Created
November 12, 2023 18:57
-
-
Save DonovanDiamond/978a362fe4c2f5ee4b5819ae9b988bab to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
$FIELD_ALLOW_DENY = 0 | |
$FIELD_PERM_1 = 1 | |
$FIELD_PERM_2 = 2 | |
$FIELD_UNK_1 = 3 | |
$FEIDL_UNK_2 = 4 | |
$FIELD_SID = 5 | |
$PERM_ALLOW_PRINT = "A;;SWRC" | |
$PERM_DENY_PRINT = "D;;SWRC" | |
$PERM_ALLOW_MANAGE = "A;;LCSWSDRCWDWO" | |
$PERM_DENY_MANAGE = "D;;LCSWSDRCWDWO" | |
function GetPrinterPermRows { | |
param ( | |
$permissions | |
) | |
$rows = $permissions.Split("(") | |
$rows = $rows.Replace(")", "") | |
return $rows | |
} | |
function JoinPrinterPermRows { | |
param ( | |
$rows | |
) | |
$joined = "" | |
for ($i = 0; $i -le $rows.length - 1; $i++) { | |
if ($i -eq 0) { | |
$joined += $rows[$i] + "(" | |
continue | |
} | |
if ($i -le $parts.length - 2) { | |
$joined += $rows[$i] + ")(" | |
continue | |
} | |
$joined += $rows[$i] + ")" | |
} | |
return $joined | |
} | |
function GetPrinterRowFields { | |
param ( | |
$row | |
) | |
return $row.Split(";") | |
} | |
function JoinPrinterRowFields { | |
param ( | |
$fields | |
) | |
return $fields -join ";" | |
} | |
function GetSIDPermFromRows { | |
param ( | |
$rows, | |
$sid | |
) | |
$perm = "" | |
foreach ($row in $rows) { | |
$fields = GetPrinterRowFields -row $row | |
if ($fields[$FIELD_SID] -eq $sid) { | |
if ($perm -ne "") { | |
$perm += "," | |
} | |
$perm += "$($fields[$FIELD_ALLOW_DENY]);$($fields[$FIELD_PERM_1]);$($fields[$FIELD_PERM_2])" | |
} | |
} | |
return $perm | |
} | |
function AddPermToRows { | |
param ( | |
$rows, | |
$sid, | |
$perm | |
) | |
$p = $perm.Split(";") | |
# 0 1 2 3 4 5 | |
$rows += @($p[0], $p[1], $p[2], "", "", $sid) -join ";" | |
return $rows | |
} | |
function RemoveSIDPermsFromRows { | |
param ( | |
$rows, | |
$sid | |
) | |
$newRows = @() | |
foreach ($row in $rows) { | |
$fields = GetPrinterRowFields -row $row | |
if ($fields[$FIELD_SID] -eq $sid) { | |
continue | |
} | |
$newRows += $row | |
} | |
return $newRows | |
} | |
function GetPrinterPerms { | |
param ( | |
$printerName | |
) | |
$p = Get-Printer $printerName -Full | |
return $p.PermissionSDDL | |
} | |
function SetPrinterPerms { | |
param ( | |
$printerName, | |
$permissions | |
) | |
$p = Get-Printer $printerName -Full | |
$p.KeepPrintedJobs = $true | |
$p.PermissionSDDL = $permissions | |
Set-Printer -InputObject $p | |
} | |
function ResetAllPrinters { | |
param ( | |
$printerListWithGroups | |
) | |
echo "WARNING: This will undo everything, continue?" | |
pause | |
$perms = GetPrinterPerms -printerName "Print to file" | |
foreach ($row in $printerListWithGroups) { | |
$fields = $row.Split(",") | |
$printerName = $fields[0] | |
echo " -> $printerName" | |
SetPrinterPerms -printerName $printerName -permissions $perms | |
} | |
} | |
function RemoveEverybodyFromPrinters { | |
param ( | |
$printerListWithGroups | |
) | |
echo "WARNING: will remove everyone from every printer?" | |
pause | |
echo "" | |
# A;;SWRC;;;WD | |
foreach ($row in $printerListWithGroups) { | |
$fields = $row.Split(",") | |
$printerName = $fields[0] | |
echo " -> $printerName" | |
$originalPerms = GetPrinterPerms -printerName $printerName | |
$originalRows = GetPrinterPermRows -permissions $originalPerms | |
$newRows = RemoveSIDPermsFromRows -rows $originalRows -sid "WD" | |
$newPerms = JoinPrinterPermRows -rows $newRows | |
SetPrinterPerms -printerName $printerName -permissions $newPerms | |
} | |
} | |
function FullPrinterCheck { | |
param ( | |
$printerListWithGroups, | |
$allGroups, | |
$defaultPermRows | |
) | |
$issues = @() | |
# SCAN THROUGH PRINTER LIST | |
echo "" | |
echo "SCAN THROUGH PRINTER LIST" | |
echo "" | |
foreach ($row in $printerListWithGroups) { | |
# GET PRINTER, GROUPS AND PERMS FROM ITEM | |
$fields = $row.Split(",") | |
$printerName = $fields[0] | |
$printerGroups = @() | |
echo " -> $printerName" | |
for ($i = 1; $i -le $fields.Length; $i++) { | |
$group = $fields[$i] | |
if ($group -eq "" -or $group -eq $null) { | |
continue | |
} | |
$printerGroups += $group | |
} | |
$printerPerms = GetPrinterPerms -printerName $printerName | |
$printerPermRows = GetPrinterPermRows -permissions $printerPerms | |
$checkedSIDs = @() | |
# CHECK GROUPS THAT NEED ACCESS | |
foreach ($groupName in $printerGroups) { | |
$group = Get-ADGroup -Filter "name -eq '$groupName'" | |
$groupPerm = GetSIDPermFromRows -rows $printerPermRows -sid $group.SID | |
$checkedSIDs += $group.SID | |
if ($groupPerm -ne $PERM_ALLOW_PRINT) { | |
$issues += "$printerName,group doesnt have access,$groupName,$($group.SID)" | |
} | |
} | |
# CHECK GROUPS THAT DONT NEED ACCESS | |
foreach ($groupName in $allGroups) { | |
if ($groupName -in $printerGroups) { | |
continue | |
} | |
$group = Get-ADGroup -Filter "name -eq '$groupName'" | |
$groupPerm = GetSIDPermFromRows -rows $printerPermRows -sid $group.SID | |
$checkedSIDs += $group.SID | |
if ($groupPerm -ne "") { | |
$issues += "$printerName,group should not have access,$groupName,$($group.SID)" | |
} | |
} | |
# CHECK DEFAULT PERMISSIONS | |
foreach ($row in $defaultPermRows) { | |
if ($row -in $printerPermRows) { | |
continue | |
} | |
$issues += "$printerName,missing or invalid default permission,$row" | |
} | |
# CHECK FOR OTHER UNUSUAL PERMISSIONS | |
foreach ($row in $printerPermRows) { | |
if ($row -eq "G:SYD:") { | |
continue | |
} | |
if ($row -in $defaultPermRows) { | |
continue | |
} | |
$fields = GetPrinterRowFields -row $row | |
if ($fields[$FIELD_SID] -in $checkedSIDs) { | |
continue | |
} | |
$issues += "$printerName,has unknown access,$row" | |
} | |
} | |
$userIssues = @() | |
# ATTEMPT TO FIX PRINTER ISSUES | |
echo "" | |
echo "ATTEMPT TO FIX PRINTER ISSUES" | |
echo "" | |
foreach ($issue in $issues) { | |
$issueParts = $issue.Split(",") | |
$printerName = $issueParts[0] | |
$issueType = $issueParts[1] | |
echo " -> $printerName - $issueType" | |
$printerPerms = GetPrinterPerms -printerName $printerName | |
$printerPermRows = GetPrinterPermRows -permissions $printerPerms | |
$groupName = $issueParts[2] | |
$groupSID = $issueParts[3] | |
if ($issueType -eq "group doesnt have access") { | |
$newPermRows = AddPermToRows -rows $printerPermRows -sid $groupSID -perm $PERM_ALLOW_PRINT | |
SetPrinterPerms -printerName $printerName -permissions (JoinPrinterPermRows -rows $newPermRows) | |
echo " - ISSUE FIXED: Added group $groupName to $printerName" | |
continue | |
} | |
if ($issueType -eq "group should not have access") { | |
$newPermRows = RemoveSIDPermsFromRows -rows $printerPermRows -sid $groupSID | |
SetPrinterPerms -printerName $printerName -permissions (JoinPrinterPermRows -rows $newPermRows) | |
echo " - ISSUE FIXED: Removed group $groupName from $printerName" | |
continue | |
} | |
$userIssues += $issue | |
} | |
echo "Finished fixing issues, user assistance needed on:" | |
$userIssues | |
} | |
#$printers = Get-Printer | % { $_.Name } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment