• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 819
  • Last Modified:

Deploying AD Printers Best Practices

We have 7 buildings, each with their own print server and domain controllers. They each are on their own subnet and we have created AD Sites for each of those subnets. The print servers are Windows Server 2008 32bit.

The question I have, is what is the best practice for deploying printers to client machines. We are currently using Group Policy Preferences which we suspect may be causing delay in login times.

So what is best practice for deploying printers so that certain rooms get certain printers. Please be detailed with your responses
0
Grasty86
Asked:
Grasty86
  • 4
  • 4
1 Solution
 
Joseph MoodyBlogger and wearer of all hats.Commented:
Group Policy Preferences should not be slowly down logons too bad. If you can, move the printers to computer side (instead of user side). Then they are only processed at logon.

In our location, we do the following:

1. almost all printers are deployed user side.
2. printers are deployed in GPOs closest to the computer (most times in the specific OU the computer is in)
3. each printer has its own policy.
4. Very little item level targetting
5. No WMI filtering on printer policies
6. We fill in the location/model for the printer so that users can add it themselves if they would like.
0
 
Grasty86Author Commented:
Currently each building gets 2-3 Policies

1. Default Domain Policy (contains password complexity, and such)
2. A Policy for that building
3. Laptop Policy if the computer is a laptop
4. Student restrictions policy if logging in as a student

The individual Building Policy contains all of the printers in User Preferences and we use Item Level Targeting to choose which OU's get that printer. We also have a seperate OU for every Room so that this can be accomplished

We are experiencing slow login times to the domain on XP SP3 32bit, and were not experiencing the same issues on Windows 7 64bit ... until we added 64bit drivers to all of our print servers, at which point the windows 7 login times slowed down. Which leads us to believe our printer setup is contributing to the issue.
0
 
Joseph MoodyBlogger and wearer of all hats.Commented:
Are the printers set to update, replace, or create?

Try moving the printers for one OU to the computer side and set them to create.
0
Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

 
Grasty86Author Commented:
You can ignore the slow login time issue though, I have another question open for that issue. This issue is in regards to Printing best practices. The comment about the slow domain login is just background information.
0
 
Grasty86Author Commented:
They are all set to update
0
 
Joseph MoodyBlogger and wearer of all hats.Commented:
We prefer create only because are printers do not change. Create will only apply the printer once.
0
 
Grasty86Author Commented:
My understanding (What little I know about Group Policy) was that having more policies was bad, as the more policies you have the slower login times will get because they have to run through all those policies. What is the advantage to having individual policies for each printer instead of item level targeting, given that we have approximately 15-20 printers in most of the buildings
0
 
Joseph MoodyBlogger and wearer of all hats.Commented:
More policies are not bad. Single giant policies usually take longer to process than small ones. Once a policy has been applied once, it is not applied again until it changes. Larger policies tend to change more often than smaller ones.

Imagine a policy with 1 printer in it. If you change this one printer preference, the enitre policy is reapplied. That isn't a big deal because it only contains 1 setting.

Now imagine a large policy (let's say 20 printers). If you change one setting on one printer (or add/remove a printer), the entire policy is reapplied to every computer that is linked to it. Each computer has to rerun the item level targetting to see if the printer linked to it. If you set it to update, it has to reinstall every printer.

0

Featured Post

Fill in the form and get your FREE NFR key NOW!

Veeam is happy to provide a FREE NFR server license to certified engineers, trainers, and bloggers.  It allows for the non‑production use of Veeam Agent for Microsoft Windows. This license is valid for five workstations and two servers.

  • 4
  • 4
Tackle projects and never again get stuck behind a technical roadblock.
Join Now