tabush
asked on
Add local printer with group policy and user alternate credentials - (ET)
I am trying to use group policy to map local printers on another domain over a VPN (see screenshot). Computers and domain controller are on Domain-A and printers are on Domain-B. I have to add them as local printers because of a certain unique printing scenario they have.
The GPO keeps failing because of failed failed credentials, which i understand.
Can anyone think of a possible solution outside of manually adding them to each computer and entering the proper credentials? I have thought of a few possibilities:
- Have group policy object use alternate credentials. I dont know if this is even possible
- Change the security permissions on these printers to allow guest users. Again not sure if this is possible.
- Use a batch script rather than GPO and have it use alternate credentials. I tried working on this but couldnt figure out the right commands.
- Add domain-B credentials into credentials manager and then maybe group policy will work. Tried this option but might have put something in wrong because it didnt work.
The GPO keeps failing because of failed failed credentials, which i understand.
Can anyone think of a possible solution outside of manually adding them to each computer and entering the proper credentials? I have thought of a few possibilities:
- Have group policy object use alternate credentials. I dont know if this is even possible
- Change the security permissions on these printers to allow guest users. Again not sure if this is possible.
- Use a batch script rather than GPO and have it use alternate credentials. I tried working on this but couldnt figure out the right commands.
- Add domain-B credentials into credentials manager and then maybe group policy will work. Tried this option but might have put something in wrong because it didnt work.
ASKER
Yes i have given EVERYONE print permissions but i think that only refers to everyone in domain-B active directory.
I dont think it will let me add domain users from domain-A unless i setup a trust. I dont think i can do that in this scenario for security reasons.
I dont think it will let me add domain users from domain-A unless i setup a trust. I dont think i can do that in this scenario for security reasons.
Yes, that will not work unless you have trust between domains
Everyone is not domain specific, however users to cross AD boundary, trust would be required
Everyone is not domain specific, however users to cross AD boundary, trust would be required
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
I figured out the solution on my own.
Also try adding another domain users (domainA\group) print permissions
also domainA domain admins group should have manage printer permissions on printers
You should have trust between both domains in order to work above
The printers should get mapped as long as users have permissions to print and they are able to reach printers over SMB protocol (TCP 445)