5

I have a Windows Server 2008 R2 print server. The client machines are Windows 7 Professional. I am having issues with user accounts not getting the printer added when they login.

Things that I have tried:

  • Installed Printer Driver In Printer Manager
  • Set Printer To Be Shared
  • Set the Security Of The Printer To The Correct Group
  • Added The User To The Correct Group
  • Created A New GPO
  • Added The Printer To The GPO (See Image)
  • Added The Group To The Security Filtering
  • Ran GPUPDATE /Force

GPO Printer

I have another GPO that I have setup for another printer, and it works fine. The only difference between that GPO and the one that I am having issue with is the security filtering. The filtering on the one that works has the following:

  • Everyone
  • Domain Users
  • Authenticated Users

I have also made a video, so that you can see the steps. Please click here to see the video.

nate
  • 407
  • 5
  • 7
  • 17
  • Have you tried changing the action to `Create`, from `Update`? (I know the documentation says that `Update` is supposed to create the connection if it doesn't exist, but my experience has been that this doesn't always work.) – HopelessN00b Mar 25 '14 at 18:01
  • 2
    Has the user logged out and back in so that his/her token contains the security group membership? – joeqwerty Mar 25 '14 at 18:02
  • @HopelessN00b The other GPO uses Update as well, and it works fine. – nate Mar 25 '14 at 18:03
  • @joeqwerty Yes I have logged in and out a hand full of times – nate Mar 25 '14 at 18:03
  • I looked into this method a couple years ago in our initial 7 roll out. Even got it fully implemented. It was always hit or miss even after a lot of hours debugging the processing. In the end I opted for a login script that read the group memberships I was using for item level targeting. Good luck. – Tim Brigham Mar 25 '14 at 18:06
  • Are the clients Windows 7 or XP? Does that same client work with the other GPO? If it's XP http://www.microsoft.com/en-us/download/details.aspx?id=3628 – Nixphoe Mar 25 '14 at 18:11
  • @Nixphoe I updated the question. They are Widnows 7 Pro clients – nate Mar 25 '14 at 18:16

2 Answers2

4

On the GPO you need to check the box "Run in logged-in user's security context"

jth41
  • 138
  • 6
2

One one of the computers where the printers are not installed, run the following: 

gpresult /h gpresult.html

From the user's logon context.

This will show the user's group memberships, and the GPO's applied/denied. This will help you narrow down if it is an issue with group membership not being picked up, or if the GPO's aren't being processed, or if the computer does not even report on the GPO.

Greg Askew
  • 34,339
  • 3
  • 52
  • 81
  • Where is the .html file save @? – nate Mar 25 '14 at 18:34
  • @nate in the same directory that you ran the command from, ie c:\users\username\> gpresult /h > gpresult.html Would put the file in c:\users\username\gpresult.html – Nixphoe Mar 25 '14 at 18:38
  • It says it is inaccessible, on the one the that I am having issues with, and the on that works says empty. I am going to attach the html file to my question – nate Mar 25 '14 at 18:45
  • @nate: Give Authenticated Users Read permission on the GPO, but uncheck the box for Apply Group Policy. – Greg Askew Mar 25 '14 at 18:58
  • @nate: Sounds like they aren't pickup up the group membership. – Greg Askew Mar 25 '14 at 18:59