The following sections describe how to configure Internet printing on a Windows Server based print server. To install IIS, follow these steps:. As described earlier in this article, Internet Printing should be selected and installed by default when you install IIS. To do so, follow these steps:.
On the right pane, click Internet Printing , and then click Allow. An administrator can turn off Internet Printing for specific users and groups by using the Web-based Printing Group Policy setting. Set this to Disabled. To configure the authentication method for Internet printing, follow these steps:. Click the Directory Security tab, and then click Edit under Authentication and access control.
Click any of the following authentication methods that you want to use, and then click OK :. You can also control access to Internet printers based on the requesting host instead of on user credentials. To grant or deny access to specific computers, groups of computers, or domains, click Edit under IP Address and Domain Name Restrictions. In the IP Address and Domain Name Restrictions dialog box that is displayed, complete one of the following procedures:.
What should I do? The affected software listed in this bulletin have been tested to determine which releases are affected. Other releases are past their support life cycle. For more information about the product lifecycle, see the Microsoft Support Lifecycle website. It should be a priority for customers who have older releases of the software to migrate to supported releases to prevent potential exposure to vulnerabilities.
To determine the support lifecycle for your software release, see Select a Product for Lifecycle Information. For more information about service packs for these software releases, see Service Pack Lifecycle Support Policy. Customers who require custom support for older software must contact their Microsoft account team representative, their Technical Account Manager, or the appropriate Microsoft partner representative for custom support options. Customers without an Alliance, Premier, or Authorized Contract can contact their local Microsoft sales office.
For contact information, see the Microsoft Worldwide Information website, select the country in the Contact Information list, and then click Go to see a list of telephone numbers. When you call, ask to speak with the local Premier Support sales manager. The following severity ratings assume the potential maximum impact of the vulnerability. For information regarding the likelihood, within 30 days of this security bulletin's release, of the exploitability of the vulnerability in relation to its severity rating and security impact, please see the Exploitability Index in the January bulletin summary.
For more information, see Microsoft Exploitability Index. A remote code execution vulnerability exists in the way that Microsoft Windows Print Spooler handles specially crafted print jobs.
The vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code. Mitigation refers to a setting, common configuration, or general best-practice, existing in a default state, that could reduce the severity of exploitation of a vulnerability. The following mitigating factors may be helpful in your situation:.
Workaround refers to a setting or configuration change that does not correct the underlying vulnerability but would help block known attack vectors before you apply the update. Microsoft has tested the following workarounds and states in the discussion whether a workaround reduces functionality:.
Disable the Print Spooler service Disabling the Print Spooler service will help protect the affected system from attempts to exploit this vulnerability.
To disable the Print Spooler service, perform the following steps. Warning If you use Registry Editor incorrectly, you may cause serious problems that may require you to reinstall your operating system. Microsoft cannot guarantee that you can solve problems that result from using Registry Editor incorrectly.
Use Registry Editor at your own risk. Click Start , click Run , type regedit , and then click OK. Select Print Spooler , and then click the File menu and select Export.
Create a back-up copy of the registry keys using a managed deployment script with the following command:. Run the following command at a command prompt running as an administrator: sc stop spooler. Impact of workaround. Print-related components will not function properly; printing will be disabled. To undo the workaround if applied using the managed deployment script, run the following command at a command prompt running as an administrator:.
What is the scope of the vulnerability? This is a remote code execution vulnerability. What causes the vulnerability? This vulnerability is caused when the Windows Print Spooler fails to handle a specially crafted print job.
What is the Print Spooler service? The Print Spooler service is an executable file that is installed as a service. The spooler is loaded when the operating system starts, and it continues to run until the operating system is shut down.
The Print Spooler service manages the printing process, which includes such tasks as retrieving the location of the correct printer driver, loading that driver, spooling high-level function calls into a print job, and scheduling print jobs. When the tasks for a particular print job are complete, the Print Spooler service passes the job to the print router. For more information, see How Network Printing Works. What might an attacker use the vulnerability to do?
To share the printers with your end users,. Now the printers have been connected and shared, but users are still not allowed to see and use the printers. You now need to add and configure an Azure AD group or add the users directly to the list of members for each printer. Select your Azure AD users or groups. Once ready, select Share Printer. The printer is now ready to test within your desktop — as the status is "Printer Shared. To test that printers have been assigned correctly, log on to your virtual or physical desktop Logon as an Azure AD user that is assigned to one of the printers that is shared within Universal Print.
Select Print a test page. The test page has been sent to the printer. You can open the print queue to see if something happens. If everything goes fine, the print job should be available and listed in the Universal Print admin portal too. You can find the jobs in the Universal Print portal by selecting the printer and then selecting Jobs. You should also see the job status as Completed. Great job! For enterprises seeking to assign numerous printers to various users across multiple geographic locations, this process can be conducted—and simplified—with Microsoft Endpoint Manager.
Now we move to the Microsoft Endpoint Manager admin center. Visit the new Windows Tech Community to gather with other people that are seeking to learn and help each other while adopting Windows and Cloud PC. Have ideas on what features you'd like to see in this service? Submit them through the Windows feature requests board!
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in. Products 72 Special Topics 41 Video Hub Most Active Hubs Microsoft Teams. Security, Compliance and Identity. Microsoft Edge Insider. Azure Databases. Autonomous Systems. Education Sector. Microsoft Localization. Microsoft PnP. Healthcare and Life Sciences. Internet of Things IoT. Enabling Remote Work.
Small and Medium Business. Humans of IT. Green Tech. MVP Award Program. Video Hub Azure. Microsoft Business. Microsoft Enterprise. Browse All Community Hubs. Turn on suggestions.
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type. Showing results for. Show only Search instead for. Did you mean:.
Sign In. Published Aug 11 AM 8, Views. What is Universal Print? Eliminate the need to manage print servers. Enjoy robust management capabilities through the centralized Azure portal. Control print environment and reporting. Gain visibility and insights into your print environment.
What is Windows ? Built-in location detection: your printers follow you based on your location Working remote and from home are popular today.
Windows 10 physical and virtual desktops must be enrolled with Microsoft Endpoint Manager Window 10 client device — on version or later Windows 10 devices need to have the latest Windows Update installed: Windows 10, version KB For Windows 10, versions and KB Windows 10, version KB For Windows 10, versions and KB Universal Print connector host or Universal Print ready printer Network requirements — The connectors and your Desktops should be able to connect the Universal Print — service URLs below.
Configure Universal Print licensing If you have an eligible Microsoft or Windows subscription, here are the steps. Go to the Microsoft admin portal.
0コメント