From 9724882578fc8b46aa5291d66fb77175c1e9c63b Mon Sep 17 00:00:00 2001
From: silversword411 <github.com@datmail.com>
Date: Thu, 2 Sep 2021 08:23:05 -0400
Subject: [PATCH] wip script for print check

---
 scripts_wip/Win_SecCheck_Print_kb5005010.ps1 | 22 ++++++++++++++++++++
 1 file changed, 22 insertions(+)
 create mode 100644 scripts_wip/Win_SecCheck_Print_kb5005010.ps1

diff --git a/scripts_wip/Win_SecCheck_Print_kb5005010.ps1 b/scripts_wip/Win_SecCheck_Print_kb5005010.ps1
new file mode 100644
index 00000000..7acf5e8f
--- /dev/null
+++ b/scripts_wip/Win_SecCheck_Print_kb5005010.ps1
@@ -0,0 +1,22 @@
+# Checking for insecure by design print features being enabled
+# See https://support.microsoft.com/en-us/topic/kb5005010-restricting-installation-of-new-printer-drivers-after-applying-the-july-6-2021-updates-31b91c02-05bc-4ada-a7ea-183b129578a7
+
+$PointAndPrintNoElevation = (Get-ItemProperty -Path "HKLM:\Software\Policies\Microsoft\Windows NT\Printers\PointAndPrintNoElevation").NoWarningNoElevationOnInstall
+$PointAndPrintUpdatePrompt = (Get-ItemProperty -Path "HKLM:\Software\Policies\Microsoft\Windows NT\Printers\PointAndPrintNoElevation").UpdatePromptSettings
+
+if ($PointAndPrintNoElevation -Eq 1) {
+    Write-Output "Point and Print WarningNoElevationOnInstall set to true. WARNING: You are insecure-by-design."
+    exit 1
+}
+
+elseif ($PointAndPrintUpdatePrompt -Eq 1) {
+    Write-Output "Point and Print PointAndPrintUpdatePrompt set to true. WARNING: You are insecure-by-design."
+    exit 1
+}
+
+else {
+    Write-Output "WarningNoElevationOnInstall UpdatePromptSettings set to false. No vulnerabilities"
+    exit 0
+}
+
+Exit $LASTEXITCODE
\ No newline at end of file