How to mitigate Print Spooler PrintNightmare vulnerability on Windows 10

By Mauro Huculak
published

An unpatched vulnerability could open the doors for attackers from accessing your device — here's how you can protect yourself until a permanent fix is released.

Windows 10 fix PrintNightmare problem
Windows 10 fix PrintNightmare problem (Image credit: Windows Central)

Microsoft has acknowledged a new vulnerability known as "PrintNightmare" that affects all versions of Windows. The vulnerability affects the Print Spooler service and allows hackers to execute lines of code to install apps, manipulate your data, or even create a new account with full privileges.

According to reports, the vulnerability was accidentally published by Sangfor researchers, and it was soon deleted. However, the code was quickly forked on GitHub, allowing others to get access to it before it was removed.

The company is actively investigating the problem and is recommending (opens in new tab) temporarily disabling Windows Print Spooler service or blocking incoming connections to the print server whenever possible until a permanent fix is released.

In this Windows 10 guide, we will walk you through the steps to mitigate the newly discover PrintNightmare vulnerability.

How to disable Print Spooler service on Windows 10

To disable Print Spooler service to mitigate the PrintNightmare vulnerability on Windows 10, use these steps:

  1. Open Start.
  2. Search for PowerShell, right-click the top result and select the Run as administrator problem.
  3. Type the following command to stop the Print Spooler service and press Enter:Stop-Service -Name Spooler -Force

Source: Windows Central (Image credit: Source: Windows Central)
  1. Type the following command to prevent the service from starting back up again during restart and press Enter:Set-Service -Name Spooler -StartupType Disabled

Once you complete the steps, the device should be protected against the PrintNightmare attack, but you will no longer be able to print locally or remotely.

Re-enable Print Spooler

If you need to print temporarily or a permanent fix has been released, you can enable the feature again. Here's how:

  1. Open Start.
  2. Search for PowerShell, right-click the top result and select the Run as administrator problem.
  3. Type the following command to prevent the service from starting back up again during restart and press Enter:Set-Service -Name Spooler -StartupType Automatic

Source: Windows Central (Image credit: Source: Windows Central)
  1. Type the following command to stop the Print Spooler service and press Enter:Start-Service -Name Spooler

After you complete the steps, the printer should start working normally.

How to disable Print Spooler service via Group Policy on Windows 10

If you have Windows 10 Pro (or Enterprise), the easiest way to mitigate the printing vulnerability is to use Local Group Policy Editor.

To disable the Print Spooler with Group Policy, use these steps:

  1. Open Start.
  2. Search for gpedit.msc and click OK to open the Local Group Policy Editor.
  3. Browse the following path:Computer Configuration > Administrative Templates > Printers
  4. On the right side, double-click the Allow Print Spooler to accept client connections: policy.

Source: Windows Central (Image credit: Source: Windows Central)
  1. Select the Disabled option.

Source: Windows Central (Image credit: Source: Windows Central)
  1. Click the Apply button
  2. Click the OK button.

Once you complete the steps, disabling the external network connections will prevent the vulnerability from being exploited. If you have Windows 10 configured as a printer server, users will no longer be able to print, but the printer directly connected to the device will continue to work.

Re-enable Print Spooler

To enable the Print Spooler with Group Policy, use these steps:

  1. Open Start.
  2. Search for gpedit.msc and click OK to open the Local Group Policy Editor.
  3. Browse the following path:Computer Configuration > Administrative Templates > Printers
  4. On the right side, double-click the Allow Print Spooler to accept client connections: policy.

Source: Windows Central (Image credit: Source: Windows Central)
  1. Select the Not Configured option.

Source: Windows Central (Image credit: Source: Windows Central)
  1. Click the Apply button
  2. Click the OK button.

After you complete the steps, the print server should start working normally.

While we are focusing this guide on Windows 10, these steps should also work for the previous version of the OS.

More Windows resources

For more helpful articles, coverage, and answers to common questions about Windows 10 and Windows 11, visit the following resources:

Mauro Huculak
Mauro Huculak

Mauro Huculak is technical writer for WindowsCentral.com. His primary focus is to write comprehensive how-tos to help users get the most out of Windows 10 and its many related technologies. He has an IT background with professional certifications from Microsoft, Cisco, and CompTIA, and he's a recognized member of the Microsoft MVP community.

5 Comments
  • After changing the "Allow Print Spooler to accept client connections" policy, it's necessary to restart the Print Spooler service for it to take effect. Of course, if you've just set "Disable" in the policy, you may simply want to stop the Print Spooler service and leave it that way. Also--and yes this is pedantic--there is no need to click "Apply" before clicking "OK". Truly there isn't. I promise. Just clicking "OK" will do. Pinky swear.
  • Not being able to print remotely only applies to folks using PCs as a print server. Disabling incoming client connections does not prevent people from printing using a network attached printer WiFi or Ethernet as that is a outbound connection. I think the article should be updated to reflect this - as it is will cause some confusion lol.
  • Task Manager > Services tab > Open Services button > right click Print Spool > Properties > change drop down to disable > click stop > Apply. Or Windows + R type services.msc
  • wow, just wow. This is pathetic, surly this problem should have been seen before, if it affects all versions of Windows. Some people need to use their printer a lot, so now every time they need to print they have to turn on the print spooler.
    Good job my printer is a network printer, not that I use it that often, but that is really not the point.
  • new out-of-band security updates available from Microsoft this Tue. 7/6 to resolve this PrintNightmare security problem so MS recently came out with a permanent fix for this and these "workaround" solutions may no longer be needed