Public/Remove-SpecPrinterPermission.ps1
|
Function Remove-SpecPrinterPermission { <# .SYNOPSIS This function removes specified security descriptor definition language (SDDL) permissions from a printer. .DESCRIPTION The Remove-SpecPrinterPermission function is used to remove specific SDDL permissions from a given printer's existing permissions. It utilizes the Set-Printer cmdlet to update the printer's SDDL permissions by removing the specified SDDL permission string. .PARAMETER Printer The name of the printer from which you want to remove permissions. .PARAMETER OriginalPrinterSDDL The original SDDL permission string of the printer before removing permissions. .PARAMETER SDDLToRemove The SDDL permission string to be removed from the original permissions. .EXAMPLE Remove-SpecPrinterPermission -Printer "Printer1" -OriginalPrinterSDDL "D:P(A;OICI;GA;;;BA)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)" -SDDLToRemove "(A;;RPWPDTLOCRRC;;;PS)" This example removes the SDDL permission "(A;;RPWPDTLOCRRC;;;PS)" from the printer "Printer1". .NOTES Author: andy.naftel Version: 1.0 - Original Code 1.1 - [owen.heaume] Add comment-based help - [owen.heaume] Added error handling and return codes 1.2 - Refactor to remove redundant code #> [cmdletbinding()] param ( [Parameter(Mandatory = $True)] $Printer, [Parameter(Mandatory = $True)] $OriginalPrinterSDDL, [Parameter(Mandatory = $True)] $SDDLToRemove ) If ($Printer -iin (Get-Printer).Name) { $NewSDDL = $OriginalPrinterSDDL.replace(${SDDLToRemove}, '') Write-Verbose "Updating (removing) current printer SDDL permissions for $Printer" try { Set-Printer -Name $Printer -PermissionSDDL $NewSDDL -ErrorAction Stop -ErrorVariable x write-verbose "Successfully updated (removed) SDDL permissions for $Printer" return 100 } catch { Write-warning "Error updating (removing) current printer SDDL permissions for $Printer" Write-Warning "The error was: $x" return 103 } } } |