Virtual Architects Support Wiki

User Tools

Site Tools

You are here: start » networking » windows » printer_shared_gpp
Trace: printer_shared_gpp
networking:windows:printer_shared_gpp

Table of Contents

Sharing Network Printers Using Group Policy Preferences

See also Shared Network Printers

https://deployhappiness.com/deploying-printers-with-group-policy-preferences/

https://www.simple-talk.com/sysadmin/general/managing-printers-with-group-policy,-powershell,-and-print-management/

GPP Best Practices: https://deployhappiness.com/best-practices-for-group-policy-printer-preferences/

HP Universal Printer Drivers: http://h20331.www2.hp.com/Hpsub/cache/344305-0-0-225-121.html

Printer Sharing Overview

  • Install Windows Print and Document Services server role
    • Usually on a domain controller and/or file server
  • Disable Client Side Rendering (CSR) for all shared printers
    • Keeps RDS server from processing all the print data
  • Use universal printer drivers where possible
  • Use Winprint print processor for all shared printers
  • Use Group Policy Preference (GPP) to push printers and set default
    • Filter by user groups
    • Create a GPP and user group for each printer that will be someone's default printer
    • Each GPP will attach all desired printers for members of the user group
  • Use a Delete all shared printers preference as first step in GPP

GPP Overview

  • Create a Computer or User policy (we generally use User for connecting to network printers)
  • Start with a Delete All action
  • Add all printers the user should have
  • Set one as the Default Printer
  • Use Update (CRUD)
    • Update will change the Default Printer every login
    • Create will only set the Default Printer at creation time
  • Create a policy for each printer that will be someone's default printer
  • Filter by a user group
    • Create a new user group for each printer that will be someone's default printer
    • Add users to the group which will determine their default printer
    • Make sure users are not in multiple 'Printer' groups
    • Add Domain Computers group with Read permissions to the Delegations tab
    • The Computer account must have Read permissions to the GPO even though the GPO is linked to a User container
Keep in mind that if you are going to configure Internet Options, set a default Printer, or edit the Start Menu, the GPO will need to be linked to a user OU or a computer OU with Loopback enabled.
A recent Windows security update has changed how group policies are processed. Prior to the update, policies were processed in the user context. Now, policies are processed in the computer context. This is why we now add the group Domain Computers to the Delegations tab with Read permissions to the GPO.

Install and Share Printer

:!: Do not Deploy printers using Print Management (printmanagement.msc) as that uses Group Policy instead of Group Policy Preferences to push out the printers.

Install and share the printer using Print Management (printmanagement.msc).

Add all necessary drivers (x86 and x64). The different drivers for the same printer must be the same version (name) exactly.

Create a User Group

Using Active Directory Users and Computers (dsa.msc), add a group like Printer Printername.

Add users to the group whose default printer will be Printername. Make sure users are not members of any other similar 'Printer' groups.

Create a Group Policy Preference

Group Policy Preference for Shared Printers

:!: You can also copy and edit an existing printer GPP if you have one.

Using Group Policy Management (gpmc.msc), add a Group Policy Preference:

  1. Run gpmc.msc
    • Expand Forest → Domains → yourdomain.local
  2. On your desired AD container, right-click → Create a GPO in this domain and link it here
    • Name it Printers - NewPrinterName
  3. Select the new GPP
    • Change the Security Filtering to the new user group created above
  4. Select the Delegations tab
    • Add the Domain Computers group with Read permissions
  5. Edit the new GPP
    • Right-click → Edit
    • Expand User Configuration → Preferences → Control Panel Settings → Printers
  6. Add a Delete action
    • Select Delete all shared printer connections
    • Must be the first action
  7. Add an Update action
    • Select the appropriate shared printer that will be the default printer for group members
    • Select Set this printer as the default printer
  8. Add another Update action for each shared printer for group members
    • Do not select any other printer as default

Troubleshooting

GPP Not Applying: https://deployhappiness.com/group-policy-preferences-not-applying/

https://deployhappiness.com/series/group-policy-troubleshooting/

https://technet.microsoft.com/en-us/library/cc749336(v=ws.10).aspx

PowerShell

This command lists printers with problems: 

Get-Printer –ComputerName PrintServer | Where PrinterStatus -ne Normal | select Name,PrinterStatus,Portname | Out-GridView

Set all printers to use WinPrint print processor: 

Get-Printer –ComputerName PrintServer | Where PrintProcessor -ne "WinPrint" | Set-Printer –ComputerName PrintServer –PrintProcessor WinPrint

Event ID 4098

Event Viewer → Windows Logs → Application

Windows 7?

Event Viewer → Application and Services Logs → Microsoft → Windows → Group Policy

Group Policy Updates

  1. Run gpupdate /force on the Domain Controller
  2. Run gpupdate /force on the RDS server
  3. Log the test user out
  4. Log the test user back in and printers should appear in Devices and Printers (control printers)
networking/windows/printer_shared_gpp.txt · Last modified: 2017/06/04 12:05 by gcooper

Page Tools

Except where otherwise noted, content on this wiki is licensed under the following license: CC Attribution-Share Alike 4.0 International
CC Attribution-Share Alike 4.0 International Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki