Solved

Group ploicy by ip address

Posted on 2015-01-28
12
149 Views
Last Modified: 2015-01-29
Hi guys

I have 6-7 sites, with each on diff ip subnets but all authenticate via one domain. What my issue is, i have one site with a MFP printer. The printer is installed to server. As the clients move around to different sites daily i thought the best way to deploy that printer to users would be via gpo with ip based.

So i set up GPO with the 192.168.0 range for printer to be installed. I have for now added my laptop ip address so can test if it works for me only. I have attatched the GPO settings and i have done gpo update on server and desktop and not getting the printer installed to my laptop. I am conncted via wifi and most users are.

Unless there is another way to deploy printers based on where they are ? but thought this would be easiest. but i realised, if a user say hibernates his/her machine, will it pick up the printer or do they need to log off and log on?
Doc1.pdf
0
Comment
Question by:Sundeep V
12 Comments
 
LVL 22

Expert Comment

by:Joseph Moody
ID: 40575533
You can link GPOs to AD sites in the Group Policy Management Console.
0
 

Author Comment

by:Sundeep V
ID: 40575543
The users are created in one OU, USERS. The laptops are roaming at different sites so they are grouped by the departments like Marketing, finance etc

There is nothing in ad users and computers for me to deploy to london and one to say derby etc. unless there's something else that i am missing when you said sites?
0
 
LVL 35

Accepted Solution

by:
Mahesh earned 500 total points
ID: 40575626
Install printer on any server and share it for everyone

Then add shared printer instead of tcp\IP based printer
Under user configuration \ GPP, In shared printer enter \\IP\printer as path instead of server name

Then in addition to IP based item targeting, add "run in logged on user security context" on common tab and apply this policy on OU containing users
IP filter will ensure that printer will get installed on clients with specific subnet added to GPP

This would work
0
 
LVL 53

Expert Comment

by:Will Szymkowski
ID: 40575639
You do not have to use your OU structure to accomplish this. Sure you need to link the Group Policy to the OU but, you can use Security Filtering to apply policies to set devices or individual users. This way when you link the GPO to an OU if you have other AD objects that are not part of the Security Group you used with Security Filtering section it will not apply.

I would also be deploying printers using Group Policy Preferences.
Deploy Printers using GPP

Will.
0
 
LVL 32

Expert Comment

by:it_saige
ID: 40575655
Correct but what Joseph is talking about is linking GPO's to your Sites and Services entries.

https://technet.microsoft.com/en-us/library/cc738954%28v=ws.10%29.aspxCapture.JPGCapture.JPG-saige-
0
 
LVL 35

Assisted Solution

by:Mahesh
Mahesh earned 500 total points
ID: 40575676
Why you need to deploy GPO on site level?

U already using item level targeting with IP filter, so just need to apply GPO on OU containing users, IP filter will take care on which machine printer should get installed
0
 
LVL 16

Expert Comment

by:Learnctx
ID: 40576339
Site GPO's are more appropriate where you want to apply a GPO to an entire site. An example being you have a green building that requires monitors to turn off after 5 minutes of inactivity and computers to go to sleep after x amount of time. The build has 4-5 floors. A site level GPO link would be more appropriate than targeting individual subnets.

Group policy preferences would be more appropriate for situations where you need to be more explicit (target a specific floor in a building). For example your situation where by you want everyone on a floor to be assigned a printer.

In your scenario I would look at 2 things.

1. Group Policy Preferences as others have advised.
2. Look to a solution such as PaperCut so that you don't need to assign print queues. Put the virtual printer on every system and have it print out on any printer the user can get to.
0
 

Author Comment

by:Sundeep V
ID: 40576991
Thanks for all your comments, i believe i have added the printers via group policy preferences no? its under

computer config - preferences - control panel settings 0 printers

Is that not GPP?

I will try to apply this GPO to the site. This may do the trick maybe. Never know it is possible to do this via sites
0
 
LVL 35

Expert Comment

by:Mahesh
ID: 40576998
Yes, you have already added printers via GPP only
The solution I provided will be applicable in GPP only
Not sure why you want to apply policy to site?

Do you have multiple subnets which will accessing this printer?
In that case you can apply this GPO to site, that make sense
You should apply GPO to site only when there are number of subnets reporting to one site which do require GPO settings

However you said that one location has printer, I guess then there are most probably 1 or 2 subnets in that location from where printer access is required
In that case item level targeting would suffice requirements, see my 1st comment for more info
0
 

Author Comment

by:Sundeep V
ID: 40577001
Yep correct we have multiple subnets, and users roam different offices. Hence need to do site and ip level print install


one random question. Say a user goes to Site A. He gets that printer installed frim site A. he hibernates his pc than shut down. goes to site B. will the site b printer be allocated to the laptop even though he wont log off or log on to download the gpo update?
0
 
LVL 35

Assisted Solution

by:Mahesh
Mahesh earned 500 total points
ID: 40577016
Requirement is not clear
If printer is in site A, how may subnets do you have in site A?
OR in other words, how many subnets need access to printer in Site A?

If machine on hibernate, upon woke up policy won't apply as far as I know
If machine logged of and logged on \ rebooted \ run gpupdate after hibernate, policy will get applied
0
 

Author Comment

by:Sundeep V
ID: 40577025
I understand. many thanks for your help guys. I will give this a go and give it a try this weekend to all workstations
0

Join & Write a Comment

You might have come across a situation when you have Exchange 2013 server in two different sites (Production and DR). After adding the Database copy in ECP console it displays Database copy status unknown for the DR exchange server. Issue is strange…
The recent Microsoft changes on update philosophy for Windows pre-10 and their impact on existing WSUS implementations.
This tutorial will show how to push an installation of Backup Exec to an additional server in both 2012 and 2014 versions of the software. Click on the Backup Exec button in the upper left corner. From here, select Installation and Licensing, then I…
This tutorial will give a an overview on how to deploy remote agents in Backup Exec 2012 to new servers. Click on the Backup Exec button in the upper left corner. From here, are global settings for the application such as connecting to a remote Back…

757 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

20 Experts available now in Live!

Get 1:1 Help Now