Group Policy Printer Preferences Question

Posted on 2010-11-22
Last Modified: 2012-06-27
We've just put up a Windows 2008 domain controller, and I am beginning to test group policy preference settings to assign printers to OUs.  I think I have everything pretty much figured out, except how to address a scenario that occurs quite often in our organization.  I have several people who work out of two different locations and would like to have the printers available that match the location where they are working.  Since I can only have a user in 1 OU, I'm not sure what else I can do except assign all possible printers to these particular people.  I suppose I could also establish two separate logins for these people, but that doesn't seem really user-friendly and could cause problems with email.  Anyone found a creative way to deal with this type of scenario?
Question by:SRC_IT
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 3
LVL 40

Expert Comment

by:Adam Brown
ID: 34190306
The best way to handle it is to use Item-Level targeting on the Common tab when you are setting up the preference. You can use that to set it up so it will only apply on certain IP addresses (if each site has a different IP address) or you can target the computer object. I've done this with one of my clients that has to have a different default printer at each site and it works quite well. This technet article has more info:

Author Comment

ID: 34190691
I've used the item-level targeting, so I am familiar with it, but maybe I don't understand it completely.  Or maybe my AD OU's are not set up to accomodate this.  But if I have an OU for the first location where the user account resides and an OU for the second location, where the user account does not reside, on the second OU, even if I were to set up a printer preference (for a shared network printer), how would it be applied to this particular user?  Maybe it's just the pending holidays are causing me to need a picture drawn!  Thanks for sticking with me on this because it does sound like you've got it worked out, so I appreciate your knowledge-sharing.
LVL 40

Accepted Solution

Adam Brown earned 500 total points
ID: 34190821
Basically, how this would work is to apply the Preference on both OUs, it will only apply on the OU that the preference is linked to if you are using the User Configuration preference, but you can then use targeting to determine which computers or IP addresses that the preference will apply on. Preferences are a little more intelligent about applying user configurations to specific computers. Basically, you can do it like this:

User Configuration Printer GPO - Configure printers for BOTH locations under User Configuration\Preferences\Control Panel\Printers- but configure Item Level Targeting to list the IP address range for site 1 on the Site 1 printer preference, and the range for site 2 on the Site 2 printer. Link that GPO to the OU for each site. When you do that, the users that are in the site 1 OU will get Printer 1 when they are logged on to a computer that has an IP address from the Site 1 range, and if they go to site 2, they will get the printer that is located at site 2, but not the one at site 1.

Computer Configuration Printer GPO - You would do the same as with the User Configuration GPO, but this would be linked to the OU with the computers in it. This option will give you significantly less control over the printers, since the Computer Configuration Printer Policy doesn't allow you to define the printer as the Default printer (User Configuration Preference will let you do this).

In either situation, you would create One GPO with settings for Both printers in it and allow the Item Level Targeting to control which computers or users are allowed to use which printers and where they can use them. You need only define a limiting factor for each printer. That can be anything you want, really, as long as the computers that they are allowed to use a specific printer for have that thing in common. That can be IP addresses, a list of MAC addresses (You can specify that the policy will only apply if the MAC address equals XX:XX:XX:XX:XX:XX *OR* ZZ:ZZ:ZZ:ZZ:ZZ:ZZ. The OR is important in that situation, because the default operator is AND when using multiple targeting policies. Since the computers won't have *both* MAC addresses, you would use the OR operator), or a Security group (You could configure the Targeting system to install both printers for each user, or group the computers at each location into a Security Group that is based on site and use that instead of IP addresses).

It all really depends on how your AD is set up.  
Backup Solution for AWS

Read about how CloudBerry Backup fully integrates your backups with Amazon S3 and Amazon Glacier to provide military-grade encryption and dramatically cut storage costs on any platform.


Author Closing Comment

ID: 34190862
Thanks a bunch for spelling that out!  After reading your first paragraph, the light bulb FINALLY came on!!!  Obviously, this will work and meets my needs exactly, so going to go ahead and assign points, prior to testing.
Thanks again for your help!
LVL 40

Expert Comment

by:Adam Brown
ID: 34190895
As a note, you can even get more specific with Item Level Targeting, like having it so User A will have Printer A when logged in to Computer A, but Printer B when logged in to Computer B (And only that situation, so if User B logs in to Computer A, they could still have Printer B). The trick is just knowing that any time you want more than one thing to happen based on certain criteria, you need to have both things linked to the users that need it to happen and then let the Item Level targeting system deal with the constraints. It's really freaking powerful and is one of the best improvements in 2008 :D

Author Comment

ID: 34190958
Thanks for the additional information!  Believe me, I was quite excited when I came across it and then discovered that even though we still have some W2003 DC's, it would still work!  I agree, it has been a long time coming....that and the drive mappings with no batch scripts (yea!) have made my day(s)!!!  Happy Thanksgiving!

Featured Post

Windows Server 2016: All you need to know

Learn about Hyper-V features that increase functionality and usability of Microsoft Windows Server 2016. Also, throughout this eBook, you’ll find some basic PowerShell examples that will help you leverage the scripts in your environments!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article explains how to install and use the NTBackup utility that comes with Windows Server.
This article demonstrates probably the easiest way to configure domain-wide tier isolation within Active Directory. If you do not know tier isolation read…
This tutorial will give a short introduction and overview of Backup Exec 2012 and how to navigate and perform basic functions. Click on the Backup Exec button in the upper left corner. From here, are global settings for the application such as conne…
This tutorial will show how to configure a single USB drive with a separate folder for each day of the week. This will allow each of the backups to be kept separate preventing the previous day’s backup from being overwritten. The USB drive must be s…

726 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question