Is it possible to regulate printer permissions based upon computer OU

Much like when I asked this:

Device-based permissions in a Windows Printing environment

It turns out not to be possible. Printing is handled on the User's token, not the device's token. So when a user goes to print, they access the print-share with their own security credentials. The Workstation's credentials are no part of that transaction. Therefore, you can't do device-based restrictions for printing on Windows.

Microsoft added functionality to deploy print queues to user profiles via Group Policy in Windows Server 2003 R2: http://technet.microsoft.com/en-us/library/cc722179(WS.10).aspx (I don't much care for it and use a script of my own creation to do a similiar thing, albeit based on the location of "printer objects" in the AD relative to users or computers... perhaps someday I'll publish it somewhere, if I ever get around to cleaning it up.)

The Microsoft group-policy contrivance that I mentioned above, though, relies on the "point and print" functionality exposed by creating a shared print queue on a server and directing clients to that queue. Since that's what you're saying is the crux of your problem, it doesn't help you much.

Personally, I prefer queued printers over having clients print directly to the on-printer LPR / direct-print servers. I'd cite the following advantages:

• Ability to move the printer on the network w/o affecting the clients
• Ability to place printers into a VLAN and control access to them via ACLs and queue permissions on print server computers
• Ability to use print accounting software on the print server computers to meter printer use

It has been my experience that some embedded print server devices get flaky when a large number of clients are talking to them directly. I can't cite any specific manufacturers or models, as the experience was so long ago as to be fuzzy in my mind. (In fact, it was so long ago that modern print server devices may have solved those problems... I just don't chance it anymore because, once bitten by a problem, I am nearly forever wary of the situation that caused the problem to begin with.)

Centrally queued printers, when combined with something like Microsoft's Group Policy-based printer deployment tool, makes add / moves / changes of printers extremely painless.

It surprises me a little bit that you're seeing performance problem caused by hosting print queues on a server computer. I've got one particular file server computer (a vintage 2004 machine) that hosts print queues for roughly 30 printers and user home directories for 400 - 800 logged-on users at any given time, and the box is regularly able to fill its gigabit Ethernet pipe with traffic w/o CPU or memory bottleneck. Perhaps you have some overly inefficient printer drivers, a really high printing volume, or a severely under-powered server hosting the queues.

If you really want to setup each client to send jobs directly to each printer you're going to have to script the installation. You'll get no help with loading drivers from "point and print", either. The "PrintUI.dll" functionality in Windows will get you started, but it won't create "Standard TCP/IP Ports" for you, so you're going to have to script that, too.