Link to home
Get AccessLog in
Avatar of dseli
dseli

asked on

Printers mapped by security group do not automatically get removed

Microsoft Server 2016 terminal services,  when using group policy by security group to map printers for users, we find that if a user is removed from a one printer group, and added to another, we find the user receives the new printers in addition to the previous printers. The user gets the new security group printers mapped, however the original printers do not get removed since the user was removed from the original group. We see that the registry key in the user profile for the original mapped printers remain and do not get removed automatically.
Avatar of McKnife
McKnife
Flag of Germany image

Are you using the preferences section of the GPO or the policies srction? for deployment?  (There are two ways)
Avatar of dseli
dseli

ASKER

GPP group policy preferences filtered by security group
ASKER CERTIFIED SOLUTION
Avatar of Hello There
Hello There

Link to home
membership
This content is only available to members.
To access this content, you must be a member of Experts Exchange.
Get Access
Avatar of dseli

ASKER

I dont believe we have the Delete /Create option. The printers map from Print Management.
"when you unlink the policy, the setting will not revert " - it depends on what the admin has set. You may choose to say "Remove this item when it is no longer applied". If you didn't choose that, it will not remove on its own, of course.
Avatar of dseli

ASKER

I believe that option is in ILT, however we are not using it. The GPO calls on Print management to map the printers and is filtered by security group.  Seems that the action of user removal from the security group would need to call on print management to fully remove the printers.
SOLUTION
Link to home
membership
This content is only available to members.
To access this content, you must be a member of Experts Exchange.
Get Access
Avatar of dseli

ASKER

The way it is in 2016 is the way it was done on a 2008 environment, and removal from the security group automatically removes the printers from user accordingly.
Yes, that is true for non GPP printer deployment (not using the preference section but using the "printer deployment" part of the GPO as it was done "oldschool" since server 2003. For GPP however...
Avatar of dseli

ASKER

Thank You for your input, we will continue to dig into this.
We use "printer deployment" (the "old way") ourselves and recently removed a printer - it got removed anywhere, automatically. If you remove a computer from the security group this GPO applies to (we use computer-bound deployment), it gets removed as well.
Using group policy preference printer items for deployment will have the effect that you see unless you select the option "Remove this item when it is no longer applied", so you might want to switch to the oldschool way.
The reason for the observed behavior was given and the solution to this was discussed