0

Enumerating printers in C# that are published to Active Directory is fairly simple and works without problems.

My actual problem is, that I want to limit the number of returned printers to the ones I (or, respectively, the user) is having access to based on the printer queue ACL.

As already mentioned here How to programmatically search a printer in Active Directory the actual ACL of the Queue (if i'm allowed to print/manage etc.) is not stored in the Active Directory object itself.

A second loop calling to all the actual printer Queues would be ok too but yet i have not found how to get to a remote printer queue ACL either.

Any ideas on how to call the printer object/extract the ACL once I have all AD-published printers?

Community
  • 1
  • 1
schueric
  • 3
  • 1

1 Answers1

0

You could use WMI. There are two classes I'd look at:

  1. Win32_Printer has a GetSecurityDescriptor() method.
  2. Win32_Share has a GetAccessMask() method.

I'm not sure offhand which one is the right option but between the two I expect you'll be fine.

Brian Desmond
  • 4,473
  • 1
  • 13
  • 11
  • Thanks, number 1 was exactly what I was looking for! I guess it is the best way that can be achieved without having the DACL accessible via an AD query. But it does the trick – schueric Oct 23 '15 at 10:56