Restricting terminal server device license acquisition

Well, you could use IPSec restrictions on the NIC to block traffic from the other servers but that may have other side effects.  Your AD is what is telling your servers where to look for TS Licensing.  There are 2 modes for a license server, I think they are domain/workgroup and enterprise (something like that).  You could reinstall licensing and make sure you pick the role that is less broad.  It takes about 10 minutes to remove TS Licensing, add it back, and re-issue you TCALs.  You could also point every other server to a different install of TS Licensing.  Make a GPO linking to a special OU and put the terminal server in that serves the thin clients.  Use the GPO to specify your special license server and set the same up for all of the other servers.  Only servers in Terminal Server Mode will take a TCAL.  

On the other hand...why don't you simply reissue you TCALs as Per User; Per User TCALs are not tracked at all and the number will never decrement.

We use a per device license.  This helps when you run call centers that can have a high rate of turn over.  From what I understand, per user licenses will stick with that user until they haven't logged in for 58 to 90 days.  I thought there'd be a way to limit the distribution of licenses to a particular subnet.  

Per User licenses are not tracked and thus never decrement although, legally, you are best with per device if your users outnumber your devices.  They haven't put a tracking mechanism in place for per user TCALs yet so if you are pretty much even users:computers then Per User is the way to go.  
I have never seen a built-in way to limit the distribution of TCALs but you can use GPO to direct your servers so it is certainly possible that way.  

I currently use a GPO to tell any device connecting to the server farm where to get a licesne.  The problem is that if an RDP session is opened by a PC, it also will pick up a license.  All of the thin clients that we use are on the same subnet. PCs exist on a different subnet.  Our users are actually equal to our devices and should never be uneven.  If anything we should have more devices than users do to someone no longer working for the company.  So, what happens when all of the per user TS Cals are used?  Does it give temp licenses like the TS per Device method?

Per User TS CALs are never 'used' or tracked/enforced. So you never run out of them if you understand it. This is the opposite from per device TS CALs where if one is not available and your temporary one expired you are actually denied a connection to the TS.
I just do not understand what your problem is.
If a device that is not supposed to get a license gets one, that device, if not used, will 'return' that license after a maximum of 89 days. During the meantime if another device that really needs a license connects, if there are no licenses available they get a temporary one, good for 90 days. So by the time it needs a full one the one the other device took will be back to the pool and you should be ok.
If you are not ok that means there are devices that are actually using licenses and you do not have them or these devices may have older firmwares (if thin clients) and there is a bug on them regarding licensing handling (most manufacturers released new firmwares that addressed that).


Claudio Rodrigues

Microsoft MVP
Windows Server - Terminal Services

Forced accept.

Computer101
EE Admin