Automate the addition of printers to Group Policy
- Hi!
I posted a couple of questions in another forum, and got these answers:
1) As far as I know, the printer connections added to a Group Policy using the Windows Server 2003 R2 feature, are stored in the domain partition in Active Directory as objects in objectCategory=msPrint-ConnectionPolicy. Are this the same for Group Policy Preferences in Windows Server 2008/2008 R2? In other words: Can we reuse the printer deployment GPO`s we create now for GP Preferences printer deployment when we some time in the future buy Windows Server 2008 CALs?You are correct. Using Print Management the GPO is stored in objectCategory=msPrint-ConnectionPolicy. However this is not the same as Group Policy preference. This means we are not able to reuse the GPOs when we use Group Policy Preference in the further.
Print Management is actually more powerful than group policy preference. It is used via group policy as well. We do not need to create a separate group policy for it to use. Instead, we can use any existing group policy such as Default Domain Policy, or the group policy that you have used to deploy printers via group policy preference.
With Print Management, we can manage printers more easily. Click Administrative Tool->Print Management and we can manage printers through a central manner, which is more easy and efficient.
We can also manage printers in GPO more easily with Print Management installed. To do so, open group policy editor, expand Computer Configuration(User Configuration)->Policies->Windows Settings->Deployed Printers.
2) Are there any automated way to publish the printer connections to a GPO with scripting? To avoid manually adding several hundreds of printer objects to a GPO. We have a csv-file containing all the printer connections.I tried to find if there is any internal tool for you to do this but it seems very hard to find such one. I suggest we post this question to the MSDN forum because for coding and script questions MSDN is more appreciate:
MSDN Forum can be found here:
http://forums.microsoft.com/
My question are related to how to automate the process of adding printers (\\printserver\printer) to Group Policies in the objectCategory msPrint-ConnectionPolicy in Active Directory.
Preferably I would like to create a PowerShell script to accomplish this.
Does anyone have any experience/suggestions regaring this?
Jan Egil Ring
Blog: http://blog.powershell.no
Twitter: http://twitter.com/janegilring
Answers
- Jan, of course you could use Powershell to do that, especially with the new features provided with Windows 2008 R2:
http://technet.microsoft.com/en-us/library/dd378866(WS.10).aspx
The object "PushedPrinterConnetions" and its sub-objects could be created/modified just as any AD object.
But here are some thougths of mine to your posting:
The "more powerful" attribute in this case (printers) definately belongs to GP Prefrences. Why? Some examples:
- it can handle more different printer types (local, TCP/IP, and shared instead of only "shared")
- it has several additional options (deleting all existing connections, setting default printer, etc.)
- it can save a lot of GPOs because you can have many Printer items in one GPO and use Item Level Targeting to address
each printer individually (e.g. per group or even per user). Using "Deployed Printers" you rely on basic targeting features
like linking per OU, and security group filtering and very likely you don't want to have the same printers on
Concerning the automation request: I think the very clear XML files used by GPP are much more easier to maintain by own code than the AD stuff used by "Deployed Printers".
And never ever use the "Default Domain Policy" to add stuff like this.
Instead create a separate GPO and link it to the desired level.
Patrick- Marked As Answer byMervyn ZhangMSFT, ModeratorThursday, November 12, 2009 10:07 AM
- Hi Jan,
I am not an expert on licensing questions, but for managing GPP you can either use a Windows Vista with RSAT or better a Windows 7 instance.
So Windows 2008 ist not a "must have".
And even when using Windows 2008 R2 (which I'd prefer) this machine will not be accessed by the clients, only by an administrator setting up the policies.
You DCs can stay as they are (e.g. Win 2003) the same way as the rest of you infrstructure.
So maybe take this into account when talking with your license management guys.
Patrick- Marked As Answer byMervyn ZhangMSFT, ModeratorThursday, November 12, 2009 10:08 AM
All Replies
- Jan, of course you could use Powershell to do that, especially with the new features provided with Windows 2008 R2:
http://technet.microsoft.com/en-us/library/dd378866(WS.10).aspx
The object "PushedPrinterConnetions" and its sub-objects could be created/modified just as any AD object.
But here are some thougths of mine to your posting:
The "more powerful" attribute in this case (printers) definately belongs to GP Prefrences. Why? Some examples:
- it can handle more different printer types (local, TCP/IP, and shared instead of only "shared")
- it has several additional options (deleting all existing connections, setting default printer, etc.)
- it can save a lot of GPOs because you can have many Printer items in one GPO and use Item Level Targeting to address
each printer individually (e.g. per group or even per user). Using "Deployed Printers" you rely on basic targeting features
like linking per OU, and security group filtering and very likely you don't want to have the same printers on
Concerning the automation request: I think the very clear XML files used by GPP are much more easier to maintain by own code than the AD stuff used by "Deployed Printers".
And never ever use the "Default Domain Policy" to add stuff like this.
Instead create a separate GPO and link it to the desired level.
Patrick- Marked As Answer byMervyn ZhangMSFT, ModeratorThursday, November 12, 2009 10:07 AM
- Hi!
Thanks for sharing your thoughts.
I would agree that the GP Preferences seems more powerful, and that maintaining the XML files for this with PowerShell would be the easiest way to automation.
However, the main reason for considering using the Print Management feature “Deploy with Group Policy” is that GP Preferences requires Windows Server 2008 CALs, which are not in place in the specific scenario I`m working with. Therefore I need to decide whether to use some kind of scripting teqnique (like Kixtart) or the Print Management feature “Deploy with Group Policy".
Jan Egil Ring
Blog: http://blog.powershell.no
Twitter: http://twitter.com/janegilring - Hi Jan,
I am not an expert on licensing questions, but for managing GPP you can either use a Windows Vista with RSAT or better a Windows 7 instance.
So Windows 2008 ist not a "must have".
And even when using Windows 2008 R2 (which I'd prefer) this machine will not be accessed by the clients, only by an administrator setting up the policies.
You DCs can stay as they are (e.g. Win 2003) the same way as the rest of you infrstructure.
So maybe take this into account when talking with your license management guys.
Patrick- Marked As Answer byMervyn ZhangMSFT, ModeratorThursday, November 12, 2009 10:08 AM
- Patrick,
This was my plan excactly, but I checked the licensing regarding this with Microsoft and it turns out GP Preferences is considered a "Windows Server 2008 feature" which requires 2008 CALs. Techincally however, it`s fully possible to implement GP Preferences without any 2008/2008 R2 DC`s as you say.
Jan Egil Ring
Blog: http://blog.powershell.no
Twitter: http://twitter.com/janegilring
