How to Fix Error 740 When Adding a Network Printer (w/Examples) + FAQs

Error 740 when adding a network printer means Windows blocked the install because the action needs administrator rights, and the fix is to run the printer install with elevation, adjust User Account Control settings, or correct the Point and Print Restrictions policy that Microsoft tightened after PrintNightmare (CVE-2021-34527). The message “The requested operation requires elevation” appears because the print driver must write to protected system folders, and a standard user token cannot touch those paths.

The problem sits at the intersection of Windows security, print spooler design, and post-PrintNightmare patches like KB5005652, which force administrator credentials for any new printer driver install on Windows 10, Windows 11, and Windows Server. If you skip the fix, users stay stuck, helpdesk tickets pile up, and unpatched workarounds can re-open the door to remote code execution on your print server.

According to a Spiceworks community report, more than 60% of IT admins ran into Error 740 or the related 0x0000011b code during the months following the August 2021 cumulative update, making this one of the most common printer issues on modern Windows.

• 🛠️ Step-by-step fixes for Error 740 on Windows 10, Windows 11, and Windows Server
• 🔐 How UAC, Point and Print, and Package Point and Print policies interact
• 🧩 Registry and Group Policy edits that solve the problem without breaking security
• 👥 Named real-world scenarios for home users, small business staff, and MSP technicians
• ⚠️ PrintNightmare safety warnings and mistakes that can expose your network

What Error 740 Really Means

Error 740 is the Windows system code for ERROR_ELEVATION_REQUIRED, and it fires when a process tries to perform a task that needs administrator privileges but was launched with only standard user rights. When you add a network printer, Windows tries to copy driver files into C:\Windows\System32\DriverStore and register them with the print spooler service. Those actions write to protected folders, so the operating system demands a full administrator token, not a filtered standard token.

The print subsystem uses the Spooler service to manage drivers, queues, and ports. Before the August 2021 security update, Windows let standard users install signed printer drivers from trusted print servers without prompting. After Microsoft patched CVE-2021-34481, the default behavior changed, and only administrators can install new drivers. That single change is the root cause of most modern Error 740 tickets.

If you ignore Error 740 and keep clicking Add Printer, the installer loops, the spooler may crash, and the client computer can end up with a half-installed driver that blocks future installs. The direct consequence is lost productivity, a locked queue, and sometimes a corrupted driver store that needs a full spooler reset using the Printer Troubleshooter.

A common misconception is that Error 740 means the printer is offline or the cable is bad. The error has nothing to do with hardware, network connectivity, or printer firmware. It is always a Windows privilege and policy problem, and it is always fixable from the client side.

Why Elevation Is Required for Printer Installs

Windows uses a security feature called User Account Control to split every login token into a standard token and an elevated token. Standard operations use the filtered token, and protected operations trigger a UAC prompt that asks for the admin token. Printer driver installation is classified as a protected operation because drivers run inside the kernel or inside privileged services.

The consequence of this design is that even a local administrator account gets Error 740 if the Add Printer wizard was not launched with “Run as administrator.” The token the wizard received is the filtered one, so it lacks the SeLoadDriverPrivilege right needed to register a print driver. The fix is to launch the wizard from an elevated Control Panel or elevated PowerShell session.

Take Sarah, an accountant at a 40-person law firm. She tries to add a shared HP LaserJet on \\PRINTSRV01\HP-Legal and gets Error 740. Her account is a Domain User with no local admin rights, so no amount of clicking will work until the helpdesk either elevates her session or pushes the driver through Group Policy.

A common misconception is that adding the user to the “Print Operators” group fixes Error 740. It does not, because Print Operators can manage queues but cannot install new drivers on a client. Only members of the local Administrators group, or users covered by a relaxed Point and Print policy, can install drivers.

The PrintNightmare Connection

PrintNightmare is a family of remote code execution vulnerabilities in the Windows Print Spooler that let attackers run SYSTEM-level code by abusing the Point and Print feature. Microsoft’s response was a series of patches, including KB5005033, KB5005565, and KB5005652, which changed the default Point and Print behavior so that installing drivers always requires admin rights.

The consequence of these patches is that every client that was fine on July 2021 suddenly throws Error 740 after updates. The registry value RestrictDriverInstallationToAdministrators at HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Printers\PointAndPrint now defaults to 1. When that DWORD is 1, only admins can install drivers, full stop.

Consider Marcus, a managed service provider technician supporting a dental clinic. Before the patch, clinic staff added the office Brother MFC themselves. After the patch, every new hire hit Error 740. Marcus now deploys drivers through a GPO startup script so the driver store has the package before users ever click Add Printer.

A dangerous misconception is that setting RestrictDriverInstallationToAdministrators back to 0 “just fixes it.” That rollback re-opens the PrintNightmare attack surface, and a successful exploit gives an attacker SYSTEM on every client. The CISA emergency directive specifically warns against this rollback in production networks.

Quick Fix: Run the Add Printer Wizard as Admin

The fastest workaround is to launch the Add Printer process with full admin rights. Press Windows + R, type control printers, then hold Ctrl + Shift + Enter to launch the Printers control panel elevated. From there, click “Add a printer” and point to the network share.

You can also use an elevated PowerShell session. Right-click Start, pick “Terminal (Admin),” and run Add-Printer -ConnectionName \\PRINTSRV01\HP-Legal. The Add-Printer cmdlet honors the admin token and bypasses Error 740 for that single install.

Take Linda, a remote paralegal on a domain-joined Surface laptop. She gets Error 740 every time she tries the Devices and Printers UI. Her IT team gives her a one-time elevated PowerShell line, she pastes it, the driver installs, and the printer appears for every future session without another prompt.

The consequence of relying only on this fix is that every new printer still needs admin creds. It is a per-install workaround, not a policy fix, so use it for one-off problems and use Group Policy for fleet deployment.

Full Group Policy Fix for Point and Print

Open Group Policy Editor with gpedit.msc on a client or GPMC on a domain controller. Navigate to Computer Configuration > Administrative Templates > Printers. The two policies that matter are “Point and Print Restrictions” and “Package Point and Print – Approved servers.”

Set “Point and Print Restrictions” to Enabled, check “Users can only point and print to these servers,” and list your print server FQDN such as printsrv01.contoso.local. Under security prompts, set both “When installing drivers for a new connection” and “When updating drivers for an existing connection” to “Do not show warning or elevation prompt.” This keeps the PrintNightmare guardrails while letting your approved server deploy drivers silently.

Next, enable “Package Point and Print – Approved servers” and add the same print server FQDN. Package Point and Print uses signed driver packages, which are safer than legacy v3 drivers, and it works with the post-PrintNightmare patch model.

Diana, a school district sysadmin, uses this exact GPO to push a Xerox VersaLink driver to 600 teacher laptops. Before the policy, teachers flooded the helpdesk with Error 740 tickets. After the GPO, driver installs run silently at logon, and the teachers never see an elevation prompt.

The consequence of skipping Package Point and Print is that even a correctly listed approved server still requires admin rights for legacy drivers. Always pair the two policies so both old and new drivers flow correctly.

Registry Fix When GPO Is Not Available

On Windows 10 Home or a workgroup machine without gpedit.msc, edit the registry directly with regedit. Back up the hive first with File > Export, because a bad edit can break printing completely.

Navigate to HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Printers\PointAndPrint. Create or edit these DWORD values: RestrictDriverInstallationToAdministrators set to 0 only if you accept the PrintNightmare risk, NoWarningNoElevationOnInstall set to 0 for safety, and UpdatePromptSettings set to 0 for safety. The Microsoft registry reference lists every valid value.

Take Javier, a freelance graphic designer on Windows 11 Home. He needs to connect to his coworking space’s shared Canon imageRUNNER. His machine is not domain-joined and has no GPO. He exports the hive, sets the three DWORDs per Microsoft guidance, reboots, and the printer installs cleanly without Error 740.

The consequence of editing the wrong key, such as HKCU instead of HKLM, is that the policy never applies because printer driver policies are machine-wide, not user-wide. Always edit under HKLM and always reboot or restart the Spooler service with net stop spooler && net start spooler.

Alternate Install Path: Local Port Instead of UNC

When the UNC path \\server\printer throws Error 740 and you cannot change policy, install the printer as a local printer with a TCP/IP port. Open Devices and Printers, click Add Printer, choose “The printer that I want isn’t listed,” pick “Add a local printer,” create a new Standard TCP/IP Port, and point it at the printer’s IP address.

This workaround bypasses Point and Print entirely because the client downloads the driver from Windows Update or a local INF file instead of the print server. The Standard TCP/IP port monitor handles the raw print job directly over port 9100 or LPR.

Consider Ravi, an IT consultant at a small law firm. The firm’s print server is unpatched and cannot be updated during business hours. He adds each attorney’s workstation using the printer’s static IP and an INF driver pulled from Epson’s support site. Error 740 never fires because no driver copy from the server is attempted.

The consequence of this method is that future driver updates no longer push from the server. Each client becomes an island, so in a large environment you trade convenience for scale, which is why this is a small-office fix, not an enterprise fix.

Server-Side Fixes on Windows Server

On the print server itself, open Print Management with printmanagement.msc. Right-click the print server, choose Properties, go to the Drivers tab, and add both the x64 and x86 signed driver packages. Sign drivers with a certificate that chains to a root CA trusted by every client.

Enable the registry value RpcAuthnLevelPrivacyEnabled on every client and the server by setting HKLM\SYSTEM\CurrentControlSet\Control\Print\RpcAuthnLevelPrivacyEnabled to 1. This addresses the related CVE-2021-1678 error 0x0000011b that often rides alongside Error 740.

Priya, a hospital sysadmin, uses Windows Server 2022 with Print Management. She signs drivers with her internal CA, ships the root cert via GPO, and enables RpcAuthnLevelPrivacyEnabled on all 1,200 nursing workstations. Error 740 disappears across the floor.

The consequence of using unsigned or cross-signed drivers after July 2021 is that Windows blocks the install silently or loudly. Only WHQL-signed or internally signed drivers survive the post-PrintNightmare gate.

Three Real-World Scenarios

Home User on Windows 11

Small Business With No Domain

Enterprise With Active Directory

Mistakes to Avoid

• Disabling UAC completely instead of elevating the install, which removes every integrity boundary on the PC and violates Microsoft security baselines.
• Setting RestrictDriverInstallationToAdministrators to 0 across the fleet, which re-opens the full PrintNightmare remote code execution path.
• Rolling back the August 2021 cumulative update, because that also removes fixes for unrelated critical vulnerabilities such as MSHTML CVE-2021-40444.
• Adding users to the local Administrators group as a shortcut, which gives every app they run full SYSTEM-adjacent power and violates least privilege.
• Using unsigned printer drivers pulled from random websites, because they fail driver signing and can carry malware.
• Editing HKCU keys instead of HKLM keys, which never takes effect because Point and Print policies are machine-scoped.
• Forgetting to restart the Print Spooler or reboot after registry and policy changes, so the client keeps using the cached, broken policy.
• Mixing x64 server drivers with x86 clients without adding both architectures in Print Management, which produces a silent driver pull failure and another Error 740.
• Listing the print server by short name in Package Point and Print when clients resolve it by FQDN, which makes the approved-server list miss.
• Ignoring the companion error 0x0000011b, which shares the same root cause and must be fixed with RpcAuthnLevelPrivacyEnabled on both client and server.
• Deploying printers by logon script with rundll32 printui.dll,PrintUIEntry without elevation, which re-creates Error 740 at every logon.

Do’s and Don’ts

Do’s

• Do patch Windows clients and print servers on the same cycle so Point and Print versions stay in sync.
• Do use Package Point and Print with signed drivers so clients install silently without admin rights.
• Do list print servers by FQDN in approved-server policies so name resolution matches.
• Do test every printer driver in a pilot OU before pushing fleet-wide, because a bad driver can crash the spooler on every client.
• Do keep a documented rollback plan, including exported registry hives and GPO backups, so a bad change can be reversed in minutes.

Don’ts

• Do not disable UAC to “make printers easier,” because it removes integrity-level enforcement from every app on the PC.
• Do not grant Domain Users local admin rights, because it gives malware a clean path to privilege escalation.
• Do not use public driver INF files without verifying the publisher signature first.
• Do not edit registry keys on a production server without a System State backup or VM snapshot.
• Do not ignore 0x0000011b, because it often hides behind Error 740 and needs its own RpcAuthnLevelPrivacyEnabled fix.

Pros and Cons of Common Fixes

Pros

• Running Add Printer elevated is fast, free, and needs no policy change, which makes it ideal for one-off installs.
• Point and Print with approved servers keeps the PrintNightmare guardrails in place while allowing silent driver deployment.
• Package Point and Print supports modern v4 signed drivers, which are more stable than legacy v3 drivers.
• Local TCP/IP port installs bypass the print server entirely, which is useful when the server is offline or unpatched.
• Registry fixes work on Windows Home SKUs, where gpedit.msc is not available, giving small shops a path forward.

Cons

• Elevated installs require admin credentials, which do not scale to thousands of users without automation.
• Approved-server policies must be updated every time you add or rename a print server, which adds ongoing admin overhead.
• Package Point and Print requires signed drivers, and not every legacy manufacturer provides them, so some old printers must be retired.
• Local TCP/IP installs break centralized driver updates, creating long-term maintenance debt.
• Registry fixes are easy to misapply and can silently weaken security if the wrong DWORDs are set to 0.

Step-by-Step: Add-Printer PowerShell Walkthrough

Right-click Start, choose “Terminal (Admin),” and accept the UAC prompt. Run Get-Printer to list current printers and confirm the spooler is responsive. If the command hangs, restart the Spooler service with Restart-Service Spooler because a stuck spooler is a common Error 740 precursor.

Run Add-PrinterDriver -Name "HP Universal Printing PCL 6" to pre-stage the driver from the local driver store, then run Add-Printer -ConnectionName \\PRINTSRV01\HP-Legal to attach the queue. The PrintManagement PowerShell module includes cmdlets for every step, including Add-PrinterPort if you prefer a TCP/IP port.

Verify success with Get-Printer -Name "HP-Legal" and send a test page with Out-Printer. If Error 740 returns during Add-Printer, the Terminal session was not elevated, or the driver is unsigned, or the approved-server list does not include PRINTSRV01 by FQDN.

Federal vs. State Considerations

Federal rules such as HIPAA and FISMA require that any fix not weaken system security controls. Rolling back PrintNightmare protections to eliminate Error 740 can be a HIPAA Security Rule violation if the device touches electronic protected health information, and the consequence can be an OCR investigation and a financial penalty.

State laws layer on top of federal rules. California’s CCPA and New York’s SHIELD Act both require “reasonable security.” A printer fix that disables UAC fleet-wide would likely fail the reasonableness test in a state AG audit, and the consequence can include civil penalties and notification obligations.

A common misconception is that printer drivers are “just peripherals” outside the scope of security regulation. They are not, because drivers run at high integrity and touch every document printed, including regulated data such as PHI, PII, and attorney-client communications.

Recap of Key Rulings and Guidance

CISA Emergency Directive 21-04 ordered federal agencies to apply PrintNightmare patches and keep RestrictDriverInstallationToAdministrators set to 1. Microsoft’s security advisory reinforces that any rollback is explicitly unsupported in regulated environments.

The NIST SP 800-53 control AC-6 (“Least Privilege”) underpins why Error 740 exists at all. Windows is following the control by refusing to install drivers without elevation, and the consequence of circumventing that control is a finding in any federal or NIST-aligned audit.

For private-sector guidance, CIS Benchmarks for Windows 11 recommend the exact Point and Print and Package Point and Print settings discussed above, making them the industry reference for a clean Error 740 fix.

Key Entities at a Glance

FAQs

Does Error 740 mean my printer is broken?

No. Error 740 is a Windows privilege error, not a hardware fault, and it always means the current user or process lacks the admin rights needed to install or update the printer driver.

Can I fix Error 740 without admin rights?

No. The error exists because the install needs administrator privileges, so you must either elevate the session, provide admin credentials at the UAC prompt, or have an administrator pre-stage the driver for you.

Is disabling UAC a safe fix?

No. Disabling UAC removes integrity-level enforcement across the entire operating system, weakens defense in depth, and violates Microsoft and CIS security baselines for Windows 10 and Windows 11.

Does the fix differ on Windows 11 vs. Windows 10?

No. The Point and Print, UAC, and Package Point and Print policies behave the same way on both Windows 10 22H2 and Windows 11, so the registry keys and GPO paths match across both operating systems.

Will rolling back the August 2021 patch fix Error 740?

Yes, temporarily, but it re-opens the PrintNightmare remote code execution vulnerability and removes unrelated critical fixes, so rollback is not an acceptable long-term solution.

Is error 0x0000011b the same as Error 740?

No, but they share roots in the same PrintNightmare patch cycle, and they often appear together, so you fix 0x0000011b with RpcAuthnLevelPrivacyEnabled and Error 740 with Point and Print or elevation.

Can I use a local TCP/IP port to bypass Error 740?

Yes. Adding the printer as a local printer on a Standard TCP/IP port bypasses Point and Print, which avoids the driver-copy step that triggers Error 740, though it loses centralized driver updates.

Does Package Point and Print require signed drivers?

Yes. Package Point and Print only accepts digitally signed driver packages, which is why re-signing legacy drivers or upgrading to v4 drivers is often part of a complete Error 740 fix.

Should I list print servers by IP in approved-server policies?

No. Clients resolve servers by FQDN in Active Directory, so listing by IP creates a name-match failure, the policy misses, and Error 740 returns at the next install.

Is Error 740 covered by HIPAA or other regulations?

Yes, indirectly, because any fix that weakens UAC or PrintNightmare protections on a device handling PHI can trigger a HIPAA Security Rule violation and potential OCR enforcement action.

Will a reboot alone fix Error 740?

No. A reboot does not change permissions, UAC settings, or Point and Print policies, so the error returns on the next install attempt unless the underlying privilege or policy issue is corrected.

Can I deploy the fix with Intune or SCCM?

Yes. Both Microsoft Intune and Configuration Manager can deploy the Point and Print Administrative Template settings and the required registry DWORDs to every managed client at scale.