Printers deployed via Group Policy are unservicable

[Unknown-One]

We've caused ourselves a bit of hell recently with deployed printers. We initially deployed a new batch of printers using the "User Configuration\Windows Settings\Deployed Printers" section of group policy.

Well, turns out, that deploys the printers so that they're owned by the local system account. Neither users, administrators, or domain administrators can make any changes to these printers. Can't even remove them and start over.

Deploying printers using the "User Configuration\Preferences\Control Panel Settings\Printers" section works much more smoothly. No issues with management when deploying printers from there... but we can't seem to kill the old bugged ones from all the workstations.

The group policy that deployed the bugged printers is disabled. I went ahead and attempted to run "con2prt /f" from a command prompt elevated to System, but even that failed to remove the stuck printers. I'm at a bit of a loss here

 

[jadams]

With the GPO that created the printers now disabled, can a script be used to uninstall/remove those printers?

 

[Unknown-One]

That's what I'd like to roll out, but I can't even seem to remove the offending printers by hand at this point.

Pretty much all attempts lead to this:

Even when operating as a domain administrator...

 

[kent]

This instructional guide should help you roll out the printers

http://www.google.com/url?sa=t&rct=...=W-v0jaBkDDN9PLydGDPckQ&bvm=bv.50500085,d.b2I

 

[Unknown-One]

This instructional guide should help you roll out the printers

http://www.google.com/url?sa=t&rct=...=W-v0jaBkDDN9PLydGDPckQ&bvm=bv.50500085,d.b2I

Hilarious

Still looking for a solution to this problem. Nobody here has been about to exorcise these darn printers yet.

 

[Mackintire]

You need to re-enable the policy that deployed them and modify that same policy so that it removes them. You can test it on a client by waiting for a AD refresh and using GPupdate /force and GPresult /v to verify that the policy has been updated and is enforced.

 

[Mackintire]

Without manually forcing it, it may take days for everything to undo....users to log off and restart etc.

 

[Unknown-One]

Without manually forcing it, it may take days for everything to undo....users to log off and restart etc.

Yeah, we're dealing with that now. We can force-reboot most departments' machines over the weekend, but there will be some stragglers.

 

[Wrench00]

Why not distribute printers via Preferences GPO. Always works.

 

[Nate7311]

And/or deploy directly from the PrintServer section of ServerManager. As Wrench said, bulletproof.

 

[Mackintire]

Read more carefully before posting. OP did deploy using GP...and deployed it incorrectly. Now OP is asking how to fix the screwup and we offered advice.

 

[Wrench00]

Just create a GPO that prunes dead or expired printers.

 

[Unknown-One]

And/or deploy directly from the PrintServer section of ServerManager. As Wrench said, bulletproof.

That's exactly what we did, actually. That's what started this whole mess.

Deployed from the print server, discovered the printers were owned by "system" on all clients and could not be administered AT ALL, deleted the group policy object containing the deployed printers, printers didn't go away on the clients.

Just create a GPO that prunes dead or expired printers.

Access denied errors in the event viewer, same thing that happens when an admin tried to remove them...

Only way to remove them was to
1. re-create the policy object (they had been deleted).
2. re-deploy the printer to it
3. re-add the security group so the policy was applied to the same users
4. gpupdate on the machines
5. remove the users from the group and/or remove the group from the policy
6. gpupdate
7. Printers finally vanished.
8. Delete the policy object again.