PrintNightmare Print Spooler vulnerability

RAMIC21 21 Reputation points

Hi, please i need to know how to check that the vulnerability PrintNightmare of windows Print Spooler vulnerability is fixed after applying the GPO that disables "Allow Print Spooler to accept client connections"
So, after applying this workaround how to check that ths GPO is applied and the vulnerability is fixed.
kind regards

Windows Server
Windows Server
A family of Microsoft server operating systems that support enterprise-level management, data storage, applications, and communications.
12,255 questions
0 comments No comments
{count} votes

Accepted answer
  1. Leon Laude 85,676 Reputation points

    Hi @RAMIC21 ,

    In order to secure your system, you must confirm that the following registry settings are set to 0 (zero) or are not defined (Note: These registry keys do not exist by default, and therefore are already at the secure setting.), also that your Group Policy setting are correct (see FAQ):

    • HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Printers\PointAndPrint
    • NoWarningNoElevationOnInstall = 0 (DWORD) or not defined (default setting)
    • UpdatePromptSettings = 0 (DWORD) or not defined (default setting)

    Having NoWarningNoElevationOnInstall set to 1 makes your system vulnerable by design.



    If the reply was helpful please don't forget to upvote and/or accept as answer, thank you!

    Best regards,

1 additional answer

Sort by: Most helpful
  1. SUNOJ KUMAR YELURU 13,956 Reputation points MVP

    Hi @RAMIC21

    To continue your answer...

    If you don't have registry key you can use PowerShell command listed below.

    Registry key doesn't exist, i used PowerShell command to disable Print Spooler service, below screenshot.


    Run the following in Windows PowerShell:

    Get-Service -Name Spooler  

    If the Print Spooler is running or if the service is not set to disabled, select one of the following options to either disable the Print Spooler service, or to Disable inbound remote printing through Group Policy:

    Option 1 - Disable the Print Spooler service

    If disabling the Print Spooler service is appropriate for your enterprise, use the following PowerShell commands:

    Stop-Service -Name Spooler -Force  
    Set-Service -Name Spooler -StartupType Disabled  

    Impact of workaround Disabling the Print Spooler service disables the ability to print both locally and remotely.

    Example output:


    If the Answer is helpful, please click Accept Answer and up-vote, so that it can help others in the community looking for help on similar topics.