Wednesday, October 5, 2011

Tips: How to deploy printers in a Windows Server Environment usingGroupPolicy

In this article, let’s discuss about automating the printer deployment using Group Policy and how to use GPOs to assign access to the printers.

What is Windows GPOs?
If you’re managing a Windows domain based network, you should be familiar with the basics of the Group Policy Management and the granular control, right? It allows over virtually every setting available within the Windows client systems. If you use the old style login script, you can still achieve the impressive results. But, the thing is that you can do much more using Group Policy Objects without any need of being an expert in scripting. I’m sure that this particular challenge will be a good example of how apparently complicated solutions can be brought out using a simple GPO setting.

What are the Pre-Requisites?
If you’re going for a printer deployment, you should have a Windows Active Directory domain as this article is about your Domain Controller is a Windows 2008 R2 Server. Moreover, it is required to have the Printer Services role installed on a server and you will be using the Print Management and Group Policy Management consoles to configure the various settings. Make sure that you’ve already shared one or more printers on your server with necessary drivers to be deployed. If not, share the printers on your server. Then, follow the instructions. Good luck..!
How to plan the printer deployment?
Establishing your printer deployment requirements will be the first thing. It means that which users or computers need access to which printers. Therefore, ideally to put an end for confusion, for those users who don’t want access to printers will never use, especially if your network is spread over a large building or multiple sites. If you haven’t done so already, then now would be a good time to check that descriptions and location details of each shared printer and correctly filled out.

The Group Policy Objects should be linked to Organisational Units in your Active Directory. Therefore, in order to effectively manage your printer deployments, it is required to have your users and computers divided into suitable OUs. This is much important if you wish to deploy your printers according to location. For example, if you have an OU containing all the computers in the Accounts department, you can then create an “Account Printers” GPO linked to it. At the same time for the larger multi-site networks, it’s worth noting that you can still assign printer deployments GPOs to AD sites. Therefore, the laptop users moving between sites will automatically get local printers installed for them.
You can perform the printer deployment as a part of either the computer or the user configuration section in GPO or even both as there are plenty of flexibilities to setup. Besides, there is no need to create separate GPOs for the printer deployment. so if you already have them set up to configure other features on your client systems you may find it easier just to add the printer settings to your existing GPOs. However for the purposes of this guide we will create a new GPO just for our printer deployment.

Let’s have an example that we have a small network and it has a Windows 2008 R2 Domain Controller with 20 client PCs running a mixture of Windows XP and Vista, split between two offices which each have their own printers in. Let’s consider one office is “Sales” and the other one is “Accounts” as the IT requirements are different. Now, there will be two OUs setup in the AD and named "Sales" and "Accounts" respectively.
Then, there is a large copier/printer device which we will want to give all users access to as our Printer Deployment GPO planning is simple. We can have one GPO linked to the "Users" OU for the large copier/printer, and then we will have a GPO each for the "Accounts" and "Sales" OUs that deploy their respective office printers.

How to create a GPO?
After establishing the printer deployment requirements, you should create the GPO that will apply the settings to the clients for us. In order to do this, it is required to open the Group Policy Management Console (GPMC), which you can find listed under Programs - Administrative Tools on your Domain Controller server.
Then, expand the tree down through your domain until you can see the OU where you have decided you need to create your GPO, then right-click on it and select "Create a GPO in this domain, and Link it here....":

Now, we will create a GPO using the above example. To deploy your large printer for all users, it is required to right click on the “Users” OU and select “Create a GPO..”; name it "Large Printer Deployment" when prompted so our GPMC now looks like this:
How to support Windows XP Clients?
If you’ve only Windows Vista and later versions on your network, you can simply skip this step and proceed with the next section as they already comprise the support for GPO printer deployment. However, if you have any Windows XP client systems or Windows 2003 Server like terminal server, the GPO will apply to then you need to configure your GPO to install the "pushprinterconnections.exe" utility onto them. Windows 2008 Server comprises only the 64bit version of this utility, and its highly likely that your Windows XP clients are of the 32bit variety, in which case you need to download the pmcmgmt.exe utility. Then, install it on one of your XP clients. Once installed browse to the C:\Windows\PMCSnap folder on that PC and copy the pushprinterconnections.exe file over to your server.

Now, you have the 32-bit version  of the utility. Just right click on your new GPO and select Edit to open a new window that contains the options for your GPO. Now, depending on if it is a user or a computer based policy expand down to "Windows Settings" and then select "Scripts" and then in the righthand pane right-click on "Logon" (or "Startup" if it is a Computer policy) and select "Properties": Then, you can view the "Logon Properties" window (or "Startup Properties" for Computer configuration):
Now first, it is required to click “Show files” to open a new Windows Explorer that shows the “Logon” folder. This is in fact one of the default system system shared folders on a Windows Domain Controller that clients can access during the logon process. If you don’t have previous configured logon script or other utilities to deploy via GPO, it will be empty. However, it is required to copy the "pushprinterconnections.exe" file you downloaded earlier into this folder.

Now, you can close the folder window and return to the "Logon Properties" one, and this time click the "Add" button, which will open another window asking you for the script name and parameters. Then, just click the "Browse" button in that window and it should open the "Logon" folder again, this time with the "pushprinterconnections.exe" file in there. Double-click on the file to select it, leave the "Parameters" field empty and then click "Ok" to close the window. Now, you should be able to see "pushprinterconnections.exe" listed in the "Scripts" section of the "Logon Properties" window. Then, click OK to close it.
Remember that any additional printer deployment GPOs you create, you should repeat this to to add the pushprinterconnections utility as it will not cause even if it runs twice.
How to add a printer to your deployment GPO
Here, it is required to expand the "Print Servers" section and select "Printers" to view the list of printers that you have shared in the righthand pane instead of opening your Print Management Console with you’re familiar. Now, right click the printer you wish to deploy and select "Deploy with GPO". Now, the below posted window will be displayed.

Therefore, right click the “Browse” button in order to select the GPO you’ve just created. Now, in the window that opens, you can find it easily by just clicking the "All" tab to view all the GPOs on your domain and scroll down to the appropriate one, then select it and click "Ok".
Now, you can view two options for deploying the printer connection per user or per machine. Then, check whichever the policy is suitable for your and click OK. Moreover, it is possible that you can deploy a printer via multiple GPOs if your setup requires it. You may also select the "Deployed Printers" option in the Print Management console to see the complete list of printers that you have deployed via GPO.

Now, everything is successfully done via GPO. Therefore, if you log on to an applicable computer or as a suitable user, you should see that the shared printer is available for use. If not, it is required to check the Event Logs as any error with the GPO deployment. If you find that there is no printer or any warning in the Event Log then you may want to use Group Policy Modelling or the "gpresult" tool to check if the GPO is applied correctly.
B  y
, ,