Avatar of Joel Brown
Joel Brown
Flag for United States of America asked on

GPO - Deploy Printers

We are running a windows 2008 R2 AD and I'm rolling out a GPO to deploy printers.  It's in the testing phase now but I accidently added it to the entire domain.   Everyone got the test printers which I didn't want.  I removed the link to the domain and not only the test printers where removed but the printers we'd manually connected to on some workstations.

Any thoughts on how I can prevent this from happening as I only wanted to remove the test ones.

Thanks ..
Windows Server 2008Active DirectoryPrinters and Scanners

Avatar of undefined
Last Comment
Ricardo Martínez

8/22/2022 - Mon
Ricardo Martínez

Log in or sign up to see answer
Become an EE member today7-DAY FREE TRIAL
Members can start a 7-Day Free trial then enjoy unlimited access to the platform
Sign up - Free for 7 days
Learn why we charge membership fees
We get it - no one likes a content blocker. Take one extra minute and find out why we block content.
Not exactly the question you had in mind?
Sign up for an EE membership and get your own personalized solution. With an EE membership, you can ask unlimited troubleshooting, research, or opinion questions.
ask a question
Joel Brown

@ Ricardo,

If they had manually connected to printer " A " and then through gpo I added printer " A " again ....  would removing them from the gpo have removed both ?    

Joel Brown

@ Ricardo,

Just to confirm in the GPO I can add " Authenticated Users " to the Security Filter but unless I link the GPO to an OU it won't apply to anyone .......

I'm assuming it looks at the OU members and then only applies to those which are also in the Security Filter box ......   I only have one domain so things are pretty simple ...

Ricardo Martínez

Neither way, if you want to remove the added printer you need to select the option "Delete" from the dropbox where you added it, the one that has Add, Update, Delete, Replace options.

From the context of printer "A" you mentioned, it's possible that it have replaced the manually added printers, and somehow when you removed the link of the policy it deleted them all, but it's not the normal behavior.

Yes, you can add a group to the security filter so only those users get the policy, but the printer must be added threw a User Policy insted of a Computer Policy, what type of policy are you using?
Experts Exchange is like having an extremely knowledgeable team sitting and waiting for your call. Couldn't do my job half as well as I do without it!
James Murphy
Joel Brown

I'm using a computer policy  ......
Ricardo Martínez

If you're using computer policies then you need to select a group with computers and specify that the computers in that group will be the recipients of the policy and add those computers to a security group.

To prevent this in the future, create a test ou with the same policies as the other ou's and then move a few "test" computers into that test ou to see if it is working properly. That way  you can work out the bugs only on a select few machines.
Get an unlimited membership to EE for less than $4 a week.
Unlimited question asking, solutions, articles and more.
Joel Brown

so to clarify,    

"Computer Group A"  ,  contains Computer A1, A2, A3

GPO is linked to "Computer Group A"

"Computer Group B" ,  contains only Computer B1

Security Filter includes only  " Computer Group B "

Who does the GPO get applied too ?
Ricardo Martínez

Computer B1, if by security filter u mean adding "Computer Group B" as the recipient in common options of the policy. Remember to try this on a test environment with test computers.