Print Server 2024

6th November 2024

How to build a secure and reliable print server

separate print server and file server? File + Print services is well known to be insecure. there is an argument for putting both on the same server, to reduce the # of servers w insecure services.

Keep the Printer Share Name shorter than 32 characters
The Print Server Name must be 15 characters or less
Check if the Render print jobs on client computers are enabled
Configure printers to use a Standard TCP/IP port
Only use specific print mgt service TCP/IP Port with the Hardware Page Checks feature
Use the nul port for print queues
Disable Bidirectional Support only while troubleshooting
The port protocol must be RAW
Use Type-3 PCL or PostScript drivers where available
Disable Advanced Printing Features
Leave the default permissions on the Security Tab
Transfer the Windows Spool directory to a non-system disk
Use the built-in Windows method for hiding document names
Put Driver Isolation to ‘Shared’ or ‘Isolated’
Disable Printer redirection on your print server, wherever possible

https://cloudinfrastructureservices.co.uk/windows-print-server-security-best-practices