5.18 Ensure 'Print Spooler (Spooler)' is set to 'Disabled'

Warning! Audit Deprecated

This audit has been deprecated and will be removed in a future update.

View Next Audit Version

Information

This service spools print jobs and handles interaction with printers.

The recommended state for this setting is: Disabled.

Rationale:

In a high security environment, unnecessary services especially those with known vulnerabilities should be disabled.

Disabling the Print Spooler (Spooler) service mitigates the PrintNightmare vulnerability (CVE-2021-34527) and other attacks against the service.

Impact:

Users will not be able to print, including printing to files (such as Adobe Portable Document Format (PDF)) which uses the Print Spooler service.

Solution

To establish the recommended configuration via GP, set the following UI path to: Disabled:

Computer Configuration\Policies\Windows Settings\Security Settings\System Services\Print Spooler

Default Value:

Automatic

See Also

https://workbench.cisecurity.org/files/4063