Jeremy Moskowitz founded PolicyPak Software after working with hundreds of customers with the same problem they couldn’t manage their applications, browsers and operating systems using the technology they already utilized.
How to Map a Printer in Modern Desktop Environments
The world might be going digital, but computer users still have to print hard copies sometimes, whether it be out of habit or necessity. That’s why it is still important to be able to deploy printers for your users. In this article, we will show some of the various options available to do this.
Mapping a Printer with GP Preferences
For a decade now, Group Policy Preferences has provided an out-of-the box method to deploy printer, so let’s look at this solution first. The first thing we see using the Group Policy Editor is that we have different settings depending on whether we are creating a computer-side or user-side policy. When creating a computer-side policy, we only have the option of mapping a TCP/IP printer or local printer, while in the case of a user-side policy, we can also map shared printers as well (see the figures below).
So, what can you do if you want to map shared printers to a computer? You can use Group Policy Loopback. Loopback is a workaround that allows you to apply user-side policies to computers. However, like most workarounds, there are drawbacks that include unpredictable results and slower performance. That’s because Loopback doesn’t restrict itself to one single policy. If you apply Group Policy Loopback to the computer, then ALL assigned settings are processed by the Group Policy Loopback processing engine. That is something you normally do not want.
Make Printer Management Easier for Remote Workers
Working remote may be considered the “new normal” for users, but IT may be missing the pieces necessary to deliver a secure, efficient, and compliant Windows 10 experience.
For now, we’ll look at the User side since it offers the most options. Let’s map a shared printer and set it as a default printer, as shown in the figure below.
Next, we will select some useful settings such as “Remove this item when it is no longer applied.” We will also choose Item-level Targeting, which is a great tool that you can use to granularly modify the scope of individual preference items. As you can see in the figure below, there are many criteria we can use.
In this case, we want the policy to only apply to Windows 10 computers. We want to further restrict this printer assignment to members of the East Sales group when they are residing at an office with a designated IP subnet, as shown in the figure below.
As you can see, this method of mapping printers is pretty powerful out of the box, as long you don’t need to assign shared printers to a computer. Also, GP Preferences only works for domain-joined computers and works best for machines that are consistently on prem. Now, let’s look another way that empower us to map shared printers to any Windows machine, regardless of their join status.
Simplify Least Privilege Management
Increase security by removing local admin rights.There's simply no need to give users local admin rights. Use PolicyPak Least Privilege Manager to elevate only applications that standard Users need to run with admin rights.
Installing Shared Printers without Loopback using PolicyPak Scripts Manager
In this example, we are going to use PolicyPak Scripts Manager to deploy our shared printers to select computers without having to resort to Loopback or any workarounds. Because the PolicyPak editors are built inside the Group Policy Management Editor, we start things out the same way by creating a policy, as shown in the figure below.
The PolicyPak Scripts Manager Wizard then guides you through the policy creation process. In the screenshot below we have chosen the option “Apply this policy to all users who log on to the computer (switched mode),” which is the equivalent of Loopback processing without the baggage it brings.
For this example, we are going to use a simple PowerShell script, as shown in the figure below.
Next, we have the option of running a revert option script. This means the script will run when the policy no longer applies. Here we will use another PowerShell script to remove the installed printer, as shown below.
We can then choose how often we want to run the script. For the sake of simplicity in this case, we will choose “Always,” as shown in the figure below.
Note that PolicyPak incorporates Item-level Targeting just like GP Preferences (see the figure below). Although we are just touching the surface of the suite of tools in the PolicyPak suite, you can apply Item-level Targeting in nearly all of the policies you create using PolicyPak.
Now you’re done, at least if you are deploying this policy to domain-joined machines only. Chances are though you may have portable machines that are MDM-joined using a MEM. You also may have remote users who are using machines at home that aren’t joined or enrolled in anything. Whatever the circumstance, PolicyPak can manage your Windows 10 computers. For MDM-enrolled computers you could export this script as an XML file and import it into your MEM, as shown in the figure below.
You can also import the exported file into PolicyPak Cloud, which allows you to deploy Group Policy settings and additional PolicyPak settings to non-domain-joined computers through a convenient web-based portal.
Simplify Group Policy
Too many GPOs means too many problems. Too many GPOs means longer login times and longer troubleshooting on the endpoint. If you have a lot of GPOs, you are not alone. Most companies have too many GPOs – they would like to have less and still have the same amount of security. The reason you have too many GPOs is that you need multiple GPOs for most OUs; some for general cases, and others for specific cases.
Do you have a complex batch file script that you currently use to deploy printers? No problem. PolicyPak Script Manager supports batch files and scripts from JavaScript and VBScript as well.
Check out this full video demonstration on how to use PolicyPak Script Manager to map shared printers without Loopback.
Only Map Printers When You Need Them
When Group Policy Preferences was first released, the idea of deploying printers to remote users was a cool thing. It’s time to think bigger today. For example, what if you want to only deploy a printer when it’s needed, say when a user opens a given application such as Adobe Reader or Microsoft Word? Well, PolicyPak is always thinking bigger. That’s why we offer the use of triggers. You can map a printer when a process runs and unmap it when it closes. As you can see from the screenshot below, there are a number of event triggers to choose from. In this case we selected “Process start.”
Then, choose the process either by file type or by a running process, as shown in the two screenshots below.
As before, you could apply Item-Level Targeting to it if needed. Once completed, you could then create another script policy to delete the printer once the user closes the application by using the “Process close” trigger, as shown in the figure below.
Check out this video demonstration showing the entire process of mapping or un-mapping a printer using triggers.
By using PolicyPak Scripts Manager, you can deploy printers on demand in real time. This is but one of the many super-admin powers that PolicyPak can give you.