en-US/PrintNightmareMitigations-help.xml
|
<?xml version="1.0" encoding="utf-8"?>
<helpItems schema="maml" xmlns="http://msh"> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"> <command:details> <command:name>Set-PrintNightmareMitigation</command:name> <command:verb>Set</command:verb> <command:noun>PrintNightmareMitigation</command:noun> <maml:description> <maml:para>Applies PrintNightmare mitigations to this system.</maml:para> </maml:description> </command:details> <maml:description> <maml:para>This cmdlet will apply the PrintNightmare mitigations to this computer. All Point and Print adds, changes, and updates will require confirmation with User Account Control. In addition, you may further harden the system by disallowing standard users from installing printer drivers.</maml:para> </maml:description> <command:syntax> <command:syntaxItem> <maml:name>Set-PrintNightmareMitigation</maml:name> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="cf"> <maml:name>Confirm</maml:name> <maml:description> <maml:para>Prompts you for confirmation before running the cmdlet.</maml:para> </maml:description> <dev:type> <maml:name>SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>RestrictDriverInstallationToAdministrators</maml:name> <maml:description> <maml:para>While not required to mitigate PrintNightmare, the system can be further hardened by rejecting all driver installations and updates from non-administrators. Specify this switch, and only administrators will be able to install printer drivers.</maml:para> </maml:description> <dev:type> <maml:name>SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="wi"> <maml:name>WhatIf</maml:name> <maml:description> <maml:para>Shows what would happen if the cmdlet runs. The cmdlet is not run.</maml:para> </maml:description> <dev:type> <maml:name>SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> </command:syntaxItem> </command:syntax> <command:parameters> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="cf"> <maml:name>Confirm</maml:name> <maml:description> <maml:para>Prompts you for confirmation before running the cmdlet.</maml:para> </maml:description> <command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue> <dev:type> <maml:name>SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>RestrictDriverInstallationToAdministrators</maml:name> <maml:description> <maml:para>While not required to mitigate PrintNightmare, the system can be further hardened by rejecting all driver installations and updates from non-administrators. Specify this switch, and only administrators will be able to install printer drivers.</maml:para> </maml:description> <command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue> <dev:type> <maml:name>SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="wi"> <maml:name>WhatIf</maml:name> <maml:description> <maml:para>Shows what would happen if the cmdlet runs. The cmdlet is not run.</maml:para> </maml:description> <command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue> <dev:type> <maml:name>SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> </command:parameters> <command:inputTypes> <command:inputType> <dev:type> <maml:name>None</maml:name> </dev:type> <maml:description> <maml:para>This cmdlet does not accept pipeline input.</maml:para> </maml:description> </command:inputType> </command:inputTypes> <command:returnValues> <command:returnValue> <dev:type> <maml:name>None</maml:name> </dev:type> <maml:description> <maml:para>This cmdlet does not generate pipeline output. All output is to the console.</maml:para> </maml:description> </command:returnValue> </command:returnValues> <maml:alertSet> <maml:alert> <maml:para>As this writes to the registry, you must run this cmdlet as an administrator. Changes take effect immediately and do not require a reboot.</maml:para> <maml:para>While you may run this cmdlet to protect a single system against PrintNightmare, it is recommended to use Group Policy in a domain environment.</maml:para> <maml:para>There is no cmdlet to undo these changes. You must edit the registry manually.</maml:para> </maml:alert> </maml:alertSet> <command:examples> <command:example> <maml:title>-------------------------- Example 1 --------------------------</maml:title> <dev:code>PS C:\> Set-PrintNightmareMitigations</dev:code> <dev:remarks> <maml:para>This command will cause the system to require User Account Control elevation and warnings for all Point and Print additions, connections, changes, and updates. However, non-administrators can still install printer drivers.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>-------------------------- Example 2 --------------------------</maml:title> <dev:code>PS C:\> Set-PrintNightmareMitigations -RestrictDriverInstallationToAdministrators</dev:code> <dev:remarks> <maml:para>This command will cause the system to require User Account Control elevation and warnings for all Point and Print additions, connections, changes, and updates. In addition, the system is further hardened; non-administrators can no longer install printer drivers.</maml:para> </dev:remarks> </command:example> </command:examples> <command:relatedLinks> <maml:navigationLink> <maml:linkText>Online Version:</maml:linkText> <maml:uri>https://github.com/rhymeswithmogul/PrintNightmare-Registry-Changes/blob/main/man/en-US/Set-PrintNightmareMitigation.md</maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>about_PrintNightmareMitigations</maml:linkText> <maml:uri></maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>Test-PrintNightmareMitigation</maml:linkText> <maml:uri></maml:uri> </maml:navigationLink> </command:relatedLinks> </command:command> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"> <command:details> <command:name>Test-PrintNightmareMitigation</command:name> <command:verb>Test</command:verb> <command:noun>PrintNightmareMitigation</command:noun> <maml:description> <maml:para>Checks for PrintNightmare mitigations.</maml:para> </maml:description> </command:details> <maml:description> <maml:para>This cmdlet will determine what PrintNightmare mitigations are presently enabled on this system, if any.</maml:para> </maml:description> <command:syntax> <command:syntaxItem> <maml:name>Test-PrintNightmareMitigation</maml:name> </command:syntaxItem> </command:syntax> <command:parameters /> <command:inputTypes> <command:inputType> <dev:type> <maml:name>None</maml:name> </dev:type> <maml:description> <maml:para>This cmdlet does not accept pipeline input.</maml:para> </maml:description> </command:inputType> </command:inputTypes> <command:returnValues> <command:returnValue> <dev:type> <maml:name>System.Boolean</maml:name> </dev:type> <maml:description> <maml:para>True if this system is protected against PrintNightmare; false otherwise.</maml:para> </maml:description> </command:returnValue> </command:returnValues> <maml:alertSet> <maml:alert> <maml:para>This cmdlet does not check to see if the appropriate updates are installed. Windows updates are required for these mitigations to be effective. For more information, read about_PrintNightmareMitigations.</maml:para> </maml:alert> </maml:alertSet> <command:examples> <command:example> <maml:title>-------------------------- Example 1 --------------------------</maml:title> <dev:code>PS C:\> Test-PrintNightmareMitigations</dev:code> <dev:remarks> <maml:para>This command will check the current system to see which PrintNightmare recommended mitigations are in place and presently enabled.</maml:para> </dev:remarks> </command:example> </command:examples> <command:relatedLinks> <maml:navigationLink> <maml:linkText>Online Version:</maml:linkText> <maml:uri>https://github.com/rhymeswithmogul/PrintNightmare-Registry-Changes/blob/main/man/en-US/Test-PrintNightmareMitigation.md</maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>about_PrintNightmareMitigations</maml:linkText> <maml:uri></maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>Set-PrintNightmareMitigation</maml:linkText> <maml:uri></maml:uri> </maml:navigationLink> </command:relatedLinks> </command:command> </helpItems> |