PointAndPrint Mitigation for Printnightmare vulnerability
Log In or Register to download the BES file, and more.

0 Votes

Description

Optionally configure the RestrictDriverInstallationToAdministrators registry value to prevent non-administrators from installing printer drivers on a print server.


Property Details

ID26861
StatusAlpha - Code that was just developed
TitlePointAndPrint Mitigation for Printnightmare vulnerability
DomainBESC
SourceInternal
Source Release Date7/8/2021 12:00:00 AM
Keywordsprintnightmare test vulnerability spooler print PointAndPrint
Added by on 7/8/2021 10:04:57 AM
Last Modified by on 7/8/2021 10:04:57 AM
Counters 299 Views / 17 Downloads
User Rating 1 star 2 star 3 star 4 star 5 star * Average over 0 ratings. ** Log In or Register to add your rating.

Relevance

Used in 363 fixlets   * Results in a true/false
Show indented relevance
(if( name of operating system starts with "Win" ) then platform id of operating system != 3 else false) AND (if exists property "in proxy agent context" then ( not in proxy agent context ) else true )
isWindows (Relevance 1172)
Used in 1135 fixlets and 535 analyses   * Results in a true/false
Show indented relevance
windows of operating system
Used in 1 fixlet   * Results in a true/false
Show indented relevance
not exists key "HKEY_LOCAL_MACHINE \Software\Policies\Microsoft\Windows NT\Printers\PointAndPrint" whose (value "RestrictDriverInstallationToAdministrators" of it as integer = 1) of native registry

Actions

Action 1 (default)

Action Link Click here to deploy this action.
Script Type BigFix Action Script
if {x64 of operating system}
regset64 "[HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\Printers\PointAndPrint]" "RestrictDriverInstallationToAdministrators"=dword:00000001
else
regset "[HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\Printers\PointAndPrint]" "RestrictDriverInstallationToAdministrators"=dword:00000001
endif
Success Criteria

This action will be considered successful when the applicability relevance evaluates to false.

Action 2

Action Link Click here to read more from Microsoft.
Script Type URL
https://support.microsoft.com/en-us/topic/kb5005010-restricting-installation-of-new-printer-drivers-after-applying-the-july-6-2021-updates-31b91c02-05bc-4ada-a7ea-183b129578a7
    

Sharing

Social Media:
Share this page on Yammer

Comments

Log In or Register to leave comments!