Perfect ive got 4 managed MFP printers getting delivered next week, so using this guide when the printers arrive all I need to do is add a static ip-address to each printer !! Wham bam thank you Dan
Great tutorial. Typically, client users in corporate intranet environments are domain users without permissions to install printers and printer drivers. There may be other group policy items that need to be supplemented.
Great and informative video. Quick question though - in your example the printer didn’t actually exist. Now that you’ve set up the printer and driver in the server, if you were to physically connect the printer via Ethernet, would the server just automatically detect it and the user would then be able to actually print to it? Or is there another step involved? Thanks!
Yes, if I connected a printer which supported the driver that I used and gave it the same IP address then it would just work. I use this method frequently when we order new printers so I can get the driver and print queue setup and deployed before the printer has even arrived. When the printer arrives, it just needs connecting to the network and given a static IP address and then (hopefully) it just works. Thanks for watching!
To deploy the printer to a computer directly so all users who login can print to it, I would do basically the same thing but instead change the group policy configuration slightly. 1. Add the computer objects to the printer security group in Active Directory. 2. Link the 'printers' group policy object to the workstation organisational unit. 3. Add the shared printer under the Computer Configuration section of the GPO and setup item-level targeting to point to the printer security group, but select the 'Computers in group' setting in the targeting editor. 4. After a reboot of the workstation, the printer should then appear for all users that login to the computer listed in the security group. I hope that makes sense. Thanks for watching!
Great tutorial man! I have a question though: lets say I (an IT worker) have to log into a client's PC to do some maintenance. The IT printer will be installed on that PC because of the GPO. When the client logs back in, will he be able to use my printer as well? If the answer is "yes", how do I avoid this?
The way we deal with this is by IT staff having a secondary administration account that is used to administer machines. One thing I forgot to cover in this guide is blocking people from printing to printers they shouldn't have. Take a look at this guide and you can restrict who can print to printers using the same security group used to deploy the printers: th-cam.com/video/vYX6HA9hylw/w-d-xo.html Thanks for watching!
@@danny_moran Thanks for your response. I did all of the stuff in your tutorial but for some reason the printer refuses to deploy on users. I only did a few things different due to our structure. We have a few different groups for IT with different permissions but all of them should have this printer in their users, so I added all IT groups in the "IT-PRINTER" group. Also, on our AD, each sector has an OU with a Users folder inside, so I linked the "IT-PRINTER" GPO to the IT > Users folder. Any idea why it doesn't work?
If you're using a Type-4 driver, then it works fine with the PrintNightmare security updates and mitigations. If you're using a Type-3 driver, then it works most of the time. I've had a small number of drivers this method didn't work for and couldn't figure out why, but, most seem to work. Thanks for watching!
Hi. Great video. Im thinking about multifunctional devices. How to manage scaner driver/software installation. Is it possible to combine with printer deployment policy or just need to directly push gpo with software installation? Any adivces much appreciated. Thank you👍
Usually, we just use MFP printers that have scan to email or scan to a file share functionality. This way you don't have to mess around with scanner drivers. If it's a desktop printer, than I just install the scanner drivers manually. Thanks for watching!
Thank you so much for this. I have a question -- At my company, users can't install drivers. If I implemented this, would they still encounter the 'contact your administrator' message?
It depends. If the driver shows as 'packaged' in the driver list, then it should install automatically, even if the user is not a local admin. Thanks for watching!
Amazing video, I had never been interested much in printers but my new Job I have to interact with printers and print servers so much so this was a huge a help, how dow we take off the on..... portion of the Printer name from the end user side?
@@danny_moran in our environment the printers have been deployed with only the printer name portion appearing. However this was years ago and nobody seems to know how to get that done. Nevertheless thanks again for the amazing video
Were they previously deployed using a print server or were they installed directly on the workstations? The only time I've seen printers appearing without having the print server name, is when they are installed directly on the workstation and not going through a print server.
I don't think Microsoft support print server clustering any more. I think their guidance is to host the print server virtual machine on a high availability hypervisor cluster. Thanks for watching!
If you wanted to deploy the printer to every user, do you still have to setup a security group and then add "Everyone", or can you just set the GPO for everyone?
If you want it to apply to all users, just leave the gpo permissions as authenticated users and then don't set item-level targeting up on the printer. Thanks for watching!
Ideally, they should either have a static IP address or their IP address reserved in DHCP. Most printer ports are based on IP address, so if the IP address changes the jobs won't get sent to the printer until the port is updated with the new IP address. Thanks for watching!
@@danny_moran Under Computers , I do not have "Group " over to the right is a list of computers , must re no longer in use, under Computers is Domain Controller, how do I add Group so that I can then add the printer?
@@danny_moran Ok I've done everything you did, but in group policy management, which OU do i link my GPO to? I only need to deploy to 3 servers. So shall I just link the GPO to the whole domain but only target the security group i made containing the 3 servers in it?
If the "packaged" value is false, then you might have difficulty deploying the driver. I'm not sure why this is the case, however, it's something I've also just discovered a few weeks ago. I don't have a solution at this time. I've found this is only with older drivers, and the newer drivers "packaged" values are true.
It will work fine to have them both on the same server. I recommend having different servers for different functions. This is better for security as well as being easier to manage, as one application is less likely to impact another. Thanks for watching!
Are you using a type 3 or type 4 printer driver? If you are using a type 3 driver, then this is likely what's causing the credential popups. Thanks for watching!
Setting up a 2019 print server and GPResult /R shows success: however, I am getting printer is not installing, If I go to "Add device", it gives me Error: #740. I have a 2012 r2 print server that I setup years ago and works fine
I don't recall seeing that error before when installing printers using GPO. You might be best to do an internet search for the error to see if anyone else has come across this error and has found a solution. Thanks for watching!
Is there a reason you don't set up the printers, driver and port in one go (rather than separately as you have in this video) and then run the deployment in the actual Print Server settings?
I just noticed you also mentioned the deployment of the printers. The reason I do it all through group policy, and not through the print management console, is so that I can just have a single printer gpo use item-level targeting and specify who gets each print based on which active directory security groups a user is in.
@@danny_moran cheers mate, was just after more info - nice to learn different ways of doing things ;) I have my departments as OU's in Users and in Computers so in the printer deployment I just point them at those OU's that need that printer. Basically does the same as what you do in the end ;) My biggest bugbear with printers is when a printer driver updates and all of a sudden it's prompting everyone for Local Admin access to install the driver ... a real pain in the backside ;) Cheers for the great videos - really enjoy your content mate ;)
For some reason GPO printers won't deploy on one of my computers. When I gpresult /r I see it was correctly applied but Windows 11 still won't auto map the printer on my server. Does this have anything to do with Print Nightmare or am I doing something wrong?
If the "packaged" value is false, then you might have difficulty deploying the driver. I'm not sure why this is the case, however, it's something I've also just discovered a few weeks ago. I don't have a solution at this time. I've found this is only with older drivers, and the newer drivers "packaged" values are true.
I never automatically assigned default printers and just let the user do this themselves, as I never had a situation where everyone was printing on the same printer. Thanks for watching!
Check the network settings on the printer and it should tell you what IP address it has been given. Usually, you can print out a status page from the printer which will give you information about the printer and usually it contains the IP address. You could also check your DHCP server and see if it's been given a DHCP address. Thanks for watching!
You're the goat. In an IT job and all my previous bosses have left so now I'm by myself just learning on the fly. Thank you very much.
Thanks for watching!
To the point, precise and targeted without any extra non-sense comments, buzzes and whistles. Great content!
Thanks for watching!
Excellent video. I've been setting up a DC for my local church and your videos have been an amazing resource!
Thanks for watching!
Perfect ive got 4 managed MFP printers getting delivered next week, so using this guide when the printers arrive all I need to do is add a static ip-address to each printer !! Wham bam thank you Dan
Thanks for watching!
This is exactly what I was looking for to use for some interview prep! Top video.
Thanks for watching!
Thanks for this! It's been a minute since I setup a print server!
Thanks for watching!
i needed this today! you gained a sub, and a earned a thumbs up!
Thanks for watching!
Great tutorial. Typically, client users in corporate intranet environments are domain users without permissions to install printers and printer drivers. There may be other group policy items that need to be supplemented.
Thanks for watching!
worked like a charm, big thanks from France !
Thanks for watching!
Very well explained to the point.
Thanks for watching!
Danny this was tremendously helpful. THANK YOU!!!
Thanks for watching!
Beautiful. Thank you so much for this!
Thanks for watching!
really helpful. Thank you very much.
Thanks for watching!
Fantastic Channel and absolutely great video! Thank you!
Thanks for watching!
Thank you! Very helpful.
Thanks for watching!
Great and informative video. Quick question though - in your example the printer didn’t actually exist. Now that you’ve set up the printer and driver in the server, if you were to physically connect the printer via Ethernet, would the server just automatically detect it and the user would then be able to actually print to it? Or is there another step involved? Thanks!
Yes, if I connected a printer which supported the driver that I used and gave it the same IP address then it would just work. I use this method frequently when we order new printers so I can get the driver and print queue setup and deployed before the printer has even arrived. When the printer arrives, it just needs connecting to the network and given a static IP address and then (hopefully) it just works.
Thanks for watching!
Thanks for the useful videos.
How would you deploy printers to computers?
To deploy the printer to a computer directly so all users who login can print to it, I would do basically the same thing but instead change the group policy configuration slightly.
1. Add the computer objects to the printer security group in Active Directory.
2. Link the 'printers' group policy object to the workstation organisational unit.
3. Add the shared printer under the Computer Configuration section of the GPO and setup item-level targeting to point to the printer security group, but select the 'Computers in group' setting in the targeting editor.
4. After a reboot of the workstation, the printer should then appear for all users that login to the computer listed in the security group.
I hope that makes sense.
Thanks for watching!
@@danny_moran
Ok, thanks, i think i will test this.
Cause i dont want to use Loopback processing
Great tutorial man! I have a question though: lets say I (an IT worker) have to log into a client's PC to do some maintenance. The IT printer will be installed on that PC because of the GPO. When the client logs back in, will he be able to use my printer as well? If the answer is "yes", how do I avoid this?
The way we deal with this is by IT staff having a secondary administration account that is used to administer machines.
One thing I forgot to cover in this guide is blocking people from printing to printers they shouldn't have. Take a look at this guide and you can restrict who can print to printers using the same security group used to deploy the printers: th-cam.com/video/vYX6HA9hylw/w-d-xo.html
Thanks for watching!
@@danny_moran Thanks for your response. I did all of the stuff in your tutorial but for some reason the printer refuses to deploy on users. I only did a few things different due to our structure. We have a few different groups for IT with different permissions but all of them should have this printer in their users, so I added all IT groups in the "IT-PRINTER" group. Also, on our AD, each sector has an OU with a Users folder inside, so I linked the "IT-PRINTER" GPO to the IT > Users folder. Any idea why it doesn't work?
Do you use primary server or Domain controller? And thank you for the video
I use a server that is not a domain controller to host the print server role.
Thanks for watching!
Is this approach protected from the PrintNightmare vulnerability?
If you're using a Type-4 driver, then it works fine with the PrintNightmare security updates and mitigations.
If you're using a Type-3 driver, then it works most of the time. I've had a small number of drivers this method didn't work for and couldn't figure out why, but, most seem to work.
Thanks for watching!
Hi. Great video. Im thinking about multifunctional devices. How to manage scaner driver/software installation. Is it possible to combine with printer deployment policy or just need to directly push gpo with software installation? Any adivces much appreciated. Thank you👍
Usually, we just use MFP printers that have scan to email or scan to a file share functionality. This way you don't have to mess around with scanner drivers.
If it's a desktop printer, than I just install the scanner drivers manually.
Thanks for watching!
very helpful. thank you. I will practice this
Thanks for watching!
Thank you so much for this. I have a question -- At my company, users can't install drivers. If I implemented this, would they still encounter the 'contact your administrator' message?
It depends. If the driver shows as 'packaged' in the driver list, then it should install automatically, even if the user is not a local admin.
Thanks for watching!
Amazing video, I had never been interested much in printers but my new Job I have to interact with printers and print servers so much so this was a huge a help, how dow we take off the on..... portion of the Printer name from the end user side?
I don't think you can remove that part of the printer name.
Thanks for watching!
@@danny_moran in our environment the printers have been deployed with only the printer name portion appearing. However this was years ago and nobody seems to know how to get that done. Nevertheless thanks again for the amazing video
Were they previously deployed using a print server or were they installed directly on the workstations? The only time I've seen printers appearing without having the print server name, is when they are installed directly on the workstation and not going through a print server.
Sir is there any possibility to create a secondary print server or clustering for print server?
I don't think Microsoft support print server clustering any more. I think their guidance is to host the print server virtual machine on a high availability hypervisor cluster.
Thanks for watching!
@@danny_moran is it possible to make a video on hyperv clustering of print server
I do plan on making some Hyper-V guides, however, I don't have the hardware to do so at the moment.
I have over 90 printers in my organization. Is it possible to create one GPO with the option of filtering based on group membership?
Yes, that's what I do in this guide.
I use item-level on the shared printer in the GPO to filter who gets the printer.
Thanks for watching!
@@danny_moran Oh, I actually didn't understand it completely... :) Thank you very much for this video.
If you wanted to deploy the printer to every user, do you still have to setup a security group and then add "Everyone", or can you just set the GPO for everyone?
If you want it to apply to all users, just leave the gpo permissions as authenticated users and then don't set item-level targeting up on the printer.
Thanks for watching!
Hello, Thank you for sharing this video with us.
Can I use this and Give a password for each user to print? and to do a scan?
No, this method can't be used for password printing, or scanning, unfortunately.
Thanks for watching!
superb explanation
Thanks for watching!
Hello Danny, Any method to push drivers to Computer under the OU using DCs
No, sorry. I've always used third-party patch management software to push drivers that are outside the scope of Windows update.
Thanks for watching!
Do the printer IPs need to be static?
Ideally, they should either have a static IP address or their IP address reserved in DHCP.
Most printer ports are based on IP address, so if the IP address changes the jobs won't get sent to the printer until the port is updated with the new IP address.
Thanks for watching!
What if there is no Group set up in Active Directory Users?
Sorry, I'm not sure what you mean.
Thanks for watching!
@@danny_moran Under Computers , I do not have "Group " over to the right is a list of computers , must re no longer in use, under Computers is Domain Controller, how do I add Group so that I can then add the printer?
I have the printer in the server just need to add it to the groups under our users
Sorry, I'm not sure what you mean. At what point in the video are you seeing this?
You can create group in any ou
1:08 How did you copy the drivers to your Downloads map?
I just right-clicked and copied them from my local computer to the downloads folder on the server.
Thanks for watching!
Are u using a virtual machine? And how you have the windows 11 and windows server at the same time?
I use Hyper-V to have multiple virtual machines running at the same time.
Thanks for watching!
I already have a printer server but have built a new one, how do i get the right drivers across to the new server and printers?
I would recommend downloading the latest drivers from the printer manufacturer's website.
Thanks for watching!
@@danny_moran Ok I've done everything you did, but in group policy management, which OU do i link my GPO to? I only need to deploy to 3 servers. So shall I just link the GPO to the whole domain but only target the security group i made containing the 3 servers in it?
You will need to link it to the OU that has your users in it, as the printer settings are setup within the user configuration.
Under Print Management for 'Drivers', for some reason the column where it says: "Packaged" says false. What does this mean?
If the "packaged" value is false, then you might have difficulty deploying the driver. I'm not sure why this is the case, however, it's something I've also just discovered a few weeks ago. I don't have a solution at this time. I've found this is only with older drivers, and the newer drivers "packaged" values are true.
Is the printer installed in the Server? or in the Network?
The physical printer is connected to the network. The print driver is installed on the print server.
Thanks for watching!
Thanks for the reply.
will apply this in my environment.
thanks again...
Is there a reason why DC and Print Server are separate? Can I have both on the same server?
It will work fine to have them both on the same server.
I recommend having different servers for different functions. This is better for security as well as being easier to manage, as one application is less likely to impact another.
Thanks for watching!
It's common practice to AVOID installing any other services on a DC server.
Sir, May you know the solution when I doply printer via GPO it require password admin local in comptuer to install driver of printer?
Are you using a type 3 or type 4 printer driver?
If you are using a type 3 driver, then this is likely what's causing the credential popups.
Thanks for watching!
Setting up a 2019 print server and GPResult /R shows success: however, I am getting printer is not installing, If I go to "Add device", it gives me Error: #740. I have a 2012 r2 print server that I setup years ago and works fine
I don't recall seeing that error before when installing printers using GPO.
You might be best to do an internet search for the error to see if anyone else has come across this error and has found a solution.
Thanks for watching!
Is there a reason you don't set up the printers, driver and port in one go (rather than separately as you have in this video) and then run the deployment in the actual Print Server settings?
I just prefer to do the three steps manually. It makes no actual difference.
Thanks for watching!
I just noticed you also mentioned the deployment of the printers.
The reason I do it all through group policy, and not through the print management console, is so that I can just have a single printer gpo use item-level targeting and specify who gets each print based on which active directory security groups a user is in.
@@danny_moran cheers mate, was just after more info - nice to learn different ways of doing things ;) I have my departments as OU's in Users and in Computers so in the printer deployment I just point them at those OU's that need that printer. Basically does the same as what you do in the end ;)
My biggest bugbear with printers is when a printer driver updates and all of a sudden it's prompting everyone for Local Admin access to install the driver ... a real pain in the backside ;)
Cheers for the great videos - really enjoy your content mate ;)
How it was able to have win 11 and windows server at the same time?
I use Hyper-V to have multiple virtual machines running at the same time.
Thanks for watching!
For some reason GPO printers won't deploy on one of my computers. When I gpresult /r I see it was correctly applied but Windows 11 still won't auto map the printer on my server. Does this have anything to do with Print Nightmare or am I doing something wrong?
If the "packaged" value is false, then you might have difficulty deploying the driver. I'm not sure why this is the case, however, it's something I've also just discovered a few weeks ago. I don't have a solution at this time. I've found this is only with older drivers, and the newer drivers "packaged" values are true.
@@danny_moran Thanks for the info. I'll have to do further research on this matter.
Thanks I just have a problem the printer is not set by default
I never automatically assigned default printers and just let the user do this themselves, as I never had a situation where everyone was printing on the same printer.
Thanks for watching!
Is this available in Windows 11?
The print server needs to be a server operating system.
Thanks for watching!
why in the dashboard there is AD DS DHCP and DNS but you aint add it from the start?
This guide is adding a print server to an existing Active Directory domain.
Thanks for watching!
Thank you so much!!!
Thanks for watching!
How can i know the ip address of the printer that i add?
Check the network settings on the printer and it should tell you what IP address it has been given. Usually, you can print out a status page from the printer which will give you information about the printer and usually it contains the IP address.
You could also check your DHCP server and see if it's been given a DHCP address.
Thanks for watching!
How do you get rid of the server name?
I'm not sure what you mean?
❤
Thanks for watching!
Great!
Thanks for watching!
nice 1