18.7.2 Ensure 'Configure Redirection Guard' is set to 'Enabled: Redirection Guard Enabled'

Information

This policy setting determines whether Redirection Guard is enabled for the print spooler. Redirection Guard can prevent file redirections from being used within the print spooler.

The recommended state for this setting is: Enabled: Redirection Guard Enabled

This setting prevents non-administrators from redirecting files within the print spooler process.

Solution

To establish the recommended configuration via GP, set the following UI path to Enabled: Redirection Guard Enabled :

Computer Configuration\Policies\Administrative Templates\Printers\Configure Redirection Guard

Note: This Group Policy path is provided by the Group Policy template Printing.admx/adml that is included with the Microsoft Windows 11 Release 22H2 Administrative Templates (and newer).

Impact:

None - this is default behavior.

See Also

https://workbench.cisecurity.org/benchmarks/15301

Item Details

Category: CONFIGURATION MANAGEMENT

References: 800-53|CM-6b.

Plugin: Windows

Control ID: 23d8c06722086b1c82faf597b271b6ddb455d6a5a66cf2e08cd2c912a14f5037