UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

Windows Server 2019 non-administrative accounts or groups must only have print permissions on printer shares.


Overview

Finding ID Version Rule ID IA Controls Severity
V-205664 WN19-00-000180 SV-205664r569188_rule Low
Description
Windows shares are a means by which files, folders, printers, and other resources can be published for network users to access. Improper configuration can permit access to devices and data beyond a user's need.
STIG Date
Microsoft Windows Server 2019 Security Technical Implementation Guide 2024-02-21

Details

Check Text ( C-5929r354910_chk )
Open "Printers & scanners" in "Settings".

If there are no printers configured, this is NA. (Exclude Microsoft Print to PDF and Microsoft XPS Document Writer, which do not support sharing.)

For each printer:

Select the printer and "Manage".

Select "Printer Properties".

Select the "Sharing" tab.

If "Share this printer" is checked, select the "Security" tab.

If any standard user accounts or groups have permissions other than "Print", this is a finding.

The default is for the "Everyone" group to be given "Print" permission.

"All APPLICATION PACKAGES" and "CREATOR OWNER" are not standard user accounts.
Fix Text (F-5929r354911_fix)
Configure the permissions on shared printers to restrict standard users to only have Print permissions.