Hi Cavery,
At a former employer of mine, there was an NT 4 server running IIS 4, network proxy and time server, Sybase ASA6 and MS SQL Server 7 database servers (yes, both simultaneously), VPop3 mail server, network time sync, network DHCP host, VNC for remote control, McAfee Netshield, Netware Gateway to a clapped out old server with some old essential files on it (which were reshared) as well as file and print for 7 users.
It also had an ISDN dialup facility which the proxy server used, and a 56K modem. Additionally, it was used to run PC Anywhere for connection to client systems as well as having the only CD writer in the company, so had the burning software installed. Needless to say it was the PDC as well, with no BDC's.
It was a dual Pentium II 350 box with 128Mb RAM and a single 9Gb SCSI disk split into two partitions. It's network connection was a single 10Mbit Intel EtherExpress card, and it wasn't that slow, considering all that it ran, but there were some days when it did appear to hang and need rebooting in the middle of the day.
Why then did I say 500MHz CPU with 256Mb RAM? Well. This was a dedicated server. It wasn't used by anybody as a workstation. I'm sure you could get away with a far less powerful system, even if you ended up recycling an old PC that was taken out of use when it was upgraded.
Looking at your posts to other people, if you need an instant response, you are going to need a reasonable spec machine, especially if the number of users starts increasing. Yes, Linux systems generally take less resources than Windows for similar performance, or you can get the same level on a slower system. It all depends as to what you are comfortable with in terms of both writing at first and managing. If you start with a reasonable system and it becomes mission critical, it becomes more difficult to schedule downtime acceptable to all to install upgrades, such as more memory, at a later date. I understand this only too well from the above server.
As for going it alone without the IS department's backing, I would check first of all to ensure that there is no company policy regarding connection of unauthorised systems to the network (which may get you in trouble if you get caught). If not, and you are happy to go ahead, (or are willing to take the risk) do so and show it to other people when its up and running. Who knows, if the IS department see what you have done and like it, they may want to use that as the basis for an authorised system. You could of course show it to other users, and use their peer pressure together with you to get it implemented on an official basis.
Good luck with whatever you decide to do.
John