UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

The use of Internet Printing Protocol (IPP) must be disabled on the IIS web server.


Overview

Finding ID Version Rule ID IA Controls Severity
V-6754 WA000-WI080 IIS7 SV-32222r2_rule ECSC-1 Medium
Description
The use of Internet Printing Protocol (IPP) on an IIS web server allows client’s access to shared printers. This privileged access could allow remote code execution by increasing the web servers attack surface. Additionally, since IPP does not support SSL, it is considered a risk and will not be deployed.
STIG Date
IIS 7.0 WEB SERVER STIG 2016-02-11

Details

Check Text ( C-32693r1_chk )
If the Print Services role and the Internet Printing role are not installed, this check is N/A.

Navigate to the following directory:
%windir%\web\printers
If this folder exists, this is a finding.

Determine whether Internet Printing is enabled:
1. Click Start, then click Administrative Tools, and then click Server Manager.
2. Expand the roles node, then right-click Print Services, and then select Remove Roles Services.
3. If the Internet Printing option is enabled, this is a finding.
Fix Text (F-28783r1_fix)
1. Click Start, then click Administrative Tools, and then click Server Manager.
2. Expand the roles node, then right-click Print Services, and then select Remove Roles Services.
3. If the Internet Printing option is checked, clear the check box, click Next, and then click Remove to complete the wizard.