One of the most important features of Group Policies in the Active Directory domain environment is the possibility to automatically connect a shared network printer to a group of computers/users with a few clicks. Thus, when a user login to Windows, an assigned network printer will automatically appear in the list of available print devices.
In this article, we will show you how to install and configure a print server on Windows Server and install printers from it via GPO.
Deploy Printers Using GPO
So, this time we will take a look at how to deploy shared network printer connections to users from a specific OU of Active Directory by using Group Policy. In this case, we will use a dedicated host running Windows Server 2019 as a network print server.
Tip. To deploy printer connections using Group Policy, the Active Directory Domain Services (AD DS) schema version must be at least Windows Server 2008.
Open the Server Manager console and select to install the Print and Document Services role (if not already installed).
From the Role services list select to install Print Server service.
Tip. Also, you can install the Print Server role with management tools using the following PowerShell command:add-WindowsFeature Print-Server, RSAT-Print-Services
After role installation is completed, open the Print Management console from the top menu Server Manager > Tools. Or just run the command:
Now you need to add printers to your print server. Let’s start by installing the print drivers.
In the Print Management console, go to the Drivers section and run the Add Driver wizard. Select the type of driver architecture (x64 or x86) and click Next.
On the Printer Driver Selection screen, select the driver for your printer. If the driver you need is not listed, click Have Disk and Browse. Specify the path to the printer inf file and click OK.
Similarly, install the drivers for all printers you want to connect to your print server.
Select a previously downloaded driver. In our example, it is the universal HP driver, click Next and Finish. Repeat the operation for your other devices. Now the list of installed drivers is displayed in the Print Management console.
Now you can install new printers on your print server. Go to the Printers section and select Add Printers from the context menu. The Network Printer Installation Wizard offers you 4 ways to install printers in the Print Management console.
- Search the network for printers;
- Add a TCP/IP or Web Services Printer by IP address or hostname;
- Add a new printer using an existing port;
- Create a new port and add a new printer.
We selected the second point (installing the printer by IP address). In the next window you need to specify the type of device (TCP/IP device), and the IP address (or the DNS name) of your network printer device (you can leave the port name by default). Check the box Auto detect the printer driver to use.
Then, from the drop-down list, select the printer driver you want to install for this device (in this example, HP Universal Printing PCL6).
Then enter the printer name, network name, and description. Install all the necessary shared network printers in the same way.
Expand Print Servers > ServerName (local) > Printers, select the printer you want to deploy (HP LaserJet M2727 in our case), right-click on it, and select from the menu Manage Sharing.
Check the options Share this printer and List in the directory, and then click Apply.
Right-click on your printer in Print Management snap-in and choose Deploy with Group Policy.
Now press Browse.
Using the Domain Browser, you need to locate the OU (organizational unit) on which you want to deploy the printer, and then click Create a New Group Policy Object button.
Enter the policy name and click Ok. You can assign the created policy to domain users, computers, or both.
- Per User — this setting assumes that a specific printer is connected on a user desktop, regardless of which computer it is logged on. This is useful if you have a VDI, or each user can use different workstations (for example in a Call center). This policy should not be used if users are distributed across different buildings or office branches. Otherwise, the user will have to take a walk to pick up his documents from the printer;
- Per Computer — no matter which user is working on the computer, it will always print on a specific printer (all users of a computer can access the printer). This printer connection policy is commonly used in large distributed corporate networks.
Since we have linked policy to OU named Managers with only user’s objects, we need to select The users that this GPO applies to (per user). Press the Add button in order to add your shared printer to the GPO.
The configuration is now completed, just press Apply.
Now open the Group Policy Management Console (GPMC.msc), and find the policy you created earlier from the Print Management console (ManagersPrinter in our case).
Check the current policy settings by going to the Settings tab. You can see the UNC path of the shared printer in the section User Configuration > Policies > Windows Settings > Printer Connection. This path should contain the name of your print server. For example, lon-prnt01 HP Laser Jet M2727.
Tip. To see the Printer Connections node in the GPO editor on Windows Server, you need to install the RSAT feature Print & Document Services Tool.
Update the policy settings on the client (gpupdate /force). Next, you need to verify if a new shared printer HP LaserJet M2727 appeared in the list of connected printers.
Tip. To increase the speed of processing and the applying of Group Policy, disable the use of computer settings on the Details tab (Computer Configuration settings disabled). If you assigned a printer policy to a computer OU, you need to disable the User configuration GPO section.
Your policy will automatically assign the HP Laser Jet M2727 printer to all users from the selected OU.
How to Install Printer Using Group Policy Preferences?
On Windows Server 2008 (Windows 7) and newer, you can install printers using Group Policy Preferences (GPPs).
These settings are located in the following sections of the GPO Editor:
- Computer Configuration > Preferences > Control Panel Settings > Printers;
- User Configuration > Preferences > Control Panel Settings > Printers.
To install a printer, select New and select one of the modes in the drop-down menu:
- Shared Printer;
- TCP/IP Printer;
- Local Printer.
This policy allows users to connect printers not only from the print server, but also to configure the printing of documents from users directly to a network printer. In this case, the policy settings specify the IP address or device name of the printer, and the print server from which the computer can install the driver.
You can use AD security groups to more accurately target printers to users. Create a new group in AD (for example, mun-managers-hp2727), and add all users whom you want to assign this printer to this group.
- In the GPMC, switch to the ManagersPrinter policy edit mode, and go to the section User Configuration > Preferences > Control Panel Settings > Printers;
- Find your printer and open its properties;
- Enable the option “Run in logged-on user’s security context (user policy option)”;
- Enable the option “Item-level Targeting” and click on the button;
- Select New Item > Security Group, and specify the group name domain\mun-managers-hp2727;
- Save the changes. Now this policy will automatically connect the hp2727 printer only to users from the specified AD group.
You have configured a policy for adding a printer, but if you remove a user from the specified security group, the shared printer won’t be automatically removed.
When you configuring the printer connections through Group Policy Preferences, you need to create two separate policies at once: one for connecting a printer according to a specified condition, the second for disconnecting a printer from a user if this condition doesn’t meet. In this example, you need to copy your policy in the GPMC and switch to the edit mode.
- Specify Delete as Action in the policy, also check the option Delete all IP Printer connections;
- Go to GPP Item Level Targeting settings. Select the condition that assigns the printer to the domain security group, click Item Options > Is Not.
- Save your changes. You now have two GPPs for this printer: one installs the printer if the user is a member of a group, the other removes it if the user is not in a group.
Within one GPO, you can create tens and hundreds of rules for installing and removing network printers.