Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17


CALs question on Win2003 server products

Posted on 2003-10-31
Medium Priority
Last Modified: 2010-03-19
we have 25 users, and are going to setup 1 file server, 1 Exchange Server and 1 SQL server

Here is what we are gonna do, pls let me know if this is right.

1. On file server, we purchase Win2003 Server 25 CALs
2. On Exchange Server, we purchase Win2003 Server 25 CALs and Exchange Server 2003 25 CALs
3. On SQLServer, we purchase Win2003 Server 25 CALs and SQLServer 2003 25 CALs

pls correct me if i am wrong

Question by:techcity
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3

Accepted Solution

cooledit earned 80 total points
ID: 9662470
seems like an okay act put together.

Since you are on the right track already then pls consider to put the Exchange on a DMZ zone for security reasons then you wont get surprises later on.

I know its a small platform 25 users but I'll recommend if you want to run DHCP from your scenario then make a scope of maybe 45 clients split the scope up (2 DHCP servers) on the File Server + SQL server split with maybe 60 procent of the addresses on the File Server (SQL would be nicer but dont know how many SQL Cals quereries you expect).

If you want to Virus protect yourself on the Exchange this is extreem but usefull, you could implement that if the attachment is not zipped then it is rejected its a feature in the 5.5 + 2000 Exchange then tell all the costumers to send only zipped files also make an Administrator message to the sender if the file is not zipped that only allowed zips get through to receiver (that will help you in cases where new viruses are out and there are no fix for them). You wouldn't receive CVS´+ all the attachment that people normaly open.

Hope it can be used

Author Comment

ID: 9665278
to: Cooledit
thx for the reply.

1. RE: "DMZ" zone.
If we do not use Outlook Web Access, do we still need to put Exchange Server in DMZ zone?
To my understanding, a server in DMZ zone is for public access from the internet, and Outlook Web Access is the only reason for an Exchange Server to be public to the internet.

By the way, what firewall do you use or suggest?

2. RE: DHCP server
Can 2 DHCP coexist? If yes, how can a client to decide which DHCP server it will use?

Why you suggest 2 DHCP servers?

3. RE: Zipped files
Sorry, i donot get you on this part.
Any advantages when you send an zipped attachment file?

4. On the Exchange Server, can we buy Windows 2003 Server 5 CALS and ExchangeServer 25 CALs? Because on this server, we only use Exchange.

Thanks and more points will be considered.


Expert Comment

ID: 9665683
Hi Techcity

the DMZ zone suggestion if for your security reasons (when having a Exchange server) or WWW server your network = weak security. I'll show you how to. Anyway if your not protecting your Exchange you could be closed by the Internet laws for having an open SMTP relay.

Internet cloud
here your WAN address
here is your LAN address the address you get from ISP
your server exchange server

It is not only for the WEB access from the clients but putting your Exchange in a DMZ protects you from external hacking. If it was my client I would surely make a scenario like this:

WAN interface on router
here is my LAN interface = I then got 8 subnets + 30 host on each more than enough.

I make my router capable to do NAT outside for the address
then I'll create a DMZ for the the Exchange either on putting in a switch or an additional card on a server to create the DMZ. The DMZ then equals to one of the subnet calculated out this address I assign to the additional card (NIC) if it resides on a server. It is better to make a subinterface on the router with the assigned address. Now having a DMZ zone of I can then create a IP address between - in between here pick an address or use another address for the WWW server.

My client could then use the - range then you could make a DHCP Scope of - using 2 subnets. you could then split the scope in 2 DHCP servers.

Like I tried to say it maybe seem like a lot of efford for 25 clients but if one server hangs at least the users get an IP from the DHCP.

For the firewall purposes I could use a PIX 501 Cisco this one is efficient for 25 users + capable of doing VPN connections. In the firewall you must forward the port 25 to the 192.255.224.x from what IP address you choosed to your Exchange server, you can do the same with your DNS server port forwarding + WWW or other kind of services you want to run.

The ZIP attachment is usefull for reasons be on our control as administrators. Most of the viruses developed today is made in scripting CVS, Macro's, Worms + other specific theories. The common thing is they expect to be opened but relies in the header + when a virus spread it does not use Zipped attachment it is already opened in the mail header. Here is where I see potential protection when only accepting Zipped attachment, your mails wont get the firestorm. When accept any attachment the possibilities of getting the virus is big. When denying the attachment when not zipped the most common even new viruses will not affect you.

have a look at:

going to see if i can find that registry key settings in the exchange server

Expert Comment

ID: 9666612;EN-US;214816#2

To do this, just edit the URLScan.ini file found in the \winnt\system32\inetsrv\urlscan folder. Find the [DenyExtensions] setting, and comment out the .com entry by placing a semi-colon in front of it. This is shown below:
; Extensions listed here either run code directly on the server,
; are processed as scripts, or are static files that are
; generally not intended to be served out.
; Note that these entries are effective if "UseAllowExtensions=0"
; is set in the [Options] section above.
; Deny executables that could run on the server

Then find the [AllowExtensions] section, and add the .com entry to it as follows:

; Extensions listed here are commonly used on a typical IIS server.
; Note that these entries are effective if "UseAllowExtensions=1"
; is set in the [Options] section above.

I'm not having a Exchange server here in front of me so cannt check it out but there should be some valuable links.

seems like all I can find for the moment

Featured Post

Moving data to the cloud? Find out if you’re ready

Before moving to the cloud, it is important to carefully define your db needs, plan for the migration & understand prod. environment. This wp explains how to define what you need from a cloud provider, plan for the migration & what putting a cloud solution into practice entails.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

WARNING:   If you follow the instructions here, you will wipe out your VTP and VLAN configurations.  Make sure you have backed up your switch!!! I recently had some issues with a few low-end Cisco routers (RV325) and I opened a case with Cisco TA…
This program is used to assist in finding and resolving common problems with wireless connections.
There's a multitude of different network monitoring solutions out there, and you're probably wondering what makes NetCrunch so special. It's completely agentless, but does let you create an agent, if you desire. It offers powerful scalability …
NetCrunch network monitor is a highly extensive platform for network monitoring and alert generation. In this video you'll see a live demo of NetCrunch with most notable features explained in a walk-through manner. You'll also get to know the philos…

715 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question