Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-1135 | 3.027 | SV-29510r1_rule | ECCD-1 | Low |
Description |
---|
Improperly configured share permissions on printers can permit the addition of unauthorized print devices on the network. Windows shares are a means by which files, folders, printers, and other resources can be published for network users to remotely access. Regular users cannot create shares on their local machines; only Administrators and Power Users have that ability. |
STIG | Date |
---|---|
Windows Vista Security Technical Implementation Guide | 2015-09-01 |
Check Text ( C-80r1_chk ) |
---|
Run Windows Explorer. Select the Control Panel folder. (NT=Printers folder) Select the Printers folder. If there are no locally attached printers, then mark this as “Not Applicable.” Perform this check for each locally attached printer: Right click on a locally-attached printer. Select Sharing from the drop-down menu. Perform this check on each printer that has the “Shared” radio-button selected: Select the Security tab The following table lists the recommended printer share security settings (Allow Permission): Users - Print Administrators, System, Creator Owner - Print, Manage Printers, Manage Documents If there are no shared local printers, then mark this as “Not Applicable.” If the share permissions do not match the above table, then this is a finding. |
Fix Text (F-88r1_fix) |
---|
Configure the permissions on locally shared printers to meet the minimum requirements. |