Initially I gave them admin rights because I was naive and thought I could trust them.
It worked out nice for me in that I didn't have to log out, or enter credentials to add things like printers.
Well after some completely fubar'd computers, I took the admin rights away.
Then my days started to get busy with adding printers and installing drivers.
Until...
I learned you can push printers through Group Policy!
There's two things you'll need to do to get ready for this.
First... have 2012 domain controllers (2003 is done and 2008 is 8 years old at the time of this writing.)
I used my Domain Controller to run Print Management, so if you don't have it installed, you will have to add that role to your server.
Second, have a second server (preferably VM, its 2016 people!) running as your print server.
(I'm not going to tell you how to run your environment, but I like to separate DCs from File and Print servers, but you can run it all together if you want.)
Deploying printers via group policy
Step one, add and share all your printers to your print server
Step two, go to the server running print management
-
Open Print Management.
-
In the left pane, click Print Servers, click the applicable print server, and click Printers.
-
In the center pane, right-click the applicable printer, and then click Deploy with Group Policy.
-
In the Deploy with Group Policy dialog box, click Browse, and then choose or create a new GPO for storing the printer connections.
-
Click OK.
-
Specify whether to deploy the printer connections to users, or to computers:
- To deploy to groups of computers so that all users of the computers can access the printers, select the The computers that this GPO applies to (per machine) check box.
- To deploy to groups of users so that the users can access the printers from any computer they log onto, select the The users that this GPO applies to (per user) check box.
-
Click Add.
-
Repeat steps 3 through 6 to add the printer connection setting to another GPO, if necessary.
-
Click OK.
What about admin rights you ask?
1. Open the GPMC.
2. Open the GPO where the printer connections are deployed, and navigate to Computer Configuration, Policies, Administrative Templates, and then Printers.
3. Right-click Point and Print Restrictions, and then click Properties.
4. Click Enabled.
5. Clear the following check boxes if they are check (probably aren't)
-
Users can only point and print to these servers
-
Users can only point and print to machines in their forest
7. Scroll down, and in the When updating drivers for an existing connection box, select Show warning only.
8. Click OK.
https://technet.microsoft.com/en-us/library/cc725938.aspx
Do these two things, and you'll probably never have to add printers again. It also makes it easy if say, your print server is a 2003 and you need to upgrade it to 2008 or 2012, or 2016 or whatever.
UPDATE:
The above does work, but if you already had shared printers, it just adds them on top. Now we want to remove those through GPO, this is possible.
Here is an indepth look with screenshots:
https://community.spiceworks.com/how_to/11413-group-policy-preferences-printer-deployment
What I did:
Step one:
List the shared printer in the Directory.
This is done in the Printer Properties, on the Sharing tab.
Step two:
In GPO
Go to User Configuration, Preferences, Control Panel Settings, Printers
New>Shared Printer
Action Delete
put the check mark in Delete all shared printer connections
Duplicate the previous steps, instead of Delete, select Create.
Use the [...] to locate the printer to add, repeat for all needed printers.
No comments:
Post a Comment