Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
WN12-GE-000012 | WN12-GE-000012 | WN12-GE-000012_rule | Low |
Description |
---|
Windows shares are a means by which files, folders, printers, and other resources can be published for network users to access. Improper configuration can permit access to devices and data beyond a user's need. |
STIG | Date |
---|---|
Microsoft Windows Server 2012 Domain Controller Security Technical Implementation Guide | 2013-07-25 |
Check Text ( C-WN12-GE-000012_chk ) |
---|
Open "Devices and Printers" in Control Panel or through Search. If there are no printers configured, this is NA. For each configured printer: Right click on the printer. Select "Printer Properties". Select the "Sharing" tab. View whether "Share this printer" is checked. For any printers with "Share this printer" selected: Select the Security tab. If any standard user accounts or groups have permissions other than "Print", this is a finding. Standard users will typically be given "Print" permission through the Everyone group. "All APPLICATION PACKAGES" and "CREATOR OWNER" are not considered standard user accounts for this requirement. |
Fix Text (F-WN12-GE-000012_fix) |
---|
Configure the permissions on shared printers to restrict standard users to only have Print permissions. This is typically given through the Everyone group by default. |