From 42dd021d9a94159b495fcee8b97bebec61e11b99 Mon Sep 17 00:00:00 2001 From: ZephrFish Date: Thu, 1 Jul 2021 18:33:05 +0100 Subject: [PATCH] updated GPO --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index afc5f37..8d29237 100644 --- a/README.md +++ b/README.md @@ -25,7 +25,7 @@ If in doubt as to how to do this, the following steps can be taken: 5. If the "Anonymous Logon", "Authenticated Users" or "Everyone" groups are members, select each and click "Remove". ## GPO -The following GPO can be set to deny client connections to the spooler, which is a potential work around where disabling the spooler service altogether might not be an option. Note: this has been tested against domain controllers, it has not been confirmed to fix the issue against endpoints +The following GPO can be set to deny client connections to the spooler, which is a potential work around where disabling the spooler service altogether might not be an option. Note: this has been tested against domain controllers and endpoints(W7/W10) and users can still add/remove printers and print however it stops the exploit from working. `Computer Configuration -> Administrative Templates -> Printers -> Allow Print Spooler to accept client connections` set this to Disabled: