CALs question on Win2003 server products

Posted on 2003-10-31
Last Modified: 2010-03-19
we have 25 users, and are going to setup 1 file server, 1 Exchange Server and 1 SQL server

Here is what we are gonna do, pls let me know if this is right.

1. On file server, we purchase Win2003 Server 25 CALs
2. On Exchange Server, we purchase Win2003 Server 25 CALs and Exchange Server 2003 25 CALs
3. On SQLServer, we purchase Win2003 Server 25 CALs and SQLServer 2003 25 CALs

pls correct me if i am wrong

Question by:techcity
  • 3

Accepted Solution

cooledit earned 20 total points
ID: 9662470
seems like an okay act put together.

Since you are on the right track already then pls consider to put the Exchange on a DMZ zone for security reasons then you wont get surprises later on.

I know its a small platform 25 users but I'll recommend if you want to run DHCP from your scenario then make a scope of maybe 45 clients split the scope up (2 DHCP servers) on the File Server + SQL server split with maybe 60 procent of the addresses on the File Server (SQL would be nicer but dont know how many SQL Cals quereries you expect).

If you want to Virus protect yourself on the Exchange this is extreem but usefull, you could implement that if the attachment is not zipped then it is rejected its a feature in the 5.5 + 2000 Exchange then tell all the costumers to send only zipped files also make an Administrator message to the sender if the file is not zipped that only allowed zips get through to receiver (that will help you in cases where new viruses are out and there are no fix for them). You wouldn't receive CVS´+ all the attachment that people normaly open.

Hope it can be used

Author Comment

ID: 9665278
to: Cooledit
thx for the reply.

1. RE: "DMZ" zone.
If we do not use Outlook Web Access, do we still need to put Exchange Server in DMZ zone?
To my understanding, a server in DMZ zone is for public access from the internet, and Outlook Web Access is the only reason for an Exchange Server to be public to the internet.

By the way, what firewall do you use or suggest?

2. RE: DHCP server
Can 2 DHCP coexist? If yes, how can a client to decide which DHCP server it will use?

Why you suggest 2 DHCP servers?

3. RE: Zipped files
Sorry, i donot get you on this part.
Any advantages when you send an zipped attachment file?

4. On the Exchange Server, can we buy Windows 2003 Server 5 CALS and ExchangeServer 25 CALs? Because on this server, we only use Exchange.

Thanks and more points will be considered.


Expert Comment

ID: 9665683
Hi Techcity

the DMZ zone suggestion if for your security reasons (when having a Exchange server) or WWW server your network = weak security. I'll show you how to. Anyway if your not protecting your Exchange you could be closed by the Internet laws for having an open SMTP relay.

Internet cloud
here your WAN address
here is your LAN address the address you get from ISP
your server exchange server

It is not only for the WEB access from the clients but putting your Exchange in a DMZ protects you from external hacking. If it was my client I would surely make a scenario like this:

WAN interface on router
here is my LAN interface = I then got 8 subnets + 30 host on each more than enough.

I make my router capable to do NAT outside for the address
then I'll create a DMZ for the the Exchange either on putting in a switch or an additional card on a server to create the DMZ. The DMZ then equals to one of the subnet calculated out this address I assign to the additional card (NIC) if it resides on a server. It is better to make a subinterface on the router with the assigned address. Now having a DMZ zone of I can then create a IP address between - in between here pick an address or use another address for the WWW server.

My client could then use the - range then you could make a DHCP Scope of - using 2 subnets. you could then split the scope in 2 DHCP servers.

Like I tried to say it maybe seem like a lot of efford for 25 clients but if one server hangs at least the users get an IP from the DHCP.

For the firewall purposes I could use a PIX 501 Cisco this one is efficient for 25 users + capable of doing VPN connections. In the firewall you must forward the port 25 to the 192.255.224.x from what IP address you choosed to your Exchange server, you can do the same with your DNS server port forwarding + WWW or other kind of services you want to run.

The ZIP attachment is usefull for reasons be on our control as administrators. Most of the viruses developed today is made in scripting CVS, Macro's, Worms + other specific theories. The common thing is they expect to be opened but relies in the header + when a virus spread it does not use Zipped attachment it is already opened in the mail header. Here is where I see potential protection when only accepting Zipped attachment, your mails wont get the firestorm. When accept any attachment the possibilities of getting the virus is big. When denying the attachment when not zipped the most common even new viruses will not affect you.

have a look at:

going to see if i can find that registry key settings in the exchange server

Expert Comment

ID: 9666612;EN-US;214816#2

To do this, just edit the URLScan.ini file found in the \winnt\system32\inetsrv\urlscan folder. Find the [DenyExtensions] setting, and comment out the .com entry by placing a semi-colon in front of it. This is shown below:
; Extensions listed here either run code directly on the server,
; are processed as scripts, or are static files that are
; generally not intended to be served out.
; Note that these entries are effective if "UseAllowExtensions=0"
; is set in the [Options] section above.
; Deny executables that could run on the server

Then find the [AllowExtensions] section, and add the .com entry to it as follows:

; Extensions listed here are commonly used on a typical IIS server.
; Note that these entries are effective if "UseAllowExtensions=1"
; is set in the [Options] section above.

I'm not having a Exchange server here in front of me so cannt check it out but there should be some valuable links.

seems like all I can find for the moment

Featured Post

Create the perfect environment for any meeting

You might have a modern environment with all sorts of high-tech equipment, but what makes it worthwhile is how you seamlessly bring together the presentation with audio, video and lighting. The ATEN Control System provides integrated control and system automation.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
google exe file 5 71
svi stops eigrp advertisement 13 33
software inventory tools 3 41
tamper proof asset tags - benefits 4 28
Let’s list some of the technologies that enable smooth teleworking. 
I had an issue with InstallShield not being able to use Computer Browser service on Windows Server 2012. Here is the solution I found.
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor ( If you're interested in additional methods for monitoring bandwidt…

820 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question