5.18 (L2) Ensure 'Print Spooler (Spooler)' is set to 'Disabled'

Information

This service spools print jobs and handles interaction with printers.

The recommended state for this setting is: Disabled

In a high security environment, unnecessary services especially those with known vulnerabilities should be disabled.

Disabling the Print Spooler (Spooler) service mitigates the PrintNightmare vulnerability (

CVE-2021-34527

) and other attacks against the service.

Solution

To establish the recommended configuration via GP, set the following UI path to: Disabled :

Computer Configuration\Policies\Windows Settings\Security Settings\System Services\Print Spooler

Impact:

Users will not be able to print, including printing to files (such as Adobe Portable Document Format (PDF)) which uses the Print Spooler service.

See Also

https://workbench.cisecurity.org/benchmarks/17129

Item Details

Category: CONFIGURATION MANAGEMENT

References: 800-53|CM-6, 800-53|CM-7, CSCv7|9.2

Plugin: Windows

Control ID: 185a625c2b76bc774ac8715e1a076ec422512dafed4ed0868e0275badf6c3c76