Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

How to remove .printer mapping (WAS RE: Permanently remove IIS pr inter mapping)

From: "Turner, Keith" <TurnerL () TEA-EMH1 ARMY MIL>
Date: Thu, 3 May 2001 08:09:07 -0400
This is from another list I receive.  It explains this scenario rather well.

Keith



---------------------------------------------------
All IIS Administrators Please Read this Immediately
---------------------------------------------------
I wanted to get this out right away. More info to follow.

On many servers, the .printer mapping will automatically be reinstated when
the IIS 5 server is rebooted.


The Microsoft Bulletin at
http://www.microsoft.com/technet/security/bulletin/MS01-023.asp states the
following:
-
Servers on which the mapping for the Internet Printing ISAPI extension has
been removed are not at risk from this vulnerability
-
The above statement is misleading.

There is a local policy called "Web Based Printing" that can cause the
.printer mapping to be automatically recreated even if manually removed. I
have been able to regularly reproduce this on some servers, but not others.
Research is happening now. I strongly advise that you apply the patch so in
the event the .printer application mapping reappears without warning, you
are secured.

You can find the Web Based Printing policy in the Group Policy snap-in under
Computer Configuration-Administrative Templates-Printers. Disabling web
based printing results in a registry entry.
HKLM\Software\Policies\Microsoft\windows NT\printers\DisableWebPrinting
REG_DWORD 0x1
This entry must be set to 1 for the .printer mapping to reliably be
disabled.

Brett Hill
www.iisanswers.com

Please redistribute this information.
-------------------------------------








-----Original Message-----
From: railwayclubposse () HUSHMAIL COM
[mailto:railwayclubposse () HUSHMAIL COM]
Sent: Tuesday, May 01, 2001 6:35 PM
To: BUGTRAQ () SECURITYFOCUS COM
Subject: Permanently remove iis printer mapping


How do you permanently remove the .printer mapping in IIS5? If you remove
it with the MMC tool it comes back (and so does the virtual directory) upon
reboot.
Free, encrypted, secure Web-based email at www.hushmail.com
Previous By Date Next
Previous By Thread Next

Current thread: