Solved

Prints via Group Policy affecting All Computer

Posted on 2011-09-22
8
350 Views
Last Modified: 2013-11-05
We are running Windows 2008R2 with SP1.  I setup a new group policy to install a printer to a set of lab computers and force that printer to be default.  All the lab computers are in their own separate OU in AD.  This was successfully applied.

The problem is that it applied to ALL computers in the entire AD (not just the OU I applied the group policy to) and forced that printer to be default.
0
Comment
Question by:edawlem
  • 3
  • 2
  • 2
  • +1
8 Comments
 
LVL 39

Expert Comment

by:Krzysztof Pytko
ID: 36585294
Where did you apply this GPO (on which level)? It shoudl be linked only to that particular OU (or even subOU) not to domain.
You can always try to filter this GPO to only particular group of computers.

More about GPO filtering at
http://technet.microsoft.com/en-us/library/cc779291%28WS.10%29.aspx
http://www.windowsnetworking.com/articles_tutorials/group-policy-security-filtering.html

Regards,
Krzysztof
0
 
LVL 6

Expert Comment

by:Reubenwelsh
ID: 36585296
Hi, have you created any filter on the GPO you created? By default it will apply on all users. If the OUs you applied it to have real users in then it will apply on them as well.

Could you send a screenshot of how that GPO is applied?
0
 
LVL 9

Accepted Solution

by:
Lester_Clayton earned 350 total points
ID: 36585311
Have you verified that the Scope Links are only set where you really want them to be set?

Are there Child OU's which are being affected?  GPO's flow down to all Children OU's by default.

Scope Links
If this doesn't help you, on one of the affected computers run from a command prompt and as an administrator, GPRESULT /V.  You may need to redirect that to a text file for easier reading.

At the top of the results, you will see "Applied Group Policy Objects", and it will list all the GPO's applied to the computer.  The following output will highlight what you need to look for.

GPRESULT /V
Finally, are you sure this is a Computer Policy and not a user policy - a user policy may affect machines which you don't want it to.
0
Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

 

Author Comment

by:edawlem
ID: 36585966
I see that I do have it applied to the OU in which the staff users reside as well.  That would be the cause...   But....   One of the printer policies that became active has been there for quite a while.  Is there an update that would have made these suddenly start working on XP computers?
0
 
LVL 39

Expert Comment

by:Krzysztof Pytko
ID: 36585985
Every 90 minutes clients refresh their Group Policies. If you wish to enforce them you need to run in command-line

gpupdate /force
or reboot machine

Krzysztof
0
 

Author Comment

by:edawlem
ID: 36585988
I understand that.  But the policy has been sitting there for months and has not applied itself until this last week.
0
 
LVL 6

Assisted Solution

by:Reubenwelsh
Reubenwelsh earned 150 total points
ID: 36586002
Are you a lone administrator? Could it be someone else has activated it? It wouldnt be the first time ive made gpo's someone else has been troubleshooting printers and through "heey i think ive found it, the gpo isn't active... lets try this!"

They dont just activate themself, the only thing i think of is you hadnt installed the patch that allows extended gpo's on Windows Xp untrill recently, before you install that patch Xp machines dont see the extended GPO's so they would just ignore them.

0
 

Author Comment

by:edawlem
ID: 36586092
I'm pretty much the lone admin on this network.  I have someone else that backs me up but he doesn't know how to work GPOs.  It's possible that the patch wasn't applied to systems until recently...  I'll have to look into that.
0

Featured Post

Best Practices: Disaster Recovery Testing

Besides backup, any IT division should have a disaster recovery plan. You will find a few tips below relating to the development of such a plan and to what issues one should pay special attention in the course of backup planning.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Last week, our Skyport webinar on “How to secure your Active Directory” (https://www.experts-exchange.com/videos/5810/Webinar-Is-Your-Active-Directory-as-Secure-as-You-Think.html?cid=Gene_Skyport) provided 218 attendees with a step-by-step guide for…
In-place Upgrading Dirsync to Azure AD Connect
This tutorial will walk an individual through setting the global and backup job media overwrite and protection periods in Backup Exec 2012. Log onto the Backup Exec Central Administration Server. Examine the services. If all or most of them are stop…
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …

831 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question