Summary: Guest blogger, Alan Morris, talks about using Windows PowerShell to add security groups to print servers.
Microsoft Scripting Guy, Ed Wilson, is here. Today we have a guest blog from Alan Morris. Here is a little about Alan:
Alan Morris has been involved with testing the Windows print system since Windows 2000. Active on Microsoft forums, he has been helping people worldwide with print-related issues for over 10 years. Working with Microsoft IT, he has been instrumental in rolling out prerelease versions of Windows Server for use as production print servers.
Getting started
Suppose I have a print server that has several hundred printers already installed. My task now is to add a security group to each printer so that new security group can manage documents that are sent to shared resources. So how do I do that?
First of all, I reviewed the following documentation on TechNet: Assigning Delegated Print Administrator and Printer Permission Settings in Windows Server 2008 R2.
Next, I configured the print server default security to the proper settings that I found in the TechNet document. I also know from the document that I need to set all the previously installed printers to the updated security policy. Although I can easily set the default print server security by using the graphical user interface, setting security on several hundred printers will be a major pain if I use the mouse and keyboard.
The next thing I do is add a new printer and verify that the security gets set properly. This is a test to make sure that I have everything set up properly. I do not want to open the UI and add the group to each of the printers that are already installed.
The easy way to accomplish the task of setting the security on the previously installed printers is to obtain the security settings from the new printer I just added. Then all I have to do is to apply this setting to the other printers on the server.
Use Windows PowerShell—it is easy
I will use the Get-Printer cmdlet to read the value of the security settings on the newly added printer. I then use the Set-Printer cmdlet to write the value of the security settings to the other printers.
Here are the Windows PowerShell commands that I need to use:
$security = get-printer "printer with changes" -full
get-printer * | Foreach-Object {set-printer $_.name -PermissionSDDL $security.PermissionSDDL}
The –Full flag is required when obtaining the security information, and takes a bit longer to obtain the extra data. However, most of the information you need from the printer does not require this flag.
When I attempt this task on my print server running Windows Server 2008 R2, it fails with the following error message:
The term 'get-printer' is not recognized as the name of a cmdlet,……
Because the Windows PowerShell commands use spooler calls, they do work in remote cases. For this task on computers running on Windows 8.1 and Windows 8, the commands are:
$security = get-printer -computer SERVER2008R2 "printer with changes" -full
get-printer * -computer SERVER2008R2|
Foreach-Object {set-printer $_.name -computer SERVER2008R2 -PermissionSDDL $security.PermissionSDDL}
If the print server running Windows 2008 R2 is a cluster, the remote cluster is handled the same as a standalone server. There is nothing special regarding the clustered spooler resource.
~Alan
Thanks, Alan! That’s it for now.
I invite you to follow me on Twitter and Facebook. If you have any questions, send email to me at scripter@microsoft.com, or post your questions on the Official Scripting Guys Forum. See you tomorrow. Until then, peace.
Ed Wilson, Microsoft Scripting Guy