Recent Searches

No recent searches

    Popular Articles

      Articles
      View all
        Topics
        View all
          Tickets
          View all
            no results

            Sorry! nothing found for

            Print Servers and CVE-2021-34481

            Created by Andrew Schott, Modified on Wed, Sep 1, 2021 at 5:06 PM by Andrew Schott

            CVE-2021-34481 enables local privilege escalation to the SYSTEM level. To compromise a system, a threat actor would need physical access, or the system would need to be already compromised. To mitigate this, Microsoft decided to completely kill the ability for non-admin users to install print drivers hosted by a print server. The following GPO settings will disable that new behavior and lock down Point nd Print settings to only allow the connections to a trusted server and then silence the admin prompts per usual.


            Computer Configuration (Enabled)

            Policies

             - Windows Settings

             -- Security Settings

             --- Local Policies/Security Options

             ---- Devices

             ---- Policy Setting 

             ---- Devices: Prevent users from installing printer drivers Disabled 


             - Administrative Templates

             - Policy definitions (ADMX files) retrieved from the central store.

             -- Printers

             --- Package Point and print - Approved servers Enabled  

             ---- Enter fully qualified server names 

             ---- print.domain.local 

              

             --- Point and Print Restrictions Enabled  

             ---- Users can only point and print to these servers: Enabled 

             ----- Enter fully qualified server names separated by semicolons print.domain.local 

             ---- Users can only point and print to machines in their forest Disabled 

             ---- Security Prompts: 

             ----- When installing drivers for a new connection: Do not show warning or elevation prompt 

             ----- When updating drivers for an existing connection: Do not show warning or elevation prompt


             -- System/Driver Installation

             ---  Allow non-administrators to install drivers for these device setup classes Enabled  

             ----  Allow Users to install device drivers for these classes: 

             ----- {4658ee7e-f050-11d1-b6bd-00c04fa372a7} (Printer)

             ----- {4d36e979-e325-11ce-bfc1-08002be10318} (PNPPrinter)


            Preferences

             - Windows Settings

             -- Registry

             --- RestrictDriverInstallationToAdministrators (Order: 1)

             ----- General

             ------  Action Update 

             ----  PropertiesHive HKEY_LOCAL_MACHINE 

             ----  Key path Software\Policies\Microsoft\Windows NT\Printers\PointAndPrint 

             ----  Value name RestrictDriverInstallationToAdministrators 

             ----  Value type REG_DWORD 

             ----  Value data 0x0 (0



            User Configuration (Enabled)

             - Policies

             -- Administrative Templates

             -- Policy definitions (ADMX files) retrieved from the central store.

             --- Control Panel/Printers

             ---- Package Point and print - Approved servers Enabled

             ----- Enter fully qualified server names 

             ----- print.domain.local


             ---- Point and Print Restrictions Disabled

            Was this article helpful?

            That’s Great!

            Thank you for your feedback

            Sorry! We couldn't be helpful

            Thank you for your feedback

            Let us know how can we improve this article!

            Select at least one of the reasons
            CAPTCHA verification is required.

            Feedback sent

            We appreciate your effort and will try to fix the article

            Preview
            0 of 0