Solved

Group Policy Printer Preferences Question

Posted on 2010-11-22
6
434 Views
Last Modified: 2012-06-27
We've just put up a Windows 2008 domain controller, and I am beginning to test group policy preference settings to assign printers to OUs.  I think I have everything pretty much figured out, except how to address a scenario that occurs quite often in our organization.  I have several people who work out of two different locations and would like to have the printers available that match the location where they are working.  Since I can only have a user in 1 OU, I'm not sure what else I can do except assign all possible printers to these particular people.  I suppose I could also establish two separate logins for these people, but that doesn't seem really user-friendly and could cause problems with email.  Anyone found a creative way to deal with this type of scenario?
0
Comment
Question by:SRC_IT
  • 3
  • 3
6 Comments
 
LVL 38

Expert Comment

by:Adam Brown
Comment Utility
The best way to handle it is to use Item-Level targeting on the Common tab when you are setting up the preference. You can use that to set it up so it will only apply on certain IP addresses (if each site has a different IP address) or you can target the computer object. I've done this with one of my clients that has to have a different default printer at each site and it works quite well. This technet article has more info: http://technet.microsoft.com/en-us/library/cc733022.aspx
0
 

Author Comment

by:SRC_IT
Comment Utility
I've used the item-level targeting, so I am familiar with it, but maybe I don't understand it completely.  Or maybe my AD OU's are not set up to accomodate this.  But if I have an OU for the first location where the user account resides and an OU for the second location, where the user account does not reside, on the second OU, even if I were to set up a printer preference (for a shared network printer), how would it be applied to this particular user?  Maybe it's just the pending holidays are causing me to need a picture drawn!  Thanks for sticking with me on this because it does sound like you've got it worked out, so I appreciate your knowledge-sharing.
0
 
LVL 38

Accepted Solution

by:
Adam Brown earned 500 total points
Comment Utility
Basically, how this would work is to apply the Preference on both OUs, it will only apply on the OU that the preference is linked to if you are using the User Configuration preference, but you can then use targeting to determine which computers or IP addresses that the preference will apply on. Preferences are a little more intelligent about applying user configurations to specific computers. Basically, you can do it like this:

User Configuration Printer GPO - Configure printers for BOTH locations under User Configuration\Preferences\Control Panel\Printers- but configure Item Level Targeting to list the IP address range for site 1 on the Site 1 printer preference, and the range for site 2 on the Site 2 printer. Link that GPO to the OU for each site. When you do that, the users that are in the site 1 OU will get Printer 1 when they are logged on to a computer that has an IP address from the Site 1 range, and if they go to site 2, they will get the printer that is located at site 2, but not the one at site 1.

Computer Configuration Printer GPO - You would do the same as with the User Configuration GPO, but this would be linked to the OU with the computers in it. This option will give you significantly less control over the printers, since the Computer Configuration Printer Policy doesn't allow you to define the printer as the Default printer (User Configuration Preference will let you do this).

In either situation, you would create One GPO with settings for Both printers in it and allow the Item Level Targeting to control which computers or users are allowed to use which printers and where they can use them. You need only define a limiting factor for each printer. That can be anything you want, really, as long as the computers that they are allowed to use a specific printer for have that thing in common. That can be IP addresses, a list of MAC addresses (You can specify that the policy will only apply if the MAC address equals XX:XX:XX:XX:XX:XX *OR* ZZ:ZZ:ZZ:ZZ:ZZ:ZZ. The OR is important in that situation, because the default operator is AND when using multiple targeting policies. Since the computers won't have *both* MAC addresses, you would use the OR operator), or a Security group (You could configure the Targeting system to install both printers for each user, or group the computers at each location into a Security Group that is based on site and use that instead of IP addresses).

It all really depends on how your AD is set up.  
0
Integrate social media with email signatures

Is your company active on social media? Do you also use email signatures? Including social media icons in your email signature is a great way to get fans for free. Let all your email users know you’re on social media quickly and easily, in a single click.

 

Author Closing Comment

by:SRC_IT
Comment Utility
Thanks a bunch for spelling that out!  After reading your first paragraph, the light bulb FINALLY came on!!!  Obviously, this will work and meets my needs exactly, so going to go ahead and assign points, prior to testing.
Thanks again for your help!
0
 
LVL 38

Expert Comment

by:Adam Brown
Comment Utility
As a note, you can even get more specific with Item Level Targeting, like having it so User A will have Printer A when logged in to Computer A, but Printer B when logged in to Computer B (And only that situation, so if User B logs in to Computer A, they could still have Printer B). The trick is just knowing that any time you want more than one thing to happen based on certain criteria, you need to have both things linked to the users that need it to happen and then let the Item Level targeting system deal with the constraints. It's really freaking powerful and is one of the best improvements in 2008 :D
0
 

Author Comment

by:SRC_IT
Comment Utility
Thanks for the additional information!  Believe me, I was quite excited when I came across it and then discovered that even though we still have some W2003 DC's, it would still work!  I agree, it has been a long time coming....that and the drive mappings with no batch scripts (yea!) have made my day(s)!!!  Happy Thanksgiving!
0

Featured Post

Zoho SalesIQ

Hassle-free live chat software re-imagined for business growth. 2 users, always free.

Join & Write a Comment

If you migrate a Terminal Server licenses server inside the 2008 server family, you can takte advantage of the build-in migration tool. If you like to migrate an older 2003 Server (and the installed client CALs) to a 2008 R2 server for example, you …
Disabling the Directory Sync Service Account in Office 365 will stop directory synchronization from working.
To efficiently enable the rotation of USB drives for backups, storage pools need to be created. This way no matter which USB drive is installed, the backups will successfully write without any administrative intervention. Multiple USB devices need t…
This tutorial will walk an individual through setting the global and backup job media overwrite and protection periods in Backup Exec 2012. Log onto the Backup Exec Central Administration Server. Examine the services. If all or most of them are stop…

728 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now