Bug 45218 – Deploy Printers via Group Policy instead of univention-printer-assignment

Bug 45218 - Deploy Printers via Group Policy instead of univention-printer-assignment


Summary:	Deploy Printers via Group Policy instead of univention-printer-assignment

Status:	NEW

Product:	UCS@school
Classification:	Unclassified
Component:	Samba 4
Version:	UCS@school 4.4
Hardware:	Other Linux

Importance:	P5 normal (vote)
Target Milestone:	---
Assigned To:	Samba maintainers
QA Contact:

URL:
Keywords:

Depends on:	40298
Blocks:
	Show dependency tree / graph

Reported:	2017-08-17 19:54 CEST by Arvid Requate
Modified:	2020-07-14 11:09 CEST (History)
CC List:	5 users (show)

See Also:
What kind of report is it?:	Feature Request
What type of bug is this?:	---
Who will be affected by this bug?:	---
How will those affected feel about the bug?:	---
User Pain:
Enterprise Customer affected?:
School Customer affected?:
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number:
Bug group (optional):
Max CVSS v3 score:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Arvid Requate

2017-08-17 19:54:05 CEST

We should check if the job done by univention-printer-assignment could not be done more easily via the Microsoft recommended procedure:

Deploying Printers by Using Group Policy:
https://technet.microsoft.com/en-us/library/cc754699(v=ws.11).aspx


We already extended the S4-Connector to replicate the objects required for this
(Bug 40298).

Keywords for Bugzilla search: msPrint-ConnectionPolicy PushedPrinterConnections

Comment 1 Jan Christoph Ebersbach

2017-08-18 10:38:21 CEST

I recommend looking into this method because there's currently no officially supported way of assigning printers in an automated fashion.  univention-printer-assignment is only maintained as a cool solution.

Comment 2 Arvid Requate

2017-08-18 12:18:08 CEST

Just a quick brain dump from my test yesterday, before the test VM gets reverted and the GC hits my brain:

When you do this via the MS printermanagement.msc tool, it generates a Sub-container cn=PushedPrinterConnections below an existing GPO (choosable by user), either below the Machine or the User part of the GPO, depending on which target type it should apply to. Below that new container it stores the UNC Path for the printer to be pushed:
===========================================================================
dn: CN={8662D975-F791-4BF9-9398-51109C9B6FA1},CN=PushedPrinterConnections,CN=User,CN={31B2F340-016D-11D2-945F-00C04FB984F9},CN=Policies,CN=System,DC=ar41i1,DC=qa

objectClass: msPrint-ConnectionPolicy
cn: {8662D975-F791-4BF9-9398-51109C9B6FA1}
uNCName: \\master10.ar41i1.qa\drucker1
serverName: \\master10.ar41i1.qa
printerName: drucker1
===========================================================================

So this seems to be purely LDAP, no sysvol files involved.

That's all there is for the technological basis. Now there is the question how to make this configurable for the admin (CLI-Tool? UMC?). I don't knwon how univention-printer-assignement does this, maybe we should keep it on CLI level as a start.

The User just has to answer a couple of Questions:
1. Which printer
2. Via which GPO (implying which objects it applies to)
3. Which target type: machine level or user level

For point 2, an interactive tool could also show, which objects a chosen GPO links to (samba-tool can do that AFAIK). That would be something that the MS tool does not offer, for example.

Comment 3 Jan Christoph Ebersbach

2017-08-18 12:58:15 CEST

univention-printer-assignment adds an Extended Attribute to group objects that stores a list of assigned printers.  Usually, the computer room group is chosen because the link between room/computer and printer is the desired one in most cases.