Avatar of dseli
dseli
 asked on

Printers mapped by security group do not automatically get removed

Microsoft Server 2016 terminal services,  when using group policy by security group to map printers for users, we find that if a user is removed from a one printer group, and added to another, we find the user receives the new printers in addition to the previous printers. The user gets the new security group printers mapped, however the original printers do not get removed since the user was removed from the original group. We see that the registry key in the user profile for the original mapped printers remain and do not get removed automatically.
Printers and ScannersActive DirectorySecurity

Avatar of undefined
Last Comment
McKnife

8/22/2022 - Mon
McKnife

Are you using the preferences section of the GPO or the policies srction? for deployment?  (There are two ways)
dseli

ASKER
GPP group policy preferences filtered by security group
ASKER CERTIFIED SOLUTION
Hello There

Log in or sign up to see answer
Become an EE member today7-DAY FREE TRIAL
Members can start a 7-Day Free trial then enjoy unlimited access to the platform
Sign up - Free for 7 days
or
Learn why we charge membership fees
We get it - no one likes a content blocker. Take one extra minute and find out why we block content.
Not exactly the question you had in mind?
Sign up for an EE membership and get your own personalized solution. With an EE membership, you can ask unlimited troubleshooting, research, or opinion questions.
ask a question
dseli

ASKER
I dont believe we have the Delete /Create option. The printers map from Print Management.
This is the best money I have ever spent. I cannot not tell you how many times these folks have saved my bacon. I learn so much from the contributors.
rwheeler23
McKnife

"when you unlink the policy, the setting will not revert " - it depends on what the admin has set. You may choose to say "Remove this item when it is no longer applied". If you didn't choose that, it will not remove on its own, of course.
dseli

ASKER
I believe that option is in ILT, however we are not using it. The GPO calls on Print management to map the printers and is filtered by security group.  Seems that the action of user removal from the security group would need to call on print management to fully remove the printers.
SOLUTION
Log in to continue reading
Log In
Sign up - Free for 7 days
Get an unlimited membership to EE for less than $4 a week.
Unlimited question asking, solutions, articles and more.
dseli

ASKER
The way it is in 2016 is the way it was done on a 2008 environment, and removal from the security group automatically removes the printers from user accordingly.
Get an unlimited membership to EE for less than $4 a week.
Unlimited question asking, solutions, articles and more.
McKnife

Yes, that is true for non GPP printer deployment (not using the preference section but using the "printer deployment" part of the GPO as it was done "oldschool" since server 2003. For GPP however...
dseli

ASKER
Thank You for your input, we will continue to dig into this.
McKnife

We use "printer deployment" (the "old way") ourselves and recently removed a printer - it got removed anywhere, automatically. If you remove a computer from the security group this GPO applies to (we use computer-bound deployment), it gets removed as well.
Using group policy preference printer items for deployment will have the effect that you see unless you select the option "Remove this item when it is no longer applied", so you might want to switch to the oldschool way.
Experts Exchange is like having an extremely knowledgeable team sitting and waiting for your call. Couldn't do my job half as well as I do without it!
James Murphy
McKnife

The reason for the observed behavior was given and the solution to this was discussed