Let’s have a look at how to mechanically set up and join printers to particular customers, computer systems and teams in an Active Directory area utilizing Group Policy (GPO). It could be very handy when obtainable (assigned) printers are mechanically put in and linked when a consumer first logs on to a site pc.
Consider the next configuration: there are three departments within the group. Users of every division should print paperwork on their very own shade shared community printer. As an administrator, you’ve to configure the automated deployment of community printers for customers relying on their division.
- Deploying Printers to Users by way of Group Policy
- Configuring Point and Print Restrictions Policy to Install Printers
This information assumes the usage of Group Policy Preferences – an extension of the GPO that launched in Windows Server 2008. The instruction shall be relevant for AD atmosphere with the area degree of not less than Windows Server 2008, and purchasers not less than Windows XP SP3 and newer.
Deploying Printers to Users by way of Group Policy
Create three new safety teams in AD (SharedPrinter_Sales, SharedPrinter_IT, SharedPrinter _Managers) and add the division customers to them (you’ll be able to mechanically add customers to area teams by following the article “”). You can create teams within the Active Directory Users & Computers console or utilizing the :
New-ADGroup "SharedPrinter_Sales" -path 'OU=Groups,OU=Paris,DC=woshub,DC=com' -GroupScope Global –PassThru
- Run the area Group Policy editor (
GPMC.msc), create a brand new coverage print_AutoConnect and hyperlink it to the OU with the customers.If you’ve a small variety of shared community printers in your area (up to 30-50), you’ll be able to configure them utilizing single GPO. If you’ve a fancy area construction and you’re to department directors, it’s higher to create a number of printer deployment insurance policies. For instance, one coverage for every AD web site or OU.
- Go to the policy-editing mode and increase the User Configuration -> Preferences -> Control Panel Setting -> Printers. Create a brand new coverage merchandise by choose New -> Shared Printer;
If you need to join a printer by IP tackle (immediately, with no print server), choose TCP/IP Printer.
- Specify Update as an motion. In the Shared Path subject, enter the UNC tackle of your printer, for instance,
srv-par-printhpsales(in my case all printers are linked to the centralized print server
srv-par-print). Here you’ll be able to specify whether or not to use this printer because the default printer;
- Go to the Common tab and specify that the printer have to be linked within the present consumer context (Run in logged-on consumer’s safety context). Also test the Item-level focusing on possibility and click on Targeting.
- Using GPP focusing on, you should specify that the coverage is to be utilized just for SharedPrinter_Sales group members. To do it, go to New Item -> Security Group and enter SharedPrinter_Sales as a gaggle identify.
Please word that this restriction doesn’t stop a site consumer from manually connecting this printer utilizing Windows File Explorer. To limit entry to the printer, you should have to change the printer safety permissions on the print server and permit printing just for particular teams.
- In the identical means create the printer connection insurance policies for different consumer teams;
Also there may be an outdated GPO part to configure printers: Computer Configuration -> Policies -> Windows Settings -> Deployed Printers, however this technique is much less versatile than the one utilizing GPP described above.
When utilizing this printer deployment Group Policy, new printers shall be linked on consumer computer systems provided that the corresponding printer driver is put in. However, the issue is that non-admin customers don’t have permission to set up print drivers. In this case, you want to configure Point and Print Restriction coverage.
Configuring Point and Print Restrictions Policy to Install Printers
To appropriately join printers for any customers, you should have to configure the Point and Print Restrictions coverage, in addition to the addresses of the print servers from which customers are allowed to set up drivers and printers.
If you join your printers utilizing the User Configuration Policy, go to User Configuration -> Policy -> Administrative Templates -> Control Panel -> Printers -> Printer -> Point and Print Restriction. Enable the coverage and configure it as follows:
- Users can solely level and print to these servers – specify the record of print servers customers can set up drivers from (FQDN names are specified with semicolon as a separator);
- When putting in driver for brand spanking new connection -> Do not present warning or elevation immediate;
- When putting in driver for present connection -> Do not present warning or elevation immediate.
Also, allow Package Point and Print – Approved server coverage within the GPO part User Configuration -> Policies -> Administrative Templates -> Control Panel -> Printers and set the record of trusted print servers.
After you restart the pc, the assigned shared community printer shall be mechanically put in and linked on the consumer logon.