Prevent Users From Installing Printer Drivers

   Posted August 3, 2003 by David Kirk in Windows security

Printer drivers can contain trojans. The default level user should not have the ability to install drivers on a truly secure system. This tech-recipe describes how an admin can close this hole.

On Win2k, WinXP, and WinNT the default level user can install (potentially trojan) printer drivers.

This involves editing your registry. One should always export your current registry to backup and save it before editing.

Make this simple change:
Hive: HKEY_LOCAL_MACHINE
Path: System\CurrentcontrolSet\Control\Print\Providers\LanMan Print Services\Servers
Key: AddPrinterDrivers
Type: REG_DWORD
Value: 1

 

About David Kirk

David Kirk is one of the original founders of tech-recipes and is currently serving as editor-in-chief. Not only has he been crafting tutorials for over ten years, but in his other life he also enjoys taking care of critically ill patients as an ICU physician.
View more articles by David Kirk

The Conversation

Follow the reactions below and share your own thoughts.