Talk:Client access license

Opening heading

Would anyone be interested in clearly documenting the current policies concerning CALs? Hopefully someone who has gone though an audit and came out clean :). I'm having difficulty locating a reliable source that is easy to understand when it comes to licensing.

--DJSnuggles 23:19, 11 July 2006 (UTC) x

My understanding is..

Firstly, do you need to put a reference to the [wikipedia:legal disclaimer|wikipedia legal disclaimer] on articles like this? I hope this information is of use to someone who decides to edit or rewrite this article: Here's the understanding I've gained about CALs within the context of SBS 2003, it is likely to be similar to the CALs for the other editions of Server 2003 but not identical. I can't testify to earlier/later versions of windows server. This is after examining several documents and talking to the microsoft lisensing hotline, but it is in no way the official word and I'm not affiliated with MS, etc. I'm also not an expert or guru by any stretch. It will help in understanding the CALs if you do not associate them directly with sign-ins, logins, exchange private mailboxes, and/or active directory users. Of course, a person with a CAL will usually have one or more of these things associated with them. There are two types of CALs, as you probably know, device CALs and user CALs. For SBS, you can buy these in packs of 5 or 20, and each pack is only device CALs or user CALs, never a mix. You can never convert a user CAL to a device CAL, or vice-versa, with only one exception (that I am aware of), which is that, if you have purchase Software Assurance with the pack of CALs, and then renew that software assurance at the end of its term, you may choose to convert those CALs from user to device (or the other way) at the time of renewal. I don't know the exact process to do this. Software Assurance must be chosen and paid for at the time of purchase for the CAL pack, it can't be added later AFAIK. One other small point, regarding the CALs that come with the Server 2003 license: In the case of SBS, there are 5 CALs that come with it. In this case only, you may choose weather these are user or device CALs, or even a split of the two (for example, 2 user CALs and 3 device CALs). You must make this choice upon install of the server operating system, and it is permanent. You are supposed to document your choice, and, I believe, write it on the license agreement form. (I wonder how many people actually do that?)

USER CALs: A lot of times it becomes confusing to think about user CALs because of the tendency to want to correlate them with sign-ons and/or email addresses. This isn't correct. A CAL applies to one individual human being who is in your organization. You should not typically (or ever) have multiple people using (sharing) the same sign-on and password, but even if you do, it does not mean that these people only "use up" one CAL, even if they never use the sign-on at the same time. Likewise, the CALs are not transient, one CAL applies to one person (MS sometimes uses the term employee), even when that person is not at work or using it. There is one allowance, however, for if a person (employee) is temporarily gone for an extended period (sick or on leave), and another person is there temporarily (eg a temp worker), a new CAL does not need to be associated with the temporary person. In general, if your organization is using only user CALs, every person who uses the software and/or services that come with the SBS 2003 Server license must have a a user CAL associated with them to do so in accordance with your organization's contractual usage agreement with MS. One person, one CAL. Also, people who are not in your organization, but need access to the software and/or services provided by SBS2003, will also need a CAL. In general, to be sure you are in compliance, you should maintain documentation of how your user CALs are allocated. One other thing, a person who has a user CAL associated with them, can have multiple different sign-ons, and multiple exchange mailboxes, though I may have seen something about this being limited to "a reasonable number" or something like that, I'm not going to bother confirming that right now. If a person within the organization resigns, retires, or otherwise permanently leaves the organization, that user CAL can be unassociated from that person and thus be freely reapplied to a new person.

Simple enough so far, right?... but, read on..

DEVICE CALs: Alternatively, you can go with device CALs. These license connections from one device. A device is most commonly a computer, for example, an XP workstation would be a device. However, a smartphone that accesses email from the server, wireless tablet, notebook computer, etc are also devices. Anything from which a person accesses services on the server must be licensed, as well as any device which interacts with the server in an authenticated fashion, such as a NAT device possibly or, for example, a network scanner which copies files onto a shared folder which is not open for to writing to "everybody", eg it is authenticated is some way. Another example of using the services on the server that you might overlook, that requires the use of a CAL, is authenticated access to another device on the domain, since the authentication happens via the domain controller. An example of this would be using a shared folder on another workstation, where the permissions of the share folder are not set to "everybody", eg the access is authenticated. If you choose device CALs, the people within your organization do not require user CALs to use the software and/or server. A person can have their own domain sign-on, and their own exchange mailbox, and so on, so long as these are accessed only via licensed devices, it is within compliance. Device CALs are a good choice for an organization who will clearly have fewer computers (and other devices) than they do people who use them. The device CAL applies to a device even if it it not currently accessing the server in any way. IE, 5 device CALs apply to literally 5 devices, it does not mean, for example, that you have any number of devices so long as only 5 access the server at the same time. Its a good suggestion for assuring that you are in compliance, to document each device in your organization for which you will associate a CAL. One device CAL for one device, one device for one device CAL. There is one allowance for a device which is out for repair, and there is a temporary device in its place (for example a "loaner"), a new device CAL is not required for the loaner. This is analogous to the tempworker clause for the user CALs. Also analogous to the user CALs, if a device 'leaves' the organization (disposed of, sold, given away, etc), the device CAL can be unassociated from that device in this case and be freely applied to a new device.

MIXING USER and DEVICE CALs: Microsoft "strongly suggests" that your organization choose one of either user CALs or device CALs and never mix the two within a domain. I have also seen several people state they support this suggestion in various web forums. I would tend to agree, mixing the two is going to probably cause more headaches and work then is worth it in almost every case, making the "total cost of ownership" greater then anything you stand to save. However, it can be done. Here is how it would work. Each user CAL would be associated with an employee or other person in the orginization who needs access to the software and/or services on the server. Likewise, each device CAL would be associated with one device. However, not every person using the server, nor every device in the organization, would probably have a CAL (since doing so, would would definatly have spent more money on CALs then was nessisary). Documentation, which is kept updated, in this case is essential to have any hope of demonstating compliance to the licensing terms. Persons who do not have an associated user CAL, would not be able to access the server from devices which do not have associated CALs, without being in violation.

accessing from	device with CAL	device without CAL
person with CAL	OK	OK
person without CAL	OK	Violation!

(Here's a suggestion from your's truely, make a security group consisting of Un-CALed users, and another security group of Un-CALed devices, and, if your handy with group policy, you can create a rule to disallow login of unlicensed users from unlicensed devices. This tip probably doesn't belong in an encyclopedia article however, since I guess it is original research.)

WHO DOESN'T NEED A CAL: A person accessing SBS services from a machine with an associated device CAL (see above). I am not certain but I think that users accessing the internet when the SBS machine is the gateway and/or NAT device, who are not otherwise authenticating to the server or using any sevices of the server (aside from perhaps the web acceleration technologies of ISA), do not need any CALs. IE, a guest can use your network to access the internet even though the traffic passes through and is filtered and/or proxies by SBS. If using ISA, the term for this would be an "Secure-NAT" client, but not an authenticated user. I presume by extention that a device acquiring an address from the DHCP server does not require a CAL. Also, no CAL is required for a user and/or device to access a web page hosted on the SBS machine (via IIS) if this access is unauthenticated, or (I believe) anonymous ftp or anonymous internet service, or (I beleive) to access a shared folder which which is unauthenticated, eg the folder is shared to "everyone".

WHAT I DIDN'T DISCUSS: I didn't say anything about the SBS2003 server license itself. With SBS2003, there are rules about having other servers on the SBS domain, and what is allowable and what is not. I'm not going to get into those in any detail. But suffice it to say, when another server is within the SBS2003 domain in a fashion allowed by the SBS2003 license and it's own license, then in many cases the SBS user or device CAL will apply to services on that machine as well. For example, if you had a second exchange server as a backup or supplement to the one within your SBS03 server, then I believe the SBS Cals apply to using that exchange server as well. But i'm sure things can get rather confusing here as well. I wonder what happens if you buy a copy of windows server and it comes with CALs, and use it within the SBS domain. What becomes of those CALs, and how are they usable, I have no idea. Authenticated access to web services, such as a hosted site that requires you log in, for people who do not use other services (eg it is not outlook web access, which would require the use of Exchange and thus an SBS CAL or an exchange server CAL), for this there is a different type of licensing that I am not familiar with, and I don't know how this licensing interacts with SBS (if it is allowed at all). I think Windows Server Web Edition is usually used for this sort of thing.

SBS vs other Windows Server 2003 editions: I was mostly referring to SBS premium edition, and there may be a few differences between this and standard edition. Furthermore, if your using a the 'standard' Windows Server, the licensing will be similar in several respects, but a Server 03 CAL covers only the services and software that comes with the Server 03 license. For example, if you use Exchange Server, which does not come with the standard Server 03 license, then it requires its own CALs, with probably its own similar-yet-different rules. With SBS Premium, each CAL covers use of all of the software that comes with SBS, so long as that software is being run on the SBS 2003 licensed server, with of course a few possible exceptions where it can also apply to servers running within the SBS domain.

automatic CAL tracking and enforcement: MS includes no tracking mechanism in SBS 2003 (and I'm sure server 03 in general) to aid CAL complience, tracking, or enforcement. It is, in essence, on good faith. It does, however, require that you register your CALs on the server. I think that to say there is absolutely no tracking at all is a little inaccurate. It does appear to limit connections based on the number of registered CALs. My sense is that, if there are for example 10 CALs registered on the server, it won't allow more then 10 people to be logged in simultaneously (or maybe a number slightly more then 10). I have observed this once but I have not seen it documented (nor have I really looked).

Anyone wishing to paraphrase me in editing this or any related wikipedia article may do so, but please don't copy exactly since I didn't write this in an encyclopedic voice. Also, citations and fact verifications are needed.

here is a good source for more information about Microsoft licensing

Noogenesis (talk) 18:50, 26 April 2008 (UTC)

It would also be nice if someone provided an exact list of MS services which actually do require CALs. For example, there is no sense to require a CAL for each file server connection (since file shares could be equally well served by a workstation Windows OS!) However, nowhere is stated that this service does NOT require a CAL, so reading about "client connections", it could be understood as requiring CALs for these connections... Arny (talk) 13:18, 17 February 2010 (UTC)

Previous version of SBS product

What about the 2000 and 4.5 SBS products? Were CALs enforced with these? I think NT 4.0 introduced the LSAPI (technology with CALs for enforced)? - xpclient ^Talk 21:37, 24 December 2010 (UTC)

Do CALs actually fall within the scope of copyright Law?

UK copyright Law refers to the process of duplicating, distributing or making public performances of a 'work' of art or craftsmanship. USA Law might differ, I guess, but is probably of the same general nature. Thus, installing software onto a server requires permission under Copyright Law, because this involves the making of a copy. However, it is hard to see how Copyright Law bears any relationship to the number of users accessing services provided by that server, UNLESS the process of accessing those services involves the copying of (more than trivial amounts of) the vendor's code to the client computer. Which in most cases, it does not.

This is clearly a different situation from (say) a radio station broadcasting a tune x times a day to y listeners, and paying a royalty to do so. Here, no broadcasting or copying is taking place, the copyright data merely performing a function upon the server itself.

-Any thoughts on this? --Anteaus (talk) 17:14, 15 April 2011 (UTC)

A lot of "Microsoft" anyone?

Is it just me, or is the article written with a tone that seems to suggest that Microsoft's the only company that uses the CAL licencing structure (even though it's apologetically stated to the contrary early in the script). I believe for instance Blackberry uses a similar licencing scheme. MinorFixes (talk) 20:34, 7 September 2011 (UTC)

Requested move: client access license

The following discussion is an archived discussion of a requested move. Please do not modify it. Subsequent comments should be made in a new section on the talk page. No further edits should be made to this section.

The result of the move request was: page moved. Vegaswikian (talk) 07:44, 19 February 2012 (UTC)

---

Client Access License → Client access license – Wikipedia:Manual of Style/Capital letters prohibits unnecessary capitalization: Specifically, §Expanded forms of abbreviations states that although acronyms may be capitalized (e.g. "DS" or "CAL"), their expanded forms may not (e.g "digital scanning" or "client access license" instead of "Digital Scanning" or "Client Access License"). Fleet Command (talk) 03:39, 12 February 2012 (UTC)

The above discussion is preserved as an archive of a requested move. Please do not modify it. Subsequent comments should be made in a new section on this talk page. No further edits should be made to this section.

Per server?

Please clarify in the article if CALs are per-server or per-product class. Like, if 100 CALs will give 100 users access to 1 file server or 2 file servers. --12.217.220.10 (talk) 23:09, 15 February 2013 (UTC)

Delete Sentence on Illegalities of Not Having CAL's

"Technically, any individual or business can use the software with an unlimited number of users and buy no CALs at all - but they will be in breach of the license agreement (and the law in most jurisdictions[citation needed]), and large penalties will apply if they are caught."

You don't get to say that without sourcing. Obvious MS claims that, but wiki doesn't advocate Microsoft's legal position just because "they say so". A big statement like that requires commensurate substantiation. "most jurisdictions" needs to be defined and supported, "large penalties" needs to be defined, and not just by what MS claims, but what has actually been awarded, and getting "caught" implies axiomatic bias meaning that if there is now validity to the law, nor any case law to back it up, nor any actual cases where people have been found guilty of a crime and assessed "large penalties" then they cannot be "caught" because they are not doing anything wrong.

A Google search of this sentence shows that it was lifted directly from an online forum, i.e. using one person's opinion on the matter as if it were gospel. Until someone can substantiate the statement, and show sources, references, etc..., I'm deleting it.Jonny Quick (talk) 20:19, 31 October 2014 (UTC)

Mention of backwards compatibility

I just did some digging to remind myself of the 'backwards compatibility' of CALs (using a 2012 CAL to access a 2008 server). The first microsoft.com reference I found was on an MSDN blog^[1]: "Note: You can purchase newer CALs to access older server versions. For instance, a Windows Server 2008 CAL can be used to access a Windows 2003 server since the CAL version is newer than the Server version".

References

1. Eric Ligman. "Licensing Basics: What are CALs (Client Access Licenses)?". MSDN. Retrieved 5 November 2016.

External links modified

Hello fellow Wikipedians,

I have just modified one external link on Client access license. Please take a moment to review my edit. If you have any questions, or need the bot to ignore the links, or the page altogether, please visit this simple FaQ for additional information. I made the following changes:

• Added archive https://web.archive.org/web/20100212214035/http://www.microsoft.com/windowsserver2003/howtobuy/licensing/ts2003.mspx to http://www.microsoft.com/windowsserver2003/howtobuy/licensing/ts2003.mspx

When you have finished reviewing my changes, you may follow the instructions on the template below to fix any issues with the URLs.

This message was posted before February 2018. After February 2018, "External links modified" talk page sections are no longer generated or monitored by InternetArchiveBot. No special action is required regarding these talk page notices, other than regular verification using the archive tool instructions below. Editors have permission to delete these "External links modified" talk page sections if they want to de-clutter talk pages, but see the RfC before doing mass systematic removals. This message is updated dynamically through the template {{source check}} (last update: 18 January 2022).

• If you have discovered URLs which were erroneously considered dead by the bot, you can report them with this tool.
• If you found an error with any archives or the URLs themselves, you can fix them with this tool.

Cheers.—InternetArchiveBot (Report bug) 05:51, 1 June 2017 (UTC)

External links modified

Hello fellow Wikipedians,

I have just modified one external link on Client access license. Please take a moment to review my edit. If you have any questions, or need the bot to ignore the links, or the page altogether, please visit this simple FaQ for additional information. I made the following changes:

• Added archive https://archive.is/20120906095448/http://www.msterminalservices.org/articles/Changes-Windows-Server-2008-Terminal-Server-Licensing-Part2.html to http://www.msterminalservices.org/articles/Changes-Windows-Server-2008-Terminal-Server-Licensing-Part2.html

When you have finished reviewing my changes, you may follow the instructions on the template below to fix any issues with the URLs.

This message was posted before February 2018. After February 2018, "External links modified" talk page sections are no longer generated or monitored by InternetArchiveBot. No special action is required regarding these talk page notices, other than regular verification using the archive tool instructions below. Editors have permission to delete these "External links modified" talk page sections if they want to de-clutter talk pages, but see the RfC before doing mass systematic removals. This message is updated dynamically through the template {{source check}} (last update: 18 January 2022).

• If you have discovered URLs which were erroneously considered dead by the bot, you can report them with this tool.
• If you found an error with any archives or the URLs themselves, you can fix them with this tool.

Cheers.—InternetArchiveBot (Report bug) 20:57, 16 July 2017 (UTC)