Information
This policy setting allows you to disable the client computer's ability to print over HTTP, which allows the computer to print to printers on the intranet as well as the Internet.
The recommended state for this setting is: Enabled.
Note: This control affects printing over both HTTP and HTTPS.
Rationale:
Information that is transmitted over HTTP through this capability is not protected and can be intercepted by malicious users. For this reason, it is not often used in enterprise managed environments.
Impact:
The client computer will not be able to print to Internet printers over HTTP or HTTPS.
Note: This policy setting affects the client side of Internet printing only. Regardless of how it is configured, a computer could act as an Internet Printing server and make its shared printers available through HTTP.
Solution
To establish the recommended configuration via GP, set the following UI path to Enabled:
Computer Configuration\Policies\Administrative Templates\System\Internet Communication Management\Internet Communication settings\Turn off printing over HTTP
Note: This Group Policy path is provided by the Group Policy template ICM.admx/adml that is included with all versions of the Microsoft Windows Administrative Templates.
Default Value:
Disabled. (Users can choose to print to Internet printers over HTTP.)
Additional Information:
This Benchmark Recommendation maps to:
Microsoft Windows Server 2016 Security Technical Implementation Guide:
Version 1, Release 13, Benchmark Date: May 15, 2020
Vul ID: V-73529
Rule ID: SV-88181r1_rule
STIG ID: WN16-CC-000170
Severity: CAT II