Advertisement
Guest User

PrinterUtils.ps1 / Functions for advanced printer management

a guest
May 18th, 2011
4,514
0
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1.     ########################################################
  2.     # PrinterUtils.ps1
  3.     # Version 0.1.0.0
  4.     #
  5.     # Functions for advanced printer management
  6.     #
  7.     # Vadims Podans (c) 2008
  8.     # http://www.sysadmins.lv/
  9.     ########################################################
  10.  
  11.     # Internal function that converts numeric return code writes ACL
  12.     # in a text value.
  13.     function _PrinterUtils_Get-Code ($Write) {
  14.         switch ($Write.ReturnValue) {
  15.             "0" {"Success"}
  16.             "2" {"Access Denied"}
  17.             "8" {"Unknown Error"}
  18.             "9" {"The user does not have adequate privileges to execute the method"}
  19.             "21" {"A parameter specified in the method call is invalid"}
  20.             default {"Unknown error $Write.ReturnValue"}
  21.         }
  22.     }
  23.  
  24.     # function get the list (List) ACL printer or all Printer
  25.     function Get-Printer ($Computer = ".", $name) {
  26.         # If the variable $name is empty, it returns a list of all local printers
  27.         if ($name) {
  28.             $Printers = gwmi Win32_Printer -ComputerName $Computer -Filter "name = '$name'"
  29.         } else {
  30.             $Printers = gwmi Win32_Printer -ComputerName $Computer -Filter "local = '$True'"
  31.         }
  32.         # array declaration lists ACL
  33.         $PrinterInfo = @()
  34.         # Retrieve the ACL of each element of the array of lists ACL
  35.         foreach ($Printer in $Printers) {
  36.             if ($printer) {
  37.                 # the variable $SD obtain the security descriptor for each printer and each element of the ACE (DACL)
  38.                 # And add $PrinterInfo
  39.                 $SD = $Printer.GetSecurityDescriptor()
  40.                 $PrinterInfo += $SD.Descriptor.DACL | %{
  41.                     $_ | Select @{e = {$Printer.SystemName}; n = 'Computer'},
  42.                     @{e = {$Printer.name}; n = 'Name'},
  43.                     AccessMask,
  44.                     AceFlags,
  45.                     AceType,
  46.                     @{e = {$_.trustee.Name}; n = 'User'},
  47.                     @{e = {$_.trustee.Domain}; n = 'Domain'},
  48.                     @{e = {$_.trustee.SIDString}; n = 'SID'}
  49.                 }
  50.             } else {
  51.                 Write-Warning "Specified printer not found!"
  52.             }
  53.         }
  54.         # Giving information about the ACL on the yield function for subsequent submission to the conveyor
  55.         $PrinterInfo
  56.     }
  57.  
  58.     # recording function in the ACL printer.  It takes no arguments,
  59.     # but only receives data from the conveyor
  60.     function Set-Printer {
  61.         # get an array of pipelined ACE from an external source
  62.         $PrinterInfo = @($Input)
  63.         # embroider the resulting array by the name of the printer and continue to serve on the cycle
  64.         # ACL processing only one printer
  65.         $PrinterInfo | Select -Unique Computer, Name | % {
  66.             $Computer = $_.Computer
  67.             $name = $_.name
  68.             # create the new objects required classes
  69.             $SD = ([WMIClass] "Win32_SecurityDescriptor").CreateInstance()
  70.             $ace = ([WMIClass] "Win32_Ace").CreateInstance()
  71.             $Trustee = ([WMIClass] "Win32_Trustee").CreateInstance()
  72.             # now embroider each ACE is already filtered by an ACL from PrinterInfo and
  73.             # Fill the form SecurityDescriptor
  74.             $PrinterInfo | ? {$_.Computer -eq $Computer -and $_.name -eq $name} | % {
  75.                 $SID = new-object security.principal.securityidentifier($_.SID)
  76.                 [byte[]] $SIDArray = ,0 * $SID.BinaryLength
  77.                 $SID.GetBinaryForm($SIDArray,0)
  78.                 $Trustee.Name = $_.user
  79.                 $Trustee.SID = $SIDArray
  80.                 $ace.AccessMask = $_.AccessMask
  81.                 $ace.AceType = $_.AceType
  82.                 $ace.AceFlags = $_.AceFlags
  83.                 $ace.trustee = $Trustee
  84.                 # Set ACE gradually add to the security descriptor DACL
  85.                 $SD.DACL += @($ace.psobject.baseobject)
  86.                 # set the flag SE_DACL_PRESENT, that will say that we are changing
  87.               # DACL only and nothing more
  88.                 $SD.ControlFlags = 0x0004
  89.             }
  90.             # when full ACL for the current printer is assembled, select the name of the current printer
  91.             $Printer = gwmi Win32_Printer -ComputerName $Computer -Filter "name = '$name'"
  92.             # Verify that the printer for an ACL entry is found and produced the record.
  93.           # Otherwise, the ACL entry is skipped
  94.             if ($Printer) {
  95.                 $Write = $Printer.SetSecurityDescriptor($SD)
  96.                 Write-Host "Processing current printer: $name"
  97.                 _PrinterUtils_Get-Code $Write
  98.             } else {
  99.                 Write-Warning "Skipping non-present printer: $name"
  100.             }
  101.         }
  102.     }
  103.  
  104.     # internal function, which only creates a user object with a set of rules
  105.     # and returns the object to the calling function for the subsequent transformation
  106.     function _Create-SDObject ( $user, $AceType, $AccessMask) {
  107.         # convert the text form of rights in the numerical values
  108.         $masks = @{ManagePrinters = 983052; ManageDocuments = 983088; Print = 131080;
  109.             TakeOwnership = 524288; ReadPermissions = 131072; ChangePermissions = 262144}
  110.         $types = @{Allow = 0; Deny = 1}
  111.         # create the necessary properties for the object.  To support remote management
  112.           # Was added to the property of Computer, which will take on the Get-Printer analogous
  113.           # Value.  This provides a pass-through broadcast computer name where
  114.           # Printer is connected by pipeline to the subsequent record
  115.         $AddInfo = New-Object System.Management.Automation.PSObject
  116.         $AddInfo | Add-Member NoteProperty Computer ([PSObject]$null)
  117.         $AddInfo | Add-Member NoteProperty Name ([PSObject]$null)
  118.         $AddInfo | Add-Member NoteProperty AccessMask ([uint32]$null)
  119.         $AddInfo | Add-Member NoteProperty AceFlags ([uint32]$null)
  120.         $AddInfo | Add-Member NoteProperty AceType ([uint32]$null)
  121.         $AddInfo | Add-Member NoteProperty User ([PSObject]$null)
  122.         $AddInfo | Add-Member NoteProperty Domain ([PSObject]$null)
  123.         $AddInfo | Add-Member NoteProperty SID ([PSObject]$null)
  124.         # populate the data which were given as arguments to the function call and return
  125.       # Object to the calling function
  126.         $AddInfo.Name = $name
  127.         $AddInfo.User = $user
  128.         $AddInfo.SID = (new-object security.principal.ntaccount $user).translate([security.principal.securityidentifier])
  129.         $AddInfo.AccessMask = $masks.$AccessMask
  130.         $AddInfo.AceType = $types.$AceType
  131.         if ($masks.$AccessMask -eq 983088) {$AddInfo.AceFlags = 9}
  132.         $AddInfo
  133.     }
  134.  
  135.     # function to set permissions on the printer.  When using it, the current ACL
  136.     # cleared of all records and set only one polzovateley / team with the right ManagePrinters
  137.     function Set-PrinterPermission ($user) {
  138.         # Data taken from the conveyor
  139.         $PrinterInfo = @($Input)
  140.         $AddInfo = _Create-SDObject $user Allow ManagePrinters
  141.         # This loop goes through the names of all the names of printers for each of them
  142.       # Specified in the written arguments of the user with the removal of the current ACE from the ACL printer
  143.       # This is evident from the fact that no part of the $PrinterInfo not piped to record
  144.         foreach ($Printer in ($PrinterInfo | select -Unique Computer, Name)) {
  145.             $AddInfo.Computer = $Printer.Computer
  146.             $AddInfo.Name = $Printer.name
  147.             $AddInfo | Set-Printer
  148.         }
  149.     }
  150.  
  151.     # function to add a user / group to an existing ACL on the printer.  The main difference from the previous version
  152.     # that for each printer ACE is not installed, and added
  153.     function Add-PrinterPermission ($user, $AceType, $AccessMask) {
  154.         $PrinterInfo = @($Input)
  155.         $AddInfo = _Create-SDObject $user $AceType $AccessMask
  156.         foreach ($Printer in ($PrinterInfo | select -Unique Computer, Name)) {
  157.             $AddInfo.Name = $Printer.name
  158.             $AddInfo.Computer = $Printer.Computer
  159.             # here is this line, we list all the printers iteratively iterate through each printer
  160.             $PrinterInfoNew = $PrinterInfo | ?{$_.name -eq $Printer.name}
  161.             # and the tail of the ACL are adding a new ACE
  162.             $PrinterInfoNew += $AddInfo
  163.             # And serve to record
  164.             $PrinterInfoNew | Set-Printer
  165.         }
  166.     }
  167.  
  168.     # function to remove the ACE group / user from the ACL
  169.     function Remove-PrinterPermission ($user) {
  170.         $Printers = @($Input)
  171.         # just take the list of ACL, which came on the conveyor belt and throwing out all the ACE,
  172.         # In which the figures given in the arguments of the user / group and writing the ACE back in the ACL
  173.         $printers | ? {$_.user -ne $user} | Set-Printer
  174.     }
  175.  
  176.     function New-NetworkPrinter ($Computer, $name) {
  177.         ([wmiclass]'Win32_Printer').AddPrinterConnection("\\$Computer\$name")
  178.     }
  179.  
  180.     function Remove-NetworkPrinter ($name) {
  181.         if ($name) {
  182.             (gwmi Win32_Printer -Filter "sharename='$name'").delete()
  183.         } else {
  184.             (gwmi Win32_Printer -Filter "local='$false'").delete()
  185.         }
  186.     }
  187.  
  188.     function Set-DefaultPrinter ($name) {
  189.         if (!$name) {
  190.             Write-Warning "You must to specify printer name. Operation aborted!"
  191.         } else {
  192.             if (gwmi win32_Printer -Filter "name='$name'") {
  193.                 $SetDefault = (gwmi win32_Printer -Filter "name='$name'").SetDefaultPrinter()
  194.                 switch ($SetDefault.ReturnValue) {
  195.                     "0" {Write-Host "Now your default printer is $name"}
  196.                     default {Write-Warning "Some error occur"}
  197.                 }
  198.             } else {
  199.                 Write-Warning "Specified printer not exist!"
  200.             }
  201.         }
  202.     }
  203.  
  204.     function Get-PrinterInfo ($Computer = ".", $name) {
  205.         # here I suggest getting a full set of properties and a simplified derivation of information.
  206.         if ($name) {
  207.             gwmi Win32_Printer -ComputerName $Computer -Filter "name='$name'" | select *
  208.         } else {
  209.             gwmi Win32_Printer -ComputerName $Computer
  210.         }
  211.     }
  212.  
  213.     function New-PrinterShare ($Computer = ".", $name, $ShareName) {
  214.         $Printer = gwmi win32_Printer -ComputerName $Computer -Filter "name='$name'"
  215.         if ($Printer) {
  216.             $Printer.shared = $True
  217.             $Printer.ShareName = $ShareName
  218.             $Printer.put()
  219.         } else {
  220.             Write-Warning "Specified printer not exist!"
  221.         }
  222.     }
  223.  
  224.     function Remove-PrinterShare ($Computer = ".", $name) {
  225.         if ($name) {
  226.             $filter = "name = '$name'"
  227.         } else {
  228.             $filter = "local = '$false'"
  229.         }
  230.         gwmi Win32_Printer -ComputerName $Computer -Filter $filter | % {
  231.             $_.shared = $false
  232.             $_.put()
  233.         }
  234.     }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement