Answer the question
In order to leave comments, you need to log in
D
D
demonca132021-07-15 16:42:41
demonca13, 2021-07-15 16:42:41
How to change print permissions via PowerShell Script?
I have 25 Windows Server 2012r2 terminal servers, periodically change printers and have to add new printers, and this work is dreary to say the least)
I solved this problem with a PowerShell script that adds printers in all servers, I don’t understand how to implement printing rights in the script and changing the document for users.
Script
spoiler
$PrinterIP = "192.168.210.37"
$PrinterPort = "9100"
$PrinterPortName = $PrinterIP
$DriverName = "HP Universal Printing PCL 6"
$DriverPath = "\\ИП\print$\x64\3"
$DriverInf = "C:\Windows\System32\DriverStore\FileRepository\hpcu190u.inf_amd64_016ba0cfcf104d26\hpcu190u.inf"
$PrinterCaption = "XEROX-264"
$PrinterLocation = "IT"
$PrinterComment = "HP"
$ComputerList = @("Список серверов")
Function CreatePrinterPort {
param ($PrinterIP, $PrinterPort, $PrinterPortName, $ComputerName)
$wmi = [wmiclass]"\\$ComputerName\root\cimv2:win32_tcpipPrinterPort"
$wmi.psbase.scope.options.enablePrivileges = $true
$Port = $wmi.createInstance()
$Port.name = $PrinterPortName
$Port.hostAddress = $PrinterIP
$Port.portNumber = $PrinterPort
$Port.SNMPEnabled = $false
$Port.Protocol = 1
$Port.put()
}
Function InstallPrinterDriver {
Param ($DriverName, $DriverPath, $DriverInf, $ComputerName)
$wmi = [wmiclass]"\\$ComputerName\Root\cimv2:Win32_PrinterDriver"
$wmi.psbase.scope.options.enablePrivileges = $true
$wmi.psbase.Scope.Options.Impersonation = `
[System.Management.ImpersonationLevel]::Impersonate
$Driver = $wmi.CreateInstance()
$Driver.Name = $DriverName
$Driver.DriverPath = $DriverPath
$Driver.InfName = $DriverInf
$wmi.AddPrinterDriver($Driver)
$wmi.Put()
}
Function CreatePrinter {
param ($PrinterCaption, $PrinterPortName, $DriverName, $ComputerName)
$wmi = ([WMIClass]"\\$ComputerName\Root\cimv2:Win32_Printer")
$Printer = $wmi.CreateInstance()
$Printer.Caption = $PrinterCaption
$Printer.DriverName = $DriverName
$Printer.PortName = $PrinterPortName
$Printer.DeviceID = $PrinterCaption
$printer.Location = $printerLocation
$printer.Comment = $printerComment
$Printer.Put()
}
foreach ($computer in $ComputerList) {
CreatePrinterPort -PrinterIP $PrinterIP -PrinterPort $PrinterPort `
-PrinterPortName $PrinterPortName -ComputerName $computer
InstallPrinterDriver -DriverName $DriverName -DriverPath `
$DriverPath -DriverInf $DriverInf -ComputerName $computer
CreatePrinter -PrinterPortName $PrinterPortName -DriverName `
$DriverName -PrinterCaption $PrinterCaption -ComputerName $computer -Location $Printer.Location -Comment $Printer.Comment
}
$PrinterIP = "192.168.210.37"
$PrinterPort = "9100"
$PrinterPortName = $PrinterIP
$DriverName = "HP Universal Printing PCL 6"
$DriverPath = "\\ИП\print$\x64\3"
$DriverInf = "C:\Windows\System32\DriverStore\FileRepository\hpcu190u.inf_amd64_016ba0cfcf104d26\hpcu190u.inf"
$PrinterCaption = "XEROX-264"
$PrinterLocation = "IT"
$PrinterComment = "HP"
$ComputerList = @("Список серверов")
Function CreatePrinterPort {
param ($PrinterIP, $PrinterPort, $PrinterPortName, $ComputerName)
$wmi = [wmiclass]"\\$ComputerName\root\cimv2:win32_tcpipPrinterPort"
$wmi.psbase.scope.options.enablePrivileges = $true
$Port = $wmi.createInstance()
$Port.name = $PrinterPortName
$Port.hostAddress = $PrinterIP
$Port.portNumber = $PrinterPort
$Port.SNMPEnabled = $false
$Port.Protocol = 1
$Port.put()
}
Function InstallPrinterDriver {
Param ($DriverName, $DriverPath, $DriverInf, $ComputerName)
$wmi = [wmiclass]"\\$ComputerName\Root\cimv2:Win32_PrinterDriver"
$wmi.psbase.scope.options.enablePrivileges = $true
$wmi.psbase.Scope.Options.Impersonation = `
[System.Management.ImpersonationLevel]::Impersonate
$Driver = $wmi.CreateInstance()
$Driver.Name = $DriverName
$Driver.DriverPath = $DriverPath
$Driver.InfName = $DriverInf
$wmi.AddPrinterDriver($Driver)
$wmi.Put()
}
Function CreatePrinter {
param ($PrinterCaption, $PrinterPortName, $DriverName, $ComputerName)
$wmi = ([WMIClass]"\\$ComputerName\Root\cimv2:Win32_Printer")
$Printer = $wmi.CreateInstance()
$Printer.Caption = $PrinterCaption
$Printer.DriverName = $DriverName
$Printer.PortName = $PrinterPortName
$Printer.DeviceID = $PrinterCaption
$printer.Location = $printerLocation
$printer.Comment = $printerComment
$Printer.Put()
}
foreach ($computer in $ComputerList) {
CreatePrinterPort -PrinterIP $PrinterIP -PrinterPort $PrinterPort `
-PrinterPortName $PrinterPortName -ComputerName $computer
InstallPrinterDriver -DriverName $DriverName -DriverPath `
$DriverPath -DriverInf $DriverInf -ComputerName $computer
CreatePrinter -PrinterPortName $PrinterPortName -DriverName `
$DriverName -PrinterCaption $PrinterCaption -ComputerName $computer -Location $Printer.Location -Comment $Printer.Comment
}
You need to remove Everyone and add a user or group of users with the rights to only print and modify the document.
Thanks in advance to everyone.
3 answer(s)
@demonca13
@MaxKozlov
D
demonca13, 2021-07-19 @demonca13
I found a very simple solution using the SetACL.exe utility.
The commands below give the user the right to print and manage a document and delete Everyone.
SetACL.exe -on "\\servername\printname" -ot prn -actn ace -ace "n:domain\user;p:print,man_docs"
SetACL.exe -on "\\servername\printname" -ot prn -actn trustee -trst "n1:Everyone;ta:remtrst;w:dacl,sacl" -rec cont_obj -ignoreerr
M
MaxKozlov, 2021-07-15 @MaxKozlov
wmi:
GetSecurityDescriptor()
SetSecurityDescriptor()
But there, if you construct these descriptors yourself, it turns out very muddy. It is possible, but difficult :)
I would suggest using the
PowerShellAccessControl module or something similar
. True, I have not tried it myself
Similar questions
T
A
W
S
U
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question