Manage printers in Active Directory using scripts for different OS versions

Introduction

In this topic, I will talk in detail about which rake you can stumble upon during an automatic installation, deleting printers using Active Directory.
')

Preparing AD for installing printers

It is assumed that Active Directory is configured and functioning. Organizational units are created in it, users are added and computers are added, users do not have administrator rights.
First you need to do 3 things:

1. Separate computers by OS version and architecture.
2. Select a network folder to store printer drivers.
3. Download and unzip the printer drivers to a network folder for all architectures, created in step 2.
   

Separate computers by architecture and OS version

I will describe the case when the target computers are in different organizational units, while having a different architecture.

1. We create security groups corresponding to each architecture and OS version, example: win_x64, win_x32. (I used only 2 groups, as in my park of computers there are either Windows XP x32 or Windows 7 x64.).
2. We create policies with clear names and restrict access to these policies only to the security groups from the previous paragraph. Example: "x32 printer policy", access only for members of the win_x32 group.
3. We apply the created policies to all organizational units. The best way to do this, in my opinion, is to put all OUs inside one and apply new policies to it.
4. We make computers with OS architecture x32 members of the win_x32 group, for other architectures and versions, respectively.

Thus, we have the opportunity to apply a specific policy to computers from different OU (organizational units), which is very convenient. Simple and reliable.
Separation can be organized in other ways, but in this post I will not consider these options.

Network folder

It creates a network folder accessible to all users and computers of the domain. I think this stage is not necessary to paint in detail. Folder permissions are read only.

Drivers

1. Download drivers for all versions and architectures.
2. Unpack them to the state of INF files. Rake number 1 . If this causes problems, then most often the driver can be found in the hidden PRINT $ ball on the machine where the printer is installed. They can be taken from there.
3. Copy these files from our network folder. For convenience, divided by subfolders.

Now you can proceed to the deployment.

Deployment

Deployment will be done in 2 stages:

1. Creating a driver installation script.
2. Creating a script to connect the user to the printer.

Attention! Rake number 2 Point 1 is relevant only for Windows Vista and newer, since the driver on Windows XP is installed with the rights of a regular user and does not require admin rights. Surprisingly.

Driver installation script

This script is placed in the section “Computer Configuration” - “Policies” - “Windows Configuration” - “Scripts (Startup / Termination)” - “Startup”
Create a .BAT file with this content:
rundll32 printui.dll,PrintUIEntry /ia /m "< 1>" /h "x64" /v "Type 3 - User Mode" /f "< INF /x64/>"
rundll32 printui.dll,PrintUIEntry /ia /m "< 2>" /h "x64" /v "Type 3 - User Mode" /f "< INF /x64/>"

Rake number 3 The name of the printer can and should be found in the properties of the Windows print server on the machine where the driver is already installed. Surely there is in the inf file.

Now the printer driver will be installed when the system boots automatically. If you apply it to all computers with Windows Vista and newer, then when the printer connection script is triggered, an error of insufficient rights does not appear.

Printer connection script

This script is placed in the section “User Configuration” - “Policies” - “Windows Configuration” - “Scripts (Login / Logout)” - “Login”
For both architectures, the script is the same.
rem "officeprint" server
rundll32 printui.dll,PrintUIEntry /in /n \\server\officeprint /q
rem "print" server1
rundll32 printui.dll,PrintUIEntry /in /n \\server1\print /q
rem
rundll32 printui.dll,PrintUIEntry /in /n \\server1\print /y /q

Now, upon logging on to the user, the printers will automatically connect and by default the “print” printer will be selected on server1.

Automatic removal of printers

Everything is quite simple.
Create a .BAT file with this content.
REG DELETE "HKEY_CURRENT_USER\Printers\Connections" /f
Then we make it a script to log the user out of the system.
The next time the user logs on to the network, he will have only those printers installed by the policy.
Useful when moving a printer from one print server to another.
Rake No. 4 It is better to delete the registry branch when the user logs off, and not when logging in before connecting printers.
This requires a restart of the print service, which can restart long enough. This is a situation when the service has not yet started, and the connection script has already worked and caused an error.

Automatic removal of printer drivers

This operation may be required when updating the driver.

It is desirable to delete it manually, but if there are a lot of printers, then this is done with the following command:
rundll32 printui.dll,PrintUIEntry /dd /m "< >"
The rake number 5 When you re-trigger the script with this command will generate an error that can put users in a dead end.