I've looked every where for answers to my problem, but all of them either require Windows Group Policy usage or printer settings I don't have available.
The problem is simple but tricky, I have around 20 printers on two office buildings and I wan't to log everything that get's printed, my company spends a lot of money on toners and I wan't to drastically reduce costs. Very frequently I found people printing school or church documents, sometimes hundreds of pages (yes, hundreds). The goal is log everything printed and do random checks on the printed documents and who send the print request.
We have a Windows 2008 Domain Controller and I'm happy to add a new user just for printing proposes. We also have a Windows 2008 Print Server that we use to control who has access to which printer. And printer discovery is disabled on the printers when possible.
But still there are users who simply go to the printer, look at the printer IP address and add them to their machines, bypassing the print server and thus the so helpful logging.
Before someone suggests the usage of Group Policy to manage printer deployment, let me explain why that is not the solution for us. We have mix of HP and DELL workstations, personal Windows and MAC machines and mobile phones, both Androids and iOSs.
The biggest problem are Apple devices, since they somehow managed to automatically find any printer on the network and add them at will. Windows users will sometimes look at the printer IP address and add them, as explained.
This mix of devices means only one third of machines will be logging in using Active Directory credentials, personal machines and mobile devices, completely bypass the Active Directory environment, thus making Group Policy policies irrelevant.
The best idea we had up to this date, is putting printers on a separate vlan only visible to the servers vlan, but that said I don't know if that works (and haven't tested) since when you install a network shared printer the client still adds an IP port to the printer, I will be hopping someone knows if this will work. But that also means we will need to replace some of our network equipment, which is costly (But we will do it if that solves the problem). (The print server is, of course, on the servers vlan)
Anyone have any suggestions on how to achieve this, if at all possible?
Thank you in advance.