Skip to main content

Managing Owners

Owners are the entities that receive assignments in ScrewDrivers—users, groups, computers, organizational units, and IP address ranges. The Assignments pane displays these owners in hierarchical trees synchronized with your Active Directory structure, and you can search, verify, and manage them to ensure correct printer and setting distribution. This reference covers owner operations, from reviewing assignments to creating custom network owners and verifying what users will actually receive.

Overview

ScrewDrivers automatically pulls entities from Active Directory based on your Windows domain and organizes them into three owner types: Active Directory (users, groups, OUs), Network (computers by DNS name, IP address, or IP range), and Local Users and Groups (local accounts on Terminal Servers). The system maintains this synchronization dynamically, loading owners as you navigate the tree structures.

You'll work with owners primarily when assigning objects, reviewing what a specific user or group has access to, and troubleshooting assignment problems. The Logon Impersonation tool complements owner management by letting you test what assignments a specific user would receive given their attributes and login context.

Owner Types and Organization

The Assignments pane organizes owners across three tabs, each representing a different owner category:

Active Directory: Contains your domain structure with organizational units, groups, and users. This tab synchronizes with your AD hierarchy and provides the most common way to manage assignments at scale. OUs and Containers are treated as the same owner type for assignment purposes.

Network: Shows client computers identified by DNS name, IP address, or IP address range. You'll use this tab for location-based assignments or when network topology matters more than AD membership. You can create custom network owners here for specific machines or subnets.

Local Users and Groups: Displays local accounts on Terminal Servers or endpoints. This tab handles scenarios where local authentication is used instead of domain accounts, or when you need to assign based on local group membership regardless of AD structure.

Searching for Owners

You can search for owners in two modes depending on whether you need to find entities already loaded into the current console session or search the entire AD directory.

Searching Loaded Owners

The quick search at the top of the Assignments pane filters owners already loaded into your current view. This search updates dynamically as you type and works across the currently visible owner tree. It's fastest for finding owners you've recently worked with or that are already expanded in the tree.

Searching All Owners

The comprehensive search queries Active Directory directly to find any owner regardless of whether it's been loaded into your current session. This search mode opens a separate dialog where you can specify search criteria and view results. When you find the owner you need, you can select it to view its assignments or add it to the visible tree for further work.

Use comprehensive search when you know an owner exists but aren't sure where it sits in the hierarchy, or when you need to find owners across multiple OUs or domains.

Reviewing Owner Assignments

The View All Assignments icon on the Icon Bar shows everything assigned to a selected owner—all printers, session settings, and permissions. This view displays both direct assignments (made explicitly to this owner) and inherited assignments (received from parent owners in the hierarchy).

For each assignment, you'll see whether it's inherited or direct, its status (allowed or denied), and if inherited, which parent owner it came from. You can delete direct assignments from this view by selecting them and clicking Delete, but inherited assignments can only be modified at their source—the parent owner level.

The assignments list includes its own search field for filtering when an owner has many assignments. The search updates dynamically as you type, helping you quickly locate specific printers or settings within a long list.

Verifying Assignments with Logon Impersonation

The Logon Impersonation tool lets you test what assignments a user would receive based on specific criteria you provide. This is essential for verifying inheritance logic before deploying changes across your environment. You'll specify the user account, session agent, and client information, and the tool shows exactly which printers and settings that combination would receive.

This verification prevents the common problem where assignments look correct in the console but don't work as expected for actual users. You can test different combinations of user, location, and client to ensure your assignment strategy handles all scenarios correctly.

To verify owner assignments:

  1. Click the Logon Impersonation icon on the Icon Bar
  2. Specify the user account to test
  3. Enter the session agent and client details
  4. Click Test to see the resulting assignments

The tool shows you the exact inheritance path for each assignment, making it easy to identify where unexpected results come from.

Managing Network Owners

Network owners provide location-based or infrastructure-based assignment capabilities beyond Active Directory. You can create custom network owners for specific computers, IP addresses, or IP ranges, then assign objects to those owners just like you would to AD entities.

Creating Network Owners

You'll create network owners when you need to assign based on physical location (office, branch, building) or when specific machines need unique configurations regardless of who logs into them.

To create a network owner:

  1. Navigate to the Network tab in the Assignments pane
  2. Right-click an appropriate location in the tree
  3. Select Add Network Owner
  4. Specify either a DNS name, single IP address, or IP address range
  5. Give the owner a descriptive name for easy identification

Network owners support IP ranges using standard notation (like 192.168.1.1-192.168.1.50), making it easy to assign to entire subnets or office locations.

Managing Network Owners

You can rename or delete network owners as your infrastructure evolves. Deleting a network owner removes all its direct assignments, but this won't affect inherited assignments that pass through from parent owners higher in the hierarchy.

When renaming network owners, choose descriptive names that indicate location or purpose ("Building-A-Floor-2" vs "Network-Owner-5") to make assignment management easier.

Blocking Owner Assignments

Sometimes you'll need to prevent a specific owner from receiving an assignment that would normally inherit from a parent owner. The blocking feature lets you explicitly stop inheritance for specific owners without affecting other owners at the same level.

Blocking differs from denying—a denied assignment actively prevents access, while a blocked assignment simply stops inheritance as if the parent assignment didn't exist. Use blocking when you want to remove an inherited assignment for one owner while allowing siblings to still receive it.

Owner Management Best Practices

Effective owner management improves assignment accuracy and reduces troubleshooting time:

  • Test before deploying: Always use Logon Impersonation to verify complex assignment scenarios
  • Document custom network owners: Maintain notes on why specific network owners exist and what they're for
  • Use AD structure where possible: Leverage existing OUs and groups instead of creating custom network owners
  • Review regularly: Periodically check owner assignments to ensure they still match organizational needs
  • Name descriptively: Use clear, meaningful names for custom network owners that indicate their purpose