Cloud printing with uniFLOW part 2.

In part 1 we learned how to setup a Uniflow server to sync users from an Azure Active Directory Domain Services (SLDAP) catalog. Now this time we gonne se how to solve the cloud printing issue with from the client side. One big problem is how the user gets identified in cloud only scenarios. Microsoft hasent solved this yet, but i bet they are working on something. To solve this issue you need to use a specific driver called the “Uniflow Universal PCL XL Driver” combined with some powershell magic.

Now lets head over to the client and identifiy my problem.

Lets try to print something

As you can see in the screenshot above, the username for the print job is the same as my local username in windows 10 and not my UPN so Uniflow is at this point not able to recognize who is sending the print job.

Running a whoami will confirm this. The problem with this is that the Uniflow server won’t know who i am and then cant identify who printed the job. The Uniflow server looks for your LDAP attributes that dosent exist in this job, so we need to send the UPN (as we saw how to import in Uniflow in the part 1 of this post) with the print job. To do this we need to use a special driver called the Uniflow Universal PCL XL driver. With this driver its possible with some powershell scripting to send the print job with the azure ad upn so the Uniflow server is able to interpit who printed the job. You can find the script on my github. Lets try to interpit the script.

https://github.com/fanuelsen/PowerShell/blob/master/Install-UniflowPrinter/Install-UniflowPrinter.ps1

The UPN section

#Get UPN
$Username = Get-WMIObject -class Win32_ComputerSystem | Select-Object -ExpandProperty Username
$ObjUser = New-Object System.Security.Principal.NTAccount($Username)
$SID = $Objuser.Translate([System.Security.Principal.SecurityIdentifier])
$UPN = Get-ItemPropertyValue -Path "HKLM:\SOFTWARE\Microsoft\IdentityStore\Cache\$($SID.value)\IdentityCache\$($SID.value)" -Name "UserName"

This section will get the UPN of the currently logged on user and store them in the $UPN variable.

The Print Driver section.

#Print Driver
$ZipFile = "C:\Windows\Temp\uniflow_pclxl.zip"
$URL = "https://www.nt-ware.com/home/ar/universal_driver/"
$Result = (((Invoke-WebRequest –Uri $URL).Links | Where-Object {$_.href -like “http*” -and $_.innerHTML -like "*PCL XL Driver*"} ) | Select-Object href).href 
$Result = $Result -replace 'amp;',""
Invoke-WebRequest -Uri $Result -OutFile $ZipFile  
Expand-Archive -Path $ZipFile -DestinationPath "$env:PROGRAMFILES\PrintDriver" -Force
$InstallDriverPath = "$env:PROGRAMFILES\PrintDriver\MomUdPclXl.inf"
Start-Process -FilePath "pnputil.exe" -ArgumentList "/Add-Driver `"$InstallDriverPath`"" -Wait

This block of code will download the latest Uniflow Universal PCL XL driver from nt-wares website, expand downloaded zip fil to C:\Programfiles\PrintDriver and add the driver to the windows driver store.

The Printer Object

#Printer Object
$Printer = [PSCustomObject]@{
    Name           = "YourPrintQueue"
    PortName       = "YourPrintPort"
    ServerHost     = "192.168.1.2"
    LprQueueName   = "YourPrintQueue"
    DriverName     = "uniFLOW Universal PCLXL Driver"
    PrintProcessor = "winprint"
}

Here we specifiy the printer queue object. Here you need to add the relevant info you have and wan’t in your environment.

Installing the printer object

#Installing Printer
Add-PrinterDriver -Name $Printer.DriverName
Add-PrinterPort -Name $Printer.PortName -LprHostAddress $Printer.ServerHost -LprQueueName $Printer.LprQueueName -LprByteCounting
Add-Printer -Name $Printer.Name -PortName $Printer.PortName -DriverName $Printer.DriverName -PrintProcessor $Printer.PrintProcessor

Registry settings for current user

#Registry settings for CurrentUser
New-PSDrive -PSProvider Registry -Name HKU -Root HKEY_USERS
New-Item -Path "HKU:\$($SID.Value)\Software\Wow6432Node\NT-Ware\MOMUD" -Force
New-ItemProperty -Path "HKU:\$($SID.Value)\Software\Wow6432Node\NT-Ware\MOMUD" -Name "UPN" -Value $UPN -Force

This will add the UPN of the currently logged on user to the user registry. Uniflow uses this to identify the print job.

Registry settings for the Local Machine.

#Registry settings for LocalMachine
$HKLMValue = "UPN=%Registry.HKEY_CURRENT_USER\SOFTWARE\Wow6432Node\NT-Ware\MOMUD\UPN%"

New-Item -Path "HKLM:\SOFTWARE\Nt-ware" -Name "MOMUD" -Force
New-ItemProperty -Path "HKLM:\SOFTWARE\Nt-ware\MOMUD" -Name "AltUserIdent" -Value $HKLMValue -PropertyType "String" -Force
New-Item -Path "HKLM:\SOFTWARE\WOW6432Node\Nt-ware" -Name "MOMUD" -Force
New-ItemProperty -Path "HKLM:\SOFTWARE\WOW6432Node\Nt-ware\MOMUD" -Name "AltUserIdent" -Value $HKLMValue -PropertyType "String" -Force

New-ItemProperty -Path "HKLM:\System\ControlSet001\Control\Print\Printers\$($Printer.Name)\PrinterDriverData\" -Name "Port" -Value "8000" -PropertyType "String" -Force
New-ItemProperty -Path "HKLM:\System\ControlSet001\Control\Print\Printers\$($Printer.Name)\PrinterDriverData\" -Name "Url" -Value "/pwclient/isapi/IcarusRequest.dll?script=showudoptions.icarus" -PropertyType "String" -Force
Set-ItemProperty -Path "HKLM:\System\ControlSet001\Control\Print\Printers\$($Printer.Name)\" -Name "Print Processor" -Value "winprint" -Force

This adds some specific values like port, print processor and so on to the print queue registry so the print driver will be able to send the print job with UPN and so on to the Uniflow server.

You can deploy this script either with Intune / SCCM or your disered workspace environment manager.

If your using Intune it should look like this.

When deployed you should be able to print from your client machines with cloud only users.

Happy printing!

One thought on “Cloud printing with uniFLOW part 2.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.