2.9.4 External Security

The Print Services system impersonates the user when it processes calls. The permissions in the user's token determine the type of access this system has to external resources while it processes calls.

Print clients and print servers for Print Services enforce extra security measures when printer drivers or other plug-ins are referenced on a remote system or are copied from a remote system. Printer drivers or other plug-ins can contain executable code. Therefore, they are constrained to execute only in the context of the local caller if they are trusted.

The Windows print spooler calls printer drivers or other plug-ins as local system calls and impersonates the calling user. Therefore, the print spooler takes appropriate precautions to protect the system from harm by untrusted printer drivers.

The Windows implementation can perform one or more of the following actions:

  • Restrict non-administrative users from installing printer drivers.

  • Check the digital signatures of printer drivers.

  • Prompt the user for consent before downloading such components or before executing the component for the first time.