Analysis | Printer Audit - Windows

# Local Printers

Period 12 hours

* Results in a true/false

number of keys whose (value "Port" of it as string contains "LPT" OR value "Port" of it as string contains "DOT4" OR value "Port" of it as string contains "USB") of key "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers" of registry as string

# IP Address Network Printers

Period 12 hours

* Results in a true/false

number of keys whose (4 = number of substrings separated by "." of (value "Port" of it as string)) of key "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers" of registry as string

Printers

Period 12 hours

* Results in a true/false

concatenation ", " of unique values of names whose(it as string does not contain "Microsoft" AND it as string does not contain "PDF" AND it as string as lowercase does not contain "fax" AND it as string does not contain "OneNote" AND it as string does not contain "PaperPort") of keys of key "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers" of registry

Printer Models

Period 12 hours

* Results in a true/false

concatenation ", " of unique values of (values "Model" whose(it as string does not contain "Microsoft" AND it as string does not contain "PDF" AND it as string as lowercase does not contain "fax" AND it as string does not contain "OneNote" AND it as string does not contain "PaperPort") of keys of keys of key "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers" of registry as string)

Default Printers

Period 12 hours

* Results in a true/false

concatenation ", " of (unique values whose(it as string does not contain "Microsoft" AND it as string does not contain "PDF" AND it as string as lowercase does not contain "fax" AND it as string does not contain "OneNote" AND it as string does not contain "PaperPort") of preceding texts of firsts "," of ((values "Device" of keys "windows" whose ( exists values "Device" of it ) of keys "Software\Microsoft\Windows NT\CurrentVersion" of keys of key "HKEY_USERS" of registry) as string) as string)

Printer Info from WMI

Period 12 hours

* Results in a true/false

selects "Name,Caption,DeviceID,DriverName,PortName from win32_printer" of wmi

Printer Names from WMI (filtered)

Period 12 hours

* Results in a true/false

unique values whose(not exists (it as lowercase) whose(it = "fax" OR it contains "webex " OR it contains " converter" OR it contains " virtual printer" OR it contains " publisher imagesetter" OR it contains " onenote " OR it contains "microsoft " OR it contains "pdf")) of string values of selects "Name,Caption,DeviceID,DriverName from win32_printer" of wmi

Printer Info from ActiveDevices

Period 12 hours

* Results in a true/false

(friendly name of it | "<noFriName>", description of it | "<noDesc>", manufacturer of it | "<noManuf>", location information of it | "<noLocInfo>" ) of active devices whose(class of it = "PrintQueue" OR class of it = "Printer")

DoNotInstallCompatibleDriverFromWindowsUpdate (win7+)

Period 12 hours

* Results in a true/false

values "DoNotInstallCompatibleDriverFromWindowsUpdate" of keys "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print" of native registry

PrinterNames of ControlSet (registry)

Period 12 hours

* Results in a true/false

unique values of names of keys of keys "Control\Print\Printers" of keys whose(name of it contains "ControlSet") of keys "HKEY_LOCAL_MACHINE\SYSTEM" of native registry

PrinterDrivers of ControlSet (registry)

Period 12 hours

* Results in a true/false

unique values of names of keys of keys whose(name of it starts with "Version-") of keys "Drivers" of keys of keys "Control\Print\Environments" of keys whose(name of it contains "ControlSet") of keys "HKEY_LOCAL_MACHINE\SYSTEM" of native registry

Names of (PrinterDrivers & PrinterNames) combined&filtered

Period 12 hours

* Results in a true/false

unique values whose
(
    not exists
    (
        it as lowercase
    )
    whose
    (
        it = "fax" OR it contains "root print " OR it contains "remote desktop " OR it contains "webex " OR it contains " converter" OR it contains " virtual printer" OR it contains " publisher imagesetter" OR it contains " onenote " OR it contains "microsoft " OR it contains "pdf"
    )
)
of
(
    (
        string values of selects "Name,Caption,DeviceID,DriverName from win32_printer" of wmi
    )
    ;
    (
        names of keys of keys "Control\Print\Printers" of keys whose
        (
            name of it contains "ControlSet"
        )
        of keys "HKEY_LOCAL_MACHINE\SYSTEM" of native registry
    )
    ;
    (
        names of keys of keys whose
        (
            name of it starts with "Version-"
        )
        of keys "Drivers" of keys of keys "Control\Print\Environments" of keys whose
        (
            name of it contains "ControlSet"
        )
        of keys "HKEY_LOCAL_MACHINE\SYSTEM" of native registry
    )
    ;
    (
        values "Model" of keys of keys of key "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers" of registry as string
    )
    ;
    (
        (
            if
            (
                exists friendly name of it
            )
            then
            (
                friendly names of it
            )
            else
            (
                descriptions of it
            )
        )
        of active devices whose
        (
            class of it = "PrintQueue" OR class of it = "Printer"
        )
    )
)

unique values whose(not exists (it as lowercase) whose(it = "fax" OR it contains "root print " OR it contains "remote desktop " OR it contains "webex " OR it contains " converter" OR it contains " virtual printer" OR it contains " publisher imagesetter" OR it contains " onenote " OR it contains "microsoft " OR it contains "pdf")) of ( (string values of selects "Name,Caption,DeviceID,DriverName from win32_printer" of wmi);( names of keys of keys "Control\Print\Printers" of keys whose(name of it contains "ControlSet") of keys "HKEY_LOCAL_MACHINE\SYSTEM" of native registry );( names of keys of keys whose(name of it starts with "Version-") of keys "Drivers" of keys of keys "Control\Print\Environments" of keys whose(name of it contains "ControlSet") of keys "HKEY_LOCAL_MACHINE\SYSTEM" of native registry );(values "Model" of keys of keys of key "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers" of registry as string);(( if (exists friendly name of it) then (friendly names of it) else (descriptions of it) ) of active devices whose(class of it = "PrintQueue" OR class of it = "Printer")) )

Search for:	Relevance	Fixlets/Tasks
	Analyses	BFI Signatures
	Dashboard/Wizard

Title	Keywords	Description
Relevance	Domain	ActionScript
Mime	Signature Content	(clear all)

ID	2994742
Status	Alpha - Code that was just developed
Title	Printer Audit - Windows
Domain	BESC
Added by	jgstew on 10/17/2014 7:54:17 AM
Last Modified by	jgstew on 10/17/2014 7:54:17 AM
Counters	12436 Views / 197 Downloads
User Rating	* Average over 1 rating. ** Log In or Register to add your rating.


Content Search Share Learn Projects	Utilities View SCM Scripts Base64 Converter Shell to Action Script	About About Us Tour FAQ Terms Contact Us	BigFix Resources Download BigFix Support Forum Github/Bigfix

Printer Audit - Windows
Log In or Register to download the BES file, and more.

Versioning - This is the latest version.

Description

Property Details

Properties

Relevance

Sharing

Comments

Content

Utilities

About

BigFix Resources

1	Printer Audit - Windows	10/16/2014 2:28:18 PM
2	Printer Audit - Windows	10/17/2014 7:54:17 AM

	vijay.pratapa - 2/2/2016 11:52:18 PM
	Thank you. was looking for this.

Printer Audit - Windows Log In or Register to download the BES file, and more.

Versioning - This is the latest version.

Description

Property Details

Properties

Relevance

Sharing

Comments

Content

Utilities

About

BigFix Resources

Printer Audit - Windows
Log In or Register to download the BES file, and more.