Re: Another Silly User CAL Question
- From: gbchriste <gbchriste@xxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Fri, 21 Sep 2007 05:56:01 -0700
But doesn't SBS at some point start denying logins due to excess license
usage? Does that occur only if the number of currently logged in users
exceeds the installed license count?
"Les Connor [SBS MVP]" wrote:
Hi gb,.
Inline:
--
Les Connor [SBS MVP]
"gbchriste" <gbchriste@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:AFEF1107-A4FC-483A-9897-A730279F00FD@xxxxxxxxxxxxxxxx
Like most people, I have a hard time wrapping my entire brain around the
SBS
2003 CAL model. I understand the basic User vs Device model. No problem
there. What I don't get is how SBS tracks/evaluates/enforces the CAL, in
particular the User CAL.
I've read in several places that the User CAL is tied to a "flesh and
blood"
person, not to a particular AD logon account. For example, I as the
system
owner might create 3 AD accounts with different privilege levels. These
accounts are not used by my network users but only by me to test out
different network or application accesse concepts and security models. I
have user account JohnA that is put in a super user group, user account
JohnB
that is in a group with slightly elevated privileges, and user account
JohnC
that has severly restricted privileges. I alternately logon as each one
to
test to see how those privileges affect the user access.
So my question is, how many CALS are consumed by that model?
One flesh and blood user, one user CAL ;-).
Won't SBS
assign a CAL to each account the first time I logon with each of those
account usernames - i.e. won't I see the Max Licenses Used count tick up
in
the License manager? And if so, aren't I taking available licenses away
from
my "flesh and blood" users?
SBS doesn't assign CALs, the 'responsible person' (business owner, sys
admin, whomever) assigns them, and is responsible for tracking them, and
making sure the users and/or devices are licenced.
As in, "you can drive a car with or without a drivers licence". The choice,
and responsibility, remains with the driver.
And what happens when that Max Licenses Used count hits 10 (my current CAL
volume)? I may only have 8 "real" people on the network but aren't my
test
efforts consuming 3 CALS (not to mention the one that has already been
consumed by my Administrator login).
As before, the three user "accounts" are used by one flesh and blood person,
therefore only one CAL needs to be assigned.
And if it doesn't work that way - if SBS "trusts" me not to allow more
"real" people to login that I have CALs for, how is the license model
enforced? At what point do people start getting denied access due to
non-available licenses?
SBS makes an attempt to detect when you're approching a limit. You'll see a
warning on the console, and an event will be logged. But, it's hard for the
SBS to know, only the sysadmin knows and that's why he/she is responsible.
Makes my hair hurt...
I ask because I have exactly 10 "flesh and blood" users on my network - 9
worker bees and me, the lowly admin. But I've already seen one installed
software package that has created its own "service" account, and I
typically
have a couple of additional accounts that I create and use for various
tasks
so that I don't log in with more privileges than I need to perform the
particular job at hand.
Can someone help me understand?
Thanks.
- Follow-Ups:
- Re: Another Silly User CAL Question
- From: Les Connor [SBS MVP]
- Re: Another Silly User CAL Question
- References:
- Re: Another Silly User CAL Question
- From: Les Connor [SBS MVP]
- Re: Another Silly User CAL Question
- Prev by Date: Outlook and Webmail
- Next by Date: Re: No ISA, No User logon, how to control user internet?
- Previous by thread: Re: Another Silly User CAL Question
- Next by thread: Re: Another Silly User CAL Question
- Index(es):
Relevant Pages
|
