Our printers were found to have SNMP enabled and the default "public" community string. This was reported in IT audit as a security risk - although I have my doubts re: importance of it.
Our response was to Disable SNMPv1v2 in each of the offending (HP) printers.
NOT a good idea it seems as the printers stopped working.
Since it's too time-consuming to go "touch" each of the computers, we simply Re-Enabled SNMPv1v2 and left the community string alone for now.
My question is to confirm or guide "what's next?".
We could use our current (private) SNMP community string but then it would be visible in the printers.
And, since we don't knowingly use SNMP for the printers, there'd be no purpose.
We could use a new "fake" community string in the printers that we don't intend to use.
That would fix the IT audit finging.
But, would the printers stop working once again?
Or, we might do something else that I've not figured out.
As a matter of practice, I try to make sure that printers set up on computers use TCP/IP ports and don't fall into using WSD connection.
So far, I haven't found a connection between SNMP and WSD but I suspect it.
We had a number of computers that had fallen into WSD setups that were involved in the recent failure
I prefer to keep things simple and don't include WSD in that context.
What would you do to satisfy the IT audit finding AND avoid a lot of individual computer work?