Jamf Nation Community

@dstranathan - see this post at the end....
This is what we do and it works well. Like blackholemac, there are too many models that require a real PPD, so this works well and is pretty easy to do once you get it all sorted.

Since my JumpStart a year ago, I have manually configured every setting possible in the JSS and made sure that all Macs have the same HP printer driver packages installed. Very consistent here.

Im wondering if I have been "overmanaging" them. So far I havent had any printer isssues at all (in terms of both the printer objects themselves and the related JSS printer mapping polices, etc)

But now that HP appears to be releasing future PPDs from their craptastic "Easy Start" app, Im wondering how easy it will be to manage printers going forward.

In our environment we only have network printers which are in an AD environment. So far the best method I've found to deploy printers has been via scripting the install and with that I have it point to the actual ppd. Sometimes it's a pain to figure out which ppd is being used and where it's located but at least things seem reliable. Using Casper to capture AD printers and deploy them simply did not work reliably.

@scottb Ahhh - You are mapping all printers with curated drivers/PPDs and CUPS scripts, etc - the whole 9 yards.

Im just using a built-in JSS printer Policy payload and the Appple/HP printer package (https://support.apple.com/kb/DL1888?locale=en_US). Combine those with smart goups that keep track of which printers are required by which departments and Im golden. Its failry simple here: Each department basically gets dedicated 2 printers (and dont share with other departments).

I was just posting for a sanity check to see how other people are managing printers.

What's interesting is that our two AD printers ONLY seem to function well as captured and deployed through Casper...we use a PaperCut server for our FollowMe queues and the PaperCut Server is dependent on the IT being an AD printer for simplicity. When I have folks do a hand install it usually goes badly, once I added it to self-service, it works fine .

@jhuls - So are your Macs printing to Windows Print servers over SMB? Do you require authentication for printing? I may want to pick your brain!

My Macs are printing directly to our HP printers over the LAN. I have considered printing through our Windows print servers, but it has been rather messy, and I have given up until I can devote more time to it as a "official" project.

I also agree with the poster above about the crappy HP Easy Start app... that was a joy to figure out, all that stupid app does is download the PKG file from some HP server somewhere, install the PKG and do the necessary controls in CUPS to set up the printer... for simplicity , I figured out where to capture that PKG , used Casper standard methods to deploy. I will note that Apple doe NOT include some of these new HP Laserjet Enterprise printers in its HP driver package.

We use to print directly to the printers via ipp or lpd but hanging around on here I found what I needed to get them to talk to the servers. Below is an example script...

lpadmin -p PrinterName  -L "PrinterLocation" -E -v smb://servername.domain.edu/PrinterShareName -P /Library/Printers/PPDs/Contents/Resources/HP Color LaserJet M750.gz -o printer-is-shared=false -o auth-info-required=negotiate

There might be a better way to do this but this is what I've found that works.

I would want to use @jhuls method myself instead of LPD/IPP, but find better control using direct printing...I don't have AD access myself plus I want to retain the user's ability manage their own print queues well. I also would love to somehow integrate a preferred Mac driver into the AD queue automatically similar to printer setup on Windows...if I could do those two things with our whole fleet of printers, I would gladly hand printer management for Macs over to our print server admins who are primarily Windows only.

@jhuls Does your Windows print server require Kerberos SSO? If Kerberos fails (stale ticket etc) does it challange the user to manually authenticate?

Whenever I attmept to print though Windows AD print servers (assuming auth works, etc), I get 400 pages of blank pages with what appears to be a PostScript encoding error. This issue occurs regardless if I manually build the queue with scripts/commands or if I manually select the printer (which is published in the Directory) via the Printers & Scanners preference pane. I need to investigate using a generic PCL driver (which goes back to my inital post)

@blackholemac When you captured the printer pkg temp files from HP Easy Start, it's just the resources for a specific HP printer (not a collection of HP printers), correct?

@dstranathan the big question is are your machines on the domain? If they are you can set up to print to windows shares but of course there are some gotchas. Took us a while to get it set up we are also printing though Papercut. Big tip is printer share names can't have spaces OS X will actually allow you to create the share on the client but it chokes when you print then goes into a loop of putting the printer in the paused state.

I deploy the Toshiba printer driver through self service then build the actual local queue by hand.

@dstranathan Honestly, I couldn't tell you if the print server requires kerberos SSO...I'm the only Apple person here amongst a large number of Windows admin and support people. It can be worse than pulling teeth to get information many times on things where I'm requested or expected to implement something that integrates with our Windows environment. In this case I was pretty much on my own to come up with something that would work.

I'm not aware about any stale ticket issues and what occurs in those situations but it sounds like something I should study up on. Our users except for the labs and classrooms have local admin privileges and I don't control what rights they're given to the print queues so I don't know if they would be prompted. There's now serious talk about removing the local admin rights so this might change how some of this works.

Related note:

Does anyone know how to use the lpadmin comands to generate a printer queue using a generic PCL (non-PostScript) PPD?

The Apple generic PPD below is PostScript and wont work when printing to my Windows print server.

/System/Library/Frameworks/ApplicationServices.framework/Frameworks/PrintCore.framework/Resources/Generic.ppd

I have heard that CUPS generates a generic PCL PPD on-the-fly, but I dont know how to make this happen in the context of creating new PCL printer queues with the lpadmin commands.

Edit: I can create a CUPS generic PCL PPD with this command:

/usr/libexec/cups/daemon/cups-driverd cat drv:///sample.drv/generpcl.ppd >> /tmp/genericpcl.ppd

But its not capable of printing in color (grayscale only)

@dstranathan I am unsure at the moment ... I had to get that particular printer deployed to a lab rather rapidly at the time . That being said when I get some time this morning , i'll take a picture of that package in Pacifist to let anyone hear draw the conclusions they want using a graphical representation of the package. My gut says it's model specific or printer family specific given HPs history of drivers collectively and in the interest of keeping download size small. Won't know until I make some time to post that screenshot . Forgive me I had Siri dictate this post someone is concerned with bad punctuation .

Having some difficulties myself with this topic. Our printers use HP's Secure Pull print features and our Macs seem to bypass this feature. If I add the printer manually on the mac through windows sharing and select PCL during printer setup, HP pull print works just fine.

Does anyone have any experience with this?