Use Group Policy settings to control printers in Active Directory

Summary

Active Directory printer-related settings can be enabled or disabled by using Group Policy settings. All Group Policy settings are contained in Group Policy Objects that are associated with Active Directory containers (sites, organizational units, and domains). This structure maximizes and extends Active Directory.

This article describes the policies specific to managing printers and how to enable or disable printer management by using the Local Group Policy Editor.

There are two kinds of configurations that can be set for printers in a Group Policy setting:

• Computer Configuration
• User Configuration

Configure printer-specific settings for computers

1. Select Start, point to Programs, point to Administrative Tools, and then select Active Directory Users and Computers.
2. Select the Active Directory container of the domain that you want to manage (an organizational unit or a domain). Right-click that container, and then select Properties.
3. Select the Group Policy tab, and then select New to create a new Group Policy setting.
4. In the Local Group Policy Editor, expand the following folders:
   • Computer Configuration
   • Administrative Templates
   • Printers

The following settings can be enabled under Computer Configuration:

• Allow Printers to be published: Enables or disables the publishing of printers in the directory.
• Allow Print Spooler to accept client connections: Controls whether the print spooler will accept client connections. When the policy isn’t configured, the spooler won’t accept client connections until a user shares out a local printer or opens the print queue on a printer connection. At this point, the spooler will start accepting client connections automatically.
• Allow pruning of published printers: Determines whether the domain controller can prune (delete from Active Directory) the printers that are published by this computer. By default, the pruning service on the domain controller prunes printer objects from Active Directory if the computer that published them doesn’t respond to contact requests. When the computer that published the printers restarts, it republishes any deleted printer objects.
• Automatically publish new printers in the Active Directory: By default, this setting is turned on. It can be turned off so that only shared printers that are selected are put in the directory.
• Check published state: Used to verify that published printers are published in Active Directory. By default, the published state isn’t verified.
• Custom Support URL in Printers folder’s left pane: This policy bit is designed for administrators to add customized support URLs for the server. If this bit isn’t selected, the navigation pane of the Printers folder displays URLs for selected printer plus a vendor support URL if it’s available. If this bit is selected and the customized support URL is provided, the previously mentioned two support URLs are replaced by the customized URL. The default isn’t selected, which means no customized support URL.
• Computer Location: Specifies the default location criteria that are used when searching for printers. This setting is a component of the Location Tracking feature of Windows printers. To use this setting, enable Location Tracking by enabling the Pre-populate printer search location text setting. When Location Tracking is enabled, the system uses the specified location as a criterion when users search for printers. The value that you type here overrides the actual location of the computer that is conducting the search.Type the location of the user’s computer. When users search for printers, the system uses the specified location (and other search criteria) to find a printer nearby. You can also use this setting to direct users to a particular printer or group of printers that you want them to use.
• Directory pruning interval: The pruning interval determines the period of time that the pruner sleeps between checks for abandoned PrintQueue objects. The pruner reads the pruning interval value every hour.
• Directory pruning retry: Sets the number of times that the PrintQueue pruner tries to contact the print server before it deletes an abandoned PrintQueue object.
• Directory pruning priority: Sets the thread priority of the pruning thread. The pruning thread runs only on domain controllers and is responsible for deleting stale printers from the directory. Valid values are -2, -1, 0, 1, and 2, corresponding to THREAD_PRIORITY_LOWEST through THREAD_PRIORITY_HIGHEST. The default value is 0.
• Disallow installation of printers using kernel-mode drivers: Determines whether printers that use kernel-mode drivers may be installed on the local computer. Kernel-mode drivers have access to system-wide memory. Therefore, poorly written kernel-mode drivers can cause stop errors.
• Log directory pruning retry events: Specifies whether to log events when the pruning service on a domain controller tries to contact a computer before it prunes the computer’s printers.The pruning service periodically contacts computers that have published printers to verify that the printers are still available for use.If a computer doesn’t respond to the contact attempt, the attempt is retried a specified number of times, at a specified interval. The Directory pruning retry setting determines the number of times that the attempt is retried. The default value is two retries. The Directory Pruning Interval setting determines the time interval between retries. The default value is eight hours. If the computer hasn’t responded by the last contact attempt, its printers are pruned from the directory
• Pre-populate printer search location text: Enables the physical Location Tracking setting for Windows printers.Use Location Tracking to design a location scheme for your enterprise and assign computers and printers to locations in the scheme. Location Tracking overrides the standard method that is used to locate and associate computers and printers. The standard method uses a printer’s IP address and subnet mask to estimate its physical location and proximity to computers. If you enable this setting, users can browse for printers by location without knowing the printer’s location or location naming scheme.Enabling Location Tracking adds a Browse button in the following locations:
  • The Add Printer wizard’s Printer Name and Sharing Location screen
  • The General tab in the Printer Properties dialog box
  By default, if you enable the Group Policy Computer location setting, the default location that you entered appears in the Location field.
• Printer Browsing: If you enable this setting, the print subsystem announces shared printers for printer browsing. Disable this setting if you don’t want the print subsystem to add shared printers to the browse list. If this setting isn’t configured, shared printers aren’t added to the browse list if a Directory service is available. They’re added if a Directory service is unavailable.
• Prune printers that are not automatically republished: This setting determines whether printers can be pruned from the directory. It’s best to leave this setting unconfigured. However, if you find that printers are being pruned even though the computer from which they are published is functioning and on the network, you can enable this policy to prevent the pruning service from deleting the published printers during network outages or situations in which dial-up links that are up only intermittently are used. To prevent printers from being removed from Active Directory, enable this policy, and retain the default selection of Never in the Prune non-republishing printers list.
• Web-based printing: This policy bit is designed for administrators to disable Internet printing entirely. When this policy bit is selected, none of the shared printers on the server are published to the web. And none of the shared printers are able to accept incoming jobs from other clients by using HTTP. The default is not selected.