如果您看到诸如“ Print Spooler Error”或“Printer Connection Failed”之类的错误消息,您可能需要禁用Print Spooler服务并重新启用它以查看是否可以解决问题。不过目前,由于“PrintNightmare”漏洞, Windows用户还有另一个理由禁用Print Spooler服务。(Print Spooler)
什么是 PrintNightmare?
上个月,微软(Microsoft)承认所有版本的Windows都可能受到“PrintNightmare”漏洞的影响。但是,有一种简单的方法可以保护您的系统免受此漏洞的影响。
微软于(Microsoft)8 月 10 日(August 10th)发布了更新来修复它。然而,不久之后,发现攻击者仍然可以利用Print Spooler服务执行代码来安装应用程序、操纵您的数据或创建具有SYSTEM权限的帐户。
微软证实(Microsoft confirmed)了这一说法,并表示:“当Windows Print Spooler服务不正确地执行特权文件操作时,存在远程代码执行漏洞。”
在Microsoft(Microsoft)发布适当的修复程序之前禁用Print Spooler是有意义的。在本指南中,我们将引导您完成这些步骤,并向您展示如何禁用Print Spooler,从而保护您的系统免受新的PrintNightmare CVE-2021-36598漏洞的影响。
最新修复于9 月 14 日(September 14th)发布,因此请确保安装最新的 Windows 更新以安装此补丁。
注意:如果禁用此服务,您将无法从 Windows PC 打印或传真任何内容。(Note: You will not be able to print or fax anything from your Windows PC if you disable this service. )
使用组策略编辑器禁用打印后台处理程序(Print Spooler Using Group Policy Editor)
如果您有 Windows 10 专业版或Windows 10 企业版,则可以选择从(Windows 10 Enterprise)组策略编辑器(Group Policy Editor)更改后台打印程序(Print Spooler)服务策略。如果您使用的是Windows 10家庭(Home)版,请跳至下一个方法。
一旦您禁用了Print Spooler服务策略,就无法利用该漏洞。
- 按 Win + R 并输入gpedit.msc。按Enter启动本地组策略编辑器(Local Group Policy Editor)。
- 使用左窗格导航到计算机配置(Computer Configuration ) >管理模板(Administrative Templates )>打印机(Printers)。
- 在右侧窗格中,查找Allow Print Spooler to accept client connections。
- 双击(Double-click)设置。将状态从Not configured更改为Disabled。
- 选择应用(Apply )和确定(OK)以保存更改并退出。
从服务(Services)应用(App)程序禁用打印后台处理程序(Print Spooler)
在禁用Print Spooler服务之前,请注意您无法使用禁用Print Spooler服务的 PC 进行打印或传真。如果您需要打印或传真某些内容,则需要重新启用该服务。
- 按 Win + R 并输入services.msc。按Enter,这应该会启动“服务”面板。
- 滚动(Scroll)浏览服务列表并搜索“Print Spooler”。
- 双击Print Spooler并将Startup type更改为Disabled。
- 接下来,该服务可能已经在您的系统上运行,因此您需要停止它。选择停止(Stop)以终止服务并选择确定(OK)以保存更改并退出。
从系统配置(System Configuration)中禁用打印后台处理程序(Print Spooler)
您可以使用System Configuration(System Configuration)禁用Print Spooler服务。但是,此方法与前一种方法完成相同的事情,但方式不同。使用此方法禁用该服务后,您将无法在 Windows PC 上打印或传真。
- 按 Win + R 并键入msconfig。按Enter启动系统配置。(System Configuration.)
- 导航到Services选项卡并查找Print Spooler。
- 取消选中Print Spooler(Print Spooler)服务旁边的框以禁用它。按OK保存更改并退出。
- 此过程将禁用该服务,但如果该服务已在系统上运行,它不会停止该服务,因此您需要重新启动计算机才能完成该过程。
使用 PowerShell(Print Spooler Using PowerShell)禁用打印后台处理程序
PowerShell方法以与前两种方法相同的方式禁用服务。使用此方法禁用服务后,您将无法打印或传真。
- 按 Win + X 并选择Windows PowerShell (Admin)。
- 执行以下命令:
停止服务-名称假脱机程序-强制 (Stop-Service -Name Spooler -Force )
Set-Service -Name Spooler -StartupType Disabled
如果您的系统上已经运行了第一个命令,则它会停止Print Spooler服务。(Print Spooler)下一个命令将禁用该服务,使其以后不会自动启动。
- 退出 PowerShell。
您的系统现在是安全的
禁用Print Spooler后,您无需担心PrintNightmare。但是,请确保自动更新已打开,以便在Microsoft发布它后获得修复(最终修复有望在 3 天前发布)。此时,您可以再次启用Print Spooler,以便您可以从您的机器正常打印。
How to Disable Print Spooler Service on Windows 10
If you’re witnessing error messages such as “Print Spooler Error” or “Printer Connection Faіled”, yоu may want to disable the Print Spоoler service and re-enable it to see if that fixes the issue. For nоw, though, Windows users have another reason to disable the Print Spooler service because of thе “PrintNightmare” vulnerability.
What is PrintNightmare?
Last month, Microsoft acknowledged that all versions of Windows may be affected by the “PrintNightmare” vulnerability. However, there’s an easy way to protect your system against this vulnerability.
Microsoft released an update on August 10th to fix it. However, soon after, it was discovered that attackers could still exploit the Print Spooler service to execute codes for installing apps, manipulating your data, or creating accounts with SYSTEM privileges.
Microsoft confirmed this claim and said, “A remote code execution vulnerability exists when the Windows Print Spooler service improperly performs privileged file operations.”
It makes sense to disable Print Spooler until Microsoft releases a proper fix. In this guide, we’ll walk you through the steps and show you how to disable Print Spooler so you can protect your system against the new PrintNightmare CVE-2021-36598 vulnerability.
The latest fix was released on September 14th, so make sure to install the latest Windows updates to get this patch installed.
Note: You will not be able to print or fax anything from your Windows PC if you disable this service.
Disable Print Spooler Using Group Policy Editor
If you have Windows 10 Pro or Windows 10 Enterprise, you have the option to change the Print Spooler service policy from the Group Policy Editor. If you’re on Windows 10 Home, skip to the next method.
Once you’ve disabled the Print Spooler service policy, the vulnerability can’t be exploited.
- Press Win + R and type gpedit.msc. Press Enter to launch the Local Group Policy Editor.
- Use the left pane to navigate to Computer Configuration > Administrative Templates > Printers.
- On the right pane, look for Allow Print Spooler to accept client connections.
- Double-click on the setting. Change the state from Not configured to Disabled.
- Select Apply and OK to save changes and exit.
Disable Print Spooler From the Services App
Before you disable the Print Spooler service, note that you can’t print or fax using your PC with the Print Spooler service disabled. If you need to print or fax something, you will need to re-enable the service.
- Press Win + R and type services.msc. Press Enter and this should launch the Services panel.
- Scroll through the list of services and search for “Print Spooler”.
- Double-click on Print Spooler and change the Startup type to Disabled.
- Next, the service may already be running on your system so you’ll need to stop it. Select Stop to terminate the service and select OK to save changes and exit.
Disable Print Spooler from System Configuration
You can disable the Print Spooler service using System Configuration. However, this method accomplishes the same thing as the previous method, but in a different way. You will not be able to print or fax on your Windows PC after you’ve disabled the service using this method.
- Press Win + R and type msconfig. Press Enter to launch System Configuration.
- Navigate to the Services tab and look for Print Spooler.
- Uncheck the box next to the Print Spooler service to disable it. Press OK to save changes and exit.
- This process will disable the service, but it doesn’t stop the service if it’s already running on the system, so you’ll need to restart the computer to complete the process.
Disable Print Spooler Using PowerShell
The PowerShell method disables the service the same way as the previous two methods. You won’t be able to print or fax after disabling the service with this method.
- Press Win + X and select Windows PowerShell (Admin).
- Execute the following commands:
Stop-Service -Name Spooler -Force
Set-Service -Name Spooler -StartupType Disabled
The first command stops the Print Spooler service if it’s already running on your system. The next command disables the service so it doesn’t start automatically in the future.
- Exit PowerShell.
Your System is Now Secure
Once you’ve disabled Print Spooler, you don’t need to worry about PrintNightmare. However, make sure that automatic updates are turned on so you can get the fix once Microsoft releases it (the final fix was hopefully released 3 days ago). At that point, you can enable Print Spooler again so that you can print normally from your machine.