UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

The system is configured to allow installation of printers using kernel-mode drivers.


Overview

Finding ID Version Rule ID IA Controls Severity
V-3478 3.087 SV-29715r1_rule DCSL-1 Medium
Description
Kernel-mode drivers are drivers that operate in kernel mode. Kernel mode allows virtually unlimited access to hardware and memory. A poorly written kernel driver may cause system instability and data corruption. Malicious code inserted in a kernel-mode driver has almost no limit on what it may do. Most modern printers do not require kernel-mode drivers.
STIG Date
Windows 2003 Domain Controller Security Technical Implementation Guide 2015-06-03

Details

Check Text ( C-220r1_chk )
The policy value for Computer Configuration -> Administrative Templates -> System -> Printers “Disallow Installation of Printers Using Kernel-mode Drivers” will be set to “Enabled”.

If the following registry value doesn’t exist or its value is not set to 1, then this is a finding:

Registry Hive: HKEY_LOCAL_MACHINE
Subkey: \Software\Policies\Microsoft\Windows NT\Printers\
Value Name: KMPrintersAreBlocked
Type: REG_DWORD
Value: 1


Note: This setting will prevent some applications from installing PDF print drivers.
Fix Text (F-5698r1_fix)
Configure the system to prevent it from allowing the installation of kernel-mode drivers by setting the policy value for Computer Configuration -> Administrative Templates -> Printers “Disallow Installation of Printers Using Kernel-mode Drivers” to “Enabled”.