Solved

Add local printer with group policy and user alternate credentials - (ET)

Posted on 2016-11-08
5
19 Views
Last Modified: 2016-11-16
I am trying to use group policy to map local printers on another domain over a VPN (see screenshot). Computers and domain controller are on Domain-A and printers are on Domain-B. I have to add them as local printers because of a certain unique printing scenario they have.
Group policy for local printers
 The GPO keeps failing because of failed failed credentials, which i understand.  
Event ID 4098
Can anyone think of a possible solution outside of manually adding them to each computer and entering the proper credentials? I have thought of a few possibilities:
- Have group policy object use alternate credentials. I dont know if this is even possible
- Change the security permissions on these printers to allow guest users. Again not sure if this is possible.
- Use a batch script rather than GPO and have it use alternate credentials. I tried working on this but couldnt figure out the right commands.
- Add domain-B credentials into credentials manager and then maybe group policy will work. Tried this option but might have put something in wrong because it didnt work.
0
Comment
Question by:tabush
  • 3
  • 2
5 Comments
 
LVL 35

Expert Comment

by:Mahesh
ID: 41879955
On server where printers are shared, have you given everyone print permissions
Also try adding another domain users (domainA\group) print permissions
also domainA domain admins group should have manage printer permissions on printers
You should have trust between both domains in order to work above

The printers should get mapped as long as users have permissions to print and they are able to reach printers over SMB protocol (TCP 445)
0
 
LVL 2

Author Comment

by:tabush
ID: 41880535
Yes i have given EVERYONE print permissions but i think that only refers to everyone in domain-B active directory.
I dont think it will let me add domain users from domain-A unless i setup a trust. I dont think i can do that in this scenario for security reasons.
0
 
LVL 35

Expert Comment

by:Mahesh
ID: 41880964
Yes, that will not work unless you have trust between domains
Everyone is not domain specific, however users to cross AD boundary, trust would be required
0
 
LVL 2

Accepted Solution

by:
tabush earned 0 total points
ID: 41884192
I figured it out. I had to add the credentials to credentials manager on the computer then in the group policy object enable the setting "Run in logged-on user's security context"
0
 
LVL 2

Author Closing Comment

by:tabush
ID: 41889427
I figured out the solution on my own.
0

Featured Post

Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Powershell 3 57
Windows Permissions 4 35
Access on thin client? 11 59
website cannot open inside the network 16 54
In my previous 24 VMware Articles (http://www.experts-exchange.com/ARTH_1864316.html?arthOrderBy=3&arthSort=1#arth), most featured Intermediate VMware Topics. My next series of articles concentrated on topics for the VMware Novice;   If you would…
My GPO's made for 2008 R2 servers were not allowing me to RDP into a new 2012 server by default.  That’s why I tried to allow RDP via Powershell, because I could log into a remote shell without further configuration. Below I will describe how I wen…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
This tutorial will walk an individual through the process of installing of Data Protection Manager on a server running Windows Server 2012 R2, including the prerequisites. Microsoft .Net 3.5 is required. To install this feature, go to Server Manager…

930 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now