380 likes | 718 Views
Inside Printer Setup And Installation For Windows Vista. Adrian Lannin Program Manager Digital Documents Microsoft Corporation. Agenda . Driver installation and… User Account Control Printer permissions Driver Store Group Policy for Devices Printer driver installation and…
E N D
Inside Printer Setup And Installation For Windows Vista Adrian LanninProgram ManagerDigital DocumentsMicrosoft Corporation
Agenda • Driver installation and… • User Account Control • Printer permissions • Driver Store • Group Policy for Devices • Printer driver installation and… • Printer Driver Packages • Localized Drivers • Point and Print • Cross-platform Installation
User Account ControlWhat is it? • All users, including administrators, run as standard users • “Elevation” points are provided when the user needs to perform an operation that truly requires administrative rights • For example, running a setup application is a privileged operation
User Account ControlPrinter install operations • On Windows XP, installing a printer by plug and play or point and print does not require administrator rights • Installing a local printer driver requires administrator rights • Managing a printer, changing properties, sharing a printer is an administrator task • Running a setup application is an administrator task
Printer Installation Rights • In Windows Vista, a standard user can • Use the Add Printer Wizard (APW) to install a local printer • When there is an inbox driver available, and • When they are physically at the machine
Permissions • The user that installs the printer is given the Manage Documents permission • With this permission, they can manage and delete a printer that they installed • Members of the administrators group also have this permission – when elevated
Install Applications • A setup application should automatically request permission to run with administrator rights • Windows Vista uses heuristics to detect setup.exe • If Windows Vista can't determine what rights an application requires, it runs the application with user rights • The user must right-click and select Run as Administrator • Recommendation: Use an application manifest containing this attribute: • More information: MSDN Developer Center <requestedExecutionLevel level="requireAdministrator" uiAccess="false" />
Scenarios Enabled • A standard user can use the APW to install a printer using an inbox driver • Useful for non-plug and play installations • Useful when a standard user needs to print to a printer but they don’t have the driver – they can install a generic driver and get basic print capability • Setup applications automatically request administrator permission
Driver StoreWhat is it? • The driver store is a trusted cache of inbox and third party drivers, on the local hard disk • Third party drivers are copied from media to the driver store • We call the driver and the files the driver package • All drivers are installed from the driver store • Because drivers in the store are trusted, standard users may install them
Printer Driver Install Phases • Put the driver package in the driver store • Inbox drivers are already in the driver store • Driver is copied from media • Signing is checked • If everything is good, driver is copied into the driver store • This is a privileged operation! • Install the driver • Driver files are installed to their final location from the driver store • This is NOT a privileged operation. Any user can install a driver
Driver Versions • Driver store is a side by side store • New driver package versions co-exist with old versions • Plug and Play ranking determines the driver selected for installation • Use the DriverVer directive in the INF to specify driver package version • Packages are not deleted when the drivers are deleted • Available for reinstallation • Pnputil.exe – driver store utility • Offline support
Scenario Enabled • A print administrator adds a set of OEM printer drivers to the driver store on a corporate standard Operating System image • These drivers can be installed by a standard user because they are in the driver store • Easier deployment • Cost savings/no help desk assistance required
Group Policy For Devices What is it? • Two phases of device installation • Admin rights: Place the driver in the driver store • User: Install the driver • By using Group Policy for Devices, an administrator can delegate the privilege required for step 1 to a standard user • Why? • Majority of corporations will run locked-down desktops in the future • Amazing cost savings for IT departments • More reliable, secure systems
Driver Installation Policy • This policy allows digitally signed and trusted drivers to be installed by a standard user • Digitally signed by • Microsoft (e.g. WHQL, Windows) • A commercially acquired certificate • An internally generated or a test certificate • Trusted • The certificate that signed the driver is present on the machine, in the certificate store
Driver Requirements • Effective for INF-based driver packages • Printer vendors need to ensure that their drivers are available in driver packages that install via an INF • Many Windows XP printer drivers can be installed when this policy is enabled • Drivers that have co-installers may not work • The co-installer does not run until an administrator logs in
Scenario Enabled • The print administrator uses group policy to delegate printer installation rights to an organizational unit (OU) • Members of that group put signed printer drivers into the driver store, when the driver was signed by a trusted source • The administrator can obtain a certificate and use it to sign driver packages
Driver PackagesWhat are they? • A Driver Package is an INF, all the files referenced by an INF, and the CAT file • A package must be signed • A common problem is that some INFs refer to files that do not exist • The driver store checks file dependencies when the driver is added, and will not import packages that have missing dependencies
Printer Installation And Driver Packages • Windows Vista tries to install packages in most cases • Local Installation • Remote Installation • Point and Print • Web Point and Print • When using packages is not an option, legacy mode is used
Package Point And Print • In package point and print, the complete driver package is put in the client's driver store • All components of the driver are installed on the client • Client installation checks signing • Result is a more secure form of point and print • Windows Vista to downlevel uses "legacy" point and print • Dependency handling requires an INF change • This is called being "package aware"
Package-Awareness • To be package-aware • Either: Ensure that all the files in the driver package are unique, and don't appear in other packages • And use the PackageAware keyword • Or: Isolate the shared files into a separate core INF • And use the core driver keywords
Example INFSimple case • If a printer driver contains a unique set of files • Add the section highlighted below [DDInstall Section] CopyFiles=... [PrinterPackageInstallation.x86] PackageAware=TRUE [DestinationDirs] ...
Core File Dependencies • Shared files are placed in core printer drivers • Using Unidrv on Windows XP • Using Unidrv on Windows Vista [DriverInstall] CopyFiles=@OEMRES.DLL,@OEMABC.GPD DataFile=OEMABC.GPD DataSection=UNIDRV_DATA Include=NTPRINT.INF Needs=UNIDRV.OEM,TTFSUB.OEM [DriverInstall_Vista] CopyFiles=@OEMRES.DLL,@OEMABC.GPD DataFile=OEMABC.GPD CoreDriverSections="{D20EA372-DD35-4950-9ED8-A6335AFE79F0}, UNIDRV.OEM, UNIDRV_DATA, TTFSUB.OEM"
Sample (Partial Sample) [Version] Signature="$Windows NT$" ClassGUID={4D36E979-E325-11CE-BFC1-08002BE10318} Class=Printer . . . [Manufacturer] ; Models sections for x86 driver on pre-Windows Vista [Company.NTx86] "Device Description" = DriverInstall, PNP_ID, ABC_Printer ; Models section for x86 driver on Windows Vista and later [Company.NTx86.6.0] "Device Description" = DriverInstall_Vista, PNP_ID, ABC_UniDrv5_Printer [PrinterPackageInstallation.x86] PackageAware=TRUE CoreDriverDependencies={D20EA372-DD35-4950-9ED8-A6335AFE79F0} ... [DriverInstall_Vista] CopyFiles=@OEMRES.DLL,@OEMABC.GPD DataFile=OEMABC.GPD CoreDriverSections="{D20EA372-DD35-4950-9ED8-A6335AFE79F0}, UNIDRV.OEM, UNIDRV_DATA, TTFSUB.OEM"
Scenario Enabled • Printer driver vendors can ensure the complete driver package is installed on the client during point and print • Driver signing is checked during remote installations, so package-aware drivers are trusted in more install scenarios
Point and PrintInterop support • Windows Vista point and print completely interoperates with prior versions of Microsoft Windows • Legacy point and print (old) • Package point and print (new) • Windows Vista supports package point and print to Windows Vista clients • Windows Vista supports legacy point and print to pre-Windows Vista clients
Package-aware on Windows Vista Package point and print to Windows Vista and later Legacy to older versions Point And PrintPackage-aware drivers Package-aware Windows Vista Windows Vista Legacy Legacy Windows XP
Package-Aware Drivers • Making the driver package-aware is fairly straightforward • When the driver is installed on Windows Vista, the platform takes care of the interop differences down to Windows 2000 • If the same driver package must be installed on Windows XP, then use Operating System version decorations to isolate the Windows Vista INF attributes
Localized DriversWhat are they? • All drivers have localizable resources • Inbox Operating System components use .MUI files to store resources • Inbox printer drivers need embedded resources so print drivers have the localized language embedded • i.e. French printer DLLs contain French strings • But printer drivers also respect MUI, so installing a language pack results in a language switch on the local machine • Point and print clients still get the original language of the server • OEM drivers can embed multiple resources in the binary
Scenario Enabled • Language switching on the local machine • Windows Vista to Windows Vista point and print: Language switching works for driver packages • Point and print to downlevel machines works as before (client gets the server native language)
Cross-Platform InstallationWhat is it? • Machines share printers with other machines that have different processor architectures • The client needs to obtain the driver from the server, if it doesn’t have one locally • The server needs to host a driver for the client • Where does the hosting machine get the correct driver? • From the appropriate media
Scenario Enabled • When the user shares a printer on an x86 computer with an x64 client, they need to add an additional driver for that client • The user inserts the x64 media, and installs the driver from the disk
Call To Action • Always make your driver package available as an INF • Enables so many scenarios! • Use the package-aware mechanism in Windows Vista • Package-aware drivers are preferred in point and print, they are trusted, and provide more client functionality • If you write a setup application, use an application manifest so the Windows Vista will automatically ask the user to run it with elevated privileges
Call To Action • Understand your company logo goals and review new logo requirements • Basic and Premium • At WinHEC • Practice setup dev skills inPrinter Installation Hands on Lab • Attend the Ask the Experts sessions • Attend related sessions • PRI019 Developing XPSDrv Print Drivers • DEV052 Installing Driver Packages in Windows Vista and Windows Server Longhorn
Additional Resources • Read the Printer Package Installation white paper on http://www.microsoft.com/whdc/device/print/default.mspx • Technical advice • Online • XPS Portal http://www.microsoft.com/xps • Links to relevant blogs, whitepapers, specs • WHDC Printing documents http://www.microsoft.com/whdc/device/print/default.mspx • Print Server Information: http://www.microsoft.com/printserver • UAC development resources: http://msdn.microsoft.com • Windows Digital Documents Platform Team Newsletter https://profile.microsoft.com/RegSysProfileCenter/subscriptionwizard.aspx?wizid=77d9786e-9500-40a4-ba20-a4c7504d83ca&lcid=1033 Prninfo @ microsoft.com
© 2006 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.