10

I've come across a showstopper in my magnificent task to create a printer GPO which maps printers inside the TS session based on the RDP client address - the address isn't known when using a gateway server :(

Right-click + status on a session via RD gateway:

enter image description here

Same thing on a session NOT going through RD gateway:

enter image description here

Does anyone know if this is possible to get around? Are there perhaps some kind of undocumented registry change I can do on the gateway server to pass this information along?

pauska
  • 19,620
  • 5
  • 57
  • 75

4 Answers4

2

Looks like this isn't possible. I'm going to file a feature request with Microsoft.

pauska
  • 19,620
  • 5
  • 57
  • 75
1

Since the TS gateway is effectively a proxy, why don't you query the proxy's logs? Filtering for the last event 303 from Remote Desktop Gateway by the user in question should supply you with the IP. I am not aware of any "X-Forwarded-For"-style header in RDP.

the-wabbit
  • 40,737
  • 13
  • 111
  • 174
  • I'm not sure if you're aware of how item level targeting works in a GPO, but I'm pretty confident that there isn't any way to feed it with data from a log file. – pauska Jan 31 '12 at 12:30
  • @pauska ah, targeting. I thought you were scripting. No further ideas then, sorry. – the-wabbit Jan 31 '12 at 19:21
  • WQL lookup on the GPO? Its... rough, but might work. – Patrick Mar 20 '12 at 10:05
  • @Patrick nearly everything about Windows scripting is rough, if not ugly. We can't change it, so we have to live with it. – the-wabbit Mar 20 '12 at 10:13
0

I saw this, I don't know if it helps, but did want to pass it along just incase.

http://www.virtualizationadmin.com/kbase/VirtualizationTips/DesktopVirtualization/MicrosoftVirtualDesktopInfrastructureTips/InstallationDeployment/GPOpreferenceswithTerminalSessionItemLevelTargeting.html

Eric C. Singer
  • 2,329
  • 16
  • 17
0

Perhaps you could create a logon script that maps the printer based on the RDP connection? First create an "iplist.txt" file that contains the ip addresses and departments that you want to map the printer for: 

192.168.0.173,Marketing
192.168.1.173,Sales
192.168.2.173,Finance

Place the iplist.txt file in a directory that the person logging on will have read access to. From there you can use this batch file to map the printer:

@echo off

netstat -na | find "3389" | find "ESTABLISHED" > logfile.txt

for /f "tokens=1,2 delims=," %%a in (iplist.txt) do (

    for /f %%i in ('findstr %%a logfile.txt') do (
        set ip_addr=%%a
    )

    if "%ip_addr%" == "%%a" (
        if "%%b" == "Marketing" (
            rundll32 printui.dll,PrintUIEntry /in /q /n \\print_server\marketing_ptr
            REM Set as default:
            rundll32 printui.dll,PrintUIEntry /y /q /n
            goto :end )
        if "%%b" == "Sales" (
            rundll32 printui.dll,PrintUIEntry /in /q /n \\print_server\sales_ptr
            REM Set as default:
            rundll32 printui.dll,PrintUIEntry /y /q /n
            goto :end ) 
        if "%%b" == "Finance" (
            rundll32 printui.dll,PrintUIEntry /in /q /n \\print_server\finance_ptr
            REM Set as default:
            rundll32 printui.dll,PrintUIEntry /y /q /n
            goto :end ) )
)

:end 

del logfile.txt

You also want to make sure that logfile.txt gets written to a location that the user logging on will have write access to.

It may not be the reg hack your looking for, but it could work as an alternative....

matrixx333
  • 74
  • 4
  • I just realized if multiple people are connected to the computer via RDP, then this will map the printer for the person who's ip address is the highest in the list of connections.....so it might not work properly in your environment :( – matrixx333 Mar 17 '12 at 17:04
  • Thanks for the effort, but the point here is that the client IP is "UNKNOWN" when you connect through a RD Gateway. I already have a solution for mapping the printers when the client IP is revealed (group policy extension). – pauska Mar 17 '12 at 17:36
  • I apologize for the misunderstanding...still, writing the script was fun :) – matrixx333 Mar 17 '12 at 17:53