Link to home
Start Free TrialLog in
Avatar of dseli
dseli

asked on

Printers mapped by security group do not automatically get removed

Microsoft Server 2016 terminal services,  when using group policy by security group to map printers for users, we find that if a user is removed from a one printer group, and added to another, we find the user receives the new printers in addition to the previous printers. The user gets the new security group printers mapped, however the original printers do not get removed since the user was removed from the original group. We see that the registry key in the user profile for the original mapped printers remain and do not get removed automatically.
Avatar of McKnife
McKnife
Flag of Germany image
Are you using the preferences section of the GPO or the policies srction? for deployment?  (There are two ways)
Avatar of dseli
dseli

ASKER

GPP group policy preferences filtered by security group
ASKER CERTIFIED SOLUTION
Avatar of Hello There
Hello There
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of dseli
dseli

ASKER

I dont believe we have the Delete /Create option. The printers map from Print Management.
Avatar of McKnife
McKnife
Flag of Germany image
"when you unlink the policy, the setting will not revert " - it depends on what the admin has set. You may choose to say "Remove this item when it is no longer applied". If you didn't choose that, it will not remove on its own, of course.
Avatar of dseli
dseli

ASKER

I believe that option is in ILT, however we are not using it. The GPO calls on Print management to map the printers and is filtered by security group.  Seems that the action of user removal from the security group would need to call on print management to fully remove the printers.
SOLUTION
Avatar of McKnife
McKnife
Flag of Germany image
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of dseli
dseli

ASKER

The way it is in 2016 is the way it was done on a 2008 environment, and removal from the security group automatically removes the printers from user accordingly.
Avatar of McKnife
McKnife
Flag of Germany image
Yes, that is true for non GPP printer deployment (not using the preference section but using the "printer deployment" part of the GPO as it was done "oldschool" since server 2003. For GPP however...
Avatar of dseli
dseli

ASKER

Thank You for your input, we will continue to dig into this.
Avatar of McKnife
McKnife
Flag of Germany image
We use "printer deployment" (the "old way") ourselves and recently removed a printer - it got removed anywhere, automatically. If you remove a computer from the security group this GPO applies to (we use computer-bound deployment), it gets removed as well.
Using group policy preference printer items for deployment will have the effect that you see unless you select the option "Remove this item when it is no longer applied", so you might want to switch to the oldschool way.
Avatar of McKnife
McKnife
Flag of Germany image
The reason for the observed behavior was given and the solution to this was discussed