)

Cross-Platform InstallationCross-Platform InstallationWhat is it?What is it?

Machines share printers with other Machines share printers with other machines that have different machines that have different processor architecturesprocessor architectures

The client needs to obtain the driver from the The client needs to obtain the driver from the server, if it doesn’t have one locallyserver, if it doesn’t have one locally

The server needs to host a driver for The server needs to host a driver for the clientthe client

Where does the hosting machine get the Where does the hosting machine get the correct driver?correct driver?

From the appropriate mediaFrom the appropriate media

Scenario EnabledScenario Enabled

When the user shares a printer on an x86 When the user shares a printer on an x86 computer with an x64 client, they need to computer with an x64 client, they need to add an additional driver for that clientadd an additional driver for that client

The user inserts the x64 media, and The user inserts the x64 media, and installs the driver from the diskinstalls the driver from the disk

Call To ActionCall To Action

Always make your driver package available as Always make your driver package available as an INFan INF

Enables so many scenarios!Enables so many scenarios!

Use the package-aware mechanism in Use the package-aware mechanism in Windows VistaWindows Vista

Package-aware drivers are preferred in point and Package-aware drivers are preferred in point and print, they are trusted, and provide more print, they are trusted, and provide more client functionalityclient functionality

If you write a setup application, use an If you write a setup application, use an application manifest so the Windows Vista will application manifest so the Windows Vista will automatically ask the user to run it with automatically ask the user to run it with elevated privilegeselevated privileges

Call To ActionCall To Action

Understand your company logo goals and Understand your company logo goals and review new logo requirementsreview new logo requirements

Basic and PremiumBasic and Premium

At WinHECAt WinHECPractice setup dev skills inPractice setup dev skills inPrinter Installation Hands on LabPrinter Installation Hands on Lab

Attend the Ask the Experts sessionsAttend the Ask the Experts sessions

Attend related sessionsAttend related sessionsPRI019 Developing XPSDrv Print DriversPRI019 Developing XPSDrv Print Drivers

DEV052 Installing Driver Packages in DEV052 Installing Driver Packages in Windows Vista and Windows Server LonghornWindows Vista and Windows Server Longhorn

Additional ResourcesAdditional Resources

Read the Printer Package Installation white paper on Read the Printer Package Installation white paper on http://www.microsoft.com/whdc/device/print/default.mspxhttp://www.microsoft.com/whdc/device/print/default.mspx

Technical adviceTechnical advice

OnlineOnlineXPS Portal XPS Portal http://www.microsoft.com/http://www.microsoft.com/xpsxps

Links to relevant blogs, whitepapers, specs Links to relevant blogs, whitepapers, specs

WHDC Printing documents WHDC Printing documents http://www.microsoft.com/whdc/device/print/default.mspxhttp://www.microsoft.com/whdc/device/print/default.mspx

Print Server Information: Print Server Information: http://www.microsoft.com/http://www.microsoft.com/printserverprintserver

UAC development resources: UAC development resources: http://msdn.microsoft.comhttp://msdn.microsoft.com

Windows Digital Documents Platform Team Newsletter Windows Digital Documents Platform Team Newsletter https://profile.microsoft.com/RegSysProfileCenter/subscriptionwizard.aspxhttps://profile.microsoft.com/RegSysProfileCenter/subscriptionwizard.aspx?wizid?wizid=77d9786e-9500-40a4-ba20-a4c7504d83ca&lcid=1033=77d9786e-9500-40a4-ba20-a4c7504d83ca&lcid=1033

Prninfo @ microsoft.comPrninfo @ microsoft.com

© 2006 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions,

it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.