CALs question on Win2003 server products

we have 25 users, and are going to setup 1 file server, 1 Exchange Server and 1 SQL server

Here is what we are gonna do, pls let me know if this is right.

1. On file server, we purchase Win2003 Server 25 CALs
2. On Exchange Server, we purchase Win2003 Server 25 CALs and Exchange Server 2003 25 CALs
3. On SQLServer, we purchase Win2003 Server 25 CALs and SQLServer 2003 25 CALs

pls correct me if i am wrong

Y YconsultantAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

seems like an okay act put together.

Since you are on the right track already then pls consider to put the Exchange on a DMZ zone for security reasons then you wont get surprises later on.

I know its a small platform 25 users but I'll recommend if you want to run DHCP from your scenario then make a scope of maybe 45 clients split the scope up (2 DHCP servers) on the File Server + SQL server split with maybe 60 procent of the addresses on the File Server (SQL would be nicer but dont know how many SQL Cals quereries you expect).

If you want to Virus protect yourself on the Exchange this is extreem but usefull, you could implement that if the attachment is not zipped then it is rejected its a feature in the 5.5 + 2000 Exchange then tell all the costumers to send only zipped files also make an Administrator message to the sender if the file is not zipped that only allowed zips get through to receiver (that will help you in cases where new viruses are out and there are no fix for them). You wouldn't receive CVS´+ all the attachment that people normaly open.

Hope it can be used

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Y YconsultantAuthor Commented:
to: Cooledit
thx for the reply.

1. RE: "DMZ" zone.
If we do not use Outlook Web Access, do we still need to put Exchange Server in DMZ zone?
To my understanding, a server in DMZ zone is for public access from the internet, and Outlook Web Access is the only reason for an Exchange Server to be public to the internet.

By the way, what firewall do you use or suggest?

2. RE: DHCP server
Can 2 DHCP coexist? If yes, how can a client to decide which DHCP server it will use?

Why you suggest 2 DHCP servers?

3. RE: Zipped files
Sorry, i donot get you on this part.
Any advantages when you send an zipped attachment file?

4. On the Exchange Server, can we buy Windows 2003 Server 5 CALS and ExchangeServer 25 CALs? Because on this server, we only use Exchange.

Thanks and more points will be considered.

Hi Techcity

the DMZ zone suggestion if for your security reasons (when having a Exchange server) or WWW server your network = weak security. I'll show you how to. Anyway if your not protecting your Exchange you could be closed by the Internet laws for having an open SMTP relay.

Internet cloud
here your WAN address
here is your LAN address the address you get from ISP
your server exchange server

It is not only for the WEB access from the clients but putting your Exchange in a DMZ protects you from external hacking. If it was my client I would surely make a scenario like this:

WAN interface on router
here is my LAN interface = I then got 8 subnets + 30 host on each more than enough.

I make my router capable to do NAT outside for the address
then I'll create a DMZ for the the Exchange either on putting in a switch or an additional card on a server to create the DMZ. The DMZ then equals to one of the subnet calculated out this address I assign to the additional card (NIC) if it resides on a server. It is better to make a subinterface on the router with the assigned address. Now having a DMZ zone of I can then create a IP address between - in between here pick an address or use another address for the WWW server.

My client could then use the - range then you could make a DHCP Scope of - using 2 subnets. you could then split the scope in 2 DHCP servers.

Like I tried to say it maybe seem like a lot of efford for 25 clients but if one server hangs at least the users get an IP from the DHCP.

For the firewall purposes I could use a PIX 501 Cisco this one is efficient for 25 users + capable of doing VPN connections. In the firewall you must forward the port 25 to the 192.255.224.x from what IP address you choosed to your Exchange server, you can do the same with your DNS server port forwarding + WWW or other kind of services you want to run.

The ZIP attachment is usefull for reasons be on our control as administrators. Most of the viruses developed today is made in scripting CVS, Macro's, Worms + other specific theories. The common thing is they expect to be opened but relies in the header + when a virus spread it does not use Zipped attachment it is already opened in the mail header. Here is where I see potential protection when only accepting Zipped attachment, your mails wont get the firestorm. When accept any attachment the possibilities of getting the virus is big. When denying the attachment when not zipped the most common even new viruses will not affect you.

have a look at:

going to see if i can find that registry key settings in the exchange server

To do this, just edit the URLScan.ini file found in the \winnt\system32\inetsrv\urlscan folder. Find the [DenyExtensions] setting, and comment out the .com entry by placing a semi-colon in front of it. This is shown below:
; Extensions listed here either run code directly on the server,
; are processed as scripts, or are static files that are
; generally not intended to be served out.
; Note that these entries are effective if "UseAllowExtensions=0"
; is set in the [Options] section above.
; Deny executables that could run on the server

Then find the [AllowExtensions] section, and add the .com entry to it as follows:

; Extensions listed here are commonly used on a typical IIS server.
; Note that these entries are effective if "UseAllowExtensions=1"
; is set in the [Options] section above.

I'm not having a Exchange server here in front of me so cannt check it out but there should be some valuable links.

seems like all I can find for the moment
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today

From novice to tech pro — start learning today.