Link to home
Start Free TrialLog in
Avatar of Joel Brown
Joel BrownFlag for United States of America

asked on

GPO - Deploy Printers

We are running a windows 2008 R2 AD and I'm rolling out a GPO to deploy printers.  It's in the testing phase now but I accidently added it to the entire domain.   Everyone got the test printers which I didn't want.  I removed the link to the domain and not only the test printers where removed but the printers we'd manually connected to on some workstations.

Any thoughts on how I can prevent this from happening as I only wanted to remove the test ones.

Thanks ..
Avatar of Ricardo Martínez
Ricardo Martínez
Flag of El Salvador image

Link to home
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of Joel Brown


@ Ricardo,

If they had manually connected to printer " A " and then through gpo I added printer " A " again ....  would removing them from the gpo have removed both ?    

@ Ricardo,

Just to confirm in the GPO I can add " Authenticated Users " to the Security Filter but unless I link the GPO to an OU it won't apply to anyone .......

I'm assuming it looks at the OU members and then only applies to those which are also in the Security Filter box ......   I only have one domain so things are pretty simple ...

Neither way, if you want to remove the added printer you need to select the option "Delete" from the dropbox where you added it, the one that has Add, Update, Delete, Replace options.

From the context of printer "A" you mentioned, it's possible that it have replaced the manually added printers, and somehow when you removed the link of the policy it deleted them all, but it's not the normal behavior.

Yes, you can add a group to the security filter so only those users get the policy, but the printer must be added threw a User Policy insted of a Computer Policy, what type of policy are you using?
I'm using a computer policy  ......
If you're using computer policies then you need to select a group with computers and specify that the computers in that group will be the recipients of the policy and add those computers to a security group.
To prevent this in the future, create a test ou with the same policies as the other ou's and then move a few "test" computers into that test ou to see if it is working properly. That way  you can work out the bugs only on a select few machines.
so to clarify,    

"Computer Group A"  ,  contains Computer A1, A2, A3

GPO is linked to "Computer Group A"

"Computer Group B" ,  contains only Computer B1

Security Filter includes only  " Computer Group B "

Who does the GPO get applied too ?
Computer B1, if by security filter u mean adding "Computer Group B" as the recipient in common options of the policy. Remember to try this on a test environment with test computers.