Files
claudetools/clients/cascades-tucson/docs/printer-gpo-map.md
Howard Enos bc6dde5b89 sync: auto-sync from HOWARD-HOME at 2026-06-30 11:54:16
Author: Howard Enos
Machine: HOWARD-HOME
Timestamp: 2026-06-30 11:54:16
2026-06-30 11:54:48 -07:00

5.0 KiB

Cascades — Printer / VLAN 20 Migration Map (GPO planning)

Living reference for the printer migration onto Staff VLAN 20 (10.0.20.0/24) and the eventual printer GPO build. Update as machines/printers migrate. Started 2026-06-30 (Howard).

How the GPO needs to be built (two layers)

  1. Point-and-Print policy (computer GPO, fleet-wide) — REQUIRED prerequisite or any GPO-pushed printer fails (PrintService event 513 / error 0xBCB) for standard users. Set on HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Printers: RestrictDriverInstallationToAdministrators=0; subkey PointAndPrint: Restricted=1, TrustedServers=1, ServerList=CS-SERVER, InForest=0, NoWarningNoElevationOnInstall=1, UpdatePromptSettings=2 (scopes silent driver install to CS-SERVER only). Caregiver machines already have this — that's why their printer GPO works. Set manually 2026-06-30 on DESKTOP-ROK7VNM + DESKTOP-DLTAGOI; needs to be a GPO.
  2. Printer deployment — GPP Printers / Deployed Printers mapping \\CS-SERVER\<share> to the right users/OU/room. Existing GPO CSC - Life Enrichment Printers likely still points at OLD share names — repoint. CSC - Printer Deployment is disabled/empty (do not use).

Driver trap: Canon MF741/743 are UFR II only — PCL6 produces Error #822 (spools, never prints). Any GPO/share for those Canons MUST use Canon Generic Plus UFR II V250 (INF cnlb0ma64.inf).

Printer / machine map

Printer (share / name) Model IP (VLAN20) Driver Machine User(s) Domain? Status / GPO action
\\CS-SERVER\FrontDesk Epson ET-5800 10.0.20.221 EPSON ET-5800 Series RECEPTIONIST-PC (frontdesk box, S/N MJ0KQHNP) frontdesk Domain (cascades.local) DONE — share repointed, mapped, default. Add to GPO.
\\CS-SERVER\LifeEnrichment Canon MF741CDW 10.0.20.94 Canon Generic Plus UFR II V250 DESKTOP-DLTAGOI; DESKTOP-ROK7VNM sharon.edwards; susan.hicks Domain DONE — UFR II driver fixed, mapped (not default). Repoint CSC - Life Enrichment Printers GPO from old 1F-132-RecRoom-Canon to LifeEnrichment.
Dining Room Manager - Canon MF743CDW Canon MF743CDW (MF741C/743C) 10.0.20.228 Canon Generic Plus UFR II V250 DESKTOP-MD6UQI3 dining manager (Alyssa) WORKGROUP — not domain-joined yet DONE as direct-IP (local) printer, default. TODO: when DESKTOP-MD6UQI3 is domain-joined, add this printer to the GPO and map it to Alyssa's domain account.
Chef Office - Brother MFC-9330CDW Brother MFC-9330CDW 10.0.20.236 Brother MFC-9330CDW Printer CHEF-PC chef (all users) WORKGROUP — not domain-joined DONE as direct-IP (machine-wide / all users), default. TODO: add to GPO + map to chef's domain account once CHEF-PC is domain-joined. This is the Chef's printer in the Chef's office (distinct from the kitchen printer with the chefs).
Memory Care Front Desk - Epson ET-5800 (\\CS-SERVER\MCReception) Epson ET-5800 10.0.20.78 EPSON ET-5800 Series MEMRECEPT-PC memfrtdesk (+ other MemCare front-desk staff) WORKGROUP — not domain-joined Already shared on CS-SERVER as MCReception. Machine currently has the Epson via OLD vendor/WSD ports (EP833571:ET-5800 SERIES + WSD), NOT the static .78 — needs direct-IP to 10.0.20.78. Mark for GPO: MemCare front-desk users (mostly the memfrtdesk machine). TODO: add to GPO + map to domain accounts once domain-joined.
Memory Care MedTech - Brother MFC-L8900CDW (\\CS-SERVER\MCMedTech) Brother MFC-L8900CDW 10.0.20.74 Brother MFC-L8900CDW series RECEPTIONIST-PC (memcare box → rename to MEMCARE-*); DESKTOP-LPOPV30 memory care; karen rossini WORKGROUP DONE direct-IP machine-wide on both; old 192.168.2.53 + WSD connections removed; LPOPV30 default = new printer (was the old one); memcare box default unchanged (iR-ADV). MedTech room in Memory Care. TODO: GPO + domain accounts once joined.
\\CS-SERVER\Kitchen Canon MF743CDW 192.168.3.232 (pre-migration) (verify) (kitchen) chefs Kitchen printer (with the chefs). Not yet migrated to VLAN20 this round.

Machine rename TODO

  • RECEPTIONIST-PC (the Memory Care box, "memory care" user, S/N MJ0KQH4R, agent 57f19e17) shares its hostname with the front-desk RECEPTIONIST-PC box — too hard to tell apart in the agent list. Rename STAGED 2026-06-30 -> MEMCARE-STATION; applies on next reboot (not forced; user was active). The OTHER RECEPTIONIST-PC (frontdesk user, S/N MJ0KQHNP) is the actual front desk.

Notes

  • Workgroup machines (DESKTOP-MD6UQI3, CHEF-PC) get direct-IP local printers for now (no domain auth / no point-and-print needed). Once domain-joined, switch them to the GPO-deployed \\CS-SERVER\<share> model and map to the domain account.
  • Detailed how-to + pfSense routing fix: .claude/memory/project_cascades_vlan20_migration_routing.md and session log clients/cascades-tucson/session-logs/2026-06/2026-06-30-howard-vlan20-printer-migration.md.