I thought about why managing printing in an enterprise is so frustrating and came to a conclusion that the solutions available (and available to my budget) do not fill end users requirements but IT administrators requirements. Ultimately users what to print something, to the closest printer without having to install printers/drivers or speak to IT, where as IT administrators want to control deployment, configure default settings and centrally control access.
What are the options?
The options that I looked at were either readily available or moderately priced. All of the below options have their pro’s and con’s and hopefully I have covered most of them.
| Group PoliciesThis solution involves you deploying printer shares to either users or computers using Active Directory Group Policies. Each printer requires a dedicated Group Policy and was the recommended deployment method during Windows Server 2003 R2 days. | |
| Pro’s | Con’s |
|
|
| Group Policy PreferencesThis solution also uses Group Policy however it uses the Preferences component that allows more granular control of how its deployed, including IP address/subnet/AD sites. | |
| Pro’s | Con’s |
|
|
| Print Management SolutionThis solution centrally manages the printing, where you print everything to the one printer, and when you want your prints you walk up to any printer and print your documents then and there. Some solutions integrate with you security swipe card. | |
| Pro’s | Con’s |
|
|
|
Self-Service model This model allows end users to add printers that they are close to and print directly to them. The user has full control over what they do, and limited restrictions are in force. |
|
|
Pro’s |
Con’s |
|
|
The solution for us
Due to our environment being very Microsoft-centric it seemed logical to use a Microsoft solution to deploy our printers to our clients.
Original configuration was using assigned deployments to users based on departments/divisions however with company restructures, printers moving and users moving around the office it soon became evident that users need to manage access to printers on their own and IT needed to help users do this efficiently. So in light of this we changed our model.
Out users now have the ability to search Active Directory for published printers and install one that is close to them. With some GPP (Group Policy Preferences) trickery we can optimise the results based on users Location or Comments.
Location based printers in an Enterprise (Using AD Site/Subnet/IP Range/etc)
Windows 7 has a ‘Network scan’ window when you select ‘Add a network, wireless or Bluetooth printer’. Unfortunately there is no official Microsoft way to customise what this scans. Luckily there is a clever little trick (if I must say so myself) where you can use a combination of GPO, GPP and Printer configuration to force this window to only display printers in a particular location. Here is how it works:
- In Windows 7, click Start and then Devices and Printers.
- Click on Add Printer, Then ‘Add a network, wireless or Bluetooth printer’.
- A list of printers is displayed in the Network scan window. By default windows tries to display printers closes to you based on IP and Subnet information. In my testing it appears that Microsoft dont do a great job of determining close printers on different VLAN’s.
This window is what I optimise by using GPP below.
Printers
All the printers you have published to Active Directory (that you want displayed in the ‘Network scan’ window) will require the location field to be set. In our environment I set the location field as follows:
- Sales, Level 1, South Wing, Sydney Office
- Warehouse, Ground Level, Perth Office
These descriptions are usable for users to understand where the printers are located, but also means that we can use that information to further refine the ‘Network scan’ window. We use the city to distinguish our printers as each office has a different AD site. Likewise you could use campus building names, individual floors etc, so long as you can distinguish between them somehow.
Group Policy Preferences
Here we have to configure a Group Policy Preference to set a registry key based on item level targeting. This registry key will predefine a search query that will be used to display only the printers that meet the query results. If you change network locations (or other criteria supported by Group Policy Preference Item Level Targeting) then the registry (your search query) will change and thus affect what printers are populated in the ‘Network scan’ window.
In my case, I used AD Site targeting, and associated a site for each city. The registry key that we set is:
[code]HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Printers\PhysicalLocation[/code]
The value is the search term. If you make sure you put a * (wildcard) in front and behind your word it will search the entire string for this word. Examples that we use are:
*Sydney*
*Perth*
One of the side-effects of using this configuration is the predefined search that is saved for that PC in automatically populated in the ‘Find Printers’ in Active Directory window. If you need to do a custom search you simply delete the text to get full results. Refer to screenshot:
When Editing the GPP there are a couple of things to remember:
- We are changing Computer settings, not user settings, because the PhysicalLocation registry key resides in HKLM hive.
- We configure multiple registry entries all with different values and apply specific Item Level Targeting to each
- Simple or complex item level targeting is possible – means you can be as granular as you like. We kept it simple and only use the AD Site.
Below are screen shots of the Group Policy Preferences windows that I have configured. I have only expanded one of the 5 registry entires for PhysicalLocation.
The ‘Number of directory printers’ Group Policy setting is required if you have more than 20 printers per location. 20 printers is the default value.
Conclusion
The above steps are quite simple to achieve and roll out to your enterprise as it wont impact your existing users. Since moving to this new approach our users who travel from state to state are able to easily install the printers.
Next stage would be to change their default printer depending on their location. Any thoughts on this?
References
As usual I have many references for the information i find, and i try and share them all with you. Some may be as small as a one liner in a comment.
- Establishing a naming convention for printer locations
http://technet.microsoft.com/en-us/library/cc782717%28v=ws.10%29.aspx - GPO – Computer Configuration\Administrative Templates\Printers\
http://gpsearch.azurewebsites.net/#2209 - Windows 7 Not Seeing AD Printers when adding printers
http://social.technet.microsoft.com/Forums/windows/en-US/4c6f03f2-ae40-4e5c-9546-0b5046a1975a/windows-7-not-seeing-ad-printers-when-adding-printers - Deploying Printers to the fleet via Group Policy Preferences
http://dxpetti.com/blog/?p=181 - Deploy Printers with Group Policy without using Local Loopback
https://the.geekorium.com.au/deploy-printers-with-group-policy-without-using-local-loopback/ - Location tab in Active Directory
http://www.winvistatips.com/location-tab-active-directory-t690120.html - Configuring Printer Location and Setting Location Policies
http://technet.microsoft.com/en-us/library/cc784134%28v=ws.10%29.aspx - Enabling printer location tracking
http://technet.microsoft.com/en-us/library/cc780327%28v=ws.10%29.aspx - Windows 7 Not Seeing AD Printers when adding printers
http://social.technet.microsoft.com/Forums/windows/en-US/4c6f03f2-ae40-4e5c-9546-0b5046a1975a/windows-7-not-seeing-ad-printers-when-adding-printers
thanks Ivan, this is a great summary 🙂 cheers
Nevermind, looks like only the reg key for the ‘site’ you’re in shows up in the registry of the computer. 😀 I chose to do it by IP address and when I switched the IP the registry key updated and changed it to the new site. Thanks for this article, very informative!
glad it worked for you. I am interested to hear what other print management tweaks you (or anyone else) had implemented to improve user experience.
When I set the PhysicalLocation reg key only the last key shows up, I’m guessing because they all have the same name (PhysicalLocation). If I call the first one PhysicalLocation1, the second PhysicalLocation2, etc…then they all show up…but then it doesn’t work right.