5.4 Ensure 'Print Spooler (Spooler)' is set to 'Disabled' (MS only)

Information

This service spools print jobs and handles interaction with printers.

The recommended state for this setting is: Disabled

Disabling the Print Spooler (Spooler) service mitigates the PrintNightmare vulnerability (

CVE-2021-34527

) and other attacks against the service.

Solution

To establish the recommended configuration via GP, set the following UI path to: Disabled :

Computer Configuration\Policies\Windows Settings\Security Settings\System Services\Print Spooler

Impact:

Member Servers will not be able to act as a print server, sharing printers for clients.

Applications on and users logged in to Member Servers will not be able to print, including printing to files (such as Adobe Portable Document Format (PDF)) which uses the Print Spooler service.

See Also

https://workbench.cisecurity.org/benchmarks/18857

Item Details

Category: CONFIGURATION MANAGEMENT

References: 800-53|CM-6, 800-53|CM-7, CSCv7|9.2

Plugin: Windows

Control ID: 0932cf5527110f12893be9d91d3d688667c605313641a93eaef477922dce5fa8