This is a hot mess. Millions of businesses have to stop printing until Microsoft fixes this, or risk getting pwned by an active exploit in the wild? WOW.
Nah, you really shouldn’t need to run print spooler on your domain controller anyway.
Not really, since most businesses are not using their domain controller as a print server, so disabling the spooler service on the DC doesn’t affect printing at all for the rest of the domain.
It took me less than 60 seconds to add a service stop/disable GP preference that touches every system in my customer environment (>2K Windows systems). MS will fix the exploit.
Printing has ALWAYS been a black hole. I can’t tell you how many contracts I’ve turned down to do enterprise printing implementations. It’s the wild wild west, and even Microsoft’s print server solution is inadequate.