Mitigation for CVE-2021-34527 RCE by setting WRITE ACLs.
These scripts are both to add and remove CVE-2021-34527(PrintNightmare) ACL mitigations that I wrote with assistance from /u/AforAnonymous from the reddit thread by Huntress in /r/MSP. I've personally tested this using a vulnerable Windows 1909 Host. Implementing the ACL mitigation caused PrintNightmare at https://github.com/cube0x0/CVE-2021-1675 to kick the error DCERPC Runtime Error: code: 0x5 - rpc_s_access_denied. Please note that while the github I just referenced states CVE-2021-1675, it is actually for CVE-2021-34527. Once the ACL was removed with the rollback script, PrintNightmare was again successful.
This was inspired by https://blog.truesec.com/2021/06/30/fix-for-printnightmare-cve-2021-1675-exploit-to-keep-your-print-servers-running-while-a-patch-is-not-available/ and is not meant to be anything more than a potentially helpful mitigation until a patch is released.
Note you may not be able to add new printers/drivers with the mitigation in place. If you need to add a new printer/driver, you can run the rollback script, add the new printer/driver, and then re-run the mitigation script.