One of the most important features of Group Policies in the Active Directory domain environment is the possibility to automatically connect a shared network printer on a group of computers/users with a few clicks. Thus, when a user login to the Windows, an assigned network printer will automatically appear in the list of available print devices.
Deploy Printers Using GPO
So, this time we will take a look at how to deploy shared network printer connections to users from a specific OU of Active Directory by using Group Policy. In this case, we will use a dedicated host running Windows Server 2012 R2 as a network print server.
Tip. To deploy printer connections using Group Policy, the Active Directory Domain Services (AD DS) schema version must be at least Windows Server 2008.
Open the Server Manager console and select to install the Print and Document Services role (if not already installed).
From the Role services list select to install Print Server service.
Tip. Also, you can install the Print Server role with management tools using the following PowerShell command:add-WindowsFeature Print-Server, RSAT-Print-Services
After role installation is completed, open the Print Management console from the top menu Server Manager > Tools.
Now you need to add printers to your print server. Let’s start by installing the drivers.
In the Print Management console, go to the Drivers section and run the Add Driver wizard. Select the type of driver architecture (x64 or x86) and click Next.
On the Printer Driver Selection screen, select the driver for your printer. If the driver you need is not listed, click Have Disk and Browse. Specify the path to the printer inf file. Similarly, install the drivers for all the printers you want to connect to your print server.
Select a previously downloaded driver. In our example, it is the universal HP driver, click Next and Finish. Repeat the operation for your other devices. Now the list of installed drivers is displayed in the Print Management console.
Now you can install new printers. Go to the Printers section and select Add Printers from the context menu. The Network Printer Installation Wizard offers you 4 ways to install printers in the Print Management console.
- Search the network for printers;
- Add a TCP/IP or Web Services Printer by IP address or hostname;
- Add a new printer using an existing port;
- Create a new port and add a new printer.
We selected the second point (installing the printer by IP address). In the next window you need to specify the type of device (TCP/IP device), and the IP address of your network printer (you can leave the port name by default). Check the box Auto detect the printer driver to use.
Then, from the drop-down list, select the printer driver you want to install for this device (in this example, HP Universal Printing PCL6).
Then enter the printer name, network name, and description. Install all the necessary network printers in the same way.
Expand Print Servers > ServerName (local) > Printers, select the printer you want to deploy (HP LaserJet M2727 in our case), right-click on it, and select from the menu Manage Sharing.
Check the options Share this printer and List in the directory, and then click Apply.
Right-click on your printer in Print Management snap-in and choose Deploy with Group Policy.
Now press Browse.
Using the Domain Browser, you need to locate the OU (organizational unit) on which you want to deploy the printer, and then click Create a New Group Policy Object button.
Enter the policy name and click Ok. You can assign the created policy to domain users, computers, or both.
- Per User — this setting assumes that a specific printer is connected on a user desktop, regardless of which computer it is logged on. This is useful if you have a VDI, or each person can use different workstations (for example in a Call center). This policy should not be used if users are distributed across different buildings or office branches. Otherwise, the user will have to take a walk to pick up his documents from the printer;
- Per Computer — no matter which user is working on the computer, it will always print on a specific printer (all users of a computer can access printer). This printer connection policy is commonly used in large distributed networks.
Since we have linked policy to OU named Managers with only user’s objects, we need to select The users that this GPO applies to (per user).
The configuration is now completed, just press Apply.
Now open the Group Policy Management Console (GPMC.msc), and find the policy you created earlier from the Print Management console (ManagersPrinter in our case).
Check the current policy settings by going to the Settings tab. You can see UNC path of the shared printer in the section User Configuration > Policies > Windows Settings > Printer Connection. This path should contain the name of your print server. For example, lon-prnt01 HP Laser Jet M2727.
Tip. To see Printer Connections node in GPO editor on Windows Server 2008/2012, you need to install RSAT feature Print & Document Services Tool.
Update the policy settings on the client (gpupdate /force). Next, you need to verify if a new shared printer HP LaserJet M2727 appeared in the list of connected printers.
Tip. To increase the speed of processing and the applying of Group Policy, disable the use of computer settings on the Details tab (Computer Configuration settings disabled).
Your policy will automatically assign the HP Laser Jet M2727 printer to all users from selected OU.
You can use AD security groups for fine tune targeting printers to users. Create a new group in AD (for example, mun-managers-hp2727), and add all the users whom you want to assign this printer to this group.
- In the GPMC, switch to the ManagersPrinter policy edit mode, and go to the section User Configuration > Preferences > Control Panel Settings > Printers;
- Find your printer and open its properties;
- Enable the option “Run in logged-on user’s security context (user policy option)”;
- Enable the option “Item-level Targeting” and click on the button;
- Select New Item > Security Group, and specify the group name domainmun-managers-hp2727;
- Save the changes. Now this policy will automatically connect the hp2727 printer only to users from the specified AD group.