Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17


Group Policy Printer Preferences Question

Posted on 2010-11-22
Medium Priority
Last Modified: 2012-06-27
We've just put up a Windows 2008 domain controller, and I am beginning to test group policy preference settings to assign printers to OUs.  I think I have everything pretty much figured out, except how to address a scenario that occurs quite often in our organization.  I have several people who work out of two different locations and would like to have the printers available that match the location where they are working.  Since I can only have a user in 1 OU, I'm not sure what else I can do except assign all possible printers to these particular people.  I suppose I could also establish two separate logins for these people, but that doesn't seem really user-friendly and could cause problems with email.  Anyone found a creative way to deal with this type of scenario?
Question by:SRC_IT
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 3
LVL 42

Expert Comment

by:Adam Brown
ID: 34190306
The best way to handle it is to use Item-Level targeting on the Common tab when you are setting up the preference. You can use that to set it up so it will only apply on certain IP addresses (if each site has a different IP address) or you can target the computer object. I've done this with one of my clients that has to have a different default printer at each site and it works quite well. This technet article has more info:

Author Comment

ID: 34190691
I've used the item-level targeting, so I am familiar with it, but maybe I don't understand it completely.  Or maybe my AD OU's are not set up to accomodate this.  But if I have an OU for the first location where the user account resides and an OU for the second location, where the user account does not reside, on the second OU, even if I were to set up a printer preference (for a shared network printer), how would it be applied to this particular user?  Maybe it's just the pending holidays are causing me to need a picture drawn!  Thanks for sticking with me on this because it does sound like you've got it worked out, so I appreciate your knowledge-sharing.
LVL 42

Accepted Solution

Adam Brown earned 2000 total points
ID: 34190821
Basically, how this would work is to apply the Preference on both OUs, it will only apply on the OU that the preference is linked to if you are using the User Configuration preference, but you can then use targeting to determine which computers or IP addresses that the preference will apply on. Preferences are a little more intelligent about applying user configurations to specific computers. Basically, you can do it like this:

User Configuration Printer GPO - Configure printers for BOTH locations under User Configuration\Preferences\Control Panel\Printers- but configure Item Level Targeting to list the IP address range for site 1 on the Site 1 printer preference, and the range for site 2 on the Site 2 printer. Link that GPO to the OU for each site. When you do that, the users that are in the site 1 OU will get Printer 1 when they are logged on to a computer that has an IP address from the Site 1 range, and if they go to site 2, they will get the printer that is located at site 2, but not the one at site 1.

Computer Configuration Printer GPO - You would do the same as with the User Configuration GPO, but this would be linked to the OU with the computers in it. This option will give you significantly less control over the printers, since the Computer Configuration Printer Policy doesn't allow you to define the printer as the Default printer (User Configuration Preference will let you do this).

In either situation, you would create One GPO with settings for Both printers in it and allow the Item Level Targeting to control which computers or users are allowed to use which printers and where they can use them. You need only define a limiting factor for each printer. That can be anything you want, really, as long as the computers that they are allowed to use a specific printer for have that thing in common. That can be IP addresses, a list of MAC addresses (You can specify that the policy will only apply if the MAC address equals XX:XX:XX:XX:XX:XX *OR* ZZ:ZZ:ZZ:ZZ:ZZ:ZZ. The OR is important in that situation, because the default operator is AND when using multiple targeting policies. Since the computers won't have *both* MAC addresses, you would use the OR operator), or a Security group (You could configure the Targeting system to install both printers for each user, or group the computers at each location into a Security Group that is based on site and use that instead of IP addresses).

It all really depends on how your AD is set up.  
Office 365 Training for Admins - 7 Day Trial

Learn how to provision tenants, synchronize on-premise Active Directory, implement Single Sign-On, customize Office deployment, and protect your organization with eDiscovery and DLP policies.  Only from Platform Scholar.


Author Closing Comment

ID: 34190862
Thanks a bunch for spelling that out!  After reading your first paragraph, the light bulb FINALLY came on!!!  Obviously, this will work and meets my needs exactly, so going to go ahead and assign points, prior to testing.
Thanks again for your help!
LVL 42

Expert Comment

by:Adam Brown
ID: 34190895
As a note, you can even get more specific with Item Level Targeting, like having it so User A will have Printer A when logged in to Computer A, but Printer B when logged in to Computer B (And only that situation, so if User B logs in to Computer A, they could still have Printer B). The trick is just knowing that any time you want more than one thing to happen based on certain criteria, you need to have both things linked to the users that need it to happen and then let the Item Level targeting system deal with the constraints. It's really freaking powerful and is one of the best improvements in 2008 :D

Author Comment

ID: 34190958
Thanks for the additional information!  Believe me, I was quite excited when I came across it and then discovered that even though we still have some W2003 DC's, it would still work!  I agree, it has been a long time coming....that and the drive mappings with no batch scripts (yea!) have made my day(s)!!!  Happy Thanksgiving!

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Had a business requirement to store the mobile number in an environmental variable. This is just a quick article on how this was done.
After seeing many questions for JRNL_WRAP_ERROR for replication failure, I thought it would be useful to write this article.
This tutorial will walk an individual through configuring a drive on a Windows Server 2008 to perform shadow copies in order to quickly recover deleted files and folders. Click on Start and then select Computer to view the available drives on the se…
This tutorial will walk an individual through setting the global and backup job media overwrite and protection periods in Backup Exec 2012. Log onto the Backup Exec Central Administration Server. Examine the services. If all or most of them are stop…
Suggested Courses

715 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question