5.18 (L2) Ensure 'Print Spooler (Spooler)' is set to 'Disabled'

Information

This service spools print jobs and handles interaction with printers.

The recommended state for this setting is: Disabled

In a high security environment, unnecessary services especially those with known vulnerabilities should be disabled.

Disabling the Print Spooler (Spooler) service mitigates the PrintNightmare vulnerability (

CVE-2021-34527

) and other attacks against the service.

Solution

To establish the recommended configuration via GP, set the following UI path to: Disabled :

Computer Configuration\Policies\Windows Settings\Security Settings\System Services\Print Spooler

Impact:

Users will not be able to print, including printing to files (such as Adobe Portable Document Format (PDF)) which uses the Print Spooler service.

See Also

https://workbench.cisecurity.org/benchmarks/16514

Item Details

Category: CONFIGURATION MANAGEMENT

References: 800-53|CM-6, 800-53|CM-7, CSCv7|9.2

Plugin: Windows

Control ID: 3cc303fcfb1c60643bf25610c7abc41a6770cc2ed94240a7f3da2abe0d5fa718