WCLCT09: De-mystifying Product Activation in Windows Vista/Longhorn Server Kalpesh Patel Ramprabhu Rathnam Software Protection Platform Microsoft Corporation
Dec 21, 2015
WCLCT09:De-mystifying Product Activation in Windows Vista/Longhorn Server
Kalpesh PatelRamprabhu Rathnam
Software Protection PlatformMicrosoft Corporation
Agenda
• Activation Options
• MAK
• KMS
• Resources
• Q&A
OnlinePhone
BIOS-bound Pre-install
Multiple Activation Key (MAK)Key Management Service (KMS)
Activation Options
Multiple Activation Key
• One time activation against Microsoft
• Two methods of activation using a MAK:
• MAK Independent Activation: Each desktop individually connects and activates with Microsoft
• MAK Proxy Activation: One centralized activation request on behalf of multiple desktops with one connection to Microsoft
• Reactivation may be required if there is significant change in the underlying hardware
• Has an associated upper limit, depending on the license agreement, and can be easily refilled
`
MAK Independentclient
MAK Independent Activation
`
VAMT host
Microsoft
Internet
1. Distribute MAK :
a. VAMT
b. During OS installation
c. Change product key wizard or WMI script
2. MAK client(s) connect once to Microsoft via Internet (SSL) for activation or use telephone. Significant hardware changes will require reactivation.
1
2
MAK Proxy Activation using VAMT
`
VAMT host
Microsoft
2. Apply MAK and collect Installation ID (IID) using WMI
optionally export to XML file
`
MAK Proxy client
1. Find Windows Vista machine(s) from Active Directory (LDAP) or through network discovery APIs NetServerEnum()
4. Activate MAK Proxy client(s) by applying CID
optionally import updated XML file first
Significant hardware changes will require reactivation.
Active Directory
Internet
3. Connect to Microsoft over Internet (SSL) and obtain corresponding Confirmation ID (CID)
optionally update XML file with CIDs
1 23 4
Key Management Service
• Activate against a customer hosted service and NOT with Microsoft
• Systems must re-activate by connecting to corporate network at least every 6 months
• Requires 25+ for Windows Vista and 5+ for Windows “Longhorn” server
• Default activation option for all volume editions of Windows Vista and Windows Server “Longhorn”
• Requires no user interaction
• Currently available on Windows Vista and “Longhorn” server. Planned support for Windows Server 2003 in Q1 2007
How KMS Activation Works
KMS ClientKMS Host(s)
DNS
1. Discover KMS host via registry or DNS SRV RR (_vlmcs._tcp)
2. Send RPC request to KMS host on 1688/TCP by default (~250b)
Generate client machine ID (CMID)
Assemble and sign request (AES encryption)
On failure retry every 2 hours (default)
3. KMS host adds CMID to queue and responds with current count (~200b)
4. KMS client evaluates count vs. license policy and activates itselfitself
Store KMS host Product ID, intervals, and client hardware ID in license store
On success renew activation every 7 days (default)
1
2
3
4
Common Questions
1. Why is activation required now?
2. How do I determine between MAK and KMS?
3. How does activation impact my current imaging and distribution processes and tools?
4. What about OEM machines?
5. What qualifies “significant” hardware change?
6. What happens if the client machine is not activated?
7. How do I ensure our machines will not enter Reduced Functionality Mode?
8. How do I recover from Reduced Functionality Mode?
9. Can we use KMS even if we don’t use Microsoft AD, DNS or Firewall?
10.What should my end-users know about activation?
Resources
• Volume Activation 2.0 on TechNet: http://go.microsoft.com/fwlink/?LinkID=75673
• Volume Activation 2.0 on Download Center: http://go.microsoft.com/fwlink/?LinkID=75674
• Business Desktop Deployment Solution Accelerator: http://www.microsoft.com/technet/desktopdeployment/bdd/2007/default.mspx
Summary
• Activation is a required process for all editions of Windows Vista & Windows Server “Longhorn”
• Multiple activation options exist for volume customers
• MAK independent, MAK proxy and KMS
• Provides centralized management and protection of VL keys
• Enhances software asset management efforts
• Integrated with Business Desktop Deployment for easier deployment and management of Windows Vista
© 2006 Microsoft Corporation. All rights reserved.This presentation is for informational purposes only.MICROSOFT MAKES NO WARRANTIES, EXPRESS OR IMPLIED, IN THIS SUMMARY.