Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-1135 | WN12-GE-000012 | SV-52213r1_rule | Low |
Description |
---|
Windows shares are a means by which files, folders, printers, and other resources can be published for network users to access. Improper configuration can permit access to devices and data beyond a user's need. |
STIG | Date |
---|---|
Windows Server 2012/2012 R2 Member Server Security Technical Implementation Guide | 2017-12-05 |
Check Text ( C-46959r1_chk ) |
---|
Open "Devices and Printers" in Control Panel or through Search. If there are no printers configured, this is NA. For each configured printer: Right click on the printer. Select "Printer Properties". Select the "Sharing" tab. View whether "Share this printer" is checked. For any printers with "Share this printer" selected: Select the Security tab. If any standard user accounts or groups have permissions other than "Print", this is a finding. Standard users will typically be given "Print" permission through the Everyone group. "All APPLICATION PACKAGES" and "CREATOR OWNER" are not considered standard user accounts for this requirement. |
Fix Text (F-45232r1_fix) |
---|
Configure the permissions on shared printers to restrict standard users to only have Print permissions. This is typically given through the Everyone group by default. |