Information
This policy setting controls which port is used for RPC over TCP for incoming connections to the print spooler and outgoing connections to remote print spoolers.
The recommended state for this setting is: Enabled: 0
Using dynamic ports for printing makes it more difficult for an attacker to know which port is being used and therefore which port to attack.
Solution
To establish the recommended configuration via GP, set the following UI path to Enabled: 0 :
Computer Configuration\Policies\Administrative Templates\Printers\Configure RPC over TCP port
Note: This Group Policy path is provided by the Group Policy template Printing.admx/adml that is included with the Microsoft Windows 11 Release 22H2 Administrative Templates (and newer).
Impact:
If your current print environment is configured for a specific TCP port, this setting may require a firewall change (if applicable) for continued printing.