Set up "Group" on Domain Controller and apply Policy to same "Group"
Posted on 2014-08-20
We have two different servers acting as Application Servers in our domain. Our end users access these servers via RDP. We allow printer redirection.
Although the end user's "Devices and Printers" folder on their own computer may list 10 different printers, we've restricted the number of printers that will be recognized by the Application Servers to the end user's Default Printer. We've done that by setting that parameter via:
Computer Configuration\Policies\Administrative Templates\Windows Components\Remote Desktop Services\Remote Desktop Session Host\Printer Redirection
on both Application Servers.
However, we have a few end users who need to be able to print to ALL the printers listed in their local "Devices and Printers" folder.
I'm assuming that I must create a "Group" that would be excluded from the Application Servers setting described above. I would place the end users who need to print to ALL printers in that group.
Does this group get created on the Application Servers or the Domain Controller? Does this policy of exclusion get created via Group Policy on the Domain Controller? Or, does all this happen on the Application Servers? Does Group Policy on the Domain Controller override the settings already in place on the Application Servers?
I need help. Please advise.