UCF STIG Viewer Logo

Users must only be allowed to point and print to machines in their forest.


Overview

Finding ID Version Rule ID IA Controls Severity
V-36676 WN08-CC-000017 SV-48293r1_rule ECSC-1 Low
Description
Uncontrolled system updates can introduce issues to a system. Obtaining update components from an outside source may also potentially provide sensitive information outside of the enterprise. Configuring this setting will restrict, but allow users to obtain print drivers for printers in their forest.
STIG Date
Windows 8 Security Technical Implementation Guide 2014-01-07

Details

Check Text ( C-44971r1_chk )
If the following registry values do not exist or are not configured as specified, this is a finding:

Registry Hive: HKEY_LOCAL_MACHINE
Subkey: \Software\Policies\Microsoft\Windows NT\Printers\PointAndPrint \

Value Name: InForest
Type: REG_DWORD
Value: 1

Value Name: NoWarningNoElevationOnInstall
Type: REG_DWORD
Value: 1

Value Name: UpdatePromptSettings
Type: REG_DWORD
Value: 2
Fix Text (F-41428r1_fix)
Configure the policy value for Computer Configuration -> Administrative Templates -> Printers -> "Point and Print Restrictions" to "Enabled" with "Users can only point and print to machines in their forest" selected and the following Security Prompts:

When installing Drivers for a new connection:
Do not show warning or elevation prompt.

When updating drivers for an existing connection:
Do not show warning or elevation prompt.