"disable spoolss" is an important parameter to reduce the attack surface of a Samba installation that does not do printing. However it does not appear to disable winspool (at least not in "is_known_pathname()", despite being implemented substantially in terms of spoolss.
Or alternately, winspool does not appear to be enabled at all, but if it gets enabled it needs to honour this.
On further investigation this looks like an incomplete feature. In this WIP branch on current master: https://git.samba.org/?p=gd/wireshark/.git;a=shortlog;h=refs/heads/master-iremotewinspool s3-iremotewinspool: start iremotewinspool server by default. https://git.samba.org/?p=gd/samba/.git;a=commitdiff;h=f6f7744ba0935bd21e0f5df83a3b6d9411f2d6c0 does the right thing.