Hi all,
I have a puzzle that I am hoping someone can help me with. I am trying to install printers to citrix users depending on which security group they belong to in AD.
Details:
I have created an OU called <Sitename> (Per site)
In each OU there are <Dept> OUs
In each <Dept> there are <user> accounts
I have also created a security group for each printer.
Each <user> may be a member of a domain security group such as 'SG_PRN_<printername>'
I have created a GPO for each security group above as follows:
Computer
- Policies
- - Windows Settings
- - - Security Settings
- - - - Local Policies/Security Options
- - - - - Devices
- - - - - - Policy - Devices: prevent users from installing printer drivers=disabled (I have also done this as part of the default domain policy to be sure it is being applied)
User
- Preferences
- - Control Panel Settings
- - -Printers
- - - - Shared Printer (Name: \\server\printername) [This is entered as the printer name]
- - - - - Printername (Order 1)
- - - - - - General
- - - - - - - Action = Replace
- - - - - - - Properties
- - - - - - - - Share path = \\server\printername
- - - - - - - - Set Default = True
- - - - - - - - Only if local printer not present = True
- - - - - - - - Local Port =
- - - - - - Common
- - - - - - - Options
- - - - - - - - Stop processing if error = No
- - - - - - - - Run in logged on users context = No
- - - - - - - - Remove when not applied = Yes
- - - - - - - Item Level Targetting
- - - - - - - - bool = AND
- - - - - - - - not = 0
- - - - - - - - name = domain\SG_PRN Security group
- - - - - - - - sid = the sid
- - - - - - - - userContext = 1
- - - - - - - - Primary Group = 0
- - - - - - - - Local Group = 0
The problem is no matter what level of user (Even administrator level users) I still don't have the printer installed.
According to what I have read that is all I need to do.
If anyone has any suggestions as to how to resolve this I would be very grateful.