I inadvertently overwrote the main print driver on our print server and wasn't aware of Microsoft's update on 8/10/21 force requiring admin rights for print driver installs. I see running the built-in cscript C:\Windows\System32\Printing_Admin_Scripts\en-US\prndrvr.vbs
will allow me to update the driver however our Sophos policy blocks running cscript for our users. Powershell cannot update drivers without first removing all printers using the driver and then removing the old driver. pnputil doesn't want to work with the Fiery driver I need to install. The printers are deployed via GPO and the driver is packaged.
I'm going to use the less vulnerable registry "hack" from MS to get my users printing again but there has to be a better solution for updating print drivers remotely post KB5005652.
I ended up adding the registry change to GPO to force it for all computers and then configured GPO to only allow point and print to our print server following the instructions at the above KB titled
Permit users to only connect to specific print servers that you trust
.This basically reverts back to the legacy behavior. I'll leave marking this as the answer for a while to see if someone has a better option.