Licensing How To: When do I need a Client Access License (CAL)?

UPDATE: 3/26/14

We appreciated the active dialogue in the comments section on this topic. We agree that there are some good questions raised in the comments section which we'd like to address and appreciate your patience in doing so. Please see additional information following the main body of the article below. Also, we've included some clarifying details in the fourth scenario on RDS CALs. Thanks.


SUMMARY:  Knowing who, when, and what needs a Client Access License (CAL) is a great question and one our team answers often. Under most scenarios, CAL requirements are generally straight forward, however, there are several specific scenarios which we address below.   In this Licensing How To post, we cover the basics of Client Access Licensing, and recap a few common scenarios which may apply to you.

The Licensing How To series posts are provided by our Customer Service Presales and Licensing team members.  These scenario based licensing topics are written on trending topics and issues based on their interactions with customers, Partners, and field sellers.  For more posts from the Licensing How To series, search the “Licensing How To” tag on this blog.


It’s a question we answer daily, “I have scenario X, Y, or Z. Do I need a CAL?”  Server software licensed via the Server / CAL licensing model always requires some sort of server license (which may be per instance or per processor depending on the Product) as well Client Access Licenses (CALs) for users and/or devices to access the server software.  However, the question of who or what needs a CAL, along with any noted exceptions, varies by product. 

The general requirement is, any User or Device that accesses the server software, either directly or indirectly, requires a CAL.  Depending on the product and functionality being accessed, additive CALs may be required as well. 

External users* (users who are not employees, onsite contractors, or onsite agents) can be licensed with CALs, External Connector licenses, and in some cases (SharePoint 2013, Lync 2013 or Exchange 2013) – external user access is granted with the Server License.

Access requirements vary by Product and you need to evaluate the requirements for each product you use. We encourage you to review the Product Use Rights, or Microsoft Software License Terms, that are applicable to you, and the products you use.

Here are a CAL questions that we answer frequently and we thought sharing them might help you when you think about your own CAL requirements. Please note that the below scenarios are based on licensing for the Server / CAL products currently available as of the date of publishing of this post.

Top CAL Questions

1 – Does my Multifunction Printer need a CAL?

Yes, if the multifunction printer is connected to a Windows Server network.  A multifunction printer accesses server software to; receive an IP address, to receive a job, to communicate that the job is finished, etc.  In short, it communicates with the server software.  If the multifunction printer is accessing any server software licensed via the Server / CAL licensing model it requires a CAL for that software. The one caveat is, if your users who use the printer have CALs then the printer is covered by their use via their CALs. If not then the printer itself requires a device CAL. The same CAL requirement applies to any other type of networked device – such as networked scanners, networked fax machines, etc.  Devices that do not connect to the network or the server software (generally referred to as peripherals) do not require CALs.

2 – Do my servers need a CAL?

Generally speaking – server to server communication does not require a CAL.  However, servers used to pool connections (sometimes referred to as multiplexing) does not reduce your CAL licensing requirements.  If, for example, you have an application server which uses SQL Server for its database – users of the application (or the devices they use) will need a SQL CAL even though they may not access the SQL Server directly.  If you use a Linux server to run a web server, but your users accessing the web server are being authenticated via Windows Server – users (or the devices they use) will need a Windows Server CAL.

3 – Do my external users need a CAL?

The general rule is all server software access requires a CAL.  However, external users* may have additional licensing options depending on the product.  For example, with Windows Server – external users can be licensed with CALs or External Connectors (whichever is more cost effective).  External user access to application servers such as SharePoint 2013, Lync 2013, and Exchange 2013 is included with the server software – CALs or External Connectors are not required for external users for these products.  Note: external users will need to be licensed appropriately for the underlying Windows Server operating system and related software such as SQL.

4 – Do I need an RDS CAL?

There are two basic scenarios which trigger the requirement for an RDS CAL.

    1. Your users or devices directly or indirectly access any of the RDS product functionality, and/or

    2. Your users of devices directly or indirectly interact with the graphical user interface of the server software using RDS functionality or other third party technology (e.g. Citrix, GraphOn, 2X to name a few)

If you meet either (or both) of the points described above – an RDS CAL is required.  It is also worth pointing out that RDS CALs are required in a VDI deployment when any of the RDS components are used to support it (e.g. Remote Desktop Web Access, Remote Desktop Gateway, Remote Desktop Connection Broker, Remote Desktop Session Host, or the Remote Desktop Virtualization Host.

5 – Do I need a CAL when my Windows Server is used to run a web server?

Windows Server 2012 R2 configured to run Web Workloads ** do not require CALs or External Connectors.  Web workloads, also referred to as an internet web solution, are publically accessible (e.g. accessible outside of the firewall) and consist only of web pages, web sites, web applications, web services, and/or POP3 mail serving.  Access to content, information, and/or applications within the internet web solution must be publically accessible.  In other words, they cannot be restricted to you or your affiliate’s employees. 

If you have Windows Servers configured to run a “web workload” these users will not require CALs or External Connectors.  However, let’s say you are using Windows Server to setup an online store where customers can buy widgets.  You have front end Windows Servers setup to support your website, and backend servers (e.g. commerce servers) setup so customers can check out and buy your widgets.  The front end servers used to host your website would generally be considered as running “web workloads” and CALs or External Connectors will not be required to access these servers.  Once the customer adds a widget to their shopping cart, creates an account and enters their credit card and shipping information to complete the sale – they are now authenticated via your back end commerce servers/application (non-web workload).  Since users are accessing the backend commerce servers which web workloads are not running – CALs or External Connectors will be required for users to access these back end servers.

6 – Can I use my CALs to access someone else’s server?

You may use CALs purchased by your company to access your servers, or servers owned by your Affiliates*** only.  You may not use your CALs to access servers owned by an un-affiliated third party.  Let’s say for example, that Company A and Company B are affiliates.  Company A wants to provide employees from Company B with access to their SharePoint Servers.  However, Company B already owns Windows Server and SharePoint Server CALs (that match the version of Windows and SharePoint Server that Company A uses).  Company A will not need to purchase additional Windows Server or SharePoint Server CALs since employees from their affiliate, Company B, are already covered with the appropriate CALs.  If we use the same scenario as above, but assume Company A and B are not affiliated - then CALs owned by B cannot be used to access Company A’s servers.  Company A would need to appropriately license their SharePoint farm for external users.

7 – Do I need CALs for my administrators?

Server software licensed using CALs permits up to 2 users or devices to access the server software for the purposes of administration without CALs.  However, if your administrators also use the software for anything other than administration (for example, they check their email), CALs will be required for them as well.

For additional information on CAL requirements, consult your Product Use Rights, License Terms, or contact your Reseller, Microsoft Partner, or Account Team.  Many products have licensing guides on the Volume License Website and/or their respective product sites.  Here are a few of our favorite resources on the subject.

Multiplexing - Client Access License (CAL) Requirements
Base and Additive Client Access Licenses: An Explanation
Licensing Windows Server 2012 R2 Remote Desktop Services
About Licensing – Client Access Licenses and Management Licenses


* External Users means users that are not either your or your affiliates’ employees, or your or your affiliates’ onsite contractors or onsite agents.

** Web Workloads (also referred to as “Internet Web Solutions”) are publicly accessible and consist solely of web pages, websites, web applications, web services, and/or POP3 mail serving. For clarity, access to content, information, and applications served by the software within an Internet Web Solution is not limited to your or your affiliates’ employees.

Software in Internet Web Solutions is used to run:

  • web server software (for example, Microsoft Internet Information Services), and management or security agents (for example, the System Center Operations Manager agent).

  • database engine software (for example, Microsoft SQL Server) solely to support Internet Web Solutions.

  • the Domain Name System (DNS) service to provide resolution of Internet names to IP addresses as long as that is not the sole function of that instance of the software.

*** “Affiliate” means any legal entity that a party owns, that owns a party, or that is under common ownership with a party.  “Ownership” means, for purposes of this definition, control of more than a 50% interest in an entity.

This is one scenario and licensing situation. Each customer scenario can vary by deployment, usage, product version, and product use rights.  Always check your contract, and the current Products Use Rights document to confirm how your environment should be fully licensed.  The blogging team does not warrant that this scenario will be the right licensing solution for other similar cases.


Additional content in response to questions:

Following is our best effort to answer some of the questions posted below.  Please know that your feedback is shared with the respective product groups within Microsoft.  The purpose of the Licensing How To series is to share insights gained through the many interactions our customer service teams have with customers, and present the details based on the licensing requirements set forth in our license term documents and guidance from the respective product groups.  We are listening and take your feedback to heart. 

Before going into further details, lets include the actual language from the use terms regarding CALs.  This is from the current Product Use Rights for volume license customers, but the license terms for OEM and Retail licenses will be similar if not identical.  Because the majority of questions are around Windows Server CAL requirements - this is from the Windows Server license terms.

  1. You must assign each CAL to a user or device, as appropriate, and each External Connector License to a Licensed Server.
  2. CALs or External Connector Licenses are required for access to server software.
  3. CALs and External Connector Licenses permit access to the corresponding version (including earlier versions used under downgrade rights) or earlier versions of server software.
  4. CALs are not required for access by another Licensed Server or for up to 2 users or devices to administer the software.
  5. CALs are not required to access server software running a Web or HPC Workload.
  6. CALs not required for access in a Physical OSE used solely for hosting and managing Virtual OSEs.
  7. Your CALs and External Connector Licenses only permit access to your Licensed Servers (not a third party’s).

Q1 - If I have a printer that uses an IP address assigned by a router, but the drivers are deployed via a GPO...does that need a CAL?

A1 - Yes, any Windows Server access requires a Windows Server CAL.  In this scenario, the printers are connecting to, and receiving benefit of, Windows Server.  However, if all users who access or use that printer already have a user CAL - then you’re covered and will not need additional device CALs for the printer.


Q2 - If I have guests that come into my office an temporarily use a Windows DHCP server to grab an IP address to access the Internet, do they need CALs? I guess the takeaway is to never use a Windows DHCP server? 

A2 - Yes, they are using a Windows Server service and would need a CAL.


Q3 - If I have a Remote Access card installed in a server, does that need a CAL? If I run sniffer, does that need a CAL? If I use a common management tool that installs a service/daemon on each server - does that need a CAL?

A3 - Peripherals, server components and network equipment on their own do not generally require a CAL (for Windows Server or otherwise).  Server to server communication does not require a Windows Server CAL (between two licensed Windows Servers).  Device CALs are intended for the clients/endpoints accessing the Windows Server (for any reason - to get an IP address, to access a file, to authenticate to AD, to access an application of any type on the Windows Server, etc.)  User CALs are intended for the same reason - but are assigned to the users using the clients/endpoints.  For example, a sniffer.  Generally, these won't require a CAL - they simply monitor network traffic.  However, let’s say that you have a software based sniffer installed on your desktop at work - and your desktop is accessing Windows Server (to get an IP, to authenticate to AD, etc.)  This scenario will require a device CAL for your desktop (or a user CAL for you), not because you are using a sniffer, but because the device/endpoint it’s installed on accesses Windows Server.  Management software.  Let’s use the same concepts above.  Let's say for example, the management software is installed on a Windows Server, and is being used to manage client devices, network equipment, and other servers.  Any device that accesses Windows Server as a result of being managed will require a Windows Server device CAL (with the exception of other Windows Server since Windows Server to Windows Server communication does not require a CAL).  If you are licensed by user in this scenario however, and all users are covered with a Windows Server CAL, the n you’re covered since all users of the managed devices are already covered with user CALs.


Q4 - If I manage another companies servers as their help desk...and employ more than 3 people...and I already have CALs for my people, do I need additional CALs to administer their network?  

A4 - CALs (for Windows Server, Windows Server RDS, Exchange Server, SharePoint, SQL, Lync, etc.) can be used only to access organization owned servers.  Your CALs cannot be used to access servers operated by an independent organization (see #6 in the blog above).  That being said, their licensed servers will provide the ability for 2 users/devices to access the servers for purposes of administration.  For any number of users/devices employed to manage their servers in excess of 2, additional CALs will be required.  For example, if 10 people, using 10 different devices are employed to manage their servers - a total of 8 additional user or device CALs will be required.  The organization whose servers are being accessed will be required to purchase these CALs however.  It is worth pointing out, that certain products - such as Exchange Server 2013, SharePoint Server 2013, and Lync Server 2013 (as well as to some extent, CRM Server 2013) do not require CALs for external user (non-employee) access (administrative access or otherwise).  In this example, you are being hired by a third party to provide help desk support OFFSITE and would be considered an external user (see #3 in the blog above).  If for example, you have 10 users/devices employed to administer a third parties servers - the company may be required to purchase additional CALs for products such as Windows Server, and/or (unless licensed by processor or core).  However, because you can leverage the external user CAL exception for Exchange Server 2013, Lync 2013, or SharePoint 2013 - additional CALs for these products would not be required in this scenario.  Note the external user CAL exception for the products mentioned above apply only to the current versions and not prior versions. External users must be offsite.


Q5 - So, if I host a web server using a Web Workload for any reason I need CALs for each user?

A5 - CALs are not required to access servers running a web workload (defined above in the blog), so no - CALs are not required to access servers running a web workload when users access anonymously.


Q6 - If I assist another company in an e-mail migration to O365 and need administrative/test mailboxes - do those need CALs?

A6 - It’s best to look at each involved product individually.  For example, in this scenario you could potentially have Windows Server, Exchange Server, and Office 365 (or Exchange Online) - each with their own unique CAL licensing requirements.  For Windows Server, see A4 above as this would be considered administration.  For Exchange Server, we license by user or device accessing the Exchange Server (not per mailbox).  Exchange Server also has the same 2 user/device administration exception as described above.  If you have more than 2 users/devices accessing Exchange Server for the migration - yes additional CALs will be required.

  • Admin and test mailboxes just look like regular mailboxes from an O365 perspective, so they require subscriptions to be assigned.   (USL required)

  • Admins can administer Office 365 (including Exchange) without having a mailbox, so that answer is a little more nuanced than the test accounts one.

  • Regarding 30 day grace period, there is a very narrow scenario where this is enabled (when you have a hybrid deployment and you are moving mailboxes from on-premises) but it is not worth bringing up in this context.

  • Note that we offer free 30 day trials of 25 licenses per tenant for Office 365, so that’s how most customers accomplish their testing.


Q7 - When accessing a VDI, do I always need an RDS CAL even if I use a pure Citrix solution?

A7 - Note that we have amended the last sentence to number 5.  RDS CALs are required only when accessing the Windows Server GUI, or if any of the RDS components listed are used (e.g. Remote Desktop Web Access, Remote Desktop Gateway, Remote Desktop Connection Broker, Remote Desktop Session Host, or the Remote Desktop Virtualization Host.)  If you are using a third party VDI solution, and it does not use any of the RDS components, then RDS CALs are not required.


We apologize if we were unable to get to each and every question.  Please note this post was intended to be a general guide only and address some outlier scenarios we hear about from time to time.  We encourage everyone to leverage your resellers, partners, and/or distributors.  In each case, these resources have access to teams directly at Microsoft who can answer licensing questions, who are better equipped to answer large volumes of questions.  There is also a group available who handles licensing questions via the Sales and Partner Information line at 800-426-9400 .

Again, we appreciate the feedback and please know that it is shared with our products teams.

Comments (214)

  1. Client Access Licenses (CALs) have a reputation for being difficult to figure out. Two exist for Exchange – the standard CAL that covers access to the basic feature set (such as being able to send and receive email) and the enterprise CAL, or eCAL, that licenses extended features such as in-place eDiscovery holds, customized ActiveSync policies, Unified Messaging, or Data Loss Prevention (DLP). The eCAL is additive to the standard CAL, so if you have an eCAL, you can use any of the functionality that exists in Exchange.

  2. Ed (DareDevil57) says:


  3. Client Access Licenses and Management Licenses
    If the workstations in your organization are networked, you likely depend on network server software to perform certain functions, such as file and print sharing. To legally access this server software, a Client Access License (CAL) may be required. A CAL is not a software product; rather, it is a license that gives a user the right to access the services of the server.

    Likewise, if you manage the devices on your network using management software such as Microsoft System Center, a Management License (ML) may be required for the device being managed.

  4. Alex Vue says:

    I need help on this quest. I can not find any answer or blog for it. User CAL or Device’s CAL for Delta-V controller and Scada PLC. Does PLC and Delta-V Controller end point need CAL?

  5. Ed (DareDevil57) says:

    great article. thanks.

  6. Short for client access license, CAL is a license that gives a user the right to access the services of the server. CALs are primarily used for Microsoft Server products where the CAL is based on a per seat licensing (also called per user or per device), per server licensing, per processor licensing, or per mailbox licensing

  7. Ed (DareDevil57) says:


  8. TammyRSmith says:

    I’ve never actually needed a client access license

  9. Ed (DareDevil57) says:


  10. @No more CALs, I’d be careful about using that strategy, I’m not sure it would hold up in court if there were an issue. While it can be a bit confusing, your licensing vendor or Microsoft representative should be able to help.

  11. DHCPACK says:

    In the answer to Question #1: “A multifunction printer accesses server software to; receive an IP address…” — does this mean that any device which receives an IP from a Windows DHCP server requires a CAL (assuming the environment is Device-CAL-only)?

  12. Jean-Marc says:

    Hi !

    Can you clarify this point in FAQ, please : If i use a Windows Server 2012 R2 for WSUS without backend server (only internal database installed by WSUS on front end), does i need CALs ?


  13. Ed says:

    I think that this “clarification” is probably one of the worst that I’ve seen. First, a CAL is not a CAL. There are AD CALs, Exchange CALs, SharePoint CALs and a bunch of others. There are many times when multiple CALs are required, but yet no mention of it.
    It was my understanding that AD CALs are only required when users authenticate against the server. A printer receiving DHCP wouldn’t require a CAL. Would an IP addressable light bulb that get’s a IP require a CAL? What about all of the IP telephones on my network that DON’T talk to the AD, but still use DHCP. Do they require a CAL?
    Come on, get a little more real about this, A freaking printer requires a CAL? I’ve known of no Microsoft Sales rep that would even think about asking customers to buy CALs for printers.

  14. J Senior says:

    My interpretation is that multifunction printer may carry out a task (such as scanning a document) that is stored using Windows Server credentials. In this case the multifunction printer is using Windows Services just like a PC and would require a CAL unless the person accessing it has a Windows Server User CAL assigned to it. A regular printer would not require a CAL.

  15. DotNetDev says:

    I am very concerned about these FAQ’s. #1 and #5 I find a little horrifying. Ed’s comments about lightbulbs reflects my horror with #1. As for #5, ASP.Net is designed to have a pluggable infrastructure for security. If a web app is authenticating with something other than AD, it makes zero sense to me why an external connector would be required. Seriously Microsoft.., this on top of the lagging mobile and tablet market share, issues with the Surface Pro2, changes to MPN is really making me consider things outside the Microsoft stack, and based on #1 and #5 for me personally that might begin with the server layer. The team I respect the most at MSFT is the VS team.. so I don’t see stopping using VS for the foreseeable future for dev, but what dev I do in VS I can see changing more radically to HTML/CSS/JS for front end, Node.JS for the application layer, and well I guess I should start investigating a good SQL replacement (other than MySQL which I do not like).

    It is in your best interests to clarify #1 and #5.. I know I’m not the only .NET Developer who is getting tired of MSFT licensing complications, small market share in important areas, etc. A love for C# will only go so far!

  16. Totally confused says:

    This is worse than trying to do taxes. I have a bunch of questions based on the above.

    1. If I have a printer that uses an IP adders assigned by a router, but the drivers are deployed via a GPO…does that need a CAL?

    2. If I have guests that come into my office an temporarily use a Windows DHCP server to grab an IP address to access the Internet, do they need CALs? I guess the takeaway is to never use a Windows DHCP server?

    3. If I have a Remote Access card installed in a server, does that need a CAL? If I run sniffer, does that need a CAL? If I use a common management tool that installs a service/daemon on each server – does that need a CAL?

    4. If I manage another companies servers as their help desk…and employ more than 3 people….and I already have CALs for my people, do I need additional CALs to administer their network?

    5. So, if I host a a web server using IIS for any reason I need CALs for each user?

    6. If I assist another company in an e-mail migration to O365 and need administrative/test mailboxes – do those need CALs?

    7. Does a management software that sends out e-mails as alerts need CALs? Does a monitoring software that send s aping to a SQL server verifying logon is up and functional need a AD and SQL license?

    So far the lessons I am learning here is to never, ever use Microsoft DHCP servers for anything, never utilize IIS for your web servers, try to standardize on as many non-Microsoft products as possible, and hold onto your shorts as it’s impossible for any mere mortal to actually license anything correctly.

  17. J Barnes says:

    I’m more confused after I read this article than I was before. Multifunction printers need a CAL? Get out of town – that’s ridiculous.

  18. E.W. says:

    “Yes, if the multifunction printer is connected to a Windows Server network. A multifunction printer accesses server software to; receive an IP address, to receive a job, to communicate that the job is finished, etc. In short, it communicates with the server software. If the multifunction printer is accessing any server software licensed via the Server / CAL licensing model it requires a CAL for that software. The one caveat is, if your users who use the printer have CALs then the printer is covered by their use via their CALs. If not then the printer itself requires a device CAL. The same CAL requirement applies to any other type of networked device – such as networked scanners, networked fax machines, etc. Devices that do not connect to the network or the server software (generally referred to as peripherals) do not require CALs.”

    We have many printer/scanner/fax machines. You are saying that we need to license a CAL for each of them just because they lease an IP address? Wait – what? That’s news.

    If we hard code the servers and remove the server print queue so that the clients directly print to them would that remove the requirement to need a device CAL? I ask this because a number of our users don’t log into AD, but they do print to the printers and nobody has ever informed us that we need CALs for these devices before. I just sent an e-mail to our Microsoft Partner and they have never heard of this requirement before either.

    Does this mean that our BigIP boxes needs CALs? It sounds as if anything that utilizes dynamic IPs needs a CAL, so do our IP-based phones that configure via scope options also need CALs? If so, then we’ll immediately remove the services from our Windows servers and utilize our hardware switches and/or routers to perform the leases instead.

    I’m very concerned about #2 as well because we utilize BigIP load balancers. Do we need CALs for all of our VIPs and NATs? How does that work? Does our routers need CALs? This is very confusing information and I can’t understand all the details.

    For #7, we have more than 2 administrators. How does that work? We need to buy CALs for our Microsoft Partner in order to have them access our servers too?

    Y’all have made this beyond understanding and too convoluted. I don’t even know how I’m supposed to be compliant here and I don’t have months of my time to pour over this information trying to figure everything out. Again, even our licensing partner is confused. This is a mess and now you’re adding cloud services into this as well. You need to clean this up and remove the confusion.

  19. Name says:

    In regards to number six above, does that mean that all outsourced helpdesks need adminstrative Cal’s for each customer they manage if they have more than two administrators assisting the customer? That does not seem fair to me.

    For number five, if customers buy items from IIS servers, then they need a Cal for each user? That is a sure way to get people to instantly drop IIS and switch to Apache. That is not going to fly.

    For number one, there is not a single entity that I know of that buys printer cals. that is retarded.

    I linked here from the computerworld articles and I must say I knew licensing was complicated, but had no idea it was this big of a mess

  20. Name says:

    ” If you use a Linux server to run a web server, but your users accessing the web server are being authenticated via Windows Server – users (or the devices they use) will need a Windows Server CAL.”

    For each user? That could be tens of thousands or even hundreds of thousands. That is in addition to the sql server license?

    Time to drop SQL as well. Completely and utterly retarded licensing model that makes zero sense.

  21. Robert Klein says:

    Does anyone respond to these comments? I see a lot of people with great questions. Where can we find the answers?

  22. hmm says:

    I thought I understood microsoft licensing – on a couple of occassions I’ve corrected or found Microsoft licensing changes that the resellers we use have had to check with Microsoft are actually correct….

    Having read this post clarifying FAQ’s, I’m think i’m actually confused.

  23. ? says:

    Microsoft, please provide clarifications on this post. After reading it (twice) I have to admit I’m even mover puzzled than I was when I started. If this is your idea of clarification – then big, big massive fail.

  24. Paul DeGroot ( says:

    It would be great if Microsoft would document its answers, like point out where in its contract language these rules come from. Let me quote some important Microsoft contract language, since they seem to be avoiding it.
    For example, here is the official language (from a Microsoft Enterprise Enrollment) that defines a “Qualified Device,” which is, among other things, a device that would need to be licensed with a CAL. Tell me if you see any printers in here.
    ““Qualified Device” means any device that is used by or for the benefit of Enrolled Affiliate’s Enterprise and is: (1) a personal desktop computer, portable computer, workstation, or similar device capable of running Windows Professional locally (in a physical or virtual operating system environment), or (2) a device used to access a virtual desktop infrastructure (“VDI”). Qualified Devices do not include any device that is: (1) designated as a server and not used as a personal computer, (2) an Industry Device, or (3) not managed (as defined in the Product List at the start of the applicable initial or renewal term of the Enrollment) as part of Enrolled Affiliate’s Enterprise.”
    I’ll now throw in part of the definition of an Industry Device, which is, in effect, something that is NOT a Qualified Device.
    ““Industry Device” (also known as line of business device) means any device that: (1) is not useable in its deployed configuration as a general purpose personal computing device (e.g., personal computer), a multi-function server, or a commercially viable substitute for one of these systems.”
    I’d say a printer falls far more easily into the Industry Device category than the Qualified Device category.
    The rules are more complicated than this–an industry device might still require a CAL in some cases. But surely if MIcrosoft wanted to dump printers, network switches, fax machines and the like into the pot, this would be the place to do it–in their contract language.

  25. Jim White says:

    @Paul – I would say a printer is an “Industry Device” as well.

    I sure hope that some one from the licensing team is reading this blog and can help clarify the situation. I’m thoroughly puzzled as to this blog post. It makes things seem much more complicated than they need to be and obfuscates many issues.

  26. Joe Sensible says:

    After reading through the CAL requirements, does Microsoft want us to get work done or spend all our time stepping through the CAL minefield? Do I need a CAL for that?

  27. B Barnes says:

    We apologize if we were unable to get to each and every question.

    >>> Um, okay.

    Please note this post was intended to be a general guide only and address some outlier scenarios we hear about from time to time.

    >>> Got it. And it is raising more questions than it answers and is causing confusion.

    We encourage everyone to leverage your resellers, partners, and/or distributors.

    >>> Yep. Tried that. My Gold Partner is equally confused. Talked with my Microsoft rep as well as one of the EA partner reps and they have no idea what a “printer CAL” is. They (all three) were unable to answer DHCP server-specific CAL questions and they were equally confused as I am about this situation.

    n each case, these resources have access to teams directly at Microsoft who can answer licensing questions, who are better equipped to answer large volumes of questions.

    >>> No. No, you don’t apparently – as I’ve already stated.

    There is also a group available who handles licensing questions via the Sales and Partner Information line at 800-426-9400 .

    >>> Called. They don’t know the answer either. Nobody seems to be able to clarify in any meaningful way a number of the items you’ve addressed in this post.

  28. J.J. says:

    “Q1 – If I have a printer that uses an IP address assigned by a router, but the drivers are deployed via a GPO…does that need a CAL?

    A1 – Yes,”

    Bollocks. I’m moving to Linux. That does it. Ridiculous.

  29. What! says:

    >>>Q2 – If I have guests that come into my office an temporarily use a Windows DHCP server to grab an IP address to access the Internet, do they need CALs?

    >>>A2 – Yes, they are using a Windows Server service and would need a CAL.

    Okay then. Time to switch all DHCP functions OFF my Windows servers. This is beyond ridiculous. I’ll bet 99% of companies out there are out of compliance due to this. Y’all are smoking too much weed up there in Redmond.

  30. JamesB says:

    Sorry but I disagree completely with your statement that a printer would require a CAL just because the server deployed drivers by GPO. The printer is not accessing the server, it is not gaining any benefit from the server, it’s an inanimate object. The users and the administrator would be the only ones gaining any benefit or accessing any resources from the server in this scenario and both of them would already require CALS and have them. What you are suggesting would mean because I stored the security door access codes on the server for all users to see then the DOOR needs a CAL too. Heck the microwave needs cleaning so I posted a note to SharePoint so does the microwave now need a CAL?

  31. sam says:

    I’m sorry. I can’t wrap my head around a printer needing a CAL due to a> Windows DHCP IP use, b> GPO one time driver deployment, or c> partial guest use. None of those items should require a CAL in my opinion. This seems overly draconian.I think Microsoft is not being reasonable here.

    It also appears to conflict with the definition of an “industry device”, which clearly states that a printer does not need a CAL.

    I’m blown away that a blog whose purpose is to clarify the issue can’t seem to actually clarify the issue. I have, today, asked 2 MS partners in my area (Texas) about this issue and neither one of them are aware and/or agree that our printers need a CAL to function. One even told me to “stick my middle finger up” at this site. The issue of guest access solely based on a DHCP lease was particularly confusing as no one can accurately predict what CAL that requires in advance or how that is even tracked.

  32. sam says:

    Does every single guest who walks through our doors using DHCP need a CAL or do we just buy a range of CALS for each conference room? I think another poster said it best when he suggested that we move all our Dynamic IP resources off Windows-based servers. That would certainly complicate things for us, but it sounds like we would save even more licensing complication and a ton of money if we did so.

  33. . says:

    Computerworld was right. Microsoft licensing is a nightmare.

  34. something wrong says:

    our TAM told us to ignore the advice given in this blog. She said that guests using DHCP resources absolutely do Nott need a CAL and that occassional prinet usage for non AD users would not require a CAL for each printer. She said “draconian”, “unprofessional”, and “problem children” when referring to this site. We have it in writing in an email in case we are ever audited.

  35. Carl Bench says:

    We need another article on these licensing issue. Hopefully one that is written by a reasonable person who can put all of this crazy language into English. I can’t make heads or tails of some of the items presented here. Like others, I’m flabbergasted to find out that my printer/scanner suddenly needs a license just because of a leased address. Doesn’t Microsoft felt that’s a little on the silly side? Come on let’s get real.

  36. Dale says:

    The cost and complexity of MS licensing is driving me and other CIO’s to invest in other options. I am skeptical they can afford the massive changes required to keep my business for the long term because in the short term, the cost is cheaper to keep them while I slowly eliminate them where possible. The outlook for MS is ok for 3-5 years, but I am long on LINUX and short on Windows server (most of my licensing is in data center licensing).

  37. Mark Allred (IT Pros) says:

    Does my Multifunction Printer need a CAL?…Yes, if the multifunction printer is connected to a Windows Server network.

    I knew that weed was legal up in Redmond, but holy cow, I had no idea it was THAT good. Please, if you would care to pass some of that good stuff down my way to Arizona we’d be most appreciative. The day Microsoft busts down my doors for not having a “multifunction printer” license is the day I personally unhook our Windows servers from the cabinet and throw them out the window.

    I don’t care how the licensing team is trying to justify this complete and utter rip-off, but you need to take printers out of the equation. Again, please stop hogging all the good Maui Wowie and pass some of that down here so we can trip out of our minds too.


  38. Fox says:

    This is all fine and good, but it doesn’t answer what everyone is asking: What does the fox say about Microsoft licensing? I’m assuming it would go something lit “retch, puke, hurl, barf. retch, puke, hurl, barf”. That’s what the fox would say and really that is all that matters.

  39. WR says:

    This blog is NOT accurate.

    We just finished a licensing audit about 4 months ago. Nowhere did it require us to buy a CAL for any of our multifunction printers. It has been stated in another comment that these fall under an ‘industry device’ and that is exactly what the audit confirmed. Do NOT pay for any ‘printer’ CAL my friends as the information in this blog is 100% incorrect.

  40. WR says:

    It is also 100% incorrect about guest access as well. There is NO CAL requirement for temporary guests.

  41. WR says:

    The phones in our office are IP-based with option scope leases from Windows servers. I have confirmed that those DO NOT need a CAL, regardless if they are using a Windows server for the lease. This blog is INCORRECT my friends. Do NOT pay for these CALs

  42. CEO - Senior Tech, Inc. says:

    I now completely confused. I’m more confused now that I have read this web page than I was before I read it and my brain just hurts trying to comprehend what this is saying.

    I’m just a mere mortal trying to run a business. I can’t make heads or tails of the loopholes and confusing language. Even the additional content section added to the bottom of this post makes me want to pull my hair out.

    We use VDI and within this post you’ve clarified your position, amended it (A7), and then left me again in a state of confusion over whether or not my RDS solution uses any RDS components. I’m not Bill Gates. I can’t understand this.

    Is there any where that we can find this information displayed in plain English? There has to be a better way than this rigamarole. This is worse than doing my taxes.

  43. Do you really need to know my name? Really? says:

    This is beyond understanding.

    The obvious solution is to replace all Microsoft solutions with open source and Linux.

    Mya not be as elegant, but damn, much easier than this tar pit.

    After reading some of this I feel like I’m trying to deal with a the Ferangi.

  44. jerry says:

    Everything everyone else has already said is what I say as well.


  45. Scam says:


    This mess is what caused us to just spend the past year migrating every single Windows server and desktop to something else. We have to put up with none of this bullshit anymore, our users are happy and productive, and the cost of deploying new hardware has literally dropped in half.

    We are on track to saving over $350,000 per year for just 41 employees.

    It is so awesome to be done with Microsoft and their licensing scam.

  46. Confused says:

    I contacted my reseller and they said I don’t have to buy any additional license for our multifunction printers regardless of who uses it or how it obtains an IP address. That seems to completely contradict this blog post. What gives?

  47. Meyer (LA) says:

    Let me get this straight.

    I have around 100 users. We have 12 Windows servers. We have all 100 AD CALs and the 12 Server CALs. DHCP is located on 2 of the servers.

    If I hold a meeting in my office for an hour and have 8 people show up who are not one of the 100 AD users (again, guests) and they use the Internet – because they happened to obtain an IP address from the Windows servers DHCP services – I need to now buy 8 more CALs?

    Is that right? Look, I understand times are tough – but that’s complete and utter bullshit. That’s is unacceptable licensing requirements.

    Likewise, since our phones are IP-based, I need to provide a CAL for each Cisco phone just because they too use a leased IP address? Again, bullshit.

    I’m going to have a nice talk with our local Microsoft reps next week and if this information is true, it’s going to be a very, very bad meeting. I’m not going to play this kind of game. I’m fully licensed to what is expected and reasonable and now I’m hearing I need to more than double my current CAL count? That’s a sure path to Linux guys. This isn’t going to fly and I do NOT accept this licensing scam that you are purporting here.

  48. Do not panic says:

    I can confirm as well that this information is incorrect. This blog is incorrect and you do not need a client access license for DHCP-leased users or devices. Apparently even the Microsoft licensing team doesn’t understand their own licensing requirements on their own blog.

    Don’t panic people. You don’t need to panic here.

  49. Valor says:

    I honestly thought my partner was joking when he said dhcp based devices need a license from microsoft. Then I read this forum. I am stunned. Makes me never want to do business with microsoft.

  50. Jean-Marc says:


    My question about WSUS has been drop in a big black hole.

    If i use a Windows Server 2012 R2 for WSUS without backend server (only internal database installed by WSUS on front end or SQL Express), does i need CALs ? (NO domain, NO remote database)

    This one really need to be in your FAQ, i think. It’s not clear if authentication is used or not by “client” computers.

  51. Smoking the good stuff in Redmond, I see says:

    You are going to extreme lengths of reason if you are attempting to include scanner/printers as needing CALs. What’s next? Desk chairs? Tables? Do the server racks themselves require a CAL?

    I have been in the computer industry for over 20 years and this is the first I’ve ever heard of a printer requiring a CAL. I do not concur that is a reasonable request. Just because a device leases an address should not require a CAL. I’ll also be taking the matter up with our TAM because we just and an audit and nobody mentioned anything about printers.

  52. Ryan Day says:

    “For example, if 10 people, using 10 different devices are employed to manage their servers – a total of 8 additional user or device CALs will be required.”

    You realize of course, that means that pretty much 99% of all Silver, Gold, and EA partners supporting Microsoft customers are currently out of CAL compliance, right?

    Nobody expects to have to pay for CALs to support Microsoft-based customers for administration. Might as well just lock us all up right now.

    Seriously though, you need to change this requirement ASAP because I’m not going to pay you a cent for the privilege of supporting your customers and bring ing you millions in licensing fees. You can jump in a lake.

  53. Painful says:

    This is painful. If you were to take an average business owner and present him this information he’d look at you sideways. This is almost beyond understanding.

  54. johnredd says:

    How on earth am I supposed to know if my Virtual Desktop Solution I purchased from a third-party requires additional Microsoft CALs?

    Suppose the vendor, say Citrix, releases a patch that updates how the software works and uses an RDS component. Am I now obligated to but Microsoft CALs? If so, which CALs? Windows CALs? Some kind of access CALs? Developer CALs? Third-party CALs?

    This is too hard.

  55. markus says:

    Incredible. Only in the magical fantasy land of Microsoft does a printer somehow require a client license. Lunacy.

    I’ll tell you what, licensing team, either you allow my 5 printers to function without a CAL or I’ll scorched earth my network and remove every bloody last Windows box there is and be done with you. I will not put up with garbage like that.

  56. Charles Bauer says:

    My Customer has industrial devices that gets ip´s from Microsoft dhcp server. Does it need CAL? This customers has CORE CAL. So he should buy CORE CAL for all industrial devices? The other Customer has Enterprise Desktop, should he buy Enterprise Desktop for all industrial devices?

  57. zentyal istheanswer says:

    This is what happens when companies protect their bottom line and not their clients. Keep squeezing us MS, it is only your own throat in your grip.

  58. Maddin P says:

    We have CALs for all of our Users for Server 2008R2. Now we want migrate our WSUS and maybe our DHCP too to Server 2012R2. Have we to update all CALs ? All other Servers (File, DC, DNS, Print, DB) remains in 2008R2.

  59. microsoft says:

    @Charles Bauer –

    Yes, your industrial devices need a standard CAL. And then you also need an "Extended" CAL for each of the industry devices. So two CALs is what you need. If you don’t have access to an Extended CAL submission form, then you can utilize the TR-54 form provided
    by your Microsoft Rep and that will get you the "Ultimate" CALs which you can then apply instead of the "Industrial" CAL. In either case you’ll still need a standard CAL.

    Don’t forget any additional clients connecting to the ip leased clients. Those will also need CALs. Those CALs you can purchase only in bundles of 130 at a time as a "Root" device CAL. That CAL will then enable to connect all your devices to the device that
    is ip enabled.

    If you want to monitor CALS in the future that’s going to need a few additional "CAL" CALs just for the privilege of trying to determine the amount of CALs you actually need. 5 or 6 of those should be what you need because you already purchased the "Master"
    CAL, right? If not, then you’ll need to purchase a 99 pack of "EA" CALs before you buy the 7 "CAL" CALs. Yes, now you need to buy one more. Haha!

  60. Joe says:

    This is pure extortion.

  61. microsoft says:

    Do not forget to buy the blue licenses. If you only buy the red licenses at first, you’ll need to buy twice as many blue licenses later on. Better to just buy the blue licenses with the red licenses up front.

    During an audit, you need to make sure an select the purple tab (blue + red = purple). If you select the standard red tab, you’ll end up being charged for twice as many device licenses. This is all for your benefit however. If you choose the green tab, it would
    cost you three times as many device licenses, so we’re really just looking out for your best interests.

    Finally, be on the lookout for silver licenses. Those are really rare like legendary pokemon and cost 5 times as much. You do not actually get any additional benefits with the silver licenses, but each member of the licensing team will personally sign your
    license. We’ll also tell you how awesome you are.

    keep buying licenses and don’t forget that we love you all!

  62. Fluffy Bunny says:

    @Microsoft –

    Wait, wait wait a minute. What if I happen to have a beige license offer? In that case, I only need one blue license and I only have to buy one red license at half price, right? I get two red CALS for the price of one. That will save customers money assuming
    they don’t use any printers. If you have printers, then you can still use a beige + red CAL, but you’ll need to buy at least one new Surface Pro 3 device for every 3 printers in your organization. If you buy the dock for each surface, then you only need to
    buy one CAL (both beige and red) for every 3 printers. However, if they are multifunction printers, then you’ll still need to buy 3.

    Make sense? Of course it does.

  63. Josh says:

    What about a device (i.e. smartphone) getting a certificate through an MDM solution (i.e. MobileIron) that is using SCEP/NDES to get the certificate from Active Directory Certificate Services? The devices never connects directly to a Windows server, only
    to the MDM appliance does. The MDM appliance makes the certificate request to AD CS. Does each device need a CAL or just the MDM appliance?

  64. gjfugk jrwesgasdfvasdg ear gadv says:

    All devices need a CAL. The Smartphone, the MDM solution, the certificate server, the Active Directory server, the appliance, your dog, each door in your building. Everything needs at least one CAL, maybe two.

  65. MS Licensing says:

    @Josh – You will need a license for the Mobileiron, the Active Directory Services, and the SCEP/NDES connection services. You will need THREE licenses for each mobile device.

  66. Brad K says:

    MS Licensing, you make no sense at all. Three licenses for each mobile device? What?

  67. Andy says:

    This is ridiculous.

    In addition to what the other commenters say. If I run a web forum or CMS where users can register, you really want me to buy a CAL for each of them? Is there a special CAL for this? I’d recommend to call it the WTF-CAL…

  68. Dignesh Patel says:

    Dear Sir,

    I have SQL Server 2012 database server and I have Web Application Server and It having 500 Users accessing my Web site from Web Application Server , so how many Server + CAL License , I need to purchase.

    Thanks In Advance.
    Dignesh Patel

  69. MS Licensing says:


    You will need 1500 Server licenses and 1500 CALs to support 500 users access the web (1 license), web app server (1 license), and SQL (1 license). Pay up dude! Pay up NOW!!!!

    btw, we’re a bunch of clueless bumbling keystone cops here at the MS licensing team. Sorry about that.

  70. LOL!!! says:

    “Qualified Device” means any device that is used by or for the benefit of Enrolled Affiliate’s Enterprise and is: (1) a personal desktop computer, portable computer, workstation, or similar device capable of running an instance of Windows Professional
    locally (in a physical or virtual operating system environment) or (2) a device used to access a virtual desktop infrastructure (“VDI”).

    Hold my beer while I remote into my VM via my Inkjet!!!!

  71. premdesai says:

    In case of 1 -DC and 1- DR setup and if suppose 100 users are accessing DC server applications. Then, How many CAL License to be purchased and what type of CAL, in what qty to be procured. please advise me.

  72. microsoft says:


    Just go away. You are bothering us. We were counting stacks of money and your question interrupted us. There is no excuse for such insolence. You are banished forever from Microsoft. Please go buy Apple or install Linux.


  73. Blacksmithking says:

    Googled my way here. I’m in the middle of an audit. I’m looking for a plain language description of when I need a user CAL. This blog doesn’t help at all. Microsoft’s official guidelines are gibberish.

  74. Fletch says:

    My MS distributor says that external connector licences are not available for SQL Server 2014. Can you confirm that this is true? It seems strange.

  75. No more CALs says:

    Microsoft Licensing is not understandable by the vast majority of IT people, let alone Business owners and directors.
    I am not buying any more CALs
    In an audit, I will just point them at numerous discussions where people with a whole lot more knowledge than I are confused.

  76. Toodles says:

    I’d be careful about asking any "licensing vendor" or "Microsoft representative" to help you determine your licensing issues. They get paid handsomely to turn people in. Their main goal is to try and catch you so they can get a $1000+ paycheck for turning
    you in. They are all nice and such, but in reality they will run tools that will audit you and will find some way to tell you you are out of compliance. A good tip is to give them a reasonable bribe (a few hundred is probably okay, but be prepared to have
    a few extra $100 bills handy) BEFORE they start touching any of your computers. That way, when they find something wrong (and they WILL find something wrong) they will be less likely compelled to turn you in and reap their reward.

    We had this happen to us for a number of years until we started bribing them. Then, we had no more issues.

  77. ali says:

    The more we ask questions the more we get confused with Microsoft Licensing policy. Why do Microsoft simplify Licensing on server based access instead of individually, licensing users, devices, services etc etc??? Purchase a windows server license it.
    Purchase a SQL server license it, Purchase a Exchange server license it.. that’s all.. For end users, use Windows desktop then license it… period.. It makes more sense.. Licensing model like what explained above is just to mint money and that is Why MS is
    becoming so unpopular with Linux based users….

  78. Anti-Ali says:


    Since you dared mention "Linux in our forums you are now banned from using ANY Microsoft product. Forever. Go cry to your mommy you Penguin lover.

    Thank you for choosing Microsoft!

  79. JoeX51 says:

    Why doesn’t the pro version of the OS include My Server CAL?
    Seriously I thought in the old days when you bought the pro version of the software you didn’t need a separate Server CAL except exchange .
    MSFT you make these worse every time you change the rules! Why not pick a set of rules that can actually be followed… it all a big game

  80. EDDIE says:

    And you wonder why you are losing market share to open source. If you charge thousands of dollars for a server license and hundreds for a client OS the CALs needed for all thing MS should be included. Ridiculous.. the entire model is like the stinking
    tax code.. ridiculous.

  81. Peter says:

    I have heard that you will soon need a CAL for each screw you use to mount your server in a rack. This is because the screws are entering into the same physical space as where the HDD and the processor is stored. If you have a multi-processor license you
    will need to buy 2 CALS for each screw as they are accessing indirectly the air that the processors are. It really a quite interesting business model and it very well explains why Bill Gates was just named the richest person in America. $72,000,000,000.00
    now. Haha… please take more of my money. You need it!!!

  82. microsoft says:

    " have heard that you will soon need a CAL for each screw you".

    "screw you" indeed. You should not be paying per screw. We’ve revised that model to now use the standard 1.75" UI standard and you can choose that option instead. We only charge you 3 screws worth of CALs for every OU instead of 4 – so you get a fantastic deal
    that way. The CALs for the screws (being that they are server-side licensed) are also sold in the same "buy 3, get 4" packs for screwing accessibility to occur.

    But more than that Peter, we’re sensing your negativity toward our licensing scheme – and that’s the greatest sin of all. So, no soup for you! You are banned from Microsoft. Your mother is a hamster and your father literally reeks of elderberries.

    Have a great day!

  83. Malik says:

    I’m a CIO, and I can safely say that no LAR, reseller or distributor can answer or knows the information. Microsoft has recently stated that any device which gets an ip address from a windows network/server it requires a CAL. With IT budget cuts and the
    need to spend valuable resources to innovate, it seems staying with Microsoft is not a good long term idea.

    I do hope Microsoft, take customer’s feedback more seriously and improve CAL licensing and multiplexing rules to ensure customers remain with Microsoft platform. Many of us CIOs have started looking elsewhere for our architecture needs.

  84. Steve says:

    Regarding question 7, re; the administrator using a CAL, when I run a report of CAL usage, using Svr 2012 R2, it shows that the domainAdministrator is using an RDS per user CAL. All the Admin account is used for is managing the servers.

  85. microsoft says:


    I see. You want us to starve and not feed our families. You animal. You heartless animal. What a beast you are. Go away and hide in shame as you are not worthy to own even a single Microsoft license. Go away foul beast.

    Thank you for choosing Microsoft. Have a great day!

  86. paul says:

    Take it easy guys, its not that hard. Just get Windows Server User CAL:s, so you dont have to worry about printers or some other odd devices. People are using lots of laptops and tablets and some other gadgets which authenticate on AD, just use User CAL
    so you dont have to buy device CAL for all of those or argue here when CAL is needed and when not.

    And for that DHCP use, just slap one Windows Server External Connector license to that server and an unlimited number of EXTERNAL visitors can access and get ip address from server.

    Licensing rules are explained on MS Product Use Rights and Product List (Bing or Google them). Qualified Device definition is appropritate only when you have eg. Enterprise Agreement, it does not apply for Select Plus agreement.

    And if your MS Licensing Partner can´t explain these things, get a new one.

  87. alex says:

    My Microsoft Prtner just told me, that I have to count all my devices and then count all users. then I take the smallee number, users OR devices, and buy this amount of calls.

    For example I have 50 users and 80 devices, i only need 50 user CALs
    And if I have 120 users and only 80 devices, so i only need 80 device CALs

    And he also never heard of needing CALs for printers and phones. he sayed to me, only users/devices accessing AD need CALs

  88. sam says:

    If we have Windows 2012 Server Standard with 40 CALs, then we add a Windows 2012 R2 Standard server to the same domain, does that require 40 CALs for R2, or do the original 2012 still apply?

  89. microsoft says:


    Your partner is wrong and we are already preparing a swat team of ruthless knuckle-busters to go have a talk with them. You buy the CALs we tell you to buy. End. Of. Story. If you have 50 users and 80 devices then you now need to pay for 130 CALs or you can
    jump in a lake. Suck it up and pay.


    Of course you need new CALs. We have a lot of families to feed.

  90. sam says:

    That’s not very clear then. According to this article it sounds to me that Server 2012 and Server 2012 R2 use the same CAL license. Is this not correct?

  91. Andre Dicaire says:

    I’m struggling with getting a clear answer on when an RDS CAL is required with virtual machines. If I have a Hyper V host with say 10 Windows 7 Client OS VMs, and I have 10 Thin clients, and I purchase a VDA subscription for each thin client, and all the
    VM OSE’s are activated, as are the Thin Client OS, Do I need RDS CAls? The Thin Clients use RDP to connect to the Windows 7 OS, but the way I read all the Microsoft documentation about Virtual Desktop Infrastructure, I don’t see the Windows Client OS as being
    part of that. Also, since I don’t have an RDS server, or any full Server OS, where do I load the RDS Cals and how are they assigned?

    What is VDA subscription for? If I purchase a Windows 7 OS activation code, and the Thin Client OS is also activated, it seems to me that an RDS CAL might make sense instead of VDA, but I’m forced to purchase a subscription and also an RDS CAL to access a licensed
    Windows Client OS? Does not make sense, and no one seems to be able to answer this.

  92. Khalid Shaikh says:

    Do I need CAL if I use windows 2008 server R2 for hosting a web site using Apache and SQL DB where this website takes care of authentication and not windows OS

  93. MS says:


    Are you daring to question us? Do you have any idea how utterly foolish you sound?

    Buy the CALs we tell you to buy. Do NOT listen to or follow any other article or persons advice on this matter.

    No, go away and buy CALs and leave us alone kid, you are bothering us.

  94. microsoft says:


    With 10 Windows 7 VMs and 10 Thin clients you would need 700 CALs to be compliant. That would be 10 times 7 (a CAL for each version of Windows running in the VM) and you again need to times that by 10 because you are trying to run a thin client. Anyone who
    runs a thin client falls under the new licensing rules where you are simultaneously running VM clients and RDP. Forget VDA, that’s child’s stuff you don’t want to be messing around. You simply multiply the CALs need. Much easier that way for everyone.

    Have fun, be safe, stay off the drugs, and choose Microsoft!

  95. This crazy licensing system is why I turn down jobs where clients demand Microsoft. Linux can do everything this server can do, BETTER, and free. Almost NO company properly provisions these licenses anyways. It’s all good, you all got into trouble with
    congress and the FTC, and the SEC doing stuff like this once before.

  96. Andrew Thomas says:

    So, based on the above details, we have to no longer allow a windows DHCP server to provide IP addresses to every guest network at every client, or ask that the company now goes out and buys an unlimited number of CALS to hand out IP addresses from a guest
    DHCP Scope. I guess this means we need to begin using a DHCP server from let’s a say a Linux Server with Samba, and begin the whole shutdown and migration away from the Microsoft platform, as I’d feel as dirty as possible trying to defend Microsofts Policy
    regarding DHCP. The money they’d spend, and the legal loophole this puts millions of businesses in is absurd.

  97. Gary Stanton says:

    In Microsoft’s SQL Server 2012 Licensing Reference Guide, it states on page 9 that for the Server+Cal Licensing Model:
    Note: Devices not operated by humans require device CALs, even when connecting to SQL Server indirectly. For
    human operated devices such as PCs or hand-held terminals, a user CAL or device CAL can be used.

    My question is on devices not operated by humans require device CALs? Would this include SQL Servers that indirectly access devices such as PLC’s and other associated device sensors for automation control environments such as (Wonderware Software Automation

    If this requires device CALs, then core licensing for SQL Server would be a cheaper option for customers with hundreds or thousands of devices.
    Why would this NOTE be included in the Licensing Reference Guide and not in the EULA?

  98. Zsolt says:

    This just convinced me, will never use or recommend Windows EVER. Grow up people and start using linux.

  99. Johanna Thames says:

    Does the answer to question 7: Do I need CALs for my administrators? also qualify for SQL Server 2012/2014? I mean, does it allow 2 administrators to login at the same time to the server? Thank you!

  100. microsoft says:

    Look people – we’re going to say it one last time. Bugger off! Stop posting comments here and wasting both of our time. We’re Microsoft. You are all peons and your comments deserve to be ignored as the trash they are – because you are not Microsoft. We
    are gods. You are slugs. Get that through your little pea-brains.

    In any case, go away! Stop bothering us with silly questions! We have families to feed so pleas go out and buy some licenses and shut up about it. Stop complaining or we’ll fart in your general direction like we fart in our own directions now.

    Go and buy Linux. We dare you. We triple dog dare you. You mother is a hamster and your father smells of elderberries. You suck. We rock.

    Thank you and have a great day!

  101. ChingghisKhan says:

    MS Licensing is the biggest BULLSHIT in history of computing!

  102. microsoft says:


    We at Microsoft would like to offer you our most humble of condolences on your name. Going through life with something as bullshit as "ChingghisKhan" must take incredible courage. I’ll bet you were picked on at school and teased over something completely unpronounceable
    by humans. The pain must have been intense. Your parents should be shamed.

    Our hats off to you and your suffering. It’s not often we hear such a story of courage and bravery.

    Have a great day!

  103. Dave says:

    This is why I miss Novell. Have a user? Buy a user cal. Deploy as many servers as you want. E-mail? By a mailbox license for the user. Deploy as many servers as you want. I didn’t have to spend hours and weeks of my time getting 10 different answers from
    MS and consultants as to what is or isn’t required in order for me to use a product legally or do a budget for new hires. If you have to call a consultant just to find out if I need X cals for Y users, that’s a serious problem. MS doesn’t even understand it’s
    own licensing half the time and it’s been this way for years.

    I know there’s people that are going to say, you need to call someone to figure this out? No, I don’t NEED to, but it’s good to double check your math when in doubt. I’m sure there are a lot of companies that feel they don’t need to either, and many of them
    are almost certainly out of compliance. A good percentage has probably over bought licenses that they didn’t need.

    You bought a new accounting system, it requires SQL server. You buy it and install it, and then install your accounting system. Did you buy SQL user cals for everyone that uses the accounting system? Moving to SQL 2014? How about those licenses changes.. Seriously,
    you practically need a full time employee that does nothing but track MS licenses.

  104. Will Anderson says:

    Why bother making it such a ballache. Simplify Microsoft!

  105. microsoft says:


  106. what? says:

    I like Linux. If I want 10,000 peopel to be able to log in to my PC I can do it 🙂

  107. microsoft says:

    Dave, how do you expect us to feed our families if we do things on the "up and up"? We have to confuse you enough so you will either overbuy or we can really shaft you over during an audit. I mean, really, think of the poor children before you dismiss
    our current licensing model. Have you no heart? You monster.

  108. Testing says:

    I can write whatever I want in this blog. Wheeeeeeeeeeeeeeeee!

  109. microsoft says:

    Yes….Suck my shorts.

  110. CP says:

    What about Contact Objects? These are merely rooms with room phone extensions – no users accessing the network for anything – just address book entries?

  111. Tired of this whole situation says:

    Microsoft is and always has been flat out greedy, and over the years, their selfish standards have set horrible precedents throughout the industry. The bottom line is that there should either be a flat license fee for each server product, OR there should
    be some kind of CAL system with no base fee for the server product. Doing both (and then raising the complexity to utterly ridiculous levels) is beyond shameless. It’s gone far beyond "double dipping" and by now we are well into duo decuple dipping.

  112. Andrew says:

    Why doesn’t Microsoft wise up and stop all this multiple licensing licensing bullshit. Don’t the bean-counters at MS realize that the more complex they make the licensing, the more companies and people are going to flaunt it. Need a server, buy a Server
    License. Need to cater for 40 users, buy 40 CAL’s, end of. No User CAL’s, no Device CAL’s, no RDS CAL’s, no bullshit, just a CAL & be done with it!

  113. Bollocks says:

    This blog post id just Bollocks, Bollocks, Bollocks Bollocks Bollocks Bollocks, Bollocks !!!!!

  114. Lesta G says:

    Answer to Q1 is incorrect (sorry MS) GPO applies drivers to PC (that needs CAL). The printer does not need CAL. Or are you telling me that if I print directly from the PC to the printer I need a CAL??? Really?? You better start quoting from some document

  115. Microsoft Licensing says:

    We hate ourselves. We hate what we have become. We are so incredibly sorry for, literally, ripping people off every single day and we – apologize.



    NOT! Suckers! We will never let you go! You are ours for the taking – and we will take and take and take. Pay up suckers and ride the lightning that is Microsoft! Bwhahahahahaha!

    Microsoft Licensing

  116. Kuba says:

    ‘do not require CALs or External Connectors (…) Web workloads, also referred to as an internet web solution, are publically accessible (e.g. accessible outside of the firewall) and consist only of (…) and/or POP3 mail serving’

    ‘they are now authenticated (…) – CALs or External Connectors will be required for users’

    Yep. Last time I checked POP3 REQUIRED authentication…

  117. Robert Gombe says:

    Ok im a bit confused. i have just certified MCSA so im just going over some stuff and googled licencing for Data center and saw processor and CAL. so if i have 30 users all running windows 8 all activated i still need 30 CALs for theses clients to access
    the server? Thats wat im getting from what i have read. Admittedly i haven’t read all the comments but i just want to get some clarification.

  118. MicroSense says:

    What the.. wow.. just wow. Good job Microsoft on the confusing text. You already took the crown when it comes to confusing user interfaces, perhaps you should have asked someone from Apple to write this for you.

  119. rahul says:

    If we are using server 2008 or other edition only for shared folder purpose,simple data sharing , then does it require any CAL OR Device CAL.

  120. MS says:

    I’m getting a headache trying to understand server licensing. I’m purchasing a Windows 2008 server that is only going to host file shares , No Active Directory, no SQL server, no Domain or GPO. Do I need to get CALs for the users accessing the file shares?

  121. Jesus, this is worse that I thought... says:

    I have been avoiding Microsoft for years and did not use a single product. All web apps are developed on LAMP or OS. I recently got a clients who’s asked me to revamp their network. Part of it is complete web app rewrite and unified user store with AD
    connector. I must have spent about 6 hours talking to US and UK Microsoft people. Majority of them pick up the phone and don’t know what they’re there for, unable to answer questions and putting through to other departments which then put through back to previous
    creating a vicious circle. I do not know who employs them. There was only one person out of 6 who actually knew what he was talking about! Licensing is a monster causing more mess than good. I presume if they’d fired all those useless people and simplify licensing
    to fewer options the profit wouldn’t change and only make life easier for customers. It’s absolutely ridiculous and only money craving ***** would complicate it that far. I think I’ll start investing my time in SAMBA4 and possibly help them out to create a
    similar solution that people will benefit from in the future. To get them away as far as possible from this Microsoft non-sense and waste of time that costed me hours.

  122. penguins says:

    That dhcp guest thing, wow. Way to give everyone a solid reason to ditch your product.

  123. hardly says:

    >for example, they check their email
    What about a general function check, such as "Are my users able to reach and interact with website x", which just so happens to be an email site?

  124. Oh snap says:

    So we require CALs for DHCP because it uses a Windows Server service. How about DNS? Do I need a CAL for each of my DNS clients?

  125. adam says:

    The worst part about Microsoft licensing is that five Microsoft licensing "experts" will give you five different answers.

  126. Doug says:

    Zentyal here I come

  127. Frank Echanique says:

    I would like to thank the author of this blog post, finally got my CIO to start letting me replace windows boxes with *nix boxes!

    Thanks again!

  128. Why Bother says:

    Everyone else has already said it. Microsoft licensing is absurd. What I got out of this is: don’t try and run a small business that relies on Microsoft products. At least they explained how ridiculous it all is. Thank you.

  129. Chris says:

    With the prevalence of IoT, each device is going to require an IP. It’s bad enough that as admins that we have to manage this stuff but now we need to tell management that to use it we need to spend $100 on a CAL just to get a damn IP address. It looks
    like I’m completely out of compliance. I’ve got to shut down my employee’s free wifi network because of this.

  130. Corey says:

    Done with this non-sense. Going with Linux thank you very much.

  131. Jeff Messer says:

    The fact that you have to go to so much effort to clarify how this is all supposed to work in so many different scenarios exemplifies how broken your licensing model is. I’ve been doing Windows admin work for almost 10 years now, and I occasionally get
    pulled into licensing discussions. Reading this reinforces my growing belief that I need to put more effort into investigating alternatives whenever possible, be it Linux, UNIX, or otherwise.

  132. E Jones says:

    I agree with Jim White. Looks like a politician wrote this article, afraid to leave a paper trail.

  133. ML49448 says:

    So if I have a Windows Server front end to a public website, I don’t need CALs. But if I have a backend database server supporting only the front end webserver, I do need CALs. How is someone supposed to know how many CALs to purchase? Issues: (1) Someone
    starts a shopping cart but leaves, and then later comes back to buy – need a CAL for the entire duration? (2) Do I bloat my CAL count to accommodate one day a year, Cyber Monday?

    Microsoft still has work to do when it comes to public website licensing. This is unworkable.

  134. emsi says:

    We will be re-installing our server 2008 next month but this time we will use licensed Windows Server 2012 to run our Database Application System (Hospital Management Information System) and 80 computers in our LAN are going to access this system. File
    and Storage services are the only roles installed in this server. No AD, DNS, DHCP are installed. We do not have domain network, workgroup only.

    In our case, Is buying CAL for users mandatory? or it’s optional? Thanks

  135. =^.^= says:

    Scenerio – a new business starts up and is using Google Apps for Business and dropbox for storage. The server will be used to authentic employees as they log into the network to access the internet and back up data. Therefore, I will need a CAL for each
    employee correct?

    Now, what if the business is using 30 thin clients, 2 work shifts a day that rotate 60 employees on the devices, there are no physical desktops or other devices, how are CALs handled then? Is it still 1 CAL per employee because each person has their own login?

    Lastly, if the business has 5 thin clients that are open for guests to use. No login required and the only use is the internet. There is no limit to the number of visitors who might use the thin client station so how do you know how many CALs to purchase? There
    could 1 to 100 people coming in and out of the guest room to use the internet, if a CAL is required per user how do you decide what is the right number of CALs to purchase?

  136. Grrrrrrrrr says:

    This is absolutely ridiculous. How is a small IT company meant to take THEIR time to understand this utterly over complicated Licensing. You literally need a separate department for this! Why don’t you just roll it into the price of the product….job
    done and its not as though that is all that cheap in the first place. Given up!

  137. Kevin says:

    This garbage has been around for almost 20 years, and I see it’s still just as hard as ever to comprehend.

    In short, everyone, this is Microsoft’s way of making sure they can always hold something over your head legally. That’s the only purpose here. I mean, if we’re licensing connections and printers, what’s next? Do I need a Microsoft license to have my network
    cable plug into the server? Give me a damn break.

    I’ve also spoken to Microsoft on the phone about this to TRY to be compliant, and they understood it even LESS than I did. This is a hopeless setup, MS, and you still haven’t righted this.

  138. EDDIE says:

    @ =^.^=
    "Scenerio – a new business starts up and is using Google Apps for Business and dropbox for storage. The server will be used to authentic employees as they log into the network to access the internet and back up data. Therefore, I will need a CAL for each employee

    That is unknown at this time because it depends on the next part of your scenario…

    "Now, what if the business is using 30 thin clients, 2 work shifts a day that rotate 60 employees on the devices, there are no physical desktops or other devices, how are CALs handled then? Is it still 1 CAL per employee because each person has their own login?"

    You wouldn’t use User CALs in this scenario, you would prefer to use device CALs. You would use 30 device CALs. If your thin clients are using RDS, then you would also needs RDS CALs as well, 60 of those though because they are not based on concurrent users,
    they are based on named users. Note: None of the CALs Microsoft offers are used concurrently.

    "Lastly, if the business has 5 thin clients that are open for guests to use. No login required and the only use is the internet. There is no limit to the number of visitors who might use the thin client station so how do you know how many CALs to purchase?
    There could 1 to 100 people coming in and out of the guest room to use the internet, if a CAL is required per user how do you decide what is the right number of CALs to purchase?"

    In this scenario you would likely license 5 device CALs since only one device could be used at a time, and you would opt for an RDS External Connector CAL to cover the myriad of users using your 5 little thing clients. Again, assuming you’re running any part
    of RDS in your terminal server solution.

  139. EDDIE says:

    Reading through the comments on this site, there are a TON of incorrect assumptions being made. (At least on the first page, I didn’t read every comment, sorry) This article does not take into account Processor Licenses such as in Data Center Editions
    n’or Specialty Server Licensing such as for IIS, Dynamics CRM or Internet Facing Sharepoint. Here, skim through this easy to visualize site. It should provide some high level clarity.
    Remember, There are no concurrent licenses, only named licenses. You’re naming either:

    The user (User CAL) who is accessing the server with 1 to many devices
    The device (Device CAL) usually when you have rotating shifts using the same equipment. The Device CAL is the closest thing to a Concurrent CAL MSFT offers.
    If you can’t name a user or device because you don’t know (i.e. it’s external or from the internet) Then you’re looking at either an external connector license to cover everybody, or a Specialty Server License which is typically for Internet applications.

    Hope that helps.

  140. EDDIE says:

    I heard someone say they were concerned that MSFT was doing away with the external connector for SQL. Well, that’s because you don’t need it. If you’re going to be using SQL server as the DB backend for anything internet facing, license it Per Core and
    install it in Windows Server 2012 DataCenter Edition (per core) and be done with it. In this scenario, you don’t need CALs.

  141. Patrick Goovaerts says:

    We are using Win2008 + Win2008R2 servers and have Win2008 user and T/S cals for 100 users.

    For backup puposes of all our servers, we want to install a new Standalone TSM Server. This server will communicate only with the virtual servers in our server farm.

    If we install Win2012 Server OS… do we need to upgrade our user/TS cals for all our users?

    thx for clarfication.

  142. Ted Mittelstaedt says:

    It is important to understand that there are only 3 scenarios where licensing matters at all:

    1) To know that your doing the Right Thing – ie: you can sleep at night.
    2) When your wanting to sell a Linux solution to replace a Windows solution 😉
    3) When the software audit guy comes in from Microsoft and says you don’t have enough and you and him go to a court to fight it out.

    the ONLY scenario that really matters is #3. And there is a part of the law that is called Contra proferentem, which basically means that in any contract dispute over a contract point that is unclear – the drafter of the contract – in this case, Microsoft –

    If you read the actual Microsoft licensing contracts you will discover that they are, not surprisingly, pretty clear. They do not make wild handwaving about DHCP clients and other such nonsense. These licensing documents were written by Microsoft’s lawyers
    who understand Contra proferentem very well.

    When you are facing that software audit guy from Microsoft you are not going to be able to drag blog posts by people like this author into the court as any kind of proof of your "side" Nor are you going to be able to say "I called Microsoft and this guy there
    over the phone told me X" Unless "that guy" sends you a signed letter stating X then it’s worthless. The software audit guy is going to pull the contract out, show it to the judge, and that’s going to be that.

    Thus, it is really a complete waste of time to base your licensing policy on this kind of blog post or article when it makes NO references to any contract licensing verbage to support it’s assertions. Instead, you need to pull down the LEGAL CONTRACTS for the
    CALs and in particular the server software, read them, and base your decision on whether or not to buy CAL’s on what they say.

    if you can make a case that it is not reasonable to assume that a random device obtaining an IP via DHCP from the server and isn’t even logging into the server does not constitute use of the server services, based on the contract language of the license – then
    Contra proferentem applies and you will win. End of story.

  143. Hadda Nuff says:

    I have a wireless controller that runs a group of access points and we are looking to have that controller talk to the W2012 server to authenticate the users of wireless devices. Only the controller will access the server, no DNS/DHCP/files/printers –
    no nothing but the controller. Do the wireless devices need CALs?

  144. Tad says:

    Ted’s the man

  145. Sane IT Professional says:

    User CAL’s, Device CAL’s, Core CAL’s, Enterprise CAL’s, Open License, Open Value, Software Assurance, blah blah blah.

    Ugh "The only exception is that both per-user and per-device options are
    available in CAL Suites even when both options are not available outside the suite. For instance, Microsoft System Center Configuration Manager 2012 R2 has per-device use rights as part of Core CAL Suite and Enterprise CAL Suite, even though it is offered under
    a per-operating system environment license individually."

  146. FormerMCT says:

    Given all the answers, why the hell should I use a Windows server again?

  147. Jason Warner says:

    Are RDS CALS required for users that are going to remote into a Workstation say Win7 and do items other than administration?

  148. ujas says:

    An organization has Windows based server with SQL database, application runs a service to monitor Swipe access points at all entry and exit points. do these entry points and exit points need SQL CAL or do users carrying smart cards need SQL CAL ?

  149. Jason Garner says:

    "Since users are accessing the backend commerce servers which web workloads are not running – CALs or External Connectors will be required for users to access these back end servers."

    Wouldnt I just get one device CAL for each web server that accesses my backend commerce server?

  150. Grahame Horner says:

    We are looking at the possible deployment of a Active Directory server in house to allow/ease the management and control of hardware in our company, we are also looking at Office 365 – Azure Active Directory as a solution.

    Question: If we created an Azure Active Directory and Sync’d this with a on premise active directory for ease of management are we required to purchase user/device CALs given the users/devices are registered in Azure AD
    and this is a server-to-server connection to allow management.

  151. Jack says:

    This whole CAL mess has convinced us to move from a workgroup to a Linux server, why bother with complications and headaches like this! Every device that gets an IP address from the server needs a CAL? Are you guys for real, or what? What if users just
    use a router for the DHCP server? Of course not a single question asked here has been answered so why even bother asking. In any case, for use the point is now moot because we will not be moving to Microsoft server.

  152. Raj says:

    I have a query, if I deploy a web application on microsoft platform with SQL as backend (core based licensed). Do I need windows CAL for the users who will access the application. The application will be on intranet and internet both and restricted to
    employees only. One more thing user authentication will not be done by the AD.

  153. jim says:

    i have 50 printers and doing all sorts of things, none of them require CALS. The day CALS are required for printers is the day we stop buying servers…does this guy realize how much that would cost a small business or any business. CALS in my opinion
    are rips offs built in to charge extra money for what you already have.

  154. Bob Hyatt says:

    i do everything this guys mentions you need CALS for with out CALS. Hopefully they have fired this guy buy now. CALS are confusing and a waist of anyone’s time to figure out. Just another ploy by big brother to get your money. Build your own servers and
    by pass all this crap…..

  155. Spencer1230 says:

    90% of peoples complaints on this blog would be solved by buying user CAL’s. It seems that there are so many complaints about having to get licenses for all of the devices on your network. So don’t, just get user CAL’s.

    Purchase user CAL’s or device CAL’s depending on which is less in your situation.

    Go back and read Eddie post from March 3rd, 2015. I don’t know if he works for Microsoft, but he explains it very concisely.

  156. Vidar says:

    How can you say that a a printer need a CAL because it connects to the server? It’s the other way around. The server connects to the printer. It is the printer manufacturer that should require CALs for connecting to the printers but they are not that stupid
    of course. Only you are.

  157. Abdo says:

    I have mailboxes hosted on a Linux mail server but users are authenticated from Active Directory , do I need CAL licenses for these users ?


  158. Max says:

    for Genuine Windows 8, 8.1 Pro, Windows Server 2012 R2, 2008 R2, RDS CAL for Windows Server 2012 with 80% discount, please visit:

    Please note: we sale only Retail license!

  159. WIN DC CALs vs Exchange Server CALs says:

    Question: I have installed MS Windows 2012 R2 as the office’s primary file server, and have also configured it to run as our DC and DNS. Then bought CAL’s for all staff users on our domain.

    Now I want to install Exchange 2013 on the same Windows 2012 Since I already have CAL licenses installed for active directory, do I need to buy CAL’s for Exchange server?

  160. Dave says:

    If I ever doubted the absurdity of this licensing model, I no longer do after reading (and then re-reading, and then having to re-read again) this blog post. This is the very definition of an unnecessarily complex and confusing system.

  161. Vysakh says:

    I have an RDG setup(2012R2), one server with all the RD components installed. RD Licensing, Gateway, Web Access, Session Host – everything on one server. Done session based deployment too.
    My clients connect to other servers using RD Web Access – if they use windows, else if they’re MAC they use RD Gateway feature. No other servers are session host or doesn’t have RD Role installed.
    Have read about Device and Client Licensing.
    I am confused with the licensing. My questions are:
    1. I guess the best option is to have Client Licensing. Is that right if we have less number of clients accessing RD.?
    2. What if a client leave that organization and new client coming at that position? Do I need to purchase licensing again.?
    3. Is it a one time license or a kind of renewal process?
    4. Is there any extra cost that would require for my RD setup, other than the licensing.?

  162. SEO says:

    In general, traditional SCADA system have many RTU which running embeded realtime OS to measure values from sensors.

    But, this RTU has only serial communications not LAN.

    If 5 RTUs was attached Windows Server system to write measured value to MS-SQL, it needs device CAL?

  163. What a joke says:

    So let me get this straight…. I need to buy the server software, then I have to buy the right for anyone to use it?!

    How does that make sense?! It’s actually most confusing because it takes so long to accept that is actually what you are doing to your customers.

    I can understand needing special licenses for RDP, but just to use the software for what it was built for is insanity…

    I guess you get cusomters because we don’t have much choice, but you forget the people in charge my purchases will migrate away from your products as better options become available.. and the way this industry is changing… I see options on the horizon.

  164. aaron says:

    "However, servers used to pool connections (sometimes referred to as multiplexing) does not reduce your CAL licensing requirements."

    So even with data center licensing, which requires CALs, you are screwed if you want to host a public facing website. What non-sense.

  165. aaron says:

    "Once the customer adds a widget to their shopping cart, creates an account and enters their credit card and shipping information to complete the sale – they are now authenticated via your back end commerce servers/application (non-web workload). Since
    users are accessing the backend commerce servers which web workloads are not running – CALs or External Connectors will be required for users to access these back end servers."

    No web developer in their right mind would ever create internal AD accounts for each external user and authenticate them with the backend servers. You never authenticate external users with back end services! That is not Windows authentication. That is totally
    separate from the web authentication which is usually based on records in an application specific table. More non-sense. So if I wanted to implement an online store to serve potentially 100,000 customers over the next year, I have to purchase $50,000,000 worth
    of CALs? I’ve never heard such a twisted explanation of interfacing with backend servers.

  166. Phil says:

    I have multiple personality disorder. Do I need a Cal for each of my personalities?

  167. NIGHTMARE says:

    If I have a separate Domain Controller from my IIS box from my Windows Mail Server…. Do I need 3 CALS per device/user to ‘touch’ these three servers? So now I need "# Users x # servers" number of CALs?

  168. WTF says:

    So I need 7 Billion user CAL’s for my mail server since any user on the entire Internet can ‘use my server software’ to deliver email to my company???? Oh that makes sense.

  169. Chris says:

    I just sneezed in my data closet. I’m sure I got small droplets of saliva onto at least 3 servers. Is it a CAL per droplet? Linux server options are looking so tempting right now.

  170. Swidj says:

    I thought I was confused before I started this reading this! Can only think this is where a deviant mindset leads.

  171. Chris says:

    Upgrading one of my servers to 2012. My other server is 2008. Do I need a call for the 2008 users to access a 2012 file share?

  172. Jarno says:

    @Microsoft (the user above): he/she has nothing to do with Microsoft and is telling wrong information about the User/Device CAL’s. Alex: your partner is right!

  173. Tony Brooks says:

    how about an answer in laymen’s terms for the person laying out the money!
    If a program that runs a business that is located on the server (such as PatientNow) and is used by the computers in the office, but no one is actually accessing the 2008 server program, Do those computers need cals?

  174. Mohamed says:

    how can i register cal pls inform me ? step by step please

  175. Mohamed says:

    i have installed windows server 2012 r2 standard edition and i have bought cals 5 user one . so please let me know what should i need to do ?

  176. pixel says:

    can you please tell me what a "windows network" is?

    is that any network that happens to have a windows server, even if routing, firewall, dhcp, dns, file servers, AD (samba), internal web servers, print servers all run on linux? would we have to migrate our desktop users to linux as well? what if only 5 people
    use that windows server, and they dont use it for printing? would you still need a cal for any dhcp or printer users?

  177. pixel says:

    you might save on a few CALs by using samba4 for your AD servers.

  178. roland says:

    Microsoft. When you have a license for Office and you have a shared license for RDS, you shouldn’t need an access license on every device that connects to use the license. That’s dishonest and strong arm robbery. The customer has paid for a server OS (1
    for every 2 virtual servers running a virtual 2012 server), a workstation OS, a CAL to connect to the server (this alone should make anyone run from you) a shared license for the Office on RDS, RDS CALs and now you want them to have a license for each connection
    to the OS when they already have an "access" license to use from their office workstation if it’s not a laptop from the network? Fire all your marketing people. They will leave you when all your customers do. Ashton-Tate thought they were too big to fail DEC
    thought they were too big to fail. Keep f’n your customers and you too will fail. The customer is covered. Stop being a thief. If the user doesn’t have a server CAL or an RDS cal, I can see warranting that computer to require to have a CAL to use office, but
    since they do, you’re double dipping and a class action lawsuit is warranted.

    You’re telling people to NOT have an RDS server unless anyone connecting has a laptop that doubles as their workstation in the office. Wasn’t your argument to the justice department that licensing follows the same as a book? You can’t read it in two places
    at once? If someone is connecting remotely that has a workstation license for their MSO, then the book scenario is met. You want them to have an additional copy of the book everywhere they go. You’re a thief. I will find an alternative for my clients because
    you’re causing problems in our relationship.

    You won’t force people to comply and spend more money. You will force people to spend their money elsewhere and give you the middle finger and tell you to go f yourself. I’m doing that now. My left hand has a message for you, see if you can find it. First,
    give me your credit card number. You’re gonna’ need a CAL to access it.

  179. Min Min Soe says:

    Do I need CALs for File Server ?

  180. ashish_1 says:

    6. If we have 200 device CAL licenses and are assigned to 200 devices, what will happen when a new device tries to access the RDS server? Will it get temporary access license or will not get connected
    7. How can we identify credentials other than device name like IP address, Login User Name etc from RD Licensing server?
    8. Can a single RD License Server have both device based and user based CAL License?
    9. In case RD License Server is down, will the users (device already assigned with device CAL) be able to connect to the Application hosted in RDS.
    10. Does every time client connect to the application in the RDS; the device gets authenticated from the RD License Server

  181. Legacy says:

    I really do need some help with this. This article has made me so confused. I used to be able to say that I completely understood the Microsoft Licensing Requirements. I did take the course a few times. Now I don’t think I can sell Microsoft Solutions
    to my clients for two reasons; They will either not be licensed correctly or the cost of licensing will make them laugh me off the premises.

  182. johnredd says:

    This author has no idea!

  183. HB says:

    We need clarification of licencing for some devices we have installed in our fleet vehicles. They run Windows Embed and communicate to a Windows 7 desktop which has got software on it that communicates to a SQL Server. The remote devices do not obtain
    IP address from our Servers as their addressing is handled by the telecoms provider and communicate using UDP but we would like to switch to TCP/IP. We were told that if we use TCP/IP we would require licences for each device.

  184. Steve Fu says:

    Dear Dude,

    If the web sites hosted in web server is just for external users to login / create login account for checking the product order status and submit enquiry. Does it need external connector?


  185. Adam McLeod says:

    Maybe you shouldn’t call it a Server Operating System if you can’t run it as a Server without having licenses for every user or device that will access that server. Without CALs it is not a server.

    So let me see, the customer buys

    Desktop Operating System from Microsoft
    Server Operating System from Microsoft
    Mail Server Application from Microsoft
    Mail Client Application from Microsoft

    But it doesn’t end there. The customer also needs CALs for the Server Operating System to access File shares and network services, DHCP and DNS.

    Then the customer needs to buy CALs for their users to access Exchange Server.

    I can understand CALs for simultaneous Terminal Server use but the above is completely ridiculous.

  186. Adam McLeod says:

    I’m surprised you missed out on charging people for external access. You could make even more money if you charge someone running a mail server a CAL for every machine that server will receive email from.

    Way to double dip Microsoft but I seriously think you are missing out on some revenue there!

  187. Usman says:

    If i purchase device cal for my workstation in call center and need to print some document from that workstation, do i need device cal for printer or my device cal cover for printer?

  188. Edgar says:



    1 Server with Windows Server 2008 and Oracle 11g. Its a DataBase Server.

    N remote users with personal PC, they are not part of Windows Server Domain, they only use a app which connect to de DB server, via web with an Ora-Devart connector.

    Does they need some kind of CALs to acces the Oracle DB???


  189. GTX says:

    There is no way to use Windows Server for my Web App that is doing more than simple web pages, it will require CAL, the server cost is ok, but the CAL is not.

    Thankfully Linux and tons of additional technologies are there.

    Let us know when the prehistoric CAL requirement is removed, the alternatives are a bit harder to manage, but once you get used to them they are straightforward.

  190. Boris says:

    Reading through the comments, I’m relieved that I’m not the only one thoroughly confounded by the stupid Microsoft licensing systems.
    I’ll be strongly encouraging my clients to steer clear of Microsoft until you bunch come up with a more intelligent licensing system that makes the techs on the ground lives a bit easier. Why sell a product that’s so difficult to license? Way to go penalizing
    people who are trying to do the right thing and pay for software.

  191. Last remaining Windows Developer says:

    Does this document really represent the official Microsoft Policy? If it does, the last remaining Windows Web developers will be moving their apps very soon to linux and using PHP/Python/Java. The FAQ states that each web application developed on
    that authenticates its web users needs to buy a CAL. Seriously? This must be a mistake. Already its a pain to host on Windows. We will move to Amazon, Docker and remove this .NET/ASP tax which will kill Windows Web Develop. Even if we wanted to, we can not
    compete with our competitors running Linux. Likewise, any server application running on windows, even if it does not use any of the Windows Server apps needs their users to buy a CAL. It will mean we will have to port our web & server applications to Linux
    and move hundreds of thousands of servers and users to Linux. Please, someone at Microsoft read this, check that who is making this policy actually has a brain and escalate this to top management. Please provide us a serious business contact with whom this
    can be discussed, not some licensing sales person who doesn’t care that this policy will remove Microsoft from the market in a few short years.

  192. Its illegal says:

    I doubt that this CAL is even legally enforceable in Europe. But to be sure we will move our stuff to Linux. Its a pain, but we don’t want to and can not compete with the many linux based cloud services running just fine on PHP et all. Microsoft, who is
    in charge of licensing?? See the comments for yourself and see that you will annihilate the last remaining fans you have in the market, that is the .NET developers. Without .NET apps your CAL sales will plummet. Already you have lost major market share. This
    is the coffin, the nails and the last nail of microsoft. Yes its a bit harder to manage a Linux server compared to a Windows Server, but not this much harder.

  193. Windows Foundation says:

    If i undersatnd right Windows Server Essentials and Windows Server Foundation do not require CALS so this is the correct license to use right?

  194. mbkitmgr says:

    Sorry Mr Microsoft, I had to laugh, I have just got off the phone from MS licensing and so much of what has been offered as clarification here contradicts what I was told less than 10 mins ago. I encourage my customers to be compliant with their licensing,
    but what is the point when Microsoft itself doesn’t understand its own licensing. The licensing centre suggested I try the forums (LOL) when I asked the following question.
    "I have a customer running SBS 2011. Multiple staff have left the company and wont be replaced. The customer wants to leave the mailboxes on the server for obvious reasons, and they asked me to advise if they need CALs for the mailboxes that will accumulate
    when employees leave and not be used by staff in the future except to refer to old correspondence"

  195. Rick Repsher says:

    I think this whole licensing model is BS. Every single desktop computer in our organization has a LEGAL version of Windows 7 64 Bit Enterprise on it, and now, after paying $800 for to update one of our servers to 2012 R2, Microsoft says…. "Oh, and by
    the way, you’re going to need to drop $30 a piece for those users to connect to that server."

    Thank you for making the move to LINUX that much easier!

  196. MoreLinuxMoreCloud says:

    Dear Microsoft, you realize you are encouraging more and more organizations to move away from your products, right? I’m all for paying licenses for the use of software but your licensing model and rules are confounding. Canadian Tax law is easier to understand
    and follow than your licensing model.

    Yes, managing Linux and open source may be a tad more difficult, but I’d rather go through the pains of dealing with the technical problems, than to have to waste my time to sift through the mounds of licensing BS. It would take me weeks of dedicated time to
    get up to speed on Microsoft licensing knowing full well that in the next year or so, Microsoft will change their minds, again, and adjust the rules to find more ways of digging additional cash from organizations.

    As market share decreases, the drive to scrape more licensing fees from the remaining customer base will only increase. Time to get out.

  197. dax says:

    "A1 – Yes, any Windows Server access requires a Windows Server CAL. In this scenario, the printers are connecting to, and receiving benefit of, Windows Server."
    Absolute rubbish! The end-user device (workstation) is connecting to the printer, not the printer connecting to the server.

    "A multifunction printer accesses server software to; receive an IP address, to receive a job, to communicate that the job is finished, etc. In short, it communicates with the server software."
    Seems like someone needs to read the DHCP spec – a device broadcasts to the entire LAN looking for an IP address, devices on the LAN respond to those broadcasts on a first-in-first-served basis.

  198. Cal What Cal says:

    So my company is looking to upgrade their domain controller and a licensing question came up. If i am going to upgrade the domain controller to windows server 2012 am i going to have to get a standard cal for every single user employed and using a computer?
    And will i also need one for every network printer with a static ip address?

  199. Vicente says:

    A company that has non employees working outside the organitation but are validated under the AD ,

    It´s necesary the CAL Access or the external connector ??

  200. DjLiLaLRSA says:

    Just buy Windows 7 / 8 Pro, install virtual machines for each user, these prices and licensing structures are getting out of hand and disgusting, it actually costs less to buy a Windows 7 / 8.1 license than the Windows 2012 CAL + RDS CAL + Office Standard
    CAL + OS CAL + Any other stupid thieving CAL.

    Microsoft Windows used to be about buying 1 package that does everything, well MICROSOFT you have failed on that now too, i mean saying a MFP Printer needs a license now, why, it does not have a brain and does not change, edit, move, save files in any way other
    than programmed, it is only using computer logic which should not mean the same license is needed as for someone with Human Logic, a printer wont steal information, or spy on others documents to sell info to other…. MFP Printers. Windows Server is about
    security and sorry but stealing peoples money for stupid licensing, means your failing the people when it comes to this since you are the biggest thieves yourselves.

  201. abdul says:

    Do I need a CAL for users to join a domain

  202. fred says:

    How many CAL’s do I need for a Microsoft free Linux/MySQL solution? Does my cat need a CAL?

  203. Abhilash says:

    I have a windows server 2008 R2 standard . and I want to configure a Active directory and join 100 systems to domain . Do I need a CAL licenses?? if yes how many CALS?? and at the same time I have installed third party mail server in the server do I need
    a CAL for that also??

  204. Rafael says:

    Something strange happens, I was looking for details on the Product Term (October 2015) and the sentence:

    " any User or Device that accesses the server software, either directly or indirectly, requires a CAL"

    is not present!!!! (except for Essential Servers)

    the sentece I found is:

    "Except as described here and noted in the Product-Specific License Terms, all server software access requires CALs or CAL Equivalent Licenses"

    This can make a big difference since the product Term is the only contractual binding document.
    any comments?

  205. Server CAL needed for Users who only use OWA says:

    Is a server CAL needed, when an employee only uses the OWA (outlook web access) from an external location. In my opinion the user is using a webservice and only need a exchange cal.

  206. sam says:

    You should be fine using AD CALs for your users, which will cover use of devices also using Windows Services. In many cases, I setup guest wifi to use a firewall/router DHCP rather than Windows so no further CALs are required. Additional RD CALs are required
    for Remote Desktop Services and SQL CALs as well.

    For instance, I recently quoted out a new infrastrcuture for a client which included:

    45 AD CALs for a new DC (getting them off of SBS)
    45 SQL CALs (for EMR solution that uses SQL, but was never licensed)
    45 RD CALs (for new Remote Gateway/Session Host that users access to use EMR)

    Still, it quickly turned a new $10k server into a $40k project.

  207. Lieve Geelen says:

    I see a lot of topics are mixed here. I am dealing with MS licensing on a daily basis and I must say that, although licensing is really complex, the rules are documented quite clearly. If you have a good licensing partner, they should know where to find
    the correct information.

    First of all you need to make a dicision if you want User or Device CAL´s. When you have User CAL´s, all users tath are working for your company (own personel and contractors) require a CAL, also temporary people. For external users (people that are not an
    employee or a contractor at your company, e.g. you customers) that can access a server that is owned by your company, you can choose to purchase a CAL or an external connector license. For some products, the external access license requirement is waved. How
    to count? You need to make sure that all your users have their own AD named user account. When that is the case, you can run a simple shell script on the AD, you filter out all users that have not been disabled in the AD and that have been active over the
    last 90 days and you get rid of all generic /admin accounts. That gives you the number of User CAL´s you need.

    When you have device CAL´s it is a little more complex as true there might be machines that are not registered in the AD that access a windows server like e.g. multifunction printers and thin clients. And it is true that all devices that have access to the
    Windows Server, one way or another, require a Device CAL. You need to aminister this with a ITAM tool or manually.

    This is not to be mixed with the definition of Qualified Device. A qualified device just gives information on which devices have to be included in an Enterprise Agreement count, That is a completely different topic that has nothing to do with CAL requirement.
    When a machine can be excluded from the qualified device count under an EA because it answers to the description of an Industry device, that does not mean that it does not require a CAL.

  208. skye2 says:

    Running a dozen users / PC’s + wireless devices (phones/tablets) on SBS2003, and looking at upgrading to to Windows 2012, but there’s no way on earth that I’m going through this hell.
    I was a Linux sys-admin before I started this job, and it looks like I’ll become one again shortly.

Skip to main content