18.8.22.1.1 Ensure 'Turn off downloading of print drivers over HTTP' is set to 'Enabled'

Information

This policy setting controls whether the computer can download print driver packages over HTTP. To set up HTTP printing, printer drivers that are not available in the standard operating system installation might need to be downloaded over HTTP.

The recommended state for this setting is: Enabled.

Rationale:

Users might download drivers that include malicious code.




Impact:

Print drivers cannot be downloaded over HTTP.

Note: This policy setting does not prevent the client computer from printing to printers on the intranet or the Internet over HTTP. It only prohibits downloading drivers that are not already installed locally.

Solution

To establish the recommended configuration via GP, set the following UI path to Enabled:

Computer Configuration\Policies\Administrative Templates\System\Internet Communication Management\Internet Communication settings\Turn off downloading of print drivers over HTTP

Note: This Group Policy path is provided by the Group Policy template ICM.admx/adml that is included with all versions of the Microsoft Windows Administrative Templates.

Default Value:

Disabled. (Users can download print drivers over HTTP.)

Additional Information:

Microsoft Windows Server 2019 Security Technical Implementation Guide:
Version 2, Release 1, Benchmark Date: November 13, 2020

Vul ID: V-205688
Rule ID: SV-205688r569188_rule
STIG ID: WN19-CC-000150
Severity: CAT II

See Also

https://workbench.cisecurity.org/files/3345

Item Details

Category: CONFIGURATION MANAGEMENT

References: 800-53|CM-7(5), 800-53|CM-10, CSCv7|2.7

Plugin: Windows

Control ID: 698f2a075477e9e86b622aa45bc94cc46f58690ac48f82ecdf9ef9b602daeafd