Best method to add network printers using GPO
Solution 1
This article is long winded, but has good advice. Basically use the Deployed Printers in a GPO, and run PushPrinterConnections.exe as a login script (part of pmcmgmt.exe from this MS DL Page).
Network Printer security should be handled at the Print Server end, not by trying to lock clients out (which will royally screw with the above process). Users who are not local admins will not be able to add local printers anyway (and we all know proper security dictates that normal users are not local admins, especially on XP).
Solution 2
I think consensus on this has been prnmgr.vbs for a while. @Chris makes a good suggestion, but I did not know that worked with XP clients (I thought all that business worked well with Vista or newer; I have still have tons of trouble with XP clients and printmanagement.msc).
Related videos on Youtube
02 : 32
05 : 19
33 : 35
16 : 49
09 : 58
Alex
Updated on September 17, 2022Comments
-
Alex almost 2 years
Whats the best method to add printers for users using GPO? Also is there any way to prevent thjem from adding network printers but allow them to add local printers?
Server is Win 2003 RC2, clients are a mix of XP and Win 7
-
songei2f over 13 yearsAnd I think his concern, at least for the 7 clients is that non-admin users have the rights to add TCP-IP ports for printers. That is news to me too. I had not noticed yet. -
Philip over 13 years@alharaka, Doh! forgot the link... I'll be darned, I can't believe the default is to allow people to create TCP/IP ports... Something else that needs to be locked down apparently. -
CC. over 13 yearsOne bothersome issue we've had with Deployed Printers via GPO is when the driver itself needs to be reinstalled. Normally, you'd just delete and reload the printer, but Deployed Printers can't be deleted by end-users. It's not the end of the world, but it's annoying. I keep wanting to check out GP Preferences to see if that is any better.
-
songei2f over 13 yearsWell I'll be damned. I guess that article teaches me a lesson. Don't get wrong, love GPO's but I manage a lot of local users and setting up their crap for printer configuration (like default printer and such) are always harder to deal with as a result. Still, I wish this solved all my use cases or I would scrap the mess I have like yesterday.
-
Philip over 13 years@CC, in Vista/7 when you update the driver on the server it automatically installs on all the clients the next time they use that printer; It's very slick (doesn't work in XP though).
-
CC. over 13 years@Chris S: Sorry, I should have been clearer. When the local copy of the driver is corrupt and the server driver is the same, there's no easy way I know to reinstall the driver. The client sees the server driver as unchanged, so there's no update. Of course, I could change the server driver, but I'm leery of affecting all of my print users just to get one workstation fixed. I very well may be missing something; let me know if I am!
-
Philip over 13 years@CC If you know a particular workstation has corrupted drivers you can open the Printer Management MMC, connect to that computer, and delete the driver. It'll pull the driver the next time it connects to the print server. (Again, doesn't work on XP; just Vista/7).
-
CC. over 13 yearsOnly use Printer Management on the server side; never thought to use it for the workstations. Great tip!
