Solved

Prints via Group Policy affecting All Computer

Posted on 2011-09-22
8
333 Views
Last Modified: 2013-11-05
We are running Windows 2008R2 with SP1.  I setup a new group policy to install a printer to a set of lab computers and force that printer to be default.  All the lab computers are in their own separate OU in AD.  This was successfully applied.

The problem is that it applied to ALL computers in the entire AD (not just the OU I applied the group policy to) and forced that printer to be default.
0
Comment
Question by:edawlem
  • 3
  • 2
  • 2
  • +1
8 Comments
 
LVL 39

Expert Comment

by:Krzysztof Pytko
ID: 36585294
Where did you apply this GPO (on which level)? It shoudl be linked only to that particular OU (or even subOU) not to domain.
You can always try to filter this GPO to only particular group of computers.

More about GPO filtering at
http://technet.microsoft.com/en-us/library/cc779291%28WS.10%29.aspx
http://www.windowsnetworking.com/articles_tutorials/group-policy-security-filtering.html

Regards,
Krzysztof
0
 
LVL 6

Expert Comment

by:Reubenwelsh
ID: 36585296
Hi, have you created any filter on the GPO you created? By default it will apply on all users. If the OUs you applied it to have real users in then it will apply on them as well.

Could you send a screenshot of how that GPO is applied?
0
 
LVL 9

Accepted Solution

by:
Lester_Clayton earned 350 total points
ID: 36585311
Have you verified that the Scope Links are only set where you really want them to be set?

Are there Child OU's which are being affected?  GPO's flow down to all Children OU's by default.

Scope Links
If this doesn't help you, on one of the affected computers run from a command prompt and as an administrator, GPRESULT /V.  You may need to redirect that to a text file for easier reading.

At the top of the results, you will see "Applied Group Policy Objects", and it will list all the GPO's applied to the computer.  The following output will highlight what you need to look for.

GPRESULT /V
Finally, are you sure this is a Computer Policy and not a user policy - a user policy may affect machines which you don't want it to.
0
 

Author Comment

by:edawlem
ID: 36585966
I see that I do have it applied to the OU in which the staff users reside as well.  That would be the cause...   But....   One of the printer policies that became active has been there for quite a while.  Is there an update that would have made these suddenly start working on XP computers?
0
Comprehensive Backup Solutions for Microsoft

Acronis protects the complete Microsoft technology stack: Windows Server, Windows PC, laptop and Surface data; Microsoft business applications; Microsoft Hyper-V; Azure VMs; Microsoft Windows Server 2016; Microsoft Exchange 2016 and SQL Server 2016.

 
LVL 39

Expert Comment

by:Krzysztof Pytko
ID: 36585985
Every 90 minutes clients refresh their Group Policies. If you wish to enforce them you need to run in command-line

gpupdate /force
or reboot machine

Krzysztof
0
 

Author Comment

by:edawlem
ID: 36585988
I understand that.  But the policy has been sitting there for months and has not applied itself until this last week.
0
 
LVL 6

Assisted Solution

by:Reubenwelsh
Reubenwelsh earned 150 total points
ID: 36586002
Are you a lone administrator? Could it be someone else has activated it? It wouldnt be the first time ive made gpo's someone else has been troubleshooting printers and through "heey i think ive found it, the gpo isn't active... lets try this!"

They dont just activate themself, the only thing i think of is you hadnt installed the patch that allows extended gpo's on Windows Xp untrill recently, before you install that patch Xp machines dont see the extended GPO's so they would just ignore them.

0
 

Author Comment

by:edawlem
ID: 36586092
I'm pretty much the lone admin on this network.  I have someone else that backs me up but he doesn't know how to work GPOs.  It's possible that the patch wasn't applied to systems until recently...  I'll have to look into that.
0

Featured Post

Don't lose your head updating email signatures!

Do your end users still have the wrong email signature? Do email signature updates bore you or fill you with a sense of dread? You can make this a whole lot easier on yourself by trusting an Exclaimer email signature management solution. Over 50 million users do...so should you!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Synchronize a new Active Directory domain with an existing Office 365 tenant
In this article, I am going to show you how to simulate a multi-site Lab environment on a single Hyper-V host. I use this method successfully in my own lab to simulate three fully routed global AD Sites on a Windows 10 Hyper-V host.
This tutorial will give a an overview on how to deploy remote agents in Backup Exec 2012 to new servers. Click on the Backup Exec button in the upper left corner. From here, are global settings for the application such as connecting to a remote Back…
This tutorial will walk an individual through locating and launching the BEUtility application to properly change the service account username and\or password in situation where it may be necessary or where the password has been inadvertently change…

867 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

15 Experts available now in Live!

Get 1:1 Help Now