Deploying printers to specific users via Group Policy

active-directorygroup-policyprint-servershared-printerswindows-server-2012

I have noticed two different ways of deploying printers to specific user with Group Policy in Windows Server 2012. The first method is by creating separate GPOs for each group, and the second method is adding all printers to one GPO and then using security settings to determine who can print to it/who it will deploy to.

The problem with the first setting is that many of the printers on the network only need to be deployed to a single user, and because of this I would need to create about 30 GPOs for each printer group. Many of these only containing a single person.

The second option seems to suit my needs a lot better, but with this option people who the printer is not deployed to cannot connect to the printer via the server even though it is listed in the directory. I would prefer to allow people to connect to printers that are not deployed to their PCs as needed.

My question is whether there is any way to set it up so that it only deploys to certain users, but others can connect to it as needed without creating a separate GPO for each user with a printer in their office. Any ideas?

Best Answer

One way could be to define environment variables %CustomPrinterShare% either per user that needs one or per computer if that suits you better, containing the path or part of the path to the custom printer share (i.e. build the path up using one or multiple environment variables).

In a policy, preference or logon script you could map printers using the environment variable(s) to target the specific printer path, for instance map using path %Computer%\%CustomPrinterShare%.

Assuming you could name the printer shares creatively (to match the values or part of the values of the environment variables) maybe you could save some legwork compared to defining multiple GPO's? Every user that needs one would get their specific printer while still allowing others to connect.

Another way could be to use a value in an AD attribute to map the printer.

There would be so many concrete ways to implement this, it all depends on how creative you can be with the specifics of your environment. So just by way of one simple example:

  1. You figure out that it would mean the least administrative time for you to fill in a value in an AD attribute per each user object that needs a printer, than by creating a custom GPO printer mapping for each user.
  2. So you either dedicate one of the custom attributes available, say Custom Attribute 1, or you customize the schema to create an entirely new attribute.
  3. For the users that need a printer you enter the path to their respective printer share, for example \\Computer\PrinterShare, into the chosen attribute.
  4. Using a logon script you check for a value in this AD attribute. If there is a value the script attempts to map a printer with it.

I'm just sketching loosely, tweak to your hearts desire.

Related Topic