5.2 (L2) Ensure 'Print Spooler (Spooler)' is set to 'Disabled' (MS only)

Warning! Audit Deprecated

This audit has been deprecated and will be removed in a future update.

View Next Audit Version

Information

This service spools print jobs and handles interaction with printers.

The recommended state for this setting is: Disabled

Disabling the Print Spooler (Spooler) service mitigates the PrintNightmare vulnerability (

CVE-2021-34527

) and other attacks against the service.

Solution

To establish the recommended configuration via GP, set the following UI path to: Disabled :

Computer Configuration\Policies\Windows Settings\Security Settings\System Services\Print Spooler

Impact:

Member Servers will not be able to act as a print server, sharing printers for clients.

Applications on and users logged in to Member Servers will not be able to print, including printing to files (such as Adobe Portable Document Format (PDF)) which uses the Print Spooler service.

See Also

https://workbench.cisecurity.org/benchmarks/16912