AKTIVÁCIA WINDOWS VISTA WINDOWS SERVER 2008 Radovan Mráz Licensing Product Manager exe, spol. s r. o.

Volume Activation 2.0 Multiple Activation Key (MAK) slúži na jednorazovú aktiváciu, po aktivácii už nie je nutná ďalšia komunikácia s Microsoftom. Podľa typu multilicenčnej zmluvy získava zákazník určitý počet aktivácií MAK. Počet sa dá navýšiť v prípade požiadavky. MAK Independent Activation: Každý počítač sa individuálne pripojí a aktivuje voči MS (online alebo telefonicky). MAK Proxy Activation: Centralizovaná aktivácia viacerých staníc jedným pripojením do MS. Key Management Service (KMS) slúži na aktiváciu staníc voči službe, ktorú zákazníci inštalujú vo svojej sieti. KMS Activation: Počítače sa aktivujú v rámci lokálnej siete, nie v MS. Reaktivácia je nutná minimálne raz za 180 dní. Volume Activation nevyžaduje akciu koncového používateľa.

Multiple Activation Key

Volume Product Key Groups (MAK)

Volume Product Key Groups (MAK) Windows product editions activated by this MAK Vista VL Windows Vista Business Windows Vista Enterprise Server Group A MAK_A Windows Web Server 2008 Server Group B MAK_B Windows Server 2008 Standard Windows Server 2008 Standard without Hyper-V Windows Server 2008 Enterprise Windows Server 2008 Enterprise without Hyper-V Server Group C MAK_ C Windows Server 2008 Datacenter Windows Server 2008 Datacenter without Hyper-V Windows Server 2008 for Itanium-Based Systems

Aktivácia MAK Independent Distribúcia MAK: Volume Activation Management Tool (VAMT) Počas inštalácie Zmena kľúča v sprievodcovi alebo Windows Management Instrumentation (WMI) skripte MAK klienti sa pripájajú jednorazovo do MS cez Internet (SSL) alebo telefonicky.

Aktivácia MAK pomocou VAMT Vyhľadá zariadenia s Windows Vista/Windows Server 2008 z Active Directory (LDAP) alebo cez network discovery APIs Použije MAK a zozbiera Installation ID (IID) pomocou WMI, prípadne exportuje do súboru XML Pripojí sa do MS cez Internet (SSL) a získa Confirmation ID (CID). Môže aktualizovať súbor XML s CID Aktivuje MAK Proxy klientov aplikovaním CID. Importuje aktualizovaný súbor XML. Výrazné hardvérové zmeny môžu vyžadovať reaktiváciu.

Inštalácia MAK Vyberte správne inštalačné médium a inštalujte produkt, žiadny kľúč nie je požadovaný počas inštalácie. Manuálne 1 – vložením kľúča: Prihláste sa do počítača ako administrátor. Otvorte Control Panel –System (Ovládacie panely – Systém) alebo kliknúť pravým tlačidlom na Computer – Properties (Počítač – Vlastnosti) Windows Activation - Change Product Key (Aktivácia systému Windows – Zmeniť kód Product Key) Vložte kľúč MAK. Následne sa počítač aktivuje online cez internet Manuálne 2 – skript: cscript \windows\system32\slmgr.vbs -ipk <Multiple Activation Key> cscript \windows\system32\slmgr.vbs –ato (manuálna aktivácia) Bezobslužná inštalácia (unattended installation): Do súboru unattend.xml vložíte MAK, pozri Windows Automated Installation Kit (WAIK) User’s Guide pre Windows Vista http://go.microsoft.com/fwlink/?LinkId=76683 Q. Where can I obtain the telephone number to activate my computer using MAK activation through phone? A. You can obtain the telephone number by running slui.exe 4 at the command prompt. You can also obtain the telephone number by clicking Show me other ways to activate in the Product Activation wizard. Optionally, you can find the phone number for your location in the %systemroot%\system32\slui\phone.inf file. Q. How can I tell if my computer is activated? A. Look for “Windows is activated.” in the Welcome Center or in System under Control Panel. Alternatively, you can run the slmgr.vbs –dli script and view the activation status in License Status, which may be Unlicensed, Licensed, Initial Grace Period, Additional Grace Period, or Non-Genuine Grace period. Q. Does a MAK-activated computer require reactivation when its operating system is reinstalled? If so, does it count against the total number of activations? A. Whenever an operating system is reinstalled, the computer will have to be reactivated and thus, if you are using MAK, it will count against the total number of activations. Q. If I suspect that my MAK is leaked, can it be blocked from further activations? A. Yes, you can work with Microsoft to block a MAK. Use Setup.exe or Windows Deployment Service (WDS) and specify a MAK product key in the “specialize” pass in an unattend.xml on a floppy disk for boot from DVD installation or by running setup /unattend:<path to file> for network share based installation. For more information, see the Unattended Windows Setup Reference help file and the Windows Automated Installation Kit (WAIK) User’s Guide for Windows Vista: http://go.microsoft.com/fwlink/?LinkId=76683

Volume Activation Management Tool Určený pre aktiváciu MAK Proxy a MAK Independent Poskytuje status aktivácie na staniciach Podporuje Active Directory (AD), workgroup, aj individuálne (podľa IP adresy a názvu adresy) vyhľadávanie staníc Všetky dáta sú ukladané v XML formáte Podporuje import a export údajov medzi nástrojmi Na aktiváciu produktu Windows Server 2008 je nutné použiť VAMT 1.1: http://www.microsoft.com/downloads/details.aspx?FamilyID=12044DD8-1B2C-4DA4-A530-80F26F0F9A99&displaylang=en

Volume Activation Management Tool 9/19/2018 11:00 PM Volume Activation Management Tool Figure 2: Network configuration using MAK and VAMT See full-sized image The figure shows computers in the following scenarios: Core network: In the core network scenario, the VAMT is deployed to a computer that can access the Internet. The administrator can perform an “Add Machine” function against the Active Directory domain or workgroups to find computers on the network. After discovering the computers and the returned status, the administrator can perform either MAK independent activation or MAK proxy activation. A MAK independent activation installs a MAK on a client computer and requests activation against Microsoft servers over the Internet. A MAK proxy activation installs a MAK on a client computer, obtains the installation ID (IID), sends the IID to Microsoft on behalf of the client, and obtains a confirmation ID (CID) that the tool activates the client by installing the corresponding CID. Secure zone: In this scenario, the tool can activate computers using MAK proxy activation. This assumes that the clients in the secure zone do not have Internet access. The following two key issues need to be addressed: The computers must be discoverable (through Active Directory directory service or Workgroups). The tool has to make a call to the WMI services on the computer to get status and install MAKs and CIDs. This requires the firewall to be configured to allow DCOM RPC traffic through it. For more details on this, see "How to configure RPC dynamic port allocation to work with firewalls" at the following URL: http://support.microsoft.com/?kbid=154596 Isolated lab: In the isolated lab scenario, the tool is hosted inside the isolated lab. The tool performs discovery, obtains status, installs a MAK, and obtains IID on all computers in the lab. The tool then exports the list of computers to a file on removable media. The administrator imports the machine data onto a computer running the tool in the core network. Once this is done, the tool sends the IIDs to Microsoft and obtains the corresponding CIDs, which the administrator then exports to a file on removable media and takes it back to the isolated lab. Once this data is imported into the tool, the administrator can activate the isolated lab computers by installing the CIDs. © 2004 Microsoft Corporation. All rights reserved. This presentation is for informational purposes only. Microsoft makes no warranties, express or implied, in this summary.

VAMT User Interface

Key Management Service

Volume Product Key Groups (KMS)

Volume Product Key Groups (KMS) KMS Key KMS can be hosted on (KMS key activates KMS host) Windows product editions activated by this KMS Host Vista VL KMS Windows Vista KMS for Windows Server 2003 v1.0 or v1.1 Windows Vista Business Windows Vista Enterprise Server Group A KMS_A Windows Web Server 2008 KMS for Windows Server 2003 v1.1 Server Group B KMS_B Windows Server 2008 Standard Windows Server 2008 Standard without Hyper-V Windows Server 2008 Enterprise Windows Server 2008 Enterprise without Hyper-V Server Group C KMS_C Windows Server 2008 Datacenter Windows Server 2008 Datacenter without Hyper-V Windows Server 2008 for Itanium- Based Systems Windows Server 2008 Datacenter Windows Server 2008 for Itanium-Based Systems

Konfigurácia siete In case of KMS activation, client computers must connect to a KMS host at least once every 180 days to renew their activation. Computers that are not activated try to connect with the KMS host every two hours (value configurable). Once activated, these computers attempt to renew their activation (locally) every seven days (value configurable), and if successful, their 180-day activation life span is renewed. KMS activation requires TCP/IP connectivity (port TCP/1688 default). A KMS activation request and response takes approximately 450 bytes. Consider the impact of periodic activation for slow and/or high-latency links.

Inštalácia KMS servera Vyberte správne inštalačné médium a inštalujte produkt, žiadny kľúč nie je požadovaný počas inštalácie. Prihláste sa do počítača so zvýšenými právami. Inštalujte kľúč KMS spustením skriptu: cscript C:\windows\system32\slmgr.vbs -ipk <KMS Volume License Key> Aktivujte KMS server, online cez internet alebo telefonicky: - online cez internet, spustite skript: cscript C:\windows\system32\slmgr.vbs -ato - telefonicky, spustite príkaz a nasledujte inštrukcie: slui.exe 4 http://download.microsoft.com/download/a/6/e/a6e81243-dd35-448c-96f3-b2727578b1ad/VLK-Demo-HynesITe-V2.wmv Client computers locate a KMS service using one of the following ways: Auto-discovery: Client computer uses the Domain Name System (DNS) service SRV resource records (default) to automatically locate a local KMS host. Direct registration: A system administrator specifies the KMS host and communication port in the registry. Q. Can I use one KMS key on multiple KMS hosts? A. By default, KMS keys are limited to 6 computers, each with up to 9 reactivations. Administrators can obtain an override by calling their local Microsoft Activation Call Center. Q. If I install more than one KMS, will KMS information replicate between KMS hosts? A. KMS hosts are individual entities and therefore, there is no cross-communication or sharing of information between them. Q. How can I verify that the KMS host is set up correctly? A. You can verify if the KMS is set up correctly by observing the KMS count and by reviewing the KMS event log entries. Run slmgr.vbs –dli on the KMS host to obtain the current KMS count. The KMS Event Log will show the name of the computer and the time-stamp for each request. The KMS system uses SRV resource records to store and communicate KMS location and configuration information through DNS. You can manually create the necessary SRV record for a KMS host. It should contain the following information: Name=_vlmcs._TCP Type=SRV Priority = 0 Weight = 0 Port = 1688 Hostname = <FQDN or A-Name of the KMS host> In a sample BIND 9.x zone file,a proper KMS SRV RR looks like this: _vlmcs._tcp        SRV    0 0 1688 kms01.contoso.com Notes - Priority and Weight are not used by the KMS service and are ignored by KMS client. However, they do need to be included in the zone file. - Port 1688 is the default port, but it can be changed on the KMS and KMS client computers. For more information, see the Windows Vista Volume Activation 2.0 Step-by-Step Guide. If you use a custom port for the KMS and manually create the SRV record for the KMS, change the port data in the SRV record to match the custom port configured on the KMS. Q. If there are multiple KMS hosts in a domain, and yet one or more of those KMS services are not responding, what logic does the KMS client use to find the next KMS service? A. The first time a KMS client computer attempts to activate, a KMS computer name is randomly chosen from all the retrieved SRV resource records. If the selected KMS does not respond, the KMS client computer will immediately remove that KMS from its list of SRV resource records and randomly select another KMS. Once a KMS responds, the KMS client computer caches the name of the KMS and uses it for subsequent activation and renewal attempts. If the cached KMS does not respond on a subsequent renewal, the KMS client computer rediscovers a KMS using the same algorithm.

Inštalácia KMS klienta Vyberte správne inštalačné médium a inštalujte produkt, žiadny kľúč nie je požadovaný počas inštalácie. Aktivujte KMS klienta, automaticky alebo manuálne: - automaticky v dvojhodinovom intervale - manuálne, spustite skript: cscript C:\windows\system32\slmgr.vbs –ato Client computers locate a KMS service using one of the following ways: Auto-discovery: Client computer uses the Domain Name System (DNS) service SRV resource records (default) to automatically locate a local KMS host. Direct registration: A system administrator specifies the KMS host and communication port in the registry. Q. If there are multiple KMS hosts in a domain, and yet one or more of those KMS services are not responding, what logic does the KMS client use to find the next KMS service? A. The first time a KMS client computer attempts to activate, a KMS computer name is randomly chosen from all the retrieved SRV resource records. If the selected KMS does not respond, the KMS client computer will immediately remove that KMS from its list of SRV resource records and randomly select another KMS. Once a KMS responds, the KMS client computer caches the name of the KMS and uses it for subsequent activation and renewal attempts. If the cached KMS does not respond on a subsequent renewal, the KMS client computer rediscovers a KMS using the same algorithm.

Zmena kľúčov MAK <->KMS Zmena z MAK na KMS Prihláste sa do počítača ako administrátor. Spustite nasledovný skript na inštaláciu spolu s kľúčom MAK: cscript \windows\system32\slmgr.vbs -ipk <Multiple Activation Key> Spustite nasledovný skript na aktiváciu počítača pomocou KMS: cscript \windows\system32\slmgr.vbs -ato Zmena z KMS na MAK Otvorte Control Panel –System (Ovládacie panely – Systém) alebo kliknúť pravým tlačidlom na Computer – Properties (Počítač – Vlastnosti) Windows Activation - Change Product Key (Aktivácia systému Windows – Zmeniť kód Product Key) Vložte kľúč MAK. Can a standard user switch to MAK from KMS? By default, a standard user cannot switch to MAK from KMS unless an administrator has enabled standard user activation. For more information on enabling Standard User Activation, see the Standard User MAK Activation section of the Windows Vista Volume Activation 2.0 Step-by-Step Guide.

Priebeh aktivácie KMS Počet aktivácií (activation count): KMS aktivuje Windows Vista (len fyzické OS) pri počte 25 Windows Server (fyzické aj virtuálne OS) pri počte 5 FYZ - 3 FYZ - 4 VIRT - 5 FYZ - 1 FYZ - 2 VIRT - 2 FYZ - 6 FYZ - 25

Ďalšie informácie

Časté otázky Koľko kľúčov KMS a MAK sa dá získať? Jedna zmluva znamená 1 kľúč KMS a 1 kľúč MAK. Koľko KMS Serverov je možné nainštalovať? Kľúč KMS umožňuje inštaláciu 6 KMS serverov. V prípade potreby je však možné získať dodatočné kľúče (vybavenie požiadavky trvá asi 5 dní). V žiadnom prípade by však KMS servery nemali byť na nezabezpečenej sieti, ktorá by umožňovala aktiváciu neautorizovaných počítačov. Čo treba urobiť pri inštaláciách pomocou klonovania diskov? Je nutné aktivovať aj tieto počítače? Pred vytvorením klonu je odporúčané spustiť syprep /generalize, aby sa resetoval počet aktivácií. Je možná zmena MAK na KMS a naopak ? Áno, administrátor môže zmeniť typ aktivácie. Q. If I use disk-cloning software to duplicate Windows Vista installations, will all new computers require activation? A. Yes, each installation requires activation. It is essential to run sysprep /generalize as the final step to reset the product activation timers before creating the clones. Q. How do I run sysprep? A. Before running sysprep /generalize, navigate to HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SL and verify that value of skiprearm is set to ‘0’. Upon verification, run \system32\sysprep\sysprep.exe /generalize /oobe /shutdown. Important note: This section contains information about how to modify the registry. Make sure to back up the registry before you modify it. Make sure that you know how to restore the registry if a problem occurs. For more information about how to back up, restore, and modify the registry, click the following article number to view the article in the Microsoft Base: 256986 (http://support.microsoft.com/kb/256986/) Description of the Microsoft Windows registry. Q. I created and deployed a Windows Vista image. Why are the client computers not adding to the KMS count? A. You need to run sysprep /generalize to reset both the SID and the product activation information; otherwise, each client computer looks identical and KMS cannot distinguish between them. Important parameters must be reset to prevent such conflicts between cloned computers; including parameters such as the activation timer, KMS client machine ID (CMID), name of the client computer, and the security ID (SID).   The KMS activation key for Windows Vista can be used across different sites/servers but it has a 6 servers limitation.  This can be increased by contacting Microsoft.  If your customer needs to increase the KMS limits, they can send an e-mail to KMSADD@microsoft.com requesting multiple KMS override.  In the mail the following information is needed: Company name Agreement and/or license number and licensing program in this request Requestor Name, Phone, Email Product Number of activations requested Reason for request Required date Please note that if mail is sent in English, five working days is the normal response time. If the request is sent in other languages, the response can take up to 3 weeks. Similarly, if the customer needs to increase their MAK activation limit, they can contact our Product Activation centre or write to MAKADD@microsoft.com

Časová línia aktivácie Non-Genuine Grace Out-of-Tolerance Grace Initial Grace Licensed automatická aktivácia (každé 2 hod) automatická aktivácia (každé 2 hod) automatická aktivácia (každých 7 dní) Grace Activated Grace NBE 30 dní Reaktivácia každých 180 dní (automatická aktivácia posúva reaktiváciu o 180 dní) 30 dní NBE – Notifications-based experience Systém funguje normálne s výnimkami: Pozadie je čierne KMS host nevie aktivovať KMS klientov Windows Update inštaluje len kritické aktualizácie

Ďakujem za pozornosť