Print Spooler Service Requirements for CDS 2.5 and ECM 3.6

Hi,

I am trying to disable the print spooler service on any servers that do need it running to enhance security.

Beside the Client workstations / RDS clients, does the spooler service need to running on the other servers such as  CDS OLSS,  CDS AICs, ECM FT, ECM APP, ECM Web, and ECM Scheduler for proper system operation?

Thanks in advance,

Ray

Parents
  • Hello

    Our software team would recommend as below.

    Agilent instrument controllers (AIC, Networked Work Stations and standalone PC running an instrument) expect to have a printer that will print automatic reports.

    If the systems are isolated and have no access to the internet, there should be no problem leaving the Print Spoolers enabled BUT that would be a call for your IT/security/QA teams.  

    IF you do disable the Print Spooler on Agilent instrument controllers, you should do one and then have the lab staff run the instruments to confirm they can process samples.

    Also as Microsoft mentioned, Disabling the Print Spooler service disables the ability to print both locally and remotely.  this may impact those application you metioned above 

    There is also another workaround available  by microsoft at thel link above 

    Option 2 - Disable inbound remote printing through Group Policy

    You can also configure the settings via Group Policy as follows:

    Computer Configuration / Administrative Templates / Printers

    Disable the “Allow Print Spooler to accept client connections:” policy to block remote attacks.

    You must restart the Print Spooler service for the group policy to take effect.

    Impact of workaround This policy will block the remote attack vector by preventing inbound remote printing operations. The system will no longer function as a print server, but local printing to a directly attached device will still be possible.

     

    Hope it helps and please feel free to let us know if any further concern.

Reply
  • Hello

    Our software team would recommend as below.

    Agilent instrument controllers (AIC, Networked Work Stations and standalone PC running an instrument) expect to have a printer that will print automatic reports.

    If the systems are isolated and have no access to the internet, there should be no problem leaving the Print Spoolers enabled BUT that would be a call for your IT/security/QA teams.  

    IF you do disable the Print Spooler on Agilent instrument controllers, you should do one and then have the lab staff run the instruments to confirm they can process samples.

    Also as Microsoft mentioned, Disabling the Print Spooler service disables the ability to print both locally and remotely.  this may impact those application you metioned above 

    There is also another workaround available  by microsoft at thel link above 

    Option 2 - Disable inbound remote printing through Group Policy

    You can also configure the settings via Group Policy as follows:

    Computer Configuration / Administrative Templates / Printers

    Disable the “Allow Print Spooler to accept client connections:” policy to block remote attacks.

    You must restart the Print Spooler service for the group policy to take effect.

    Impact of workaround This policy will block the remote attack vector by preventing inbound remote printing operations. The system will no longer function as a print server, but local printing to a directly attached device will still be possible.

     

    Hope it helps and please feel free to let us know if any further concern.

Children
Was this helpful?