Least Privilege - Microsoft Print Server Connector
  • 23 Nov 2023
  • 1 Minute to read
  • Dark
    Light
  • PDF

Least Privilege - Microsoft Print Server Connector

  • Dark
    Light
  • PDF

Article Summary

In this article, you can find the information needed to restrict a Service Account permissions by assigning least privileged roles for the Microsoft Print Server Connector to connect to the Print Server.

Create a Service Account

Create a service account in your Active Directory. This account has the same default settings as a regular domain user account. The Service Account needs permissions on the Print Server.

Grant WMI permissions to the Service Account

On the Microsoft Print Server, you need to add the following permissions in the Windows Management Instrumentation (WMI):

  1. Log into your Microsoft Print Server.
  2. Run wmimgmt.msc or open WMI Control (Local).
  3. Right-click "WMI Control (Local)" and select Properties.
  4. Navigate to the Security tab.
  5. Select CIMV2 under Root and click Security.
  6. In the Security for.. dialog box that opens, add the Service Account you previously created and grant the following permissions to it:
    • Remote Enable
    • Read Security
  7. When you finish, click OK until you reach the WMI Control (Local) console. Your changes will be saved automatically.

Grant Local computer permissions to the Service Account

On the Microsoft Print Server, you need to add the following permissions on the local computer.

  1. Log into your Microsoft Print Server.
  2. Run compmgmt.msc or open Computer Management.
  3. Navigate to System Tools > Local Users and Groups > Groups.
    Computer Management.png
  4. Add the Service Account you previously created to:
    • Performance Log Users
    • Users
  5. When you finish, click OK until you reach the Computer Management console. Your changes are saved automatically.

Was this article helpful?