Printer share permissions must be restricted to Print for non administrators.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-1135 | 3.027 | SV-25007r2_rule | Low |
| Description |
|---|
| Improperly configured share permissions on printers can permit the addition of unauthorized print devices on the network. Windows shares are a means by which files, folders, printers, and other resources can be published for network users to remotely access. |
| STIG | Date |
|---|---|
| Windows 7 Security Technical Implementation Guide | 2018-02-12 |
Details
| Check Text ( C-60783r3_chk ) |
|---|
| Open "Devices and Printers" in Control Panel. If there are no locally attached printers, this is NA. Perform this check for each locally attached printer: Right-click on a locally attached printer. Select "Printer Properties". Select the "Sharing" tab. View whether "Share this printer" is checked. Perform this check on each printer that has the "Share this printer" selected: Select the Security tab. If any non-administrative user accounts or groups have greater than "Print", this is a finding. |
| Fix Text (F-65515r3_fix) |
|---|
| Configure the permissions on locally shared printers to ensure non administrators only have "Print". Open "Devices and Printers" in Control Panel. Right-click on a locally attached printer. Select "Printer Properties". Select the "Sharing" tab. For each printer that has the "Share this printer" selected: Select the Security tab. Assign any non-administrative user accounts or groups "Print" permission only. |