Hi there, I have a client who will shortly be installing a system using Symbol HHTs running Windows CE .Net 5.0 with PEAP MSCHAP V2 authentication to a Cisco ACS server which ultimately enables access to a custom application running on a Windows Server 2003 box.
The burning question is do I need a Windows CAL on each HHT - we are not using the devices to do anything on the domain but will be accessing a server that is present on the domain.
Any device that accesses the AD network or servers there on will require a CAL.
Does this CAL requirement equally apply if we are accessing the server via the HHT and not using the authentication method outlined above - simply secured by WEP or similar?
The HHT user is not directly accessing any domain resources, the (thin) client application is directly accessing a server application, the server just happens to be on the network so that it can directly interface to database servers etc.
This question arose from the potential use of PEAP with MSCHAP when someone mentioned the potential requirement for a CAL.
So does the authentication method matter here or indeed anywhere else at all with regards to the CAL requirement?
From what you said it is accessing a domain resource, the application on a Win2K3 server. Are you going to use the IAS application? If so that is another resource as well.
If you plan on not authenticating to the AD, it might become somewhat nebulous as to if a CAL is required. I guess if this is a business situation I would ask a MS partner to be sure.
Also, you could try this same question on Mark Minasi's forum MR&D forums. There are several MVPs that help out there and they are much more informed on MS specifics than I am.
As an aside, it is a great forum for any MS question.