Clay Moore’s Blog

Just another weblog

Deploying TCP/IP Printers with Group Policy Preferences

It was possible to deploy printers to clients using the print manager or group policy prior to GP Preferences, but it was only possible to deploy shared printers. Personally, I don’t like shared printers because of the single point of failure of the print server. That server reboots or the queue locks up and nobody can print. Besides, why burden a server with print processing when you have all these workstations scattered around with spare clock cycles that could do their own printing?

The real problem is deployment. Users cannot add local printers or create TCP/IP ports without granting them way too many rights. If you have HP printers, you can use the HP Universal Print driver and have the users search for and add printers, but that requires user intervention. A better way was introduced with Group Policy Preferences, and that is the ability to deploy TCP/IP printers to the computers directly.

But first, we need to install and share the printer on a server. This seems counter-productive since we are trying to get away from shared printers, but this share is used as a deployment point for the driver and printer settings and is not required for printing. Once the printer is installed you can even turn off the server and still print. I assume you know how to install and share a printer so I will only cover a couple of key points.

Create a TCP/IP Port

I prefer to use DNS FQDN for the printer port in case I ever need to change the IP address later. However, I have found that GP Preferences will create the workstation ports using the IP address instead of the FQDN – even if you enter the FQDN. If the IP address ever changes, the Update or Replace properties of the preference should change the IP address of the port deployed on the workstations, but I must admit that I have not tested this theory.

Once you create the port and install the printer, there is one other setting to check. Go to the Advanced tab of the Printer Properties and click on the Print Processor button at the bottom.

This will bring up the print processors available for use on this printer.

The workstation uses the shared printer for its initial settings, including the print processor. You must choose a print processor that is already installed on the workstations. In this example we have a couple of HP print processors from different versions of the HP Universal Print driver, an Office 2007 OneNote print processor and the standard WinPrint processor. Choosing the incorrect processor will prevent the printer from being installed and result in a Group Policy Printers error in the Application Log with Event ID 4098 that will say Group Policy object did not apply because it failed with error code ‘0x80070706 The print processor is unknown.’ If you get this error, just change the print processor on the server to something that is supported by the workstations.

Now that the shared reference printer is created, we can set up the deployed printer in GP Preferences.

TCP/IP printers can only be deployed to Computers, so create or open an existing GPO and expand Computer Configuration – Preferences – Control Panel Settings – Printers. Right-click and select New – TCP/IP Printer. That will open the New TCP/IP Printer Properties menu.

Although there are other actions available, we are only going to Create a printer. Initially the DNS Name: field will say IP Address: and have a box for entering the IP address in dotted decimal format, but I have checked the Use DNS name box and that changes the menu. Even though I entered a DNS name here, the port will still be created with the IP address. The Local Name is the name displayed in the Printers folder of the workstation and that is what the users will see. The Printer path is the path to the shared printer we created earlier and it must be available to install the printer. The Location and Comment fields are optional, but any additional information you can provide users is usually welcome – especially if they have to walk to the other side of the building to track down a print job sent to the wrong printer.

The Port Settings tab allows you to change options for the TCP/IP printer port, but I haven’t had to change anything here yet.

The Common tab is common to all GP Preferences objects but it has some special uses for printers.

The Remove this item option will change the Action we set earlier to Replace. This will uninstall the printer if the computer is moved to a different OU, but the Replace action means the printer (and perhaps driver) will be continually updated. The event log messages will get annoying depending on the number of printers in your GPO so I suggest you use this option only when absolutely necessary. To reduce event log messages further, you could choose the Apply once option, but in my testing I left everything else alone.

Now you need to determine the GPO scope and deploy the printers, just remember that TCP/IP printers can only be deployed to computers – not users.


February 4, 2009 - Posted by | Group Policy Preferences, Printers | ,


  1. Great post. Very well explained.
    All the best with your future blogging.

    Comment by Anon | April 22, 2009 | Reply

  2. I have tested many XP SP3 clients with GPP and i used the HP Universal Driver as well as the individual printer driver. I cant say that i see the printer creation using the default settings from the shared printer. I was really hoping this would be the case though.

    Comment by GeorgeD | May 11, 2009 | Reply

  3. […] Guide Print Management Print Services Managing Windows Server 2008 Print Services – Techotopia Deploying TCP/IP Printers with Group Policy Preferences Clay Moores Blog Monitoring and Managing a Network Infrastructure (14 percent) Configure Windows Server Update […]

    Pingback by 70-642 Resources - IT Certification Forums | May 14, 2009 | Reply

  4. We were messing with printers deployment a while ago and I can give another good piece of advice for this.

    Finally we’ve been able to accomplish this task using our desktop management system called desktop authority .

    We were using this system mostly for other desktop management related tasks like drive mappings but while running through it’s features set we were happy to find that it can deploy printers as well.

    Comment by Floyd Gray | June 10, 2009 | Reply

  5. Very clear – I was trying without sucess using user GPO preference – I was confused since it worked one time for a printer that I had installed previously, but not for the rest of printers. I will try again.

    Comment by Marco | November 4, 2009 | Reply

  6. I tested the TCP/IP printer deployment using computer and user level GPP and both worked, but after having in place: 1) Disable pointandprint restriction (I did this at local policy deploying a registry change via logon-script and also at global level using a GPO 2) Make sure sce is deployed to all Vista and XP computers (Windows 7 does not require the sce)- The major problem I am still having is that some HP printers are installed on the print server with an hp print processor and these do not install via GPP. If a change them to winprint print processor they are deployed, but them I start having some issues if some of the settings are not properly configured (for example telling that tray2 is misconfigured…. What is the best way to fix this problem?

    Comment by Marco | November 14, 2009 | Reply

  7. Yes, I understand situations where you would want to direct print from each PC to a printer via a locally installed ‘Standard TCP/IP Port’. We have used this for years. But we have a scenario where a print server is actually needed and we need the print jobs to be queued up on the print server via Windows network printing and shared printers. In this scenario, we have not found a way to use GP Preferences to deploy printers to PCs that use the Windows shared network printers as the means to print. Instead, local ‘Standard TCP/IP Ports’ are created on the PCs and the print server is bypassed. Do you know how to distribute printers to PCs via GP Preferences such that they send the print jobs to the print server and not directly to the printer?

    Comment by Leonard | January 5, 2010 | Reply

  8. Great article. One thing that you forget to mention is that you need a Vista SP2 or higher machine or server 2008 to see these options when managing Group Policy. If you are running 2003 you will have to use a workstation with Vista SP2 or Windows 7 or Server 2008 to edit the Group Policy and see these options. you will have to use MMC to remotely connect to your AD machine and edit the policy’s.

    One question I have though is how do you push out default printer settings? is this still possible so we can enforce the 2 sided printing on certain printers and departments?

    Comment by Caspan | March 12, 2010 | Reply

  9. Hi Clay,

    Thank you for the helpful post!

    When sharing a TCP/IP printer with GPP, is there a way to set options on the printing preferences page?

    For example, our Ricoh MPC3000 has expanded output trays. We need to check a box “Additional Output Trays” on the Accessories Tab of the Printer Properties.

    When we check this box on the printer on the server and deploy the GPP to clients, they do not have the preference box checked. Is there a way to bring preference from the server in a TCP/IP setup?

    The only way we’ve been able to check the box once on the server and have all clients receive the setting is to deploy the printer using GPP as a shared printer from the server rather than a TCP/IP printer.

    Any suggestions?


    Comment by Brailler | November 2, 2010 | Reply

  10. Great Post Clay. Thank you for this.

    I am running into another error message that I haven’t been able to find an answer to. Here are the details of my issue.

    In our main office we are using GPP to deploy shared printers from our windows 2008 print server. …And I love it.

    However, I have a number of satellite offices spread throughout the country and do not want the single point of failure of a print server. Though I do like the idea of using GPP to deploy TCP/IP printers by OU membership. I repeat. I need direct IP printing rather than shared printing as these offices are not manned by IT staff, and user melt down would result if the print server were out of commission.

    Here are the details of my configuration. Any modifications I have made are listed here.

    Print Server
    Windows Server 2008 Standard

    Shared Printer
    HP LaserJet 4250 (I have tried also a Canon Printer with identical results.)
    PCL5 Print Drivers
    Printer Properties > Advanced > Print Processor: set to WinPrint – RAW
    Printer Properties > Security > Permissions: Everyone has Print & Read Permissions
    Printer Properties > Security Tab > Owner: SYSTEM

    Group Policy Object (The GPO is applied to a User OU)
    User Configuration > Preferences > Control Panel Settings > Printers: TCP/IP Printer – IP Address: – Local Name: HP LaserJet 4250 – Printer Path: \\server\printer share name – REPLACE
    User Configuration > Policies > Administrative Templates > Printers > Point and Print Restrictions: Users can only point and print to these servers: FQDN for Print Server – Status: Enabled

    Client Machines
    Windows XP SP3
    Fully Patched + .Net Framework 3.5
    Group Policy Preference Client Side Extensions for Windows XP is installed.
    User has local admin rights

    I get the following error message everytime I run gpupdate /force
    Event Viewer: Application Log – Type: Warning – Source: Group Policy Printers – Event ID: 4098
    The user ‘’ preference item in the ‘GP Name’ Group Policy object did not apply because it failed with the error code ‘0x8007051b This security ID may not be assigned as the owner of this object.’ This error was suppressed.

    While the printer does not install correctly, the TCP/IP Printer port does appear, as well the printer driver shows up in Server Properties > Drivers.

    Comment by Travis Kirk | January 18, 2011 | Reply

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: