How to Deploy Printers to Users or Computers via Group Policy?

One of the most important features of Group Policies in the Active Directory domain environment is the possibility to automatically connect a shared network printer to a group of computers/users with a few clicks. Thus, when a user login to Windows, an assigned network printer will automatically appear in the list of available print devices.

This article will show you how to install and configure a print server on Windows Server and deploy its printers on users’ computers via GPO.

Deploy Shared Printers to Active Directory Users with GPO

So, this time we will take a look at how to deploy shared network printer connections to users from a specific OU of Active Directory by using Group Policy. We will use a dedicated host running Windows Server 2019 as a network print server in this case.

Tip. To deploy printer connections using Group Policy, the Active Directory Domain Services (AD DS) schema version must be at least Windows Server 2008.

Step 1. Install Print and Document Services Role on Windows Server

Open the Server Manager console and select to install the Print and Document Services role (if not already installed).

deploy printer via gpo

From the Role services list select to install Print Server service.

deploy printers via gpo

Tip. Also, you can install the Print Server role with management tools using the following PowerShell command:

add-WindowsFeature Print-Server, RSAT-Print-Services

Step 2. Installing Print Drivers and Printers on Windows Server

After role installation is completed, open the Print Management console from the top menu Server Manager > Tools. Or just run the command:

printmanagement.msc

Now you need to add printers to your print server. Let’s start by installing the print drivers.

In the Print Management console, go to the Drivers section and run the Add Driver wizard. Select the type of driver architecture (x64 or x86) and click Next.

gpo printer deployment

On the Printer Driver Selection screen, select the driver for your printer. If the driver you need is not listed, click Have Disk and Browse. Specify the path to the printer inf file and click OK.

Similarly, install the drivers for all printers you want to connect to your print server.

group policy printer deployment

Select a previously downloaded driver. In our example, it is the universal HP driver, click Next and then Finish. Repeat the operation for your other devices. Now the list of installed drivers is displayed in the Print Management console.

printer gpo

Now you can install new printers on your print server. Go to the Printers section and select Add Printers from the context menu. The Network Printer Installation Wizard offers you 4 ways to install printers in the Print Management console:

  • Search the network for printers;
  • Add a TCP/IP or Web Services Printer by IP address or hostname;
  • Add a new printer using an existing port;
  • Create a new port and add a new printer.

deploy printer gpo

We’ve chosen the second option (installing the printer by IP address). In the next window you need to specify the type of device (TCP/IP device), and the IP address (or the DNS name) of your network printer device (you can leave the port name by default). Check the box Auto detect the printer driver to use.

gpo deploy printer

Then, from the drop-down list, select the printer driver you want to install for this device (in this example, HP Universal Printing PCL6).

how to deploy printer via gpo

Then enter the printer name, network name, and description. Install all the necessary shared network printers in the same way.

Step 3. Deploying Shared Printer with GPO

Expand Print Servers > ServerName (local) > Printers, select the printer you want to deploy (HP LaserJet M2727 in our case), right-click on it, and select from the menu Manage Sharing.

gpo printer

Check the options Share this printer and List in the directory, and then click Apply.

deploy printer with group policy

Right-click on your printer in Print Management snap-in and choose Deploy with Group Policy.

add printer gpo

Now press Browse.

Using the Domain Browser, you need to locate the OU (organizational unit) on which you want to deploy the printer, and then click Create a New Group Policy Object button.

deploying printers with group policy

Enter the policy name and click Ok. You can assign the created policy to domain users, computers, or both.

  • Per User — this setting assumes that a specific printer is connected on a user desktop, regardless of which computer it is logged on. This is useful if you have a VDI, or each user can use different workstations (for example, in a Call center). This policy should not be used if users are distributed across different buildings or office branches. Otherwise, the user will have to take a walk to pick up his documents from the printer;
  • Per Computer — no matter which user is working on the computer, it will always print on a specific printer (all users of a computer can access the printer). This printer connection policy is commonly used in large distributed corporate networks.

Since we have linked policy to OU named Managers with only user’s objects, we need to select The users that this GPO applies to (per user). Press the Add button in order to add your shared printer to the GPO.

The configuration is now completed, just press Apply.

gpo add printer

Step 4. Check Printer Deployment Options in GPO

Now open the Group Policy Management Console (GPMC.msc), and find the policy you created earlier from the Print Management console (ManagersPrinter in our case).

printer deployment gpo

Check the current policy settings by going to the Settings tab. You can see the UNC path of the shared printer in the section User Configuration > Policies > Windows Settings > Printer Connection. This path should contain the name of your print server. For example, lon-prnt01 HP Laser Jet M2727.

deploy printer drivers via gpo

Tip. To see the Printer Connections node in the GPO editor on Windows Server, you need to install the RSAT feature Print & Document Services Tool.

Update the policy settings on the client (gpupdate /force). Next, you need to verify if a new shared printer HP LaserJet M2727 appeared in the list of connected printers.

Tip. To increase the speed of processing and the applying of Group Policy, disable the use of computer settings on the Details tab (Computer Configuration settings disabled). If you assigned a printer policy to a computer OU, you need to disable the User configuration GPO section.

group policy add printer

Your policy will automatically assign the HP Laser Jet M2727 printer to all users from the selected OU.

How to Install Printer Using Group Policy Preferences?

On Windows Server 2008 (Windows 7) and newer, you can install printers using Group Policy Preferences (GPPs).

  1. Open the Group Policy Management Console (gpmc.msc), and find the OU you want to deploy shared printers to;
  2. Right-click on the OU and select Create a GPO in this domain and Link it here. add printer via gpo
  3. Specify the GPO name. For example, DeployPrinterCAUsers;
  4. Click on your new GPO and select Edit.
    group policy deploy printer

Printer deployment settings are located under the following sections of the GPO Editor:

  • Computer Configuration > Preferences > Control Panel Settings > Printers;
  • User Configuration > Preferences > Control Panel Settings > Printers.

install printer gpo

To install a printer, select New and select one of the modes in the drop-down menu:

  • Shared Printer;
  • TCP/IP Printer;
  • Local Printer.

This policy allows users to connect printers not only from the print server, but also to configure the printing of documents from users directly to a network printer. In this case, the policy settings specify the IP address or device name of the printer, and the print server from which the computer can install the driver.

To connect the printer by its FQDN, enable the Use DNS name option.

Specify the UNC name from which the client can obtain and install the driver for this printer in the Printer Path.

group policy printers

There are four Actions available in GPP when installing a printer:

  • Create — creates a printer if it has not been installed before (the printer is created only once, then this GPP parameter is ignored);
  • Replace — deletes the printer and re-creates it each time the GPO settings on the computer are updated;
  • Update — in this mode, the printer is created if it was not previously created. In addition, this mode updates any printer information that has changed since the last GPO update;
  • Delete — removes the printer if it was previously installed.

gpo install printer

You can immediately assign this printer as the user’s primary printing device. To do this, enable the Set this printer as the default printer option.

Note. Please note that in the summer of 2021, a significant vulnerability was discovered in Windows Print Spooler, which was named PrintNightmare (CVE-2021-1675 and CVE-2021-3452). In this regard, Microsoft has released special updates that fix this spooler bug. These updates broke the usual mechanism for installing printers through GPO. Windows now block the installation of printer drivers for non-admin users by default.

To solve this problem, you can use the workarounds described in the article Allow Non-administrators to Install Printer Drivers via GPO, or you can pre-install the necessary print drivers on the user’s computers using the command:

pnputil /add-driver "\\Path to print drivers\*.inf" /subdirs

Now update the GPO settings in the user session and the new default printer will appear in the user session (Control Panel\Hardware\Devices and Printers).

Check if you have a new shared network printer connected:

  1. Click on the printer and select Print Properties;
  2. Go to the Ports tab;
  3. Make sure the printer is connected via the Standard TCP/IP Port and points to the IP address or DNS name of your shared network printer.

printer group policy

You can also list installed printers using the PowerShell command:

Get-Printer

how to deploy a printer with group policy

You can use AD security groups to more accurately target printers to users. Create a new group in AD (for example, mun-managers-hp2727), and add all users whom you want to assign this printer to this group.

  1. In the GPMC, switch to the ManagersPrinter policy edit mode, and go to the section User Configuration > Preferences > Control Panel Settings > Printers;
  2. Find your printer and open its properties;
  3. Enable the option “Run in logged-on user’s security context (user policy option)”;
  4. Enable the option “Item-level Targeting” and click on the button;
    deploy network printer with group policy
  5. Select New Item > Security Group, and specify the group name domain\mun-managers-hp2727;
    gpo printers
  6. Save the changes. Now this policy will automatically connect the hp2727 printer only to users from the specified AD group.

You have configured a policy for adding a printer, but if you remove a user from the specified security group, the shared printer won’t be automatically removed.

When configuring the printer connections through Group Policy Preferences, you need to create two separate policies at once: one for connecting a printer according to a specified condition, the second for disconnecting a printer from a user if this condition doesn’t meet. In this example, you need to copy your policy in the GPMC and switch to edit mode.

  1. Specify Delete as Action in the policy, also check the option Delete all IP Printer connections;
    map printer gpo
  2. Go to GPP Item Level Targeting settings. Select the condition that assigns the printer to the domain security group, and click Item Options > Is Not.
    deploy a printer with group policy
  3. Save your changes. You now have two Group Policy Preference entries for this printer: one installs the printer if the user is a member of a group, and the other removes it if the user is not added to the AD security group.
    deploy printer with gpo

You can add tens and hundreds of additional printers with a single GPO. Use the Item Level Targeting in GPP to deploy printers to specific user security groups.

I enjoy technology and developing websites. Since 2012 I'm running a few of my own websites, and share useful content on gadgets, PC administration and website promotion.

14 comments

  1. Unfortunately, this is not working for me. I followed your instructions on a Windows Server 2012 R2 with Windows 10 Pro and Windows 7 Pro workstations, but the printers were not deployed automatically.
    How can I troubleshoot this?
    TIA,
    Pedro.

    1. Same issue for me, The printer is visible if i search for it in windows 10 but wont automatically install. Did you find a solution?

  2. This worked well for me. Much simpler and faster than method I used in the past. However, in Step 4, editing the GPO, the shared printers do not appear in the Printers Control Panel Preferences:
    “1. In the GPMC, switch to the ManagersPrinter policy edit mode and go to the section User Configuration > Preferences > Control Panel Settings > Printers;
    2. Find your printer and open its properties;”

    The printers still connect to the clients, however.

  3. [I left a comment earlier, perhaps you can combine them.]

    In the last part of step 3, after naming the GPO and applying to the desired OU, the instruction to click the Add button is missing. Until that happens, the Apply button will be unavailable.

    Also, if the tip to disable Computer configuration settings for speedier GPO function will negate the “Per computer…” printer assignment setting that may have previously been chosen.

    Thanks for posting this article. It’s full of good info and really helped me to clean up my printer deployment. I just deployed a new print server this summer and was happy to replace all my unreliable printer GPOs with this simpler method.

  4. ***I think you mix between two different methods:
    -The first method: (Configuration–>Windows Settings–> Deployed Printers) which normally added from the Printer management console.
    -The second method is from (Users Configuration–> Preferences–> Control Panel–> Printers) only can be done from GPMC.msc
    Each method is a done separately!

  5. If you have deployed a printer using this method, what is the proper way to delete the printer from PC’s when it is being decomissioned?

    Thanks.

    -m

  6. Will this work for printers installed on a server and users install it by a vm network shared name instead of IP address?

Leave a Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.