5.17 (L2) Ensure 'Print Spooler (Spooler)' is set to 'Disabled'

Information

This service spools print jobs and handles interaction with printers.

The recommended state for this setting is: Disabled

In a high security environment, unnecessary services especially those with known vulnerabilities should be disabled.

Disabling the Print Spooler (Spooler) service mitigates the PrintNightmare vulnerability (

CVE-2021-34527

) and other attacks against the service.

Solution

To establish the recommended configuration via GP, set the following UI path to: Disabled :

Computer Configuration\Policies\Windows Settings\Security Settings\System Services\Print Spooler

Impact:

Users will not be able to print, including printing to files (such as Adobe Portable Document Format (PDF)) which uses the Print Spooler service.

See Also

https://workbench.cisecurity.org/benchmarks/16515