• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 530
  • Last Modified:

Group Policy Change Not Being Applied.

Hello folks, I am having a troublesome issue with some of my client computers.  We have a Workstations OU with a GPO linked to it that deploys printers to the computer and enables point and print restrictions for our server.  This works fine about 80% of the time.  Regardless of who logs on to the computer the same printers are always available, users are unable to delete the printers as they are deployed to the computer and the point and print restrictions enables our users to update the drivers on these printers when we roll out a driver update (our users are not admins on their boxes).  Sometimes we need to move these machines into a different OU that does NOT have any deployed printers but retains the point and print restrictions so that users can add and delete printers at will.  Again this works fine 80% of the time but some computers don't seem to be getting the new policy even though in event viewer they say group policy processing has completed successfully.  GPRESULT lists the new policy like it should (the one where the printers are not deployed) and there is no mention anywhere of the old policy that deployed the printers.  But low and behold in Devices and Printers you still see all the old printers that were deployed with the old policy.  What's worse is that they can't be deleted (even by a domain admin) because the pc still thinks they are deployed to the computer.  gpupdate, gpupdate /force, reboot (a billion times), I can't think of what is going on.  I even went as far as removing one of these problem pc's from the domain, renamed it, rejoined it (now it is just in the computers folder), and then moved it directly into the desired OU but the damned printers are STILL there and cannot be deleted.  Any ideas?  Thanks experts!  I should note the print server is Server 2008 x64, the domain controllers are Server 2008R2, and the problem client computers are Windows 7 Enterprise x64.
0
DKowalchik
Asked:
DKowalchik
  • 3
  • 2
1 Solution
 
CHutchinsCommented:
Big question I didnt see are you on 2008 Domain?

If you are use GPP for the Win 7 machines scripting is not going to work well with the new security options in 7.  GPP is put in place to replace the scripting.  
0
 
DKowalchikAuthor Commented:
Sorry I fogot to mention, no our domain level is 2003.  We still have 2 dc's in our Boston office that are 2003.  You think that's the issue?
0
 
DKowalchikAuthor Commented:
The original policy deployed the printers via the following gpo settings:  Computer Configuration -> Policies -> Windows Settings -> Printer Connections and the various \\servername\printername connections.
0
Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

 
CHutchinsCommented:
There is your problem.  & will not take a printer script without admin rights.

I fought this for weeks until I learned about GPP in 08.  You will only see this issue on Vista and 7 machines as they changed security rights.  XP the scripts will work fine, but in 7 if they do not have admin rights they will not be able to run correctly to install the printer.

GPP allows you to raise the level of a user to be able to install printers without being a admin, but as you stated you are on 03 and this is not available.
0
 
DKowalchikAuthor Commented:
Close the question and award the points if you'd like but the suggested answer is incorrect.  If CHutchins comment was correct I would not have this problem at all.  I know how group policy processing works and you can give non-admins the right to install and update printer drivers in Windows 7 on a 2003 functional level domain.  I know this because we're doing it in production.  Like I stated in my orginial question everything works fine for %80 (actually more like %95) of our machines but we had about 15 stubborn pc's and laptops that were experiencing this issue.  I couldn't take the time to troubleshoot anymore so I reimaged the problem pc's and moved them into the desired OU (where non-admin users have the rights to install/update printers/print drivers) and viola.  But since CHutchins was the only person nice enough to offer a solution feel free to award the points.
0
 
LeeTutorretiredCommented:
This question has been classified as abandoned and is being closed as part of the Cleanup Program. See my comment at the end of the question for more details.
0

Featured Post

[Webinar On Demand] Database Backup and Recovery

Does your company store data on premises, off site, in the cloud, or a combination of these? If you answered “yes”, you need a data backup recovery plan that fits each and every platform. Watch now as as Percona teaches us how to build agile data backup recovery plan.

  • 3
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now