Important Notice: On February 29th, this community was put into read-only mode. All existing posts will remain but customers are unable to add new posts or comment on existing. Please feel to join our Community Discord for any questions and discussions.

PDQ Inventory Auto Reports Rely on Print Spooler?

lnichols

July 13, 2021 19:10

Hello,

I just noticed that half of our PDQ Inventory auto reports have been failing since July 7th. This coincides with when we implemented steps to mitigate risks from the PrintNightmare vulnerability, including stopping and disabling the print spooler on all non-print servers.

The error they are failing with is "The type initializer for 'AdminArsenal.Output.PrintDetails' threw an exception."

So my question is: Do PDQ Inventory auto reports rely on the print spooler, and if so, are there plans to change that so PDQ customers can safely disable the print spooler on their PDQ servers to mitigate the risks from CVE-2021-34527?

Comments

3 comments

Colby Bouma
July 13, 2021 19:42

I recommend contacting support@pdq.com about this.

1
lnichols
July 14, 2021 16:30 (Edited July 14, 2021 16:31)

I verified with PDQ support that the PDQ Inventory auto reports do, in fact, rely on the print spooler service running.

If you have pushed this GPO to your PDQ server you will also need to enable it (set to a value of "1" in the registry) and reboot the PDQ server before it will work:

https://admx.help/?Category=Windows_10_2016&Policy=Microsoft.Policies.Printing.2::RegisterSpoolerRemoteRpcEndPoint

Do this at your own risk because it will increase the attack surface of your system. You're going to have to choose between being completely safe from PrintNightmare or having your auto reports work.

1
Colby Bouma
August 24, 2021 23:41

A new Nightly just came out that lets Auto Reports work when the Print Spooler is disabled, 19.3.53.0. https://services.pdq.tools/function/update-info/changelog/Deploy/Nightly/19.3.53.0

1