Saturday, 18 December 2010

Printer Deployment using Group Policy Preferences

I was recently trying to deploy a printer using the Preferences feature of Windows Group Policy, the server sharing the printers was running Server 2008 R2 and the client Windows 7 Professional.

When logging on with a test account I was getting one printer of the five mapped, if I navigated to the server through Start > Run > \\Servername I could see all of the printers listed and double clicking on each one gave the message that a driver was being found and installed, the printer was then available for use.

Thinking I needed to install the drivers for the first time on each machine I logged off and on again. Only one printer again! Following a bit of research via everyones favourite search engine I discovered Point and Print Restrictions.

These restrictions can be used to allow only certain print servers to be used to provide printer driver downloads. This prevents untrusted or untested drivers from being installed. By default if Windows 7 is on a domain and doesn't have a native driver for the printer you want to connect to then you don't get the printer. This is fine if you are an admin as you can simply navigate to the server and install the printer manually, however for school staff and pupils we don't allow that freedom so we need to work around this.


1. Open Group Policy Management Console
2. Navigate to the OU you require to make settings for.
3. Right click and Select "Create a GPO in this domain, and link it here" Give your new policy a name.
4. Right click and select Edit for the new policy
5. Expand Computer Configuration > Policies > Administrative Templates > Printers
6. Right click "Point and Print Restrictions" Select Edit
7. Select "Enabled"


To set specific print servers to be used


1. Select "Users can only point and print to these servers"
2. In the text box type the fully qualified server name, if you require several entries separate them with a semi-colon (Also you can set to use any server in the Forest)
3. Select "Do not show warning or elevation prompt" in the "When Installing drivers for a new connection" box
4. Select "Do not show warning or elevation prompt" in the "When updating drivers for an existing connection" box


To set any forest print servers to be used

You can also set the point and print settings to allow any print server in the computers forest to serve drivers, in order to do this select the option "Users can only point and print to machines in their forest" also set the 'Do not prompt" options


By setting the 'do not prompt' options the printers will be installed automatically with no intervention. However this may give undesired results and impair your security, as always try on a test system before transferring onto your live network.

Now when preferences attempt to install printers, you will get all of your assigned printers after a short delay while the driver installs.

No comments:

Post a Comment

Please enter your comment here, all comments are subject to moderation