Created
July 2, 2021 00:27
-
-
Save jhochwald/54fcc9167f8669f2b61675320bf8d658 to your computer and use it in GitHub Desktop.
Mitigate CVE-2021-1675 related issues By disabling the printer spooler on all servers in a AD Domain
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <# | |
| .SYNOPSIS | |
| Mitigate CVE-2021-1675 related issues | |
| .DESCRIPTION | |
| Disable the printer spool on all servers within a Domain. | |
| You need admin permission and PowerShell needs to be configured and | |
| enabled for the user that executes the script. | |
| .EXAMPLE | |
| PS C:\> .\Invoke-MitigatePrinterHell.ps1 | |
| Disable the printer spool on all servers within a Domain. | |
| .NOTES | |
| Quick and dirty hack to mitigate the Printer nightmare on your servers | |
| You can use the script for clients as well. | |
| #> | |
| [CmdletBinding(ConfirmImpact = 'Low')] | |
| [OutputType([string])] | |
| param () | |
| # Get all Servers in the Domain | |
| $AllServer = (Get-ADComputer -Filter { | |
| OperatingSystem -Like '*Windows Server*' | |
| }) | |
| # Loop over the servers we have | |
| foreach ($SingleServer in $AllServer.Name) | |
| { | |
| try | |
| { | |
| Invoke-Command -ComputerName $SingleServer -ErrorAction Stop -ScriptBlock { | |
| # Execute remote (within the Remote Shell) | |
| Stop-Service -Name Spooler -Force -ErrorAction SilentlyContinue | |
| Get-Service Spooler -ErrorAction SilentlyContinue | Set-Service -StartupType Disabled -ErrorAction SilentlyContinue | |
| } | |
| Write-Output -InputObject ('Processed: ' + $SingleServer) | |
| } | |
| catch | |
| { | |
| Write-Warning -Message ('Failed on: ' + $SingleServer) | |
| } | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment