Powershell: Printnightmare-detection.ps1

Printnightmare Detection with PowerShell

In this blog post, we'll explore a PowerShell script designed to detect compliance with specific registry settings related to print management. The script is called Printnightmare-detection.ps1 and can be found on GitHub here.

Prerequisites

The Script

The script starts by clearing the console and setting up some variables:

Clear-host
$regpath = "HKLM:\SOFTWARE\Policies\Microsoft\Windows NT\Printers\PointAndPrint"
$items = @("NoWarningNoElevationOnInstall,0", "UpdatePromptSettings,0", "RestrictDriverInstallationToAdministrators,1")
$good = 0
$bad = 0

Next, the script checks if the registry path exists and creates it if it doesn't:

if (!(test-path $regpath)) {
    new-item -Path $regpath -ItemType Directory  -force
}

How It Works

Looping Through Items

The script then loops through the array of registry settings:

foreach ($i in $items) {
    $regitem = $i.Split(",")
    $name = $regitem[0]
    $value = $regitem[1]

    try {
        $current = Get-ItemPropertyValue -path $regpath -name $name
        if ($value -match $current) {
            Write-host "$name Value: $current" -ForegroundColor Yellow
            $good++

        } else {
            Write-host "$name non-compliant, setting correct Value : $value"
            $bad++
        }
    }
    Catch [System.Management.Automation.RuntimeException] {
        Write-warning "$name does not exist, Creating"
        $bad++
    }
    finally {
        $Error.Clear()
    }
}

Checking Compliance

After looping through all the registry settings, the script checks if all settings are compliant:

if ($good -eq 3 -and $bad -eq 0) {
    Write-output "Compliant"
    Exit 0
} elseif ($bad -gt 0) {
    Write-output "Non-Compliant"
    Exit 1
}

Key Code Snippets

Clear-host
$regpath = "HKLM:\SOFTWARE\Policies\Microsoft\Windows NT\Printers\PointAndPrint"
$items = @("NoWarningNoElevationOnInstall,0", "UpdatePromptSettings,0", "RestrictDriverInstallationToAdministrators,1")
$good = 0
$bad = 0

if (!(test-path $regpath)) {
    new-item -Path $regpath -ItemType Directory  -force
}

foreach ($i in $items) {
    $regitem = $i.Split(",")
    $name = $regitem[0]
    $value = $regitem[1]

    try {
        $current = Get-ItemPropertyValue -path $regpath -name $name
        if ($value -match $current) {
            Write-host "$name Value: $current" -ForegroundColor Yellow
            $good++

        } else {
            Write-host "$name non-compliant, setting correct Value : $value"
            $bad++
        }
    }
    Catch [System.Management.Automation.RuntimeException] {
        Write-warning "$name does not exist, Creating"
        $bad++
    }
    finally {
        $Error.Clear()
    }
}

if ($good -eq 3 -and $bad -eq 0) {
    Write-output "Compliant"
    Exit 0
} elseif ($bad -gt 0) {
    Write-output "Non-Compliant"
    Exit 1
}

Usage Examples

To use this script, simply run it in PowerShell. The script will detect the compliance of your registry settings and output a message indicating whether they are compliant or not.

Conclusion

In conclusion, the Printnightmare-detection.ps1 script is a useful tool for detecting compliance with specific registry settings related to print management. By understanding how the script works and the key code snippets, you can customize it to fit your needs and improve your overall PowerShell skills.