Printing is a fundamental feature for many users and organisations. Microsoft have changed core settings in Windows in an attempt to patch a CVE (Critical Vulnerability Exploit), however these changes prevent users from installing printers without elevated credentials. For most organisations this poses an unacceptable level of risk and therefore some organisations have ended up disabling or rolling back the patch whilst others have added a registry key to disable this new setting, which essentially reopens the vulnerability.
I’ve been looking at the issue, whilst I’m not the handiest person at PowerShell, I do feel like I have a solid in-depth understanding of how Windows works. I’ve come up with a script- that essentially allows the user to install a printer without Administrative credentials. The script essentially opens the vulnerability for around 10 seconds, whilst the user installs the printer. After the printer is installed (or 10 seconds) the script automatically closes the vulnerability.
Using this script, the user would only be able to install predetermined printers- but for big organisations this might be very useful. The script isn’t quite ready yet, but I’ll be uploading in the coming days, if you feel your organisation would benefit from this, please drop a comment below, or contact me.