In this tutorial we are going to use Active Directory Security Groups and Group Policy Objects to deploy printers to specific users based on their group membership. At the end of this tutorial we will have two new security groups and two new group policy objects. Members of the first security group will get PRINTER1 installed and set as default, while members of the second group with get PRINTER1 and PRINTER2 installed with PRINTER2 being the default.
Step by step instructions follow the video.
We have these two printers installed on a computer called PRNTSRV and shared on the network. I have called these printers PRINTER1 and PRINTER2 for this tutorial.
Let’s begin by creating our first security group. Open up Active Directory Users And Computers and add our first group.
Now add a description to the security group.
And click on the members tab and add one or more members to the group
Now let’s create our second security group.
Enter a description for the security group.
And now go ahead and add one or more members to this second security group.
Now let’s go over to the Group Policy Editor and open up the Group Policy Objects folder for our domain.
Here we will add our first GPO for PRINTER1.
Pick a name for the GPO and click OK.
Right-click on the GPO and choose edit to bring up the Group Policy Management Editor. Then drill down into User Configuration > Preferences > Control Panel Settings > Printers. Right-click in the window and select New > Shared Printer.
We will leave the action as Update and enter the path to the printer, (or click the button to browse the directory for your printer). Here we can check the box to set this printer as default as well.
Go up to the Common tab and check the box for Item-level targeting. Then click the Targeting button.
Now we will click the New Item drop-down and select Security Group.
Type the name of the first group we created earlier and click Check Names and then OK.
Now we can see our domain name and group name as well as the SID of the group. Click OK.
Now we will click Apply and OK to complete the setup of the PRINTER1 GPO.
Open up the editor for the printer2 GPO and drill down to the printers folder again.
We are going to do the same thing for the first printer that we did last time, only this time we are not going to set it as the default printer and we are going to target our PRINTER2 Security Group.
Common Tab – Targeting
New Item – Security Group
Enter our second group name and click check names.
Here is our domain\group and the SID of the group. Repeat this to add a second printer to the GPO, this time setting PRINTER2 as the default.
Now let’s right-click on the domain and select Link an Existing GPO. We will do this twice to link both the printer1 GPO and the printer2 GPO into the domain.
Link the second GPO.
Now we can go to our workstations. On workstation1, (where my user account is logged in), we can open up a command prompt and force a group policy update with the command gpupdate /force.
This will immediately deploy the printers from AD to the workstation and set the second printer as default, (because my account is a member of the printer2 group).
Jump over to workstation2, (where we are logged in as user1 on the domain), and do a gpupdate /force to setup the first printer and set it as default.
That’s it. We have configured our Active Directory Security Groups and Group Policy Objects to deploy item-level targeted printer installation.