spec.printer.management

1.0.9

Public/Set-specPrinterPermissions.ps1

                                Function Set-specPrinterPermissions {

    <#

        Version 1.0 - Initial Release

                1.1 - Added if / else to check if the printer name is empty

                1.2 - Fix error when setting printer permissions, caused by device only having USB printers and no IP printers:

                    "WARNING: Failed to get or set printer permissions for '': Unable to retrieve current printer SDDL permissions for  No MSFT_Printer objects found with property 'Name' equal to ''.  Verify the value of the property and retry."

                1.3 - Change logic from using [string]::IsNullOrEmpty to $null comparison checks as [string] did not work due to checking objects, not strings!

                    #>

    [cmdletBinding()]

    param (

        [Parameter()]

        [System.Object[]]$usbAssignedPrinters,

        [Parameter()]

        [System.Object[]]$ipAssignedPrinters

    )

    #region 5. Printer Permissions

    Write-Host "`nAdding printer permissions if required" -ForegroundColor DarkCyan

    # define permissions to be added to the printer

    $SDDL_User = 'Authenticated Users'

    # Grant 'print' and 'Manage documents' to authenticated users

    $SDDL_Permissions = '(A;CIIO;RC;;;AU)(A;OIIO;RPWPSDRCWDWO;;;AU)(A;;SWRC;;;AU)'

    # Get all printers to configure permissions for

    #$printersToConfigure = $usbAssignedPrinters + $ipAssignedPrinters

    if ($null -ne $usbAssignedPrinters -and $null -ne $ipAssignedPrinters) {

        # Both $usbAssignedPrinters and $ipAssignedPrinters have values (are not $null)

        $printersToConfigure = @($usbAssignedPrinters) + @($ipAssignedPrinters)

    } elseif ($null -ne $usbAssignedPrinters) {

        # Only $usbAssignedPrinters has a value

        $printersToConfigure = $usbAssignedPrinters

    } elseif ($null -ne $ipAssignedPrinters) {

        # Only $ipAssignedPrinters has a value

        $printersToConfigure = $ipAssignedPrinters

    } else {

        # Both $usbAssignedPrinters and $ipAssignedPrinters are $null

        $printersToConfigure = $null

    }

    foreach ($printerToConfigure in $printersToConfigure) {

        if ([string]::IsNullOrEmpty($printerToConfigure.Printer_Name)) {

            $printerName = $printerToConfigure.Name

        } else {

            $printerName = $printerToConfigure.Printer_Name

        }

        # Instantiate the Printer object using New-specPrinterObject

        $printer = New-specPrinterObject -Name $printerName

        try {

            $currentPermissions = $printer.GetPrinterPermissions()

            # Checks if current permissions are in place

            if ($currentPermissions -notlike "*$SDDL_Permissions*") {

                # Construct the new SDDL string by concatenating the original and the new permissions

                $newSDDL = $currentPermissions + $SDDL_Permissions

                $printer.SetPrinterPermissions($newSDDL)

                Write-Host "Printer [$PrinterName] permissions updated." -ForegroundColor DarkGreen

            } else {

                Write-Host "Printer [$PrinterName] already has the correct permissions for user [$SDDL_User]" -ForegroundColor DarkGray

            }

        } catch {

            Write-Warning "Failed to get or set printer permissions for '$printerName': $_"

        }

        Write-Host

    }

    #endregion 5. Printer Permissions

}