Server 2012 cals User or Device

Hi

I would just like to clarify something.  Server 2012 user / device cals are only required for users who store and access resources.  Server 2012 user / device cals are not applicable to accounts used for administration or for those that are used for service accounts.   Microsoft give you 2 free RDS cals for administration, so why would you be made to buy cals for the accounts used to do the administration.  

As per ms best practices, have a day-to-day account and an account for domain administration.

thanks
cmatchettAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Cliff GaliherCommented:
Not sure there was a question in there, but I want to clear something up.

Microsoft does not give you 2 CALs, RDS or otherwise. It may seem a subtle distinction, but can have very real legal implications, so it is important to understand that point.

According to their license agreement, up to two users can access the server (both locally and remotely via RDP) for administration purposes only. But those *ARE NOT CALs.* It simply means a CAL is not required.

So if you have a 3rd administrator, CALs are needed. If even your first two users were to access the server (even just for administration) via RDGateway, RDS CALs are required. For your two administrators, if they also do non-administrative tasks on the server or on the network, CALs are required.

So with that clarified, what was your question?
0
cmatchettAuthor Commented:
What is the difference between service accounts and accounts used by people to administer the environment.  

In Active Directory, are you saying that a CAL is required to use the forest root administrator account?

If you had 4 separate administrator accounts, what is the requirement.  If there was no more than 2 administrators connected to any one server at a time.

if there was 4 ppl using the same account to provide administration on different servers at the same time, what is the requirement.
0
Cliff GaliherCommented:
I'll tackle your questions in order. But first, a disclaimer. I do not work for Microsoft, and like most people who answer questions on Experts Exchange, I am not a lawyer and I am a volunteer. If you want "official" answers, you should call MS directly and that is always the best legal direction. To the best of my knowledge, the answer I am giving are accurate, but clearly I cannot be authoritative.

"What is the difference between service accounts and accounts used by people to administer the environment."

A service account is an account that an automated service uses. An example would be an antivirus program that scans a server every night at midnight. The antivirus installation may set it up to run under a service account called "antivirus." Exchange, Lync, SQL, and other programs that run in the background use service accounts. Because they are not people, they do not need CALs.

An Administrator is an individual who does actual administration work on the server, such as installing software, adding and deleting users, and similar activities.

"In Active Directory, are you saying that a CAL is required to use the forest root administrator account? "

In some instances, yes. Let's say you are a smallish company and you don't give administrators each their own account, and instead everybody logs in as "Administrator" when doing admin work. Yes, that is a bad practice, but still a lot of places do this. If you have two individuals that do this, no CALs are required because the server license allows for two administrators. If you have a 3rd user, a CAL is required.

The point here is that CALs are *NOT* tied to account names. They are tied to individuals in the case of user CALs, and to devices in the case of device CALs. You are allowed two users "for free" as long as all they do is administrative work.

That second part is also important. As a consultant, I *never* use my clients' network for non admin work. If I am typing up a document, I am doing it on *my* network, not theirs. If I email them, I do so from my Exchange server, not theirs. So, as I am one of the 2 users, I don't need a CAL.

For businesses that don't outsource their IT, and have an in-house IT person, chances are that person also does non-admin work on the network. They send emails. They save documents. Since they are doing non-admin work, they need a CAL. *EVEN* if they only have one account and it is an administrator account, because they do non-admin work, they need a CAL. The "2 free" no longer applies to them.

"If you had 4 separate administrator accounts, what is the requirement.  If there was no more than 2 administrators connected to any one server at a time."

Hopefully, now that I've explained more above, this answer seems more apparent. The number of accounts, doesn't matter. But the number of *people* does matter. The above implies that you have 4 users who perform administrator duties (even if only 2 connect at a time.) You need *at least* 2 CALs. If all 4 only do admin work, your "2 free" covers 2 of them, and you need 2 CALs. If all four of them are normal employees and also use the network for any other purpose, you need 4 CALs. So I can't give you a simple "you need 2 CALs" answer because the number of CALs depends on how the users work on the network. 2, 3 or 4 though.

"if there was 4 ppl using the same account to provide administration on different servers at the same time, what is the requirement. "

Exact same as above. Since CALs aren't assigned to accounts, but are assigned to people, this is the exact same question asked a different way. It doesn't matter if those 4 people use one shared account, use 4 unique accounts, or use 8 accounts (1 admin each, one non-admin each)...whether they need a CAL depends on if they are the 3rd or 4th user, and how each of the 4 users uses the network.

-Cliff
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
cmatchettAuthor Commented:
Great stuff cliff, thanks
0
cmatchettAuthor Commented:
very detailed answer
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows Server 2012

From novice to tech pro — start learning today.