I have 275 print queues that I need to manipulate. I need to give a user full control over the queue.
Wanting to script this in some way, I've come up with this:
use Win32::Perms;
# Create a new Security Descriptor and auto import permissions from the queue
$Dir = new Win32::Perms( 'printer://hera/testperm' ) || die;
# Add an ACE
$Dir->Add('helpdesk',FULL);
# Set the permissions (no need to specify the path since the object was created with it)
$Dir->Set();
# If you are curious about the contents of the SD
# dump the contents to STDOUT
$Dir->Dump;
This gets me half way there, when I check the permissions on the printer, the user, helpdesk, now has print and manage printers, but not the manage documents permission.
Does anyone know what I may need to do to get that permission as well?
Here's something I've observed:
Users which do have manage documents have 2 entries in the ACL, while the code I ran gives helpdesk only 1 entry:
Descretionary ACL:
Index Account Mask Type Flag
----- ---------------------------------------- ---------- ---------- ----------
0 BUILTIN\Administrators 0x000f000c Allow 0x00000000
1 BUILTIN\Administrators 0x000f0010 Allow 0x00000009
2 CREATOR OWNER 0x00020000 Allow 0x0000000a
3 CREATOR OWNER 0x000f0010 Allow 0x00000009
4 Everyone 0x00020008 Allow 0x00000000
5 0x000f000c Allow 0x00000000
6 0x000f0010 Allow 0x00000009
7 0x000f000c Allow 0x00000000
8 0x000f0010 Allow 0x00000009
9 GENESEO\helpdesk 0x000f000c Allow 0x00000002
I guess I'm asking how to grant the mask 0x00f0010 to the documents, as well as the 0x00f00c to the printer, which I can grant with the mask "FULL."
Thanks, everyone!
-Rick
Rick Coloccia
Network Analyst
SUNY Geneseo
124B2 South Hall
Geneseo, NY 14454
Voice: (585) 245-5577
Fax: (585) 245-5579
