Sorry for long preamble and thanks in advance to one who could read it all.
I have about 60 network printers. Some are in HQ, some are in distant locations (from 1 to 300 km away of HQ). Some locations have print-servers, some does not. Locations without PSs are served by HQ's printserver. Printers are assigned via GPO/user/preferences/control panel. It is impossible to deploy these via GPO, because our "chief HQ" (upper level IT dept) disallowed site admins to create their own GPOs, we can use only limited number of GPOs and write tons of similar GPO rules to connect printers and shares to specific groups of users.
For example, Accounting dept have its internal number of 008. Then, all members of group dept_008 must have full access to the share "docs_008" and to two printers (MFU), for example prn015 and prn027: the accounting dept occupies two large rooms (prn015 is in the room #310, and prn027 is in #312) and there is one MFU per room. Naming of depts and devices is irrelevant to room numbers
I created 4 (four!) groups for ruling these printers:
- Group dept_008 is a member of groups use_prn015 and use_prn027, to get both printers connected to all 008's workers: should one MFU fail, they can continue to print and to scan on MFU in next room.
- Workers in room #310 will have prn015 as default printer, and from #312 – prn027 as default. Then some of dept_008's workers are members of use_prn015def and some others are in use_prn027def, where "def" stands for "default printer"
Our top-brass thinks that the end-user is too busy to make him/her to learn "how to choose default printer" – they think that it must be IT dept's headache. Then the GPO rules handles the situation: "if user is in the use_XXXdef then connect prnXXX and make it default printer, otherwise, if user is in use_XXX then connect prnXXX and do not make it default, else do not connect prnXXX at all".
And I have about 120 rules, because GPO isn't flexible enough to allow conditional default/non-default connection: I can (in one rule) connect the printer as default, or as non-default.
Thank you for reading until here. This is the end of preamble.
Now we bought prn030 to replace aging prn015. Prn015 is still in good conditions, and it will replace obsolete prn001 in distant location. The name of printer is permanent: printer will have this name for all its useful life – 3 digits in the name allows us to create enough unique names 🙂 But this printer now must be controlled by another print-server (i.e. ps002), which is in that distant location. And I must change GPO rules to connect ps002\prn015 instead of ps002\prn001 and of psHQ\prn015.
It is OK, when one printer moves per one-two months. But some times it is required to move much more printers to another printserver and that is a real headache – to re-write all these rules and re-assign printers on print-servers.
OK, I can control every printer with every print-server, disabling the printers which aren't in same location as print-server. (for example, distant ps002 have pre-defined shared printer prn030, but will not serve it) But re-writing rules… OMG!
I could not find any useful answer of how to re-write these GPO rules without thousands of mouse clicks within GP management editor: I have no idea how to script this process, for example supplying the 2-column list to some program which will made the modifications necessary to replace all "psHQ" with "psHQ1", "psHQ\prn015" with "ps002\prn015" in ALL rules in ALL GPOs applicable etc… Is it possible – to modify GPO rules without GUI?
More, my boss dreaming about automatically choosing the PS relative to user's login location. For example, if user from location002 logged-in (AD domain) in locationHQ computer, he must get his "new" prn015, but he must get psHQ\prn015 instead of ps002\prn015 – someone convinced him unshakable that such connection (local PC – local PS – distant printer) will work faster than (local PC – distant PS – distant printer). I can do this with additional complex GPO rules, but I will crash my head into a wall, should I imagine the amount of rules I must write for…
So, I have only two options:
- to write miles-long login script, which will handle all and every possible
configurations - to create enough GPO rules for the same
I prefer GPO rules. Any suggestions for automated creation/modification of these rules?
Thank you!
Best Answer
For bulk edits to the UNC's of printer shares:
In GPMC backup the GPO. In the backup directory there will be a file named "printers.xml". Use notepad to Search/Replace "\\serverX\printer1" with "\\serverY\printer1". Back in GPMC, restore that GPO. It will read the modified XML and your changes will be made.
Printer connections based on login location:
Do you have different AD Sites to represent these locations? Policies can be linked to AD Site objects. You could augment and/or replace your OU based printer GPO's with GPO's linked to the AD Site objects. In GPMC, right click the sites node, select Show Sites, choose some sites, right click a site, select Link an Existing GPO. Another option would be to use the "item level targeting" within the GPPref printers. ILT can leverage AD Sites (if you have them) or subnet ranges of desktops (if you don't have sites). If your rights are limited, the next level up of IT support should probably handle the site based printer connections.