I managed to get a working and fairly simple solution, if anyone is interested.
As GPUpdate needs to run for the user side of the policy to re-map the printers and set the default, you have to run it using the logged on users account. However, the only way to get this running silently is to set it to run "whether or not a user
is logged in", which itself means that you cannot make it run as the logged on user as it won't let you use "%LogonDomain%\%LogonUser%" due to there being a chance it could run when there is no logged on user, so you have to use a computer account,
which then means it cannot process the user side of the policy or use a specificly named user account, which means you have to manage that user account and cater for any password changes etc, plus the user account used would need to be sitting in the same
OU as the logged on user to get the same policies, which cannot be guaranteed. Catch 22.
So I scrapped that idea and looked into maybe using the registry, or vb scripts or powershell. But wanted to leave as little a footprint on the device as possible whilst also providing as much clarity on the group policies for future use as possible. Hiding
everything in random scripts just makes things difficult to troubleshoot for someone else and impossible to read using group policies without opening the scripts.
Luckily, I managed to find a simple, silent and easily troubleshoot-able process that met all the above criteria.
Process is as follows:
- Add your GPP printer shares as before, but do not set any as default within the share mappings.
- Create a scheduled task within the same policy to "start a program" 30 seconds after logon of any user. The program will contain the following command line:
%systemroot%\System32\RUNDLL32.exe with the switches as: PRINTUI.DLL,PrintUIEntry /y /n "\\PrintServer\Printername"
If your logon process is especially long, you could try setting the delay to 1 minute rather than 30 seconds.
Note: If you get the printer name wrong, you will generate an error box for the user, removing the whole silent, ninja-like approach. So ensure you get the name right. Copy and paste the name from the printer mapping would be my suggestion.
Depending on how long it takes for your logon process to complete, you should be able to get into windows, open the printers window and watch the green tick change from whatever random one it gets to the one you have set in the above scheduled task.
Hope this helps.