Managing location based printers in an enterprise environment

I thought about why managing printing in an enterprise is so frustrating and came to a conclusion that the solutions available (and available to my budget) do not fill end users requirements but IT administrators requirements. Ultimately users what to print something, to the closest printer without having to install printers/drivers or speak to IT, where as IT administrators want to control deployment, configure default settings and centrally control access.

What are the options?

The options that I looked at were either readily available or moderately priced. All of the below options have their pro’s and con’s and hopefully I have covered most of them.

Group PoliciesThis solution involves you deploying printer shares to either users or computers using Active Directory Group Policies. Each printer requires a dedicated Group Policy and was the recommended deployment method during Windows Server 2003 R2 days.
Pro’s Con’s
  • Comes as part of Active Directory at no cost
  • Allows granular deployment based on users, computers, OU’s or groups
  • Easy to setup
  • Is enforced and users have no control
  • Heavy IT involvement in upkeeping large collection of printers
  • Heavy IT involvement in maintaining deployment groups
  • Difficult to accommodate users moving locations and requiring different printers
  • Is only supported on Windows PC’s that are part of the domain
  • Does not accommodate Mac/Linux/BYOD devices
Group Policy PreferencesThis solution also uses Group Policy however it uses the Preferences component that allows more granular control of how its deployed, including IP address/subnet/AD sites.
Pro’s Con’s
  • Comes as part of Active Directory at no cost
  • Allows granular deployment, including location based properties
  • Little IT involvement
  • Default printers can be set
  •  Does not enforce deployments and allows user to modify configuration
  • Is only supported on Windows PC’s that are part of the domain
  • Does not accommodate Mac/Linux/BYOD devices
Print Management SolutionThis solution centrally manages the printing, where you print everything to the one printer, and when you want your prints you walk up to any printer and print your documents then and there. Some solutions integrate with you security swipe card.
Pro’s Con’s
  • Secure printing as you need to physically walk up to the printer to print
  • Reduced paper wastage
  • Can deploy the printer using the above two methods for Windows PCs, Can deploy to Mac’s using web page
  • Can restrict large document printing during peak periods
  • Complex to configure initially
  • Cost of software/hardware for solution
  • potential per user cost

Self-Service model

This model allows end users to add printers that they are close to and print directly to them. The user has full control over what they do, and limited restrictions are in force.

Pro’s

Con’s

  • Easy for IT to administer
  • Users can control their printers as they choose
  • Is supported with BYOD device model
  • Users need to understand they have to add printers manually
  • Troubleshooting can be difficult

The solution for us

Due to our environment being very Microsoft-centric it seemed logical to use a Microsoft solution to deploy our printers to our clients.

Original configuration was using assigned deployments to users based on departments/divisions however with company restructures, printers moving and users moving around the office it soon became evident that users need to manage access to printers on their own and IT needed to help users do this efficiently. So in light of this we changed our model.

Out users now have the ability to search Active Directory for published printers and install one that is close to them. With some GPP (Group Policy Preferences) trickery we can optimise the results based on users Location or Comments.

Location based printers in an Enterprise (Using AD Site/Subnet/IP Range/etc)

Windows 7 has a ‘Network scan’ window when you select ‘Add a network, wireless or Bluetooth printer’. Unfortunately there is no official Microsoft way to customise what this scans. Luckily there is a clever little trick (if I must say so myself) where you can use a combination of GPO, GPP and Printer configuration to force this window to only display printers in a particular location. Here is how it works:

  1. In Windows 7, click Start and then Devices and Printers.
  2. Click on Add Printer, Then ‘Add a network, wireless or Bluetooth printer’.Add network printer1
  3. A list of printers is displayed in the Network scan window. By default windows tries to display printers closes to you based on IP and Subnet information. In my testing it appears that Microsoft dont do a great job of determining close printers on different VLAN’s.
    Add network printer2
    This window is what I optimise by using GPP below.

Printers

Printer Properties - LocationAll the printers you have published to Active Directory (that you want displayed in the ‘Network scan’ window) will require the location field to be set. In our environment I set the location field as follows:

  • Sales, Level 1, South Wing, Sydney Office
  • Warehouse, Ground Level, Perth Office

These descriptions are usable for users to understand where the printers are located, but also means that we can use that information to further refine the ‘Network scan’ window. We use the city to distinguish our printers as each office has a different AD site. Likewise you could use campus building names, individual floors etc, so long as you can distinguish between them somehow.

Group Policy Preferences

Here we have to configure a Group Policy Preference to set a registry key based on item level targeting. This registry key will predefine a search query that will be used to display only the printers that meet the query results. If you change network locations (or other criteria supported by Group Policy Preference Item Level Targeting) then the registry (your search query) will change and thus affect what printers are populated in the ‘Network scan’ window.

In my case, I used AD Site targeting, and associated a site for each city. The registry key that we set is:

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Printers\PhysicalLocation

The value is the search term. If you make sure you put a * (wildcard) in front and behind your word it will search the entire string for this word. Examples that we use are:
*Sydney*
*Perth*

One of the side-effects of using this configuration is the predefined search that is saved for that PC in automatically populated in the ‘Find Printers’ in Active Directory window. If you need to do a custom search you simply delete the text to get full results. Refer to screenshot:

search AD for printers

When Editing the GPP there are a couple of things to remember:

  • We are changing Computer settings, not user settings, because the PhysicalLocation registry key resides in HKLM hive.
  • We configure multiple registry entries all with different values and apply specific Item Level Targeting to each
  • Simple or complex item level targeting is possible – means you can be as granular as you like. We kept it simple and only use the AD Site.

Printer GPP
GPP Item level targetting

Below are screen shots of the Group Policy Preferences windows that I have configured. I have only expanded one of the 5 registry entires for PhysicalLocation.
The ‘Number of directory printers’ Group Policy setting is required if you have more than 20 printers per location. 20 printers is the default value.

Printer GPO settings

Conclusion

The above steps are quite simple to achieve and roll out to your enterprise as it wont impact your existing users. Since moving to this new approach our users who travel from state to state are able to easily install the printers.
Next stage would be to change their default printer depending on their location. Any thoughts on this?

References

As usual I have many references for the information i find, and i try and share them all with you. Some may be as small as a one liner in a comment.

  1. When I set the PhysicalLocation reg key only the last key shows up, I’m guessing because they all have the same name (PhysicalLocation). If I call the first one PhysicalLocation1, the second PhysicalLocation2, etc…then they all show up…but then it doesn’t work right.

  2. Nevermind, looks like only the reg key for the ‘site’ you’re in shows up in the registry of the computer. 😀 I chose to do it by IP address and when I switched the IP the registry key updated and changed it to the new site. Thanks for this article, very informative!

  3. thanks Ivan, this is a great summary 🙂 cheers

Leave a Reply

QR Code Business Card
%d bloggers like this: