Shared printers

(imported topic written by jaf0onl91)

Do you know if there is a way to create an analysis to detect if

someone has a printer installed locally but shared out to other people ? Thanks !!!

(imported comment written by ktang91)

try this relevance script:

q:if (name of operating system = “Win2003” OR name of operating system = “WinXP” or name of operating system = “Win2000” or name of operating system = “WinNT”) then (string values of selects “name from win32_printer where servername=NULL and sharename != NULL” of wmi as string) else “”

A: hp LaserJet 3030 PCL 6

http://msdn.microsoft.com/library/default.asp?url=/library/en-us/wmisdk/wmi/win32_printer.asp

ServerName

Data type: string

Access type: Read-only

Name of the server that controls the printer. If this string is NULL, the printer is controlled locally.

Shared

Data type: boolean

Access type: Read/write

If TRUE, the printer is available as a shared network resource.

Windows 2000 and Windows NT 4.0: This property is not supported.

(imported comment written by BenKus)

That relevance looks good, but if you are making a property, you should probably set the report interval to a higher interval (definitely not “every report”… probably more like once or twice a day) because it looks like it can take a few seconds to evaluate this wmi property.

Ben

(imported comment written by dgibson91)

Something like this would be faster, and (I think) just as accurate.

q: if (name of operating system = “Win2003” OR name of operating system = “WinXP” or name of operating system = “Win2000” or name of operating system = “WinNT”) AND (exists key “HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers” of registry) then ((value “Name” of it, value “Printer Driver” of it) of keys whose (value “Share Name” of it != “” ) of key “HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers” of registry) else nothings

a: PrinterName, Printer Driver

Also, something similar we did to see what network printers were installed on our workstations:

q: if ((operating system as string = “WinXP 5.1.2600” OR (operating system as string = “Win2000 5.0.2195” AND value “ProductType” of key “HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\ProductOptions” of registry = “WinNT” )) AND exist key “HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Providers\LanMan Print Services\Servers” of registry) then ((value “Name” of it, value “Printer Driver” of it, value “ShortServerName” of key “DsSpooler” of it) of keys of keys whose (name of it = “Printers” ) of keys of key “HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Providers\LanMan Print Services\Servers” of registry) else nothings

A: QUEUENAME, DRIVERNAME, SERVERNAME

(imported comment written by BenKus)

Very nice!

It looks like the registry-based version is a few hundred times faster than the WMI version (< 1ms for my computer to get these results).

This is a great example of the idea that the WMI is inefficient and should only be used when there aren’t other options.

Ben

(imported comment written by topik8891)

dgibson

Something like this would be faster, and (I think) just as accurate.

q: if (name of operating system = “Win2003” OR name of operating system = “WinXP” or name of operating system = “Win2000” or name of operating system = “WinNT”) AND (exists key “HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers” of registry) then ((value “Name” of it, value “Printer Driver” of it) of keys whose (value “Share Name” of it != “” ) of key “HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers” of registry) else nothings
a: PrinterName, Printer Driver

I already try this and it works to find shared printer (I shared my printer), but when I don’t share my printer anymore, Bigfix still show the printer (it shouldn’t show any device). Can you tell me how to fix this problem ?

I have a customer that they want to detect and show all their external device such as printer, scanner etc that connected via USB, paralel & serial port. How Bigfix can do that things?

Anyway to pull back the share permissions of a printer? Like the “Print” permission, “Manage this printer” permission, or “Manage Documents”?

entries of dacls of security descriptors of network shares does not offer print specific permission properties that I can tell. It only offers the general read, write, and execute permission sets…not the other permissions needed to represent the printer shares.

old thread but anyone know how to return permissions for printers ?

You can create a task that uses powershell to list printers and then print out permissions. And then use analysis to read the results

Get-Printer -ComputerName
(Get-Printer ‘Microsoft Print to PDF’ -Full).PermissionSDDL

1 Like

How would you itterate through the list of mapped printers ?

Get-Printer -ComputerName would give you a list of printers which you can iterate through and print out the permissionSDDL. Is that what you asked?

yup that works, thanks.