UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

Printer share permissions are not configured as recommended.


Overview

Finding ID Version Rule ID IA Controls Severity
V-1135 3.027 SV-16949r1_rule Low
Description
Improperly configured share permissions on printers can permit the addition of unauthorized print devices on the network. Windows shares are a means by which files, folders, printers, and other resources can be published for network users to remotely access. Regular users cannot create shares on their local machines; only Administrators and Power Users have that ability.
STIG Date
Windows 2008 Domain Controller Security Technical Implementation Guide 2017-03-02

Details

Check Text ( C-16642r1_chk )
2008 - •Double click on “Printers” in Control Panel

If there are no locally attached printers, then mark this as “Not Applicable.”

Perform this check for each locally attached printer:
•Right click on a locally-attached printer.
•Select Sharing from the drop-down menu.

Perform this check on each printer that has the “Shared” radio-button selected:
•Select the Security tab

The following table lists the Server 2008 default printer share security settings:

Account Assignment - Allow
Everyone - Print
CREATOR OWNER - Manage Documents
Administrator - Print, Manage Printers, Manage Documents
Administrators - Print, Manage Printers, Manage Documents

If any non administrative user accounts or groups have greater than “Print”, then this is a finding.
Fix Text (F-88r1_fix)
Configure the permissions on locally shared printers to meet the minimum requirements.