How to use Group Policy Preference to dynamically map printers when using Roaming Profiles

One of the great new feature with Group Policy Preferences is the ability to map printers based on a various number of criteria such as group membership, AD Site or even IP Address range. This allows for some powerful options such as being able to map all the printers physically near a user based on the computer IP address. This of course assumes that the networking team allocates the same subnets to certain computers near each other (e.g. a building or floor) but I have found this is often the case.

One of the problems that occur when you map printers with Group Policy Preferences is that if the user has a roaming profile configured and they then logon to a computer that is located in another area they will automatically get all the printers from the previous area they were in and the new area. These printer mapping can build up over time as users logon to computers in different areas they can soon amass a large number of printer mappings that can make their computer run slow especially during logon.

Normal Group Policies are applied via IP address (AD Site) are not a problem as the new computer they are logging on to has no idea of what the previous setting were or the policy falls out of scope so the setting revert back to their original values. But as the printer mapping (and all preference settings) for a user are stored in their profile then this printer mapping will follow them if they are setup with a roaming profile.

Question? So how do you map all the printers in one location but not have them follow you to another location if you are using a roaming profile?

Answer? Is a two step solution which I will go through below. There is also an optional third step that address the problem maintaining default printer mappings once a user gets back to their normal location.

Step 1. The first part is just to create a simple printer mapping that maps the printer targeted by the IP address of the users current computer.

New Shared Printer

Figure1. Create New Shared Printer

Target setting

Figure 2. Target setting to only be mapped for computers between 10.1.1.0 to 10.1.1.255

image

Figure 3. Resulting printer mapping

The images above shows the printer “\serverprinter1” being mapped for the users that logon to a computer that is in the 10.1.1.0/24 subnet. It is important to note that we are talking about the IP address range of the computer that you want to map the printer on not the IP address range of the printer server or the printer itself.

Step 2. The second step is to delete the printer mapping if the IP address of the printer does not fall within the IP address range that you want the printer to be mapped. To do this we start by copying the existing printer mapping that we made in step 1. This avoids making any typo’s in either the printer queue name of the IP addresses.

image

Figure 4. Copying the existing printer mapping made in step 1.

image

Figure 5. Paste the setting into an unused part of the pane

image

Figure 6. Both printer mapping entries

Now we make the changes to the second printer mapping to change the action type and the targeting so that it will remove the printer mapping if the user logs onto a computer that is not in the subnet that we want the printer to be mapped.

image

Figure 7. Open the properties of the second printer

image

Figure 8. Change the Action to “Delete”

image

Figure 9. Go back to the targeting and change it to an “Is Not” between “10.1.1.0” and “10.1.1.255”

image

Figure 10. New target rule

image

Figure 11. Two printer entries to map and then clean up the printer queues for a user based on their location.

Step 3. Maintaining Default Printer Mappings

You have now configured dynamic printer mapping for your user based on location of the user. However this solution does have one problem, user normally like to set a default printer and if a user was to logon to a workstation in another location then return to their normal desk their default printer will have been reset. To get around this problem we have to change the targeting on the Delete printer option so it does NOT delete if the printer is configured as the default printer. To do this we need to look at the registry location that the default printer is saved and test to see if the printer we are deleting is the default printer and if so then do nothing.

So let take a look go back to the targeting setting for the Delete printer action and add another test that will check to see if the printer is the default printer.

image

Figure 12. Add a new Item of type “Registry Match”

image

Figure 13. Configured Registry Match Setting

Change the Match Type to “Match value data” and the Value data match type to “Substring match” as the value we are looking for will contain other information as well that we don’t care about. Make sure the Hive is set to “HKEY_CURRENT_USER” and the Key Path is set to “SoftwareMicrosoftWindows NTCurrentVersionWindows”. The Value name “Device” is where in the registry the default printer information is saved". We then set the Substring to “\serverprinter1” which is the UNC path to the printer queue. The substring value should be set to the same value as in the Path for the printer mapping and delete under the main properties for the setting.

There, now you know how to use Group Policy Preferences to map and remove printer queues for users based on their physical location to the printer even if you have user configured with a roaming profile. The default printer mapping will still follow the user no matter where they logon to however as we are limiting this to only one printer this will not have a large affect on the users logon speed nor will it result in the collection of printer mappings from multiple areas.

FYI – If your iPhone gets a square SMS message then you have been hacked

iphone-hack Apparently there is a major SMS flaw in every iPhone that allows you to be hacked just by receiving an SMS and the only sign you have been hacked is by seeing a SMS that contains a square. If this does happen then you need to turn off your phone ASAP as there is no way to prevent this from happening by disabling just SMS on your iPhone. Details of the hack are apparently being released today at the Black Hat (hacking) conference after Apple was told about this flaw over a month ago. Interestingly Apple either don’t think its a big deal or do they are having trouble patching the flaw as there is still no update to address this issue.

iPhone SMS Security Flaw Could Allow ‘Every iPhone In The World’ To Be Hijacked | Gizmodo Australia

Technorati Tags: ,,

Its Official – Microsoft and Yahoo make a search deal

Microsoft and Yahoo have reached an agreement that will mean they will both share add revenue and presumably advertisement catalogue. This should be making Google a bit worried considering that the combined search market share for Microsoft and Yahoo combined is at least a third of the total US market. It will be good to see a strong competitor in the search market which Google has dominated for so long.

Microsoft, Yahoo agree on ad partnership: source – Yahoo! Finance

Technorati Tags: ,,

Microsoft, Yahoo near deal… What does this mean for Yahoo7 and NineMSN?

image image Look like Microsoft and Yahoo are very close on getting a deal done to share search engine’s and add revenue. What will be interesting to see is what fallout this will mean for bitter arch rivals Yahoo7 and NineMSN web sites. I suspect that Yahoo7 will end up sporting Bing as their search engine which may be interesting as we could start seeing adds on Yahoo’s web site promoting channel 9 TV shows…

Microsoft, Yahoo near deal to take on Google

Technorati Tags: ,,,,

Woop! Woop! Woop! Microsoft Releases Critical Patches…. UPDATE YOU PC NOW!!!

securitybulletin3_2

Microsoft has just released a couple of critical updates in the middle of the month to address some Critical Remove Code Execution for Internet Explorer. Its not since October last year that Microsoft has rushed out some patches like this so it goes without saying that you should patch your computers right now. Hacker often don’t take long to take advantage of these vulnerabilities once the patch is released so it is critical that you update ASAP.

For more information about the patch see http://www.microsoft.com/technet/security/bulletin/ms09-034.mspx 

Technorati Tags: ,

So what does Microsoft Bing sound like?

image A recent add from Microsoft about Bing now actually shows people what you can do with a decision engine. What i found interesting is that when you see the Bing logo it now makes a “Bing” noise… Cool… 

Also interesting is that Microsoft seems to have embraced YouTube now as we are seeing many of the high quality video released on YouTube from Microsoft. We also know that the new Windows Movie Maker will support uploads to YouTube directly do does this also mean that we will see YouTube integration in Windows Mobile 7??? hmmm…

 

Technorati Tags: ,,

Way cool photo of Endeavour, ISS and the Sun… But if you look at it you will go blind

In what is one of the most stunning photos of the International Space station i have ever seen Thierry Legault @ Look at Sciences has taken a photo of Endeavour parked at the space station while in front of the sun. Needless to say don’t try this at home with your own telescope.

oo3iss_endeavour_2009july26

Credit: Thierry Legault/Look at Sciences

 ooiss_endeavour_2009july26_

Credit: Thierry Legault/Look at Sciences

Stunning Image of Endeavour and ISS In Transit Across The Sun | On Orbit