Deploying printers via Group Policy lets you manage your printers from a single console and also gives you granular control over which printers to deploy to individual client PCs without needing any additional software.

Prerequisites ^

There are a few prerequisites for this method of deployment to work, but the requirements are ridiculously easy to meet. First off, this method of deployment is for network printers or shared printers.

Any printers installed locally on a client PC and not shared are not an option for deployment via Group Policy Objects (GPOs). Also, your clients need to be running Windows 7 or above, and last but not least, you need an Active Directory (AD) installation that can run Group Policy Preferences (GPPs), introduced with Server 2008. Also for this article, I'll assume you are already comfortable setting up a network printer and creating a printer share and have already done so.

We'll be using GPPs to configure and control the printer deployment options. If you've never used GPPs, you're in for a treat. It's one of the best features Microsoft has given admins for really getting creative with Group Policy deployment criteria.

Computer vs. user deployment ^

Group Policy Preferences options

Group Policy Preferences options

The image above shows that GPPs live inside a GPO. There are separate preferences sections for the Computer Configuration and the User Configuration. Both sections have many of the same options, but there are differences. I highlighted the Printers section in each GPP. So why two sections? How do I know which one to use?

Group Policy can deploy settings to computers or users. The same is true for GPPs. For printing, you can choose to deploy a printer to a computer or by individuals and groups; the difference comes down to how you want to manage your printers.

Deploying a printer via GPPs to a computer will install it for all users that log in to a client computer and only on that computer. Conversely, a deploying a printer via GPPs to a user will only install it into the profile of the user you specify. However, installing printers per user will install them everywhere that user logs in.

You should install a printer reserved for the executives via the User Configuration; manage a printer needed for all users of a computer via the Computer Configuration. Here's the interesting part though—you could deploy the same printer using both methods if you needed to, but it may get a little challenging trying to troubleshoot issues. So I don't recommend you do this.

Printer configuration ^

Getting started deploying printers with GPPs is a very straightforward task. The first thing we need is a Group Policy to work with. I expect you understand how to link a GPO to an organizational unit (OU) and target the GPO correctly. From there, you need to decide if you want to deploy printers to users or computers. Most of the printers in my network are deployed to groups of users rather than to computers regardless of who is logged in. For this scenario, I would use the User Configuration section of the GPO.

Adding a printer to deploy is a wizard-driven process. You'll add one entry for each printer you wish to deploy. Since I want to deploy to users, I open my printer deployment GPO and drill down to the preferences section of the User Configuration. Then I right-click on the Printers option in the left-hand side of the window. There are three choices for deployment: Shared Printer, TCP/IP Printer, and Local Printer. I've set up my printers to use shared names, so I will select the Shared Printer option.

Adding a printer via Group Policy Preferences

Adding a printer via Group Policy Preferences

In the dialog box that opens, you'll configure all the options for the printer. There are two tabs of configuration options. First, we'll work on the General tab, which has three fields to configure.

New shared printer properties

New shared printer properties

There are there pieces of information needed to add a printer to the GPO: printer path, printer update action, and who will receive the printer installation. Let's walk through each one.

  • Printer path: This is the shared path of the printer, and you'll add the info to the Share path entry of the dialog box.
  • Action: This field controls what will happen when the GPO runs on the client PC. There are four options here: Create, Replace, Update, and Delete.
    • Create and Delete do exactly as you would expect. Selecting one of these options tells the GPO to create the printer if it isn't already installed or delete the printer if installed previously.
    • Update causes the GPO to update any printer info since the last time the GPO ran on this machine.
    • Replace will cause the printer to "replace" the installed shared printer every time the GPO runs. Let me explain further.

For printer installs, Create, Update, and Replace are the logical options, but what's the difference between those choices? The Create option will install a printer once and then ignore any updates on subsequent GPO refreshes. Update will install a printer if it is missing (the same as Create) but also update any changed information since the last refresh. Lastly, Replace will delete a printer and reinstall it on every GPO refresh.

When would you use the Replace option? Printer migrations!

I use Update for all of my printers. However, if I change the path of the printer from an old server to a new server, Update creates a second printer with the same name but a different path. Replace fixes this by effectively deleting the print queue and reinstalling each time the GPO runs.

This is not a great option for everyday work, but for migrations, Replace is the best option for deleting old printer queues and replacing them with the newer versions. There is an option to set a printer as a default printer, but I usually do not set that value. Instead, I let the end users decide which printer they want to be their default.

Item-level targeting ^

Once you have configured the printer path and the Action, you need to configure who will receive this printer. Item-level targeting describes the selection criteria, and you can fing it on the Common tab.

Common tab and item level targeting options

Common tab and item level targeting options

The common tab has some often-overlooked options I want to bring to your attention. I mentioned item-level targeting, which has its own checkbox and button. We'll need to check the box to enable the option to select who gets the printer. But before we explore this option, I want to point out the checkbox for Run in logged-on user's security context (user policy option). This checkbox is critical for deployment.

GPPs run under the local system account. This box tells the GPO to install the printer as the logged-on user rather than as the system. If you do not check this box, the printer install will fail because the local system account doesn't have privileges to the shared location of the printer path.

This checkbox has burned me many times, so I want to make sure you always remember to think about this option when deploying printers, mapped drives, or shortcuts that point to network locations.

Finally, let's review how you can "target" the printer for a subset of users. I'll start off by saying that last sentence is actually not 100% correct. If you refer to the picture below, you'll notice two choices: Security Group and User. These will probably be how most admins deploy their printers, but they're certainly not the only choices you have.

There are many different options for selection criteria, such as by OU or IP address range. You can get very creative with how you deploy your printers. I'll walk you through deploying to a group of users.

Item level targeting options

Item level targeting options

Selecting the Security Group option  presents me with a second dialog box that lets me enter a group name. This is standard AD lookup stuff and probably looks familiar.

Deploying a printer to a security group

Deploying a printer to a security group

Once you have selected a valid security group, click OK twice, and the dialog box disappears. At this point, you have configured the printer for the deployment. I will mention that there are other options in the Targeting Editor window for making really complex selections, but I'll leave that for you to explore on your own.

Security group selection

Security group selection

You can configure hundreds of printers to deploy from one single GPO if you prefer. This is all because of the granular control you can apply to each printer via GPPs. When you configure a few more printers, your GPP panel will look like the image below.

List of deployed printers

List of deployed printers

Conclusion ^

I have walked you through the most important options you need to configure to deploy a printer successfully to a group using GPPs. These options are super powerful, and I encourage you to explore the options to see how they can help you configure client PCs and servers in ways you may have never considered. If you have any follow-up questions about how to deploy printers, please leave a comment below. Thanks for reading, and I hope this becomes a useful guide you can refer back to any time you need a refresher on printer deployment options.

Read 4sysops without ads by becoming a member!

Your question was not answered? Ask in the forum!

  1. Melvin Backus 1 year ago

    Good walk through. I've been using this for a while. I occasionally run into issues with drivers not being installed however. Any tips on how to deal with that?


    • Author

      Hi Melvin,

      Drivers always seem to be a vendor issue for me. Unfortunately, the best solution I know of has been to find a better driver from the vendor, if possible.

      Also, keep in mind you need to install printers via GPO under the user context; that can definitely make drivers fail. Lastly, I didn't mention in this article, but you could also make sure you have "point and print restrictions" disabled via GPO. PnP restrictions need to be relaxed when you have drivers to install and the vendor hasnt updated their installer to follow modern guidelines. You can read about how to do that here: .

      Also, one of the writers on this site, Joseph Moody has a website and he has written many great articles on printer deployments. You should check his site out as well at:



  2. James Gullish 1 year ago

    Great article. For issues where Package-aware print drivers are needed for group policy to deploy the printer when driver is not already on the systems. Brother drivers for example were not meeting that requirement.

    Checking Printers for PackageAware value which will require being an odd number higher by 1 if its currently an even number for a printer.

    Powershell ->

    get-childitem "HKLM:\system\CurrentControlSet\Control\Print\Environments\Windows x64\Drivers" -recurse | get-itemproperty -Name PrinterDriverAttributes | ft PSChildName,PrinterDriverAttributes

    If you find an even number for PrinterDriverAttributes, navigate

    regedit->HKLM:\system\CurrentControlSet\Control\Print\Environments\Windows x64\Drivers\Version-3\That Driver Name

    Then manually increase the PrinterDriverAttributes of affected printer by one. Ex. 4 becomes 5.

    Then on PC, reboot and resign on as limited user for GP to obtain printer driver and install.

    I cant remember offhand if the print server sharing the printer object needed reboot too.

    Another thing is if Group Policy is mapping a local TCPIP printer on a device, make sure server share gives everyone group print access else obscure application warning 4098 for Group Policy Printers – Group Policy Object did not apply because it failed with error code ‘0x800700005 Access is denied.’


    • Author

      Thanks for sharing that great info, James!

      When reading your comments, I do vaguely remember the bits you mentioned about incrementing up by one. I haven't had to personally to do that in a while so that was a reminder to migrations past. Printer drivers and the deployment can definitely be a pain. You definitely are giving some useful technical information for those problematic situations!

      For people reading this who MAY still have the chance to influence a purchase, this is why you do bake-offs and scorecards. You want to buy products from vendors who make quality products with great support, especially with printers that you may have to support for many years. The best way to do that is to test BEFORE purchase. Test for yourself with a demo product, don't take the sales rep's word!  You won't be on support calls with the sales rep once the equipment is purchased!

      Printer features are important, but also look at how often vendors release updates (like new drivers and firmware) as well as how well doe the drivers work in automation scenarios like the one outlined in this article.


  3. Nick Casagrande 7 months ago

    great article, thank you!  which option should be used for new users for the time first so it remembers which one they chose as the default the next time they login?  


    • Author

      Hi Nick,

      Thank you for the kinds words! Glad my article is helpful. 

      You can and should use "Update". Whatever the end-user selects as their default printer will remain after a group policy update. 


  4. Nick Casagrande 7 months ago

    So let me get this straight.  i setup the gpp with a shared printer (update), user logs in and gets 5 printers from the policy, changes his default to p3, logs off, logs back in, the default will then be set to p3 on the next logon?

    ps - thank you for the help.


  5. Paul 6 months ago

    Thanks for a great article. Probably one of the best I have seen for a long time - and I have been in IT support for over 30 years!

    We find that on a few occasions that Group Policy doen't always apply when a user logs in, so have to run gppdate to force it.

    So as a backup and to tidy up freshly imaged PCs, we also use a user GP login script to delete any old printers and drivers - especially Microsoft, such as OneNote, ImageWriter and Adobe PDF writer etc. We image our student PCs about twice a year so continully have to get rid of unwanted local printers once they have re-imaged

    Example below

    Rem Removes unwanted local print devices from Windows, such as MS OneNote and XPS devices
    %WINDIR%\system32\cscript %WINDIR%\System32\Printing_Admin_Scripts\en-US\prnmngr.vbs -xo

    Rem Remove unwanted server queues from Windows
    %WINDIR%\system32\cscript %WINDIR%\System32\Printing_Admin_Scripts\en-US\prnmngr.vbs -x

    Rem Removes printer drivers from devices not in use
    %WINDIR%\system32\cscript.exe //NoLogo "%WINDIR%\System32\Printing_Admin_Scripts\en-US\prndrvr.vbs" -x

    Rem Adds Network Print Queue
    %WINDIR%\system32\cscript.exe %WINDIR%\system32\Printing_Admin_Scripts\en-US\prnmngr.vbs -ac -p \\printservername\queuename

    Rem Sets default printer
    %WINDIR%\system32\cscript.exe %WINDIR%\system32\Printing_Admin_Scripts\en-US\prnmngr.vbs -t -p \\printservername\queuename


  6. Peter Line 6 months ago

    Great article Mike.  What I am currently battling with is that we have a bunch of printers that deploy via GPOs to multiple Terminal Servers but what we often find happening is that the default printer does not get set (ie no green tick appearing) and this has a flown on effect into the application level where some apps just don't pick up a default printer as a result (often can be blank) and also we see multiple instances of the same printer showing up when you right click on the printer.  Have you ever seen this symptoms before and know how to remedy?  Thanks


    Users who have LIKED this comment:

    • avatar
    • Author

      setting the default printer is a challenge, which I have never had a ton of success with. 

      I usually do not set a default via GPO and let the user set their preference. On term servers though, that can be frustrating. Maybe a seperate script or reg key import to set default that is not part of the printer deploy GPO? 


  7. Rahul 6 months ago

    Hello Mike,
    Great article. However, I'm trying to deploy the printers to computer configuration since our users are always changing. The deployment is not working. I've the correct drivers and I can manually add the printer to any workstation with the shared name.

    I have disabled PnP, I've added domain computers to the delegation tab on the gpo and authenticated users are also present on the delegation. I've linked the GPO directly to the domain and then targeting the printers to different OUs. I even enforced the GPO just incase there was another GPO that was blocking it.

    Any pointers?


  8. Zubair 5 months ago

    How to test this policy on client ?
    actually i in working on it from last 5 hours but didn't got it work.i cannot see printer on client machine after gpupdate or restart.


    • Author

      How to test this policy on client ?
      actually i in working on it from last 5 hours but didn't got it work.i cannot see printer on client machine after gpupdate or restart.

      Hi Zubair... Sorry to hear your having issues... welcome to GPO's, they're so easy, intil they're not.. crying


      i cannot tell you what is wrong the information you provided. Here's some tips you can use to help figure out your issue...

      1. Run the Group Policy Results wizard. Does it show the GPO being applied to the computer? 
      2. Check the event logs (system and GPO event logs)
      3. How did you apply your GP settings? Are you trying to apply user settings to computers? How 'bout computer settings to users? 
      4. Are you doing any special security filtering? 
      5. Any blocking of inheritance ?

      That's the best I can without more info from you. Good luck!



  9. Ulman 4 months ago

    Hello Mike, thanks for the explanations. I am trying to set something up that is rather unusual. We have a new customer and they didn't have a terminal server before, but want one. So I set up the terminal server, set up the OUs for User, Computers, Servers and one for the Terminal Server.


    I created the GPO, distributing the printers through the users preferences, because we will probably need to restrict some of them. I want the GPO to apply only to the Terminal Server and not to the customer personal laptops/pcs. When I link the GPO to the Terminal Server OU, then nothing happens. If I were to link the GPO to the User OU, then it would mess with their printers as they probably have installed those printers manually so far, making those printers appear twice.


    I know that it probably be best to delete all the manually added printers first and then just make link the GPO to the User OU, but I was wondering if I could get around it, as it would be hard to get everyone to comply. This is just a testphase atm, so I doubt that I'd get the manager and other higher-ups to comply with getting their printers deleted and readded.


  10. Marco Koch 4 months ago

    Hi Mike

    Thank you for this great article, really one of the best in this topic! 

    Maybe you can help me with my question. I have deployed the printers from the print server, in this case they are under GPO User Configuration\Policies\Windows Settings\Deployed Printers 
    What is the difference between you method any mine? 

    I'm experience issues with the reliability. Some users don't get the desired printers.

    Thank you for your help.

    Best Regards


    • Vandrey Trindade 2 months ago

      "Group Policy Preferences and Setting the Default Printer

      On a final note, you may encounter some guides that recommend the use of Group Policy Preferences for printer deployment instead, and in some scenarios that method does have advantages. However it is more complicated to manage and does not integrate with the Print Management console, hence why I prefer the standard Group Policy. There is one particular situation where they can be particularly useful though, which is when you need to set users’ default printer, but that is something to be covered in a separate article."

      Text extracted from:


  11. Hi Mike,

    reading this on phone so maybe I missed something, but how about drivers? 
    I have issues with this printer deployment due to missing driver in clean Win 10 installation.

    how to deal with that automatically?



Leave a reply

Your email address will not be published. Required fields are marked *


© 4sysops 2006 - 2020


Please ask IT administration questions in the forums. Any other messages are welcome.


Log in with your credentials


Forgot your details?

Create Account