The ability to deploy printer connections to
Windows-based client computers using Group Policy was first introduced
in Windows Server 2003 R2. You can use Group Policy to deploy printer
connections in two ways:
As per-computer
printer connections available for all users who log on to the client
computer. You can deploy per-computer printer connections to computers
running Windows XP or later versions.
As
per-user printer connections available to the user on any client
computer to which the user logs on. You can deploy per-user printer
connections to users of computers running Windows 2000 or later
versions.
Deploying printers using Group Policy is useful in scenarios in which every user or computer in a room or office needs access to the same printer. Deploying
printers using Group Policy can also be useful in large enterprises
where users and computers are differentiated by function, workgroup, or
department.
Configuring Printer Connections Using Group Policy Preferences
Jerry Honeycutt
Deployment Forum
Group Policy
preferences, a new feature of Windows Server 2008, provides
administrators with another means of deploying, configuring, and
managing printer connections on Windows 7 computers. Configuring printer
connections is a common task that administrators typically perform by
writing logon scripts. The Printers preference extension, however,
enables you to easily create, update, replace, or delete shared
printers, TCP/IP printers, and local printers to multiple, targeted
users or computers. Using preference targeting, you can deploy printer
connections based on location, department, computer type, and so on.
Windows 7 Group Policy provides native support for deploying
printers. However, it supports only shared printers and requires AD DS
schema extensions. In contrast, the Printers extension supports shared,
local, and TCP/IP printers on Windows XP SP2, Windows Vista, and Windows
7. It also allows you to set the default printer and map shared
printers to local ports.
|
1. Preparing to Deploy Printers
Deploying printers using Group Policy requires you to perform the following preparatory steps:
If you are not using
Windows Server 2008 domain controllers, your AD DS schema must first be
upgraded to Windows Server 2003 R2 or later. This means the schema
revision number must be 9 (for Windows Server 2003) and the schema
version number must be 31 (for the R2 schema update). You can use ADSI
Edit to determine your current schema version number by looking under
the Schema node, right-clicking the object named CN=Schema,CN=Configuration,DC=forest_root_domain, selecting Properties, and then examining the value of the objectVersion attribute. The R2 schema update is required so that Print Management can create the following two objects in AD DS:
CN=Schema,CN=Policies,CN=GPO_GUID,CN=Machine,CN=PushPrinterConnections
CN=Schema,CN=Policies,CN=GPO_GUID,CN=User,CN=PushPrinterConnections
If
your client computers are running an earlier version of Windows, you
must deploy the PushPrinterConnections.exe utility to these clients
prior to using Group Policy to deploy printer connections to these
computers. The PushPrinterConnections.exe utility reads the GPOs that
are used to deploy printer connections and adds or removes these
connections on the client as needed. The easiest way to deploy
PushPrinterConnections.exe is to use a GPO as follows:
The
simplest approach is to use the same GPO to deploy both
PushPrinterConnections.exe to targeted users and/or computers using
startup/logon scripts and the actual printer connections themselves to
those users and/or computers. Beginning with Windows Vista, however, you
do not need to first deploy PushPrinterConnections.exe to client
computers because Windows Vista and later versions include this
capability in the operating system.
2. Deploying a Printer Connection
After you complete the preceding preparatory steps, you can deploy a printer connection by following these steps:
Create
a new GPO for deploying the connections, or use an existing GPO linked
to the OU, domain, or site where the users or computers being targeted
reside.
Open Print Management, right-click the printer you want to deploy, and select Deploy With Group Policy.
In
the Deploy With Group Policy dialog box, click Browse, find and select
the GPO you will use to deploy the printer, and then click OK.
Choose whether to deploy the printer as a per-computer connection, a per-user connection, or both.
Click Add to add the printer connection settings to the GPO.
If needed, repeat steps 3 through 5 to deploy the same printer to additional GPOs.
Click
OK when finished. The printer connection to be deployed using Group
Policy will be displayed under the Deployed Printers node in Print
Management.
Per-user printer
connections can be deployed immediately using Group Policy if the user
next logs off and then logs on again to a targeted client computer.
Per-computer printer connections can also be deployed immediately if the
user's computer is restarted. Neither type of connection will be
deployed on earlier versions of Windows during normal background refresh
of Group Policy. On Windows Vista and later clients, however,
background policy refresh can also deploy both per-user and per-computer
printer connections.
Note:
On Windows Vista and later versions, users can also force printer connections to be deployed immediately by typing gpupdate/force at an elevated command prompt.
The deployed printer
connection is also displayed in the GPO used to deploy the connection.
To view this, open the Group Policy Management Console (GPMC),
right-click the GPO you used to deploy the connection, and then click
Edit to open the GPO using the Group Policy Object Editor (see Figure 1).
To remove the deployed printer connection from the targeted users or
computers during the next background refresh of Group Policy,
right-click the connection and then click Remove. Unlinking the GPO from
the OU, domain, or site where the targeted users or computers reside
also removes the deployed connections.
Note:
You can also use the Group Policy Results Wizard in the GPMC to collect RSoP information to verify the success or failure of deploying printers using Group Policy.
3. Limitations of Deploying Printers Using Group Policy
The following limitations apply when deploying printer connections to Windows 7 clients using Group Policy:
4. Assigning Printers Based on Location
Windows Vista introduced a
feature with the ability to assign printers based on location. This can
be useful in large enterprises that span more than one geographical
location, allowing mobile users to update their printers as they move to
new locations. When mobile users return to their primary locations,
their original default printers are restored.
To assign printers based on
location, deploy printers using GPOs linked to AD DS sites. When a
mobile computer moves to a new site, the printer connections for the
computer are updated using normal Group Policy processing.
Managing Deployed Printer Connections
Alan Morris, Software Design Engineer
Test, Windows Printing
There are two ways of managing deployed printer connections in Windows 7:
The following sections of this sidebar describe the differences between these two approaches.
Managing Deployed Printer Connections Using the Print Management Console
Deployed printer connections will be displayed in Print Management's Deployed Printers
node for the connections hosted by the current list of monitored
servers when the Print Management operator has Read access to the domain
policies in which printer connections are deployed.
To deploy connections to a Group
Policy using the Print Management console, you must have Write access to
the domain policy, and the server that shares the printer must be added
to the list of servers that Print Management is monitoring. The
operator in charge of printer deployment does not need to have
administrative rights on the print server.
The deployed printer
connections feature is not used to create local printers, but anyone
with administrative rights can add printer connections to the local
policy of a computer. Local Policy-deployed printer connections are
useful when AD DS is not fully implemented or when setting up systems in
a workgroup environment. Some form of peer-to-peer authentication is
required when the workgroup computers or users cannot authenticate to a
domain controller.
Deployed printer connections do not need to be published to the AD DS.
Deployed printers do not
require any driver download prompts during installation. The user does
not have access to delete deployed printer connections. The printer
needs to be removed from the policy or the user must be unlinked from
the policy for the printer removal to occur.
Managing Deployed Printer Connections Using the Group Policy Management Editor
This tool has a few advantages
over the Print Management snap-in. You don't need to monitor the server
sharing the deployed printers. You can deploy printer shares that have
yet to be created. The user interface works directly within the selected
GPO. The user does not need to be logged on to the same domain as the
GPO.
The big disadvantage when using this tool rather than the Print Management snap-in is the lack of any print share validation. If valid server and share information
is improperly entered, the connection will fail. When no share
validation is performed, the advantage is that this method allows for
deployment of connections prior to creating the share. After the share
is created, the connections will be added for the user during the next
policy refresh on Windows 7 clients and the next time
PushPrinterConnections.exe is run on previous-version clients.
Printers hosted on a server in one domain can easily be deployed to clients in another trusted domain.
Another important use of the
Group Policy Management Editor is in the removal of deployed printers
after a print server is retired. The Group Policy Management Editor will
display the printers deployed to a policy and allow the operator to
remove them after the server is no longer available on the network.