Last active
August 29, 2021 00:34
-
-
Save rhymeswithmogul/088e5b6ba075cbe3e0f17222797fd3aa to your computer and use it in GitHub Desktop.
Disable Print Spooler to protect against PrintNightmare
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <#PSScriptInfo | |
| .VERSION 1.0.8 | |
| .GUID c77c6ecf-69d1-4bb3-bbc2-ea3d8aa91297 | |
| .AUTHOR Colin Cogle | |
| .COPYRIGHT (c) 2021 Colin Cogle. All Rights Reserved. Licensed under the AGPL, version 3 or later. | |
| .TAGS PrintNightmare, print, printer, spooler, security, DC, ADDS, CVE | |
| .LICENSEURI https://www.gnu.org/licenses/agpl-3.0.en.html | |
| .PROJECTURI https://gist.github.com/rhymeswithmogul/088e5b6ba075cbe3e0f17222797fd3aa | |
| .EXTERNALMODULEDEPENDENCIES Microsoft.PowerShell.Management | |
| .RELEASENOTES This minor version doesn't try to disable an already-disabled service. | |
| #> | |
| <# | |
| .SYNOPSIS | |
| Disables the Print Spooler service. | |
| .DESCRIPTION | |
| Disables and stops the Print Spooler service on this computer, if it is a domain controller. | |
| .PARAMETER DomainControllerOnly | |
| Do not stop and disable print spooler on non-domain controllers. | |
| .PARAMETER Force | |
| Skip confirmation. | |
| .EXAMPLE | |
| PS C:\> Disable-PrintSpooler | |
| Disables and stops Print Spooler. | |
| .EXAMPLE | |
| PS C:\> Disable-PrintSpooler -DomainControllerOnly | |
| Disables and stops Print Spooler, if and only if this machine is a domain controller. | |
| .NOTES | |
| As this is modifying Windows system services, you must run this script with administrative privileges. | |
| .INPUTS | |
| None | |
| .OUTPUTS | |
| Bool | |
| True or false, depending on whether or not this script succeeded. | |
| .LINK | |
| Get-Service | |
| Set-Service | |
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-34527 | |
| #> | |
| #Requires -Module Microsoft.PowerShell.Management | |
| #Requires -RunAsAdministrator | |
| [CmdletBinding(SupportsShouldProcess, ConfirmImpact='Medium')] | |
| [OutputType([bool])] | |
| Param( | |
| [Alias('DCOnly')] | |
| [Switch] $DomainControllerOnly, | |
| [Switch] $Force | |
| ) | |
| # Run as strictly as possible. | |
| Set-StrictMode -Version 3.0 | |
| $PrintSpooler = $null | |
| # Check and see if we even have Print Spooler. | |
| # On GUI-less installs of Windows Server 2012, it's missing. | |
| Try { | |
| $PrintSpooler = (Get-Service -Name 'spooler' -ErrorAction Stop) | |
| } | |
| Catch { | |
| Write-Output 'Print Spooler does not exist on this computer.' | |
| Return $true | |
| } | |
| # Check and see if it's already disabled. | |
| If ($PrintSpooler.StartType -eq 'Disabled') { | |
| Write-Output 'Print Spooler is already disabled on this computer.' | |
| Return $true | |
| } | |
| # Check and see if we're running on a domain controller. | |
| # Fail gracefully if the user wanted that to happen. | |
| If ($DomainControllerOnly -and $null -eq (Get-Service -Name 'ntds')) { | |
| Write-Warning 'Print Spooler is still enabled, because this is not a domain controller and -DomainControllerOnly was specified.' | |
| Return $false | |
| } | |
| # Ask the user (unless they -Force) if they really want to do this. | |
| If ($Force -or $PSCmdlet.ShouldProcess($env:ComputerName, 'Stop and disable the Print Spooler service')) | |
| { | |
| Try { | |
| Write-Output 'Disabling the Print Spooler service.' | |
| $PrintSpooler | Set-Service -StartupType Disabled -ErrorAction Stop | |
| } | |
| Catch { | |
| Write-Error 'Failed to disable Print Spooler!' | |
| Return $false | |
| } | |
| Try { | |
| If ($PrintSpooler.Status -eq 'Stopped') { | |
| Write-Verbose 'Print Spooler was already stopped.' | |
| Return $true | |
| } | |
| Else { | |
| Write-Output 'Stopping the Print Spooler service.' | |
| $PrintSpooler | Stop-Service -ErrorAction Continue | |
| Return $? | |
| } | |
| } | |
| Catch { | |
| Write-Error 'Failed to stop Print Spooler!' | |
| Return $false | |
| } | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment