STIGQter STIGQter: STIG Summary: Microsoft Windows Server 2019 Security Technical Implementation Guide Version: 2 Release: 2 Benchmark Date: 04 May 2021:

Windows Server 2019 non-administrative accounts or groups must only have print permissions on printer shares.

DISA Rule

SV-205664r569188_rule

Vulnerability Number

V-205664

Group Title

SRG-OS-000080-GPOS-00048

Rule Version

WN19-00-000180

Severity

CAT III

CCI(s)

Weight

10

Fix Recommendation

Configure the permissions on shared printers to restrict standard users to only have Print permissions.

Check Contents

Open "Printers & scanners" in "Settings".

If there are no printers configured, this is NA. (Exclude Microsoft Print to PDF and Microsoft XPS Document Writer, which do not support sharing.)

For each printer:

Select the printer and "Manage".

Select "Printer Properties".

Select the "Sharing" tab.

If "Share this printer" is checked, select the "Security" tab.

If any standard user accounts or groups have permissions other than "Print", this is a finding.

The default is for the "Everyone" group to be given "Print" permission.

"All APPLICATION PACKAGES" and "CREATOR OWNER" are not standard user accounts.

Vulnerability Number

V-205664

Documentable

False

Rule Version

WN19-00-000180

Severity Override Guidance

Open "Printers & scanners" in "Settings".

If there are no printers configured, this is NA. (Exclude Microsoft Print to PDF and Microsoft XPS Document Writer, which do not support sharing.)

For each printer:

Select the printer and "Manage".

Select "Printer Properties".

Select the "Sharing" tab.

If "Share this printer" is checked, select the "Security" tab.

If any standard user accounts or groups have permissions other than "Print", this is a finding.

The default is for the "Everyone" group to be given "Print" permission.

"All APPLICATION PACKAGES" and "CREATOR OWNER" are not standard user accounts.

Check Content Reference

M

Target Key

2907

Comments