• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 157
  • Last Modified:

Group ploicy by ip address

Hi guys

I have 6-7 sites, with each on diff ip subnets but all authenticate via one domain. What my issue is, i have one site with a MFP printer. The printer is installed to server. As the clients move around to different sites daily i thought the best way to deploy that printer to users would be via gpo with ip based.

So i set up GPO with the 192.168.0 range for printer to be installed. I have for now added my laptop ip address so can test if it works for me only. I have attatched the GPO settings and i have done gpo update on server and desktop and not getting the printer installed to my laptop. I am conncted via wifi and most users are.

Unless there is another way to deploy printers based on where they are ? but thought this would be easiest. but i realised, if a user say hibernates his/her machine, will it pick up the printer or do they need to log off and log on?
Doc1.pdf
0
Sundeep V
Asked:
Sundeep V
3 Solutions
 
Joseph MoodyBlogger and wearer of all hats.Commented:
You can link GPOs to AD sites in the Group Policy Management Console.
0
 
Sundeep VAuthor Commented:
The users are created in one OU, USERS. The laptops are roaming at different sites so they are grouped by the departments like Marketing, finance etc

There is nothing in ad users and computers for me to deploy to london and one to say derby etc. unless there's something else that i am missing when you said sites?
0
 
MaheshArchitectCommented:
Install printer on any server and share it for everyone

Then add shared printer instead of tcp\IP based printer
Under user configuration \ GPP, In shared printer enter \\IP\printer as path instead of server name

Then in addition to IP based item targeting, add "run in logged on user security context" on common tab and apply this policy on OU containing users
IP filter will ensure that printer will get installed on clients with specific subnet added to GPP

This would work
0
Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

 
Will SzymkowskiSenior Solution ArchitectCommented:
You do not have to use your OU structure to accomplish this. Sure you need to link the Group Policy to the OU but, you can use Security Filtering to apply policies to set devices or individual users. This way when you link the GPO to an OU if you have other AD objects that are not part of the Security Group you used with Security Filtering section it will not apply.

I would also be deploying printers using Group Policy Preferences.
Deploy Printers using GPP

Will.
0
 
it_saigeDeveloperCommented:
Correct but what Joseph is talking about is linking GPO's to your Sites and Services entries.

https://technet.microsoft.com/en-us/library/cc738954%28v=ws.10%29.aspxCapture.JPGCapture.JPG-saige-
0
 
MaheshArchitectCommented:
Why you need to deploy GPO on site level?

U already using item level targeting with IP filter, so just need to apply GPO on OU containing users, IP filter will take care on which machine printer should get installed
0
 
LearnctxEngineerCommented:
Site GPO's are more appropriate where you want to apply a GPO to an entire site. An example being you have a green building that requires monitors to turn off after 5 minutes of inactivity and computers to go to sleep after x amount of time. The build has 4-5 floors. A site level GPO link would be more appropriate than targeting individual subnets.

Group policy preferences would be more appropriate for situations where you need to be more explicit (target a specific floor in a building). For example your situation where by you want everyone on a floor to be assigned a printer.

In your scenario I would look at 2 things.

1. Group Policy Preferences as others have advised.
2. Look to a solution such as PaperCut so that you don't need to assign print queues. Put the virtual printer on every system and have it print out on any printer the user can get to.
0
 
Sundeep VAuthor Commented:
Thanks for all your comments, i believe i have added the printers via group policy preferences no? its under

computer config - preferences - control panel settings 0 printers

Is that not GPP?

I will try to apply this GPO to the site. This may do the trick maybe. Never know it is possible to do this via sites
0
 
MaheshArchitectCommented:
Yes, you have already added printers via GPP only
The solution I provided will be applicable in GPP only
Not sure why you want to apply policy to site?

Do you have multiple subnets which will accessing this printer?
In that case you can apply this GPO to site, that make sense
You should apply GPO to site only when there are number of subnets reporting to one site which do require GPO settings

However you said that one location has printer, I guess then there are most probably 1 or 2 subnets in that location from where printer access is required
In that case item level targeting would suffice requirements, see my 1st comment for more info
0
 
Sundeep VAuthor Commented:
Yep correct we have multiple subnets, and users roam different offices. Hence need to do site and ip level print install


one random question. Say a user goes to Site A. He gets that printer installed frim site A. he hibernates his pc than shut down. goes to site B. will the site b printer be allocated to the laptop even though he wont log off or log on to download the gpo update?
0
 
MaheshArchitectCommented:
Requirement is not clear
If printer is in site A, how may subnets do you have in site A?
OR in other words, how many subnets need access to printer in Site A?

If machine on hibernate, upon woke up policy won't apply as far as I know
If machine logged of and logged on \ rebooted \ run gpupdate after hibernate, policy will get applied
0
 
Sundeep VAuthor Commented:
I understand. many thanks for your help guys. I will give this a go and give it a try this weekend to all workstations
0

Featured Post

Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now