Printer share permissions are not configured as recommended.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-1135 | 3.027 | SV-16949r1_rule | Low |
| Description |
|---|
| Improperly configured share permissions on printers can permit the addition of unauthorized print devices on the network. Windows shares are a means by which files, folders, printers, and other resources can be published for network users to remotely access. Regular users cannot create shares on their local machines; only Administrators and Power Users have that ability. |
| STIG | Date |
|---|---|
| Windows 2008 Domain Controller Security Technical Implementation Guide | 2019-06-18 |
Details
| Check Text ( C-16642r1_chk ) |
|---|
| 2008 - •Double click on “Printers” in Control Panel If there are no locally attached printers, then mark this as “Not Applicable.” Perform this check for each locally attached printer: •Right click on a locally-attached printer. •Select Sharing from the drop-down menu. Perform this check on each printer that has the “Shared” radio-button selected: •Select the Security tab The following table lists the Server 2008 default printer share security settings: Account Assignment - Allow Everyone - Print CREATOR OWNER - Manage Documents Administrator - Print, Manage Printers, Manage Documents Administrators - Print, Manage Printers, Manage Documents If any non administrative user accounts or groups have greater than “Print”, then this is a finding. |
| Fix Text (F-88r1_fix) |
|---|
| Configure the permissions on locally shared printers to meet the minimum requirements. |