SpecPrinters

1.0.1

Public/Remove-SpecPrinterPermission.ps1

                                Function Remove-SpecPrinterPermission {

    <#

    .SYNOPSIS

    Removes specific permissions from a printer by updating its SDDL permissions.

    .DESCRIPTION

    The Remove-SpecPrinterPermissions function removes specified permissions from a printer by updating its Security Descriptor Definition Language (SDDL) permissions. It retrieves the current SDDL permissions, removes the specified permissions, and updates the printer with the modified permissions.

    .PARAMETER Printer

    The name of the printer from which to remove the permissions.

    .PARAMETER SDDLToRemove

    The Security Descriptor Definition Language (SDDL) string that specifies the permissions to be removed.

    .OUTPUTS

    System.Int32.

    The function returns the following exit codes:

    100: The printer permissions were successfully updated.

    101: Unable to retrieve current printer SDDL permissions.

    102: Unable to retrieve current printer SDDL permissions. Printer not found.

    103: Error updating current printer SDDL permissions.

    .EXAMPLE

    Remove-SpecPrinterPermission -Printer "Printer01" -SDDLToRemove "D:PAI(A;;FA;;;SY)"

    This example removes the "FULL" (FA) access permission for the "SYSTEM" (SY) account from the "Printer01" printer.

    .NOTES

        Author: andy.naftel

        Version: 1.0 - Original Code

                 1.1 - [owen.heaume] Add comment-based help

                     - [owen.heaume] Added error handling and return codes

    - This function requires administrative privileges to modify printer permissions.

    #>

    [cmdletbinding()]

    param (

        [Parameter(Mandatory = $True)]

        $Printer,

        [Parameter(Mandatory = $True)]

        $SDDLToRemove

    )

    If ($Printer -iin (Get-Printer).Name) {

        $ReturnCode = Get-SpecPrinterPermission -printer $Printer

        switch ($ReturnCode) {

            101 { $continue = $false; $message = "Unable to retrieve current printer SDDL permissions" }

            102 { $continue = $false; $message = "Unable to retrieve current printer SDDL permissions. Printer not found." }

            default { $continue = $true; $OriginalSDDL = $ReturnCode }

        }

        if ($continue) {

            $NewSDDL = $OriginalSDDL.replace(${SDDLToRemove}, '')

            Write-Verbose "Updating current printer SDDL permissions for $Printer"

            try {

                Set-Printer -Name $Printer -PermissionSDDL $NewSDDL -ErrorAction Stop -ErrorVariable x

                write-verbose "Successfully updated current printer SDDL permissions for $Printer"

                return 100

            } catch {

                Write-warning "Error updating current printer SDDL permissions for $Printer"

                Write-Warning "The error was: $x"

                return 103

            }

        } else {

            Write-Warning "$printer - $message"

            switch ($ReturnCode) {

                101 { return 101}

                102 { return 102}

            }

        }

    }

}