UCF STIG Viewer Logo

Non-administrative user accounts or groups will only have print permissions of Printer Shares.


Overview

Finding ID Version Rule ID IA Controls Severity
V-1135 3.027 SV-32257r1_rule Low
Description
Improperly configured share permissions on printers can permit the addition of unauthorized print devices on the network. Windows shares are a means by which files, folders, printers, and other resources can be published for network users to remotely access. Regular users cannot create shares on their local machines; only Administrators and Power Users have that ability.
STIG Date
Windows Server 2008 R2 Domain Controller Security Technical Implementation Guide 2019-06-18

Details

Check Text ( C-32709r1_chk )
Open “Devices and Printers” in Control Panel.
If there are no locally-attached printers, then mark this as “Not Applicable.”

Perform this check for each locally-attached printer:
Right click on a locally-attached printer.
Select “Printer Properties”.
Select the “Sharing” tab.
View whether “Share this printer” is checked.

For any printers with “Share this printer” selected:
Select the Security tab.

If any non-administrative user accounts or groups have greater permissions than “Print”, then this is a finding.

Fix Text (F-29047r1_fix)
Configure the permissions on locally-shared printers to meet the minimum requirements.