Securing the spool files on your print server

by Mitch Tulloch [Published on 25 Feb. 2011 / Last Updated on 17 Dec. 2009]

This tip describes how you can secure the spool files on your Windows Server print server.

If you are concerned about the protecting the spool files on your print server because they may contain confidential document information, you might consider encrypting the %SystemRoot%\System32\Spool\Printers folder, which is where .spl files are stored by default. After all, an old article about Windows 2000 Server printing at http://technet.microsoft.com/en-us/library/cc962114.aspx on Microsoft TechNet suggests that you can do this, although it may incur a performance hit on your print server (though you probably wouldn't notice this hit unless your print server was under extraordinarily heavy load). I've heard reports of customers having issues when they do this on Windows Server 2008 however, perhaps due to changes in the security model of this platform. I've also heard reports that encrypting the spooler using EFS is an unsupported (i.e. not thoroughly tested) scenario despite the fact that this TechNet article suggests otherwise.

A better approach to securing your print server's spooler is to simply not spool files at all but instead send documents directly to the print device. To configure this setting on your print server, do the following:

1. Open the properties of the printer.

2. Select the Advanced tab.

3. Select the option labeled Print Directly To The Printer.

Note however that doing this causes print processor-based features watermarks, booklet printing, driver collation and scale-to-fit to be disabled.

If you have feedback concerning this tip, please email me. And be sure to check out my website!

See Also

Featured Links