1

I have a Group Policy Object designed for users in a particular department which should delete all existing printer mappings, and then map all users to 9 different printers (all on the same server). The issue is that the "Delete All" item does not seem to take effect, and then two of the nine printers are skipped and do not end up installed on client PCs. I am more concerned about the skipped printers than the "Delete all", though it is interesting that they are both being skipped.

Notable is that the two skipped printers are the only two Canon printers (IR-ADV 8295) of the nine and share a driver. I updated the driver during troubleshooting with no effect.

I'm currently troubleshooting this on my own account. I added myself to the Targeted group and created a link to my OU.

All client PCs are Windows 7 x64, and all printers have associated x64 drivers installed on the server (no 32-bit drivers are installed on the server).

Here are other things I've tried:

Checked Event Viewer on a client PC, and found nothing relevant in "Applications and Services -> Microsoft -> Windows -> GroupPolicy -> Operational" or in any of the Windows Logs.

Checked printer configuration on the server (e.g. permissions) and all nine printers have uniform configuration.

Checked for spelling errors and configuration issues with the GPO items, and all nine items have uniform configuration with no errors.

Discovered that the skipped printers can be manually mapped/installed successfully.

Enabled Point-and-Print policy in the GPO and set to "do not show warning" for both drop downs, which made no difference.

Installed the printer driver prior to running the GPO, which did not make a difference.

I'm running out of things to troubleshoot, so let me know if you have a suggestion!

Bobazonski
  • 131
  • 6
  • Any information in Event Viewer? That would be the first place I look. Make sure you look on a workstation/server they are seeing the issue on as well as on the domain controller that serviced the request (Could be any.) – Nick Young Jan 11 '16 at 20:08
  • What I find helpful is creating a dummy test AD account in the same groups, etc. that are supposed to push these settings and then sign onto the OSes (all Vista, Win7, Win8, Win10, Terminal Servers, and so on) and recreate the issue so you can determine what's causing it. Event Viewer for sure and then a simple dummy test account and signing onto machines, etc. usually always helps me get it figured out or confirmed to work as expected. – Pimp Juice IT Jan 11 '16 at 20:11
  • Are all the printers using the same drivers? If not, I would check to make sure you have both x86 and x64 drives for the printers that's having issues. – shinjijai Jan 11 '16 at 20:13
  • I've checked into all of this and added more information to my questions (regarding Event Viewer, testing method, and OS and driver types) – Bobazonski Jan 11 '16 at 20:26
  • Okay, some notes I had saved from '13 when I did this... Things to check, probably two comments.... Let me know if anything helps - I cannot tell if issues were with particular or all printers, etc. : `1.` **Group Policy object did not apply below --> I found that I had this issue when I had the box ticked "Run in logged-on user's security context". Once I unticked this box all worked OK. strange because I am also performing Item-level targeting to a security group and this all works OK.** I used Group Policy Preferences for this by the way. – Pimp Juice IT Jan 12 '16 at 02:14
  • `2.` **TWO "Point and Print Restrictions" settings: `Computer Configuration/Policies/Administrative Templates/Printers/Point and Print Restrictions` and `User Configuration/Policies/Administrative Templates/Control Panel/Printers/Point and Print Restrictions`. the one under Computer Configuration seems to be the important one. The Server 2008 (non R2) doesn't include this setting in the list, you need Server 2008 R2 for this setting to show up.** These are notes from 2013 in a text doc I found so not sure if there's a source or I wrote, etc. A couple easy things to check or test just in case. – Pimp Juice IT Jan 12 '16 at 02:17
  • `3.` A couple articles of potential interest or help: [**Deploying Group Policy Preferences**](https://deployhappiness.com/deploying-printers-with-group-policy-preferences/) and [**Change Driver Installation Security for Printers Deployed Using Group Policy**](https://technet.microsoft.com/en-us/library/cc725938.aspx) – Pimp Juice IT Jan 12 '16 at 02:20

1 Answers1

1

All of your comments were great possibilities and certainly things to check in a case like this, but it turns out my issue was that the preferences were item-level targeted to members of a specific group. Double-clicking on the Targeting item displays a SID that must match the targeted group, and the issue was that although all printers were targeted to the exact same group, the SID was missing from the two printers which weren't mapping.

Apparently, by design, you MUST search for the group and select it in order for the SID field to populate and the policy to apply correctly.

I was led to this discovery by going to the "C:\ProgramData\Microsoft\Group Policy\History" directory and finding the "Printers.xml" file. It will show which policies applied, and details about their targeting. In my case, there was an entry for the non-working printer mappings which said SID="".

Bobazonski
  • 131
  • 6