WCLCT09: De-mystifying Product Activation in Windows Vista/Longhorn Server Kalpesh Patel Ramprabhu Rathnam Software Protection Platform Microsoft Corporation.

WCLCT09:De-mystifying Product Activation in Windows Vista/Longhorn Server

Kalpesh PatelRamprabhu Rathnam

Software Protection PlatformMicrosoft Corporation

Agenda

• Activation Options

• MAK

• KMS

• Resources

• Q&A

OnlinePhone

BIOS-bound Pre-install

Multiple Activation Key (MAK)Key Management Service (KMS)

Activation Options

Multiple Activation Key

• One time activation against Microsoft

• Two methods of activation using a MAK:

• MAK Independent Activation: Each desktop individually connects and activates with Microsoft

• MAK Proxy Activation: One centralized activation request on behalf of multiple desktops with one connection to Microsoft

• Reactivation may be required if there is significant change in the underlying hardware

• Has an associated upper limit, depending on the license agreement, and can be easily refilled

`

MAK Independentclient

MAK Independent Activation

`

VAMT host

Microsoft

Internet

1. Distribute MAK :

a. VAMT

b. During OS installation

c. Change product key wizard or WMI script

2. MAK client(s) connect once to Microsoft via Internet (SSL) for activation or use telephone. Significant hardware changes will require reactivation.

1

2

MAK Proxy Activation using VAMT

`

VAMT host

Microsoft

2. Apply MAK and collect Installation ID (IID) using WMI

optionally export to XML file

`

MAK Proxy client

1. Find Windows Vista machine(s) from Active Directory (LDAP) or through network discovery APIs NetServerEnum()

4. Activate MAK Proxy client(s) by applying CID

optionally import updated XML file first

Significant hardware changes will require reactivation.

Active Directory

Internet

3. Connect to Microsoft over Internet (SSL) and obtain corresponding Confirmation ID (CID)

optionally update XML file with CIDs

1 23 4

Key Management Service

• Activate against a customer hosted service and NOT with Microsoft

• Systems must re-activate by connecting to corporate network at least every 6 months

• Requires 25+ for Windows Vista and 5+ for Windows “Longhorn” server

• Default activation option for all volume editions of Windows Vista and Windows Server “Longhorn”

• Requires no user interaction

• Currently available on Windows Vista and “Longhorn” server. Planned support for Windows Server 2003 in Q1 2007

How KMS Activation Works

KMS ClientKMS Host(s)

DNS

1. Discover KMS host via registry or DNS SRV RR (_vlmcs._tcp)

2. Send RPC request to KMS host on 1688/TCP by default (~250b)

Generate client machine ID (CMID)

Assemble and sign request (AES encryption)

On failure retry every 2 hours (default)

3. KMS host adds CMID to queue and responds with current count (~200b)

4. KMS client evaluates count vs. license policy and activates itselfitself

Store KMS host Product ID, intervals, and client hardware ID in license store

On success renew activation every 7 days (default)

1

2

3

4

Common Questions

1. Why is activation required now?

2. How do I determine between MAK and KMS?

3. How does activation impact my current imaging and distribution processes and tools?

4. What about OEM machines?

5. What qualifies “significant” hardware change?

6. What happens if the client machine is not activated?

7. How do I ensure our machines will not enter Reduced Functionality Mode?

8. How do I recover from Reduced Functionality Mode?

9. Can we use KMS even if we don’t use Microsoft AD, DNS or Firewall?

10.What should my end-users know about activation?

Resources

• Volume Activation 2.0 on TechNet: http://go.microsoft.com/fwlink/?LinkID=75673

• Volume Activation 2.0 on Download Center: http://go.microsoft.com/fwlink/?LinkID=75674

• Business Desktop Deployment Solution Accelerator: http://www.microsoft.com/technet/desktopdeployment/bdd/2007/default.mspx

Summary

• Activation is a required process for all editions of Windows Vista & Windows Server “Longhorn”

• Multiple activation options exist for volume customers

• MAK independent, MAK proxy and KMS

• Provides centralized management and protection of VL keys

• Enhances software asset management efforts

• Integrated with Business Desktop Deployment for easier deployment and management of Windows Vista

© 2006 Microsoft Corporation. All rights reserved.This presentation is for informational purposes only.MICROSOFT MAKES NO WARRANTIES, EXPRESS OR IMPLIED, IN THIS SUMMARY.