Wikis - Page

iPrint - Enable LSA using MPR policy to allow Single-Sign-On for iPrint secure printers after upgrade to Windows 11 24h2 and above

2 Likes

Problem:

After upgrade to Windows 11 24H2, iPrint client prompts for User credentials after upgrade to windows 11 24h2 version for workstations where iPrint Single Sign-On is configured.  Same configuration works fine on previous windows versions

Cause:

With Windows 11 24H2, Single Sign-On module of iPrint is blocked by Windows LSA (Local Security Authority).

 

Resolution:

iPrint client prompts for User credentials after upgrade to windows 11 24h2 version.
Same configuration works fine on previous windows versions

This is visible when printing to SSL printers or using iCM to deliver printers.

After entering User credentials, it will work till next reboot of the workstation

This is due to Microsoft changing the behaviour of winlogon process making mandatory to enable the MPR policy.

 

To enable MPR policy, there are two ways:

  1. Using gpedit:

Computer Configuration > Administrative Templates > Windows Components > Windows Logon Options > Configure the transmission of the user’s password in the content of MPR notifications sent by winlogon.

 

  1. Manually set this registry entry:


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System]
"EnableMPR"=dword:00000001

 

A reboot of the windows workstation is necessary for the policy change to take effect.

Labels:

Support Tips/Knowledge Docs
Comment List
Related
Recommended