Go Premium for a chance to win a PS4. Enter to Win

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 442
  • Last Modified:

Group Policy Printer Preferences Question

We've just put up a Windows 2008 domain controller, and I am beginning to test group policy preference settings to assign printers to OUs.  I think I have everything pretty much figured out, except how to address a scenario that occurs quite often in our organization.  I have several people who work out of two different locations and would like to have the printers available that match the location where they are working.  Since I can only have a user in 1 OU, I'm not sure what else I can do except assign all possible printers to these particular people.  I suppose I could also establish two separate logins for these people, but that doesn't seem really user-friendly and could cause problems with email.  Anyone found a creative way to deal with this type of scenario?
0
SRC_IT
Asked:
SRC_IT
  • 3
  • 3
1 Solution
 
Adam BrownSr Solutions ArchitectCommented:
The best way to handle it is to use Item-Level targeting on the Common tab when you are setting up the preference. You can use that to set it up so it will only apply on certain IP addresses (if each site has a different IP address) or you can target the computer object. I've done this with one of my clients that has to have a different default printer at each site and it works quite well. This technet article has more info: http://technet.microsoft.com/en-us/library/cc733022.aspx
0
 
SRC_ITAuthor Commented:
I've used the item-level targeting, so I am familiar with it, but maybe I don't understand it completely.  Or maybe my AD OU's are not set up to accomodate this.  But if I have an OU for the first location where the user account resides and an OU for the second location, where the user account does not reside, on the second OU, even if I were to set up a printer preference (for a shared network printer), how would it be applied to this particular user?  Maybe it's just the pending holidays are causing me to need a picture drawn!  Thanks for sticking with me on this because it does sound like you've got it worked out, so I appreciate your knowledge-sharing.
0
 
Adam BrownSr Solutions ArchitectCommented:
Basically, how this would work is to apply the Preference on both OUs, it will only apply on the OU that the preference is linked to if you are using the User Configuration preference, but you can then use targeting to determine which computers or IP addresses that the preference will apply on. Preferences are a little more intelligent about applying user configurations to specific computers. Basically, you can do it like this:

User Configuration Printer GPO - Configure printers for BOTH locations under User Configuration\Preferences\Control Panel\Printers- but configure Item Level Targeting to list the IP address range for site 1 on the Site 1 printer preference, and the range for site 2 on the Site 2 printer. Link that GPO to the OU for each site. When you do that, the users that are in the site 1 OU will get Printer 1 when they are logged on to a computer that has an IP address from the Site 1 range, and if they go to site 2, they will get the printer that is located at site 2, but not the one at site 1.

Computer Configuration Printer GPO - You would do the same as with the User Configuration GPO, but this would be linked to the OU with the computers in it. This option will give you significantly less control over the printers, since the Computer Configuration Printer Policy doesn't allow you to define the printer as the Default printer (User Configuration Preference will let you do this).

In either situation, you would create One GPO with settings for Both printers in it and allow the Item Level Targeting to control which computers or users are allowed to use which printers and where they can use them. You need only define a limiting factor for each printer. That can be anything you want, really, as long as the computers that they are allowed to use a specific printer for have that thing in common. That can be IP addresses, a list of MAC addresses (You can specify that the policy will only apply if the MAC address equals XX:XX:XX:XX:XX:XX *OR* ZZ:ZZ:ZZ:ZZ:ZZ:ZZ. The OR is important in that situation, because the default operator is AND when using multiple targeting policies. Since the computers won't have *both* MAC addresses, you would use the OR operator), or a Security group (You could configure the Targeting system to install both printers for each user, or group the computers at each location into a Security Group that is based on site and use that instead of IP addresses).

It all really depends on how your AD is set up.  
0
What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

 
SRC_ITAuthor Commented:
Thanks a bunch for spelling that out!  After reading your first paragraph, the light bulb FINALLY came on!!!  Obviously, this will work and meets my needs exactly, so going to go ahead and assign points, prior to testing.
Thanks again for your help!
0
 
Adam BrownSr Solutions ArchitectCommented:
As a note, you can even get more specific with Item Level Targeting, like having it so User A will have Printer A when logged in to Computer A, but Printer B when logged in to Computer B (And only that situation, so if User B logs in to Computer A, they could still have Printer B). The trick is just knowing that any time you want more than one thing to happen based on certain criteria, you need to have both things linked to the users that need it to happen and then let the Item Level targeting system deal with the constraints. It's really freaking powerful and is one of the best improvements in 2008 :D
0
 
SRC_ITAuthor Commented:
Thanks for the additional information!  Believe me, I was quite excited when I came across it and then discovered that even though we still have some W2003 DC's, it would still work!  I agree, it has been a long time coming....that and the drive mappings with no batch scripts (yea!) have made my day(s)!!!  Happy Thanksgiving!
0

Featured Post

Creating Active Directory Users from a Text File

If your organization has a need to mass-create AD user accounts, watch this video to see how its done without the need for scripting or other unnecessary complexities.

  • 3
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now