Link to home
Start Free TrialLog in
Avatar of DKowalchik
DKowalchik

asked on

Group Policy Change Not Being Applied.

Hello folks, I am having a troublesome issue with some of my client computers.  We have a Workstations OU with a GPO linked to it that deploys printers to the computer and enables point and print restrictions for our server.  This works fine about 80% of the time.  Regardless of who logs on to the computer the same printers are always available, users are unable to delete the printers as they are deployed to the computer and the point and print restrictions enables our users to update the drivers on these printers when we roll out a driver update (our users are not admins on their boxes).  Sometimes we need to move these machines into a different OU that does NOT have any deployed printers but retains the point and print restrictions so that users can add and delete printers at will.  Again this works fine 80% of the time but some computers don't seem to be getting the new policy even though in event viewer they say group policy processing has completed successfully.  GPRESULT lists the new policy like it should (the one where the printers are not deployed) and there is no mention anywhere of the old policy that deployed the printers.  But low and behold in Devices and Printers you still see all the old printers that were deployed with the old policy.  What's worse is that they can't be deleted (even by a domain admin) because the pc still thinks they are deployed to the computer.  gpupdate, gpupdate /force, reboot (a billion times), I can't think of what is going on.  I even went as far as removing one of these problem pc's from the domain, renamed it, rejoined it (now it is just in the computers folder), and then moved it directly into the desired OU but the damned printers are STILL there and cannot be deleted.  Any ideas?  Thanks experts!  I should note the print server is Server 2008 x64, the domain controllers are Server 2008R2, and the problem client computers are Windows 7 Enterprise x64.
Avatar of CHutchins
CHutchins

Big question I didnt see are you on 2008 Domain?

If you are use GPP for the Win 7 machines scripting is not going to work well with the new security options in 7.  GPP is put in place to replace the scripting.  
Avatar of DKowalchik

ASKER

Sorry I fogot to mention, no our domain level is 2003.  We still have 2 dc's in our Boston office that are 2003.  You think that's the issue?
The original policy deployed the printers via the following gpo settings:  Computer Configuration -> Policies -> Windows Settings -> Printer Connections and the various \\servername\printername connections.
ASKER CERTIFIED SOLUTION
Avatar of CHutchins
CHutchins

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Close the question and award the points if you'd like but the suggested answer is incorrect.  If CHutchins comment was correct I would not have this problem at all.  I know how group policy processing works and you can give non-admins the right to install and update printer drivers in Windows 7 on a 2003 functional level domain.  I know this because we're doing it in production.  Like I stated in my orginial question everything works fine for %80 (actually more like %95) of our machines but we had about 15 stubborn pc's and laptops that were experiencing this issue.  I couldn't take the time to troubleshoot anymore so I reimaged the problem pc's and moved them into the desired OU (where non-admin users have the rights to install/update printers/print drivers) and viola.  But since CHutchins was the only person nice enough to offer a solution feel free to award the points.
Avatar of LeeTutor
This question has been classified as abandoned and is being closed as part of the Cleanup Program. See my comment at the end of the question for more details.