I have been looking for a way to set the "Manage Printer" and "Manage Print Jobs" permissions using PowerShell. I created the following PowerShell function that works well and takes a Active Directory group name as an input.
function Set-PrinterPermission {
param (
[string]$adGroup,
[string]$server,
[string]$printerName
)
$GroupSID = (Get-ADGroup -Identity $adGroup).SID
$SDDL = (Get-Printer -ComputerName $server -Name $printerName -Full).PermissionSDDL
$SDDL += "(A;;LCSWSDRCWDWO;;;${GroupSID})(A;OIIO;RPWPSDRCWDWO;;;${GroupSID})"
Set-Printer -ComputerName $server -Name $printerName -PermissionSDDL $SDDL
# Wait for a brief moment to allow the permission change to take effect
Start-Sleep -Seconds 2
$updatedSDDL = (Get-Printer -ComputerName $server -Name $printerName -Full).PermissionSDDL
if ($updatedSDDL -eq $SDDL) {
Write-Host "Printer permissions set successfully for $adGroup"
}
else {
Write-Host "Failed to set printer permissions for $adGroup"
}
}
This function can be called with the following code
Set-PrinterPermission -adGroup "YourADGroup" -server "ServerHostName" -printerName "YourPrinterName"