I didn't read the whole thread, but what happened to the wireless in the revised diagram?
Also, I'd put the servers behind a firewall and only limit access based on the ports/services absolutely required. If someone's system is acting up or has something it shouldn't it'll help keep the servers up and running without any issues.
What purpose will the admin machines serve? (no pun intended) You may want them firewalled off as well. At a minimum the servers and admin systems should be on their own VLAN away from the user systems. Do NOT make the file server your DHCP server. I've had nothing but problems with that in the past. People come in, start grabbing files, and then those that show up later can't get to it to pull an IP. It's just not a good idea.
Well in the 2nd revision I removed the WAP since now the internet isn't seperated from the res of the network. So in this case I would just manage it where the Admin PCs and Servers have unmetered access, while the rest a severely capped.
Well the admin PCs would be those of us running it, would need something to do when not running around, and it would be a bad idea to just have it at the regular tables.
In the 2nd revision, the firewall could also easily act as the DHCP server no problem. I've changed it a bit more still, but I'll post that later.