none
Active Directory Environment Tab "Connect client printers at logon"

    Question

  • Hi Together,

    we have a 2012 RDS Farm and a customer wants printer redirection allowed/disabled per user.
    My first idea was that this is not working, but than I saw the following options, I never used this tab in 10 years...but it seems that this is Obsolete and no longer working in 2012 R2, but I couldn't find any official statements about it.

    On this site, nothig is documented about the printer redirection, only about the drive redirection.

    https://docs.microsoft.com: <useraccount>Properties: Environment Tab</useraccount>

    Regards Philipp


    Thursday, June 7, 2018 2:40 PM

Answers

  • Hi Philipp,

    One approach would be to use RD Gateway for all traffic.  You would create two RD Connection Authorizations Policies (RD CAPs), one named AllowPrinting, the other BlockPrinting.  In the BlockPrinting RD CAP you would have Printers checked on the Device Redirection tab.

    In RDS Deployment Properties -- RD Gateway tab you would uncheck Bypass RD Gateway server for local addresses so that all traffic, both internal and external, would flow through RDG.  If you are concerned that an end user would manually connect directly to the RDSH servers and thus have printing enabled you could modify the incoming firewall rules for RDP so that only traffic from the RDG's ip address is allowed.

    -TP

    • Marked as answer by Philipp Kohn Thursday, June 14, 2018 11:24 AM
    Thursday, June 14, 2018 9:32 AM
    Moderator

All replies

  • Hi,

    Connect client drives and printers at logon:
    https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2003/cc757353(v=ws.10)

    Configure printer redirection settings per user:
    https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/ff519145(v=ws.10)#configure-printer-redirection-settings-per-connection

    Best Regards,
    Eve Wang

    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Monday, June 11, 2018 8:49 AM
    Moderator
  • Hi Eve,

    thank you four your links, but is this working & supported under 2012 R2 and above?
    I tried it in the customer environment and it didn't work.

    Regards Philipp

    Tuesday, June 12, 2018 6:19 AM
  • If there is no solution for this, perhaps there is a workaround?
    Is there any manual solution to redirect a printer that I'm not aware of?

    Printer Redirection is disabled in a big RDS Farm and this setting should not be changed.
    But the customer wants to map/redirect a printer for only one user.

    The last thing that i want is to confige a dial-in vpn and configure the printer as a tcp/ip printer on the printserver. But thats my last step, only if there is no other solution.

    Regards Philipp

    Thursday, June 14, 2018 5:42 AM
  • Hi Philipp,

    One approach would be to use RD Gateway for all traffic.  You would create two RD Connection Authorizations Policies (RD CAPs), one named AllowPrinting, the other BlockPrinting.  In the BlockPrinting RD CAP you would have Printers checked on the Device Redirection tab.

    In RDS Deployment Properties -- RD Gateway tab you would uncheck Bypass RD Gateway server for local addresses so that all traffic, both internal and external, would flow through RDG.  If you are concerned that an end user would manually connect directly to the RDSH servers and thus have printing enabled you could modify the incoming firewall rules for RDP so that only traffic from the RDG's ip address is allowed.

    -TP

    • Marked as answer by Philipp Kohn Thursday, June 14, 2018 11:24 AM
    Thursday, June 14, 2018 9:32 AM
    Moderator
  • Hi TP,

    thx for your Idea, but we discussed the situation with the customer.
    And the time and costs for the configuration was not acceptable.

    So the helpdesk will tell the end user to use a pdf printer, and copy over the pdf between the local and the rds environment. I know that this is awful but this was the customer decission.

    If the customer would let me, I would completly reorganize his printer management
    With Tricerat Screwdrivers or ThinPrint.

    Regards Philipp


    Thursday, June 14, 2018 11:22 AM