New
#1
Security Filtering for GPO
Greetings!
I'm trying to introduce deployed printers that are deployed only to specific groups of people. We currently deploy about 50 printers per-machine and it's really causing lag when people to go print, and it's frustrating to dig through the list to find the right one.
We have existing security groups, and these are the steps I've taken:
1. Create 4 new GPOs. 1 for classrooms, 1 for faculty, 1 for staff, 1 for administration. Right now I'm testing with the staff.
2. Edit the GPO, add all desired printers to Computer Configuration -> Policies -> Windows Settings -> Deployed Printers
3. Set Security Filtering of the scope of the GPO to the Staff security group (which FYI consists entirely of departmental security groups, no users)
4. Create a new OU called Print Test, put my machine and the new GPO in it
After gpupdate, no printers arrive.
I've found out that if I leave Authenticated Users in the Security Filtering, I get the printers. However, as soon as I remove Authenticated Users and add the Staff group and gpupdate, the printers go away. Same thing if I add my user account instead of the group.
I've verified that, when the Staff group is the only group in the Security Filtering, in the Advanced Delegation, it does has permission to Read and Apply Policy, just like Authenticated Users does when it's there.
I'm stumped! Any ideas would be appreciated. :)