Point and Print Restrictions: When installing drivers for a new connectionID: oval:org.secpod.oval:def:83515 | Date: (C)2022-09-02 (M)2023-05-09 |
Class: COMPLIANCE | Family: windows |
This policy setting controls whether computers will show a warning and a security elevation prompt when users create a new printer connection using Point and Print.
The recommended state for this setting is: Enabled: Show warning and elevation prompt.
Enabling Windows User Account Control (UAC) for the installation of new print drivers can help mitigate the PrintNightmare vulnerability and other Print Spooler attacks.
Although the Point and Print default driver installation behavior overrides this setting, it is important to configure this as a backstop in the event that behavior is reversed.
Fix:
(1) GPO: Computer Configuration\Administrative Templates\Printers\Point and Print Restrictions: When installing drivers for a new connection
(2) REG: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\Printers\PointAndPrint!NoWarningNoElevationOnInstall
Platform: |
Microsoft Windows Server 2016 |