#168006 - 2006-09-18 04:53 AM
How to get a list of printers but requires security
|
Mark Pietersz
Getting the hang of it
Registered: 2001-09-30
Posts: 74
Loc: Melbourne, Australia
|
Hi Team
I am trying create a login script that will add printer queues for a client PC when the user logs in. I have used the UDF PrinterList() from Allen Powell which works well when I am logged in as a user with permissions to interrogate the print server. However when I run as a domain user the code falls over on
$Service = GetObject("winmgmts:\\" + $remotepc + "\root\cimv2")
I guess I need to execute the code as a priviledged user account on the print server. I have found the following code on MSDN
$wbemImpersonationLevelImpersonate = 3
$wbemAuthenticationLevelPktPrivacy = 6
$objLocator = CreateObject("WbemScripting.SWbemLocator")
$objService = objLocator.ConnectServer("TargetComputer", "root\cimv2", "UserName", "Password")
objService.Security_.ImpersonationLevel = $wbemImpersonationLevelImpersonate
objservices.Security_.AuthenticationLevel = $wbemAuthenticationLevelPktPrivacy
This suggests that I can connect as another user but the code fails after
objService.Security_.ImpersonationLevel = $wbemImpersonationLevelImpersonate
Am I barking up the wrong tree ? is there a better way ?
I would also need to know the minimum priviledges required to execute
$Printers=$service.execquery ('select * from Win32_Printer')
TIA
Mark
|
|
Top
|
|
|
|
#168008 - 2006-09-18 07:37 AM
Re: How to get a list of printers but requires security
|
Mark Pietersz
Getting the hang of it
Registered: 2001-09-30
Posts: 74
Loc: Melbourne, Australia
|
Hi Allan
(note: PrinterList() and PriMapState() have been sourced from the Kix UDF library)
You are correct.
Our network users typically don't have have much more than Domain User access. When they login we want the script to interrogate the users print server (a remote pc) and then add those printers to their desktop config.
This is another piece of code that I have found on the BBS
for each $share in listPrinterShares($computer)
$share ?
next
function listPrinterShares(optional $computer)
dim $share,$shares,$a[0]
$a[0] = "PrintQueue"
if not vartype($computer) $computer=@wksta endif
$computer = getobject("WinNT://"+$computer+",Computer")
$computer.filter=$a
if @error exit @error endif
for each $share in $computer
redim preserve $shares[ubound($shares)+1]
$shares[ubound($shares)] = $share.name
next
$listPrinterShares = $shares
endfunction
This gets the list of printer shares without having the security issue however it returns the share name of the printer. When the share name of the printer is passed to PriMapState() it can return null if the printer name and the printer share name are not the same. My script will try to add the printer again. Eg the share name for a printer is \\PSAUMEL1\Xerox84000 but its printer name is \\PSAUMEL1\Xerox Phaser 8400DP
For this reason PrinterList() is nicer.
Can PrinterList() be updated so that it can work where $remotepc is a print server on a network and the calling user has limited network priviledges ?
For my purposes the solution can involve the creation of a dedicated account on the print server to perform winmgmts: call.
The functional part of my code is
? 'Getting the list of printers from print server: ' + $remotepc
$array=printerlist($remotepc)
for each $printer in $array
$printer = '\\' + $remotepc + '\' + $printer
$x = PriMapState($printer)
if $x = ""
? 'Adding printer: ' + $printer
addprinterconnection ($printer)
endif
next
Regards Mark
|
|
Top
|
|
|
|
|
#168010 - 2006-09-18 09:22 AM
Re: How to get a list of printers but requires security
|
Allen
KiX Supporter
Registered: 2003-04-19
Posts: 4567
Loc: USA
|
I'll see what I can do to update printerlist, but in the mean time you might try seeing if this will help.
Change this line
Code:
$shares[ubound($shares)] = $share.name
to
Code:
$shares[ubound($shares)] = $share.printerpath
Let me know if this helps.
|
|
Top
|
|
|
|
|
#168011 - 2006-09-18 09:45 AM
Re: How to get a list of printers but requires security
|
Mark Pietersz
Getting the hang of it
Registered: 2001-09-30
Posts: 74
Loc: Melbourne, Australia
|
Hi Allan
You suggestion was not successful however it did prompt me to try $share.printername which looks like it might do the trick. I'll be able to try this out tomorrow. This leads me to another question.
What are the merits of using a
$Service = GetObject("winmgmts:\\" + $remotepc + "\root\cimv2")
approach rather than
$computer = getobject("WinNT://"+$computer+",Computer")
And sorry for forgetting to properly format my posted code
Cheers
Mark
_________________________
Mark Pietersz
|
|
Top
|
|
|
|
|
#168013 - 2006-09-22 03:37 AM
Re: How to get a list of printers but requires security
|
Mark Pietersz
Getting the hang of it
Registered: 2001-09-30
Posts: 74
Loc: Melbourne, Australia
|
hi Guys
Jens - the remote computers are servers that store sensitive information as well as acting as print servers. If a give enough access via WMI authentication to allow
$service.execquery ('select * from Win32_Printer') by users would I be in danger of giving members of the Domain Users group to much access to the machine ?
Mark
|
|
Top
|
|
|
|
Moderator: Jochen, Allen, Radimus, Glenn Barnas, ShaneEP, Ruud van Velsen, Arend_, Mart
|
0 registered
and 1045 anonymous users online.
|
|
|
