Printer Security settings

I was recently asked about getting the security settings for printers.

$pace = DATA {            
ConvertFrom-StringData -StringData @'
983052 = ManagePrinters
983088 = ManageDocuments
131080 = Print 
524288 = TakeOwnership
131072 = ReadPermissions
262144 = ChangePermissions 
'@            
}             
$flags = @(983052,983088, 131080, 524288, 131072, 262144)            
            
            
function get-printersecurity {            
 [CmdletBinding()]            
 param (            
  [string]$computer="."            
 )            
             
 Get-WmiObject -Class Win32_Printer -ComputerName $computer |            
 foreach {            
  "`nPrinter: $($_.DeviceId)"            
  $query = "ASSOCIATORS OF {Win32_Printer.DeviceID='$($_.DeviceID)'} WHERE ResultClass=Win32_Share"            
  Get-WmiObject -ComputerName $computer -Query $query |             
  foreach {            
    ""            
    "Share: $($_.Name)"            
                
    $query2 = "ASSOCIATORS OF {Win32_Share.Name='$($_.Name)'} WHERE ResultClass=Win32_LogicalShareSecuritySetting"            
    $sec = Get-WmiObject -ComputerName $computer -Query $query2            
    $sd = $sec.GetSecurityDescriptor()            
    $sd.Descriptor.DACL | foreach {            
      ""             
      "$($_.Trustee.Domain)  $($_.Trustee.Name)"            
                  
      foreach ($flag in $flags){            
        if ($_.AccessMask -band $flag){            
          $pace["$($flag)"]            
        }            
      }            
    }            
  }            
 }            
}

 

Create a hash table lookup and an array of flags

The function then gets all the printers on a system, links through to any shares and then gets the security descriptor of the share. The DACL on the security descriptor is iterated over to generate a list of users and their permissions

About these ads
This entry was posted in PowerShell and WMI. Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s