WCL320: Activating Windows in Enterprise Environment Kalpesh Patel Ramprabhu Rathnam Software Protection Platform Microsoft Corporation.

Slides:



Advertisements
Similar presentations
Volume activation.
Advertisements

Microsoft Goals Engineer a product less vulnerable to piracy and counterfeit Provide set of tools to help ensure a more managed installation environment.
IP ADDRESS MANAGEMENT [IPAM]
5.1 Overview of Network Access Protection What is Network Access Protection NAP Scenarios NAP Enforcement Methods NAP Platform Architecture NAP Architecture.
Introduction to Systems Management Server 2003 Tyler S. Farmer Sr. Technology Specialist II Education Solutions Group Microsoft Corporation.
Planning Server Deployments
Kim Griffiths Sr. Product Manager Microsoft Corporation
System Center Configuration Manager Push Software By, Teresa Behm.
Vista Volume Activation Overview VLK 2.0 Anders Björling Senior Consultant Microsoft.
Unleashing the Power of Ubiquitous Connectivity with IPv6 Sandeep K. Singhal, Ph.D Director of Program Management Windows Networking.
1 Week #1 Objectives Review clients, servers, and Windows network models Differentiate among the editions of Server 2008 Discuss the new Windows Server.
1 Week #1 Objectives Review clients, servers, and Windows network models Differentiate among the editions of Server 2008 Discuss the new Windows Server.
Chapter 2: Automating the Windows Vista Installation.
Kalpesh Patel Ramprabhu Rathnam
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 10: Server Administration.
Maintaining and Updating Windows Server 2008
MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration Chapter 11 Managing and Monitoring a Windows Server 2008 Network.
MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration Chapter 2 Installing Windows Server 2008.
MICROSOFT ASSESSMENT AND PLANNING (MAP) TOOLKIT LAB Dev Chaudhari zevenseas India.
Windows XP Professional Deployment and Support Microsoft IT Shares Its Experiences Published: May 2002 (Revised October 2004)
Windows Vista Product Activation And The Fashionable LSP
VMware vCenter Server Module 4.
Top 7 Things to Know about Activation and Genuine Software with Windows 7 For computers with perpetual licensing obtained through Microsoft volume licensing.
Winter Consolidated Server Deployment Guide for Hosted Messaging and Collaboration version 3.5 Philippe Maurent Principal Consultant Microsoft.
70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 14: Problem Recovery.
Richard Smith Senior Consultant – Management, Operations and Deployment Microsoft UK Simple Deployments with Windows AIK and Windows DS.
Wally Mead Senior Program Manager Microsoft Corporation.
Course 6421A Module 7: Installing, Configuring, and Troubleshooting the Network Policy Server Role Service Presentation: 60 minutes Lab: 60 minutes Module.
Week #10 Objectives: Remote Access and Mobile Computing Configure Mobile Computer and Device Settings Configure Remote Desktop and Remote Assistance for.
Windows Vista: Volume Activation 2.0
SOE and Application Delivery Gwenael Moreau, Abbotsleigh.
Module 1: Installing Windows XP Professional. Overview Manually Installing Windows XP Professional Automating a Windows XP Professional Installation Using.
1 Objectives Windows Firewalls with Advanced Security Bit-Lock Update and maintain your clients using Windows Server Update Service Microsoft Baseline.
Farewell to the Windows Automated Installation Kit (Windows AIK) NAME TITLE DMVMUG User Conference 2013 – Reston, VA.
MCTS Guide to Microsoft Windows Server 2008 Applications Infrastructure Configuration (Exam # ) Chapter Two Deploying Windows Servers.

1 Week #7 Network Access Protection Overview of Network Access Protection How NAP Works Configuring NAP Monitoring and Troubleshooting NAP.
Using the WDK for Windows Logo and Signature Testing Craig Rowland Program Manager Windows Driver Kits Microsoft Corporation.
Threat Management Gateway 2010 Questo sconosciuto? …ancora per poco! Manuela Polcaro Security Advisor.
Nicholas A. Hay Technology Director Jefferson Schools KEY MANAGEMENT SERVICES.
User Manager Pro Suite Taking Control of Your Systems Joe Vachon Sales Engineer November 8, 2007.
Module 14: Configuring Server Security Compliance
By Rashid Khan Lesson 10-From Here to There: Remote Installation of the Windows XP Professional Client.
Module 8: Configuring Network Access Protection
Windows Small Business Server 2003 Setting up and Connecting David Overton Partner Technical Specialist.
Module 2: Installing and Maintaining ISA Server. Overview Installing ISA Server 2004 Choosing ISA Server Clients Installing and Configuring Firewall Clients.
OFC290 Information Rights Management in Microsoft Office 2003 Lauren Antonoff Group Program Manager.
Module 11: Implementing ISA Server 2004 Enterprise Edition.
WCL316 Windows Vista Image Engineering Jim Bennett Lead Program Manager OS Deployment.
1 Objectives Windows Firewalls with Advanced Security Bit-Lock Update and maintain your clients using Windows Server Update Service Microsoft Baseline.
MCTS Guide to Microsoft Windows Server 2008 Applications Infrastructure Configuration (Exam # ) Chapter Five Windows Server 2008 Remote Desktop Services,
Paul Butterworth Management Technology Architect
Configuring Network Access Protection
Microsoft Management Seminar Series SMS 2003 Change Management.
WCL303 Business Desktop Deployment (BDD) 2007: Part 2, Deploying the 2007 Office system Michael Niehaus Systems Design Engineer Microsoft
Rob Davidson, Partner Technology Specialist Microsoft Management Servers: Using management to stay secure.
Module 10: Windows Firewall and Caching Fundamentals.
Vista Licensing Information University of Pennsylvania Office of Software Licensing Mary A. Griffin November 13, 2006.
Linux Operations and Administration
How to Deploy Office XP and Windows XP With One Desktop Touch Liz Levitt Desktop Solution Specialist Microsoft Corporation.
Windows Small Business Server 2003 R2 Powering Small Businesses.
Windows Server 2003 SP1 Technical Overview John Howard, IT Pro Evangelist, Microsoft UK
Managing Network Access Protection. Introduction to NAP Issues  Although corporate networks are highly secured, no control over the configuration of.
Planning Server Deployments Chapter 1. Server Deployment When planning a server deployment for a large enterprise network, the operating system edition.
Maintaining and Updating Windows Server 2008 Lesson 8.
John Pritchard Ramprabhu Rathnam CLI314 Provide an overview of activation and validation Provide guidance for common scenarios Share learning’s Activation.
System Center 2012 Configuration Manager
Securing the Network Perimeter with ISA 2004
Designed for powerful live monitoring of larger installations
SCCM in hybrid world Predrag Jelesijević Microsoft 7/6/ :17 AM
Presentation transcript:

WCL320: Activating Windows in Enterprise Environment Kalpesh Patel Ramprabhu Rathnam Software Protection Platform Microsoft Corporation

Agenda Introduction Software Protection Platform Activation Planning Deploying Managing Resources Q&A

Introduction *Third Annual BSA and IDC Piracy Study, May 2006 Software piracy is an industry problem WW PC Piracy is at 35% with annual loss of $34B in 2005* Driven by economical/technical/process challenges Unawareness on the value of genuine and risks of counterfeit Inadequate technologies and prescriptive guidance to protect and manage software assets Insufficient tools and policies hurting local software economies VL software is major source of pirated Microsoft software Compromised VL keys are primary means of piracy Rekeying happens and it is very cumbersome

Reduce VL key leakage significantly Reduce impact of piracy industry wide Develop enterprise class solutions for easier, scalable, and more secure deployments Goals Enable protection and management of license keys Reduce the risk of running tampered software Transparent privacy policy – independently audited Minimal impact to desktop deployment and management Flexible options to suit varying operating models MicrosoftCustomer

Software Protection Platform Improve security of the software Reduce piracy through enhanced and flexible product activation options Protect software from malicious tampering & reverse engineering Enable compliance & business models Facilitate genuine differentiation Ease software asset management efforts Support new and flexible business models FlexGo, Windows Anytime Upgrade Digital licensing and software IP protection solution for Windows Vista & “Longhorn” customers

Architecture Overview Anti-Theft (Activation)

Online Phone BIOS-bound Pre-install Multiple Activation Key (MAK) Key Management Service (KMS) Activation Options

Volume Activation 2.0 For activating volume licensed editions of Windows Vista & Windows Server “Longhorn” Two types of Keys Multiple Activation Key Key Management Service Key Three activation methods MAK Independent Activation MAK Proxy Activation KMS Activation Planned and managed as part of integrated desktop deployment process

Multiple Activation Key One time activation against Microsoft Two methods of activation using a MAK: MAK Independent Activation: Each desktop individually connects and activates with Microsoft (online or telephone) MAK Proxy Activation: One centralized activation request on behalf of multiple desktops with one connection to Microsoft Reactivation may be required if there is significant change in the underlying hardware Has an associated upper limit, depending on the license agreement, and can be easily refilled

MAK – Independent activation 1. MAK keys installed to PC’s via WMI/or in system image 2. PC connects to Microsoft and provides hardware and license information 3. Exchange of certificates between Microsoft and the PC 4. License information is stored in the local license store to indicate successful activation Microsoft

Key Management Service Activate using customer hosted service and NOT with Microsoft Systems must re-activate by connecting to KMS host at least every 180 days Requires 25+ for Windows Vista and 5+ for Windows “Longhorn” server Default activation option for all volume editions of Windows Vista and Windows Server “Longhorn” Requires no user interaction Currently available on Windows Vista and “Longhorn”. Planned support for Windows Server 2003 in Q1 2007

KMS Activation 1. Setup KMS service inside corporate network. KMS has to activate ONCE against Microsoft 2. Client systems automatically connect to KMS and request activation 3. KMS activates the client systems for 180 days 4. Systems silently re- connect regularly to renew activation – repeat from step 2 KMS Microsoft

Agenda Introduction Software Protection Platform Activation Planning Deploying Managing Resources Q&A

Planning for Activation Prepare Understand Activation and Windows Vista Deployment options Business Desktop Deployment (BDD) Enumerate target environments and user connectivity to corporate network Acquire license keys from Microsoft using existing processes Map computers to Activation solutions Leverage activation mapping worksheet Determine required infrastructure and resources # of KMS hosts, co-hosting with other services KMS on Windows 2003 available in Q12007 Activation ownership/accountability Health monitoring and reporting Helpdesk readiness

Mapping Activation Solutions Criteria# of Computers Total # of computers to be activated100,000 # of computers that will not connect to the network (min. every 180 days) and will be MAK activated # of computers in environments that don’t have at least 25 machines or don’t have DNS and will be activated by MAK # of computers that will regularly connect to the network (minimum every 180 days) and will be KMS activated -95,000 # computers in disconnected environments >25 computers in the environment, KMS will be used <25 computers in the environment, MAK will be used # of computers that have not been associated with an activation method 0

Example Configuration using MAK/KMS

Deploying for MAK Activation During Setup Specify MAK in “specialize” pass in unattend files (Product key in cleartext) Custom Image defaulting to MAK activation WDS can deploy custom MAK image or in unattend file Sysprep /generalize to reset activation timers After Setup Product Activation Wizard in Control Panel SLMGR.VBS script Volume Activation and Management Tool MAK Proxy Independent MAK It is possible to enable Standard User MAK activation. By default it requires administrator privileges

Sample unattend for MAK Deployment Enter your MAK here

MAK Independent Activation 1. Distribute MAK : a. Change product key wizard or WMI script b. During OS installation c. Volume Activation Management Tool (VAMT) 2. MAK client(s) connect once to Microsoft via Internet (SSL) for activation or use telephone. Significant hardware changes will require reactivation. 1 2

MAK Proxy Activation using VAMT 2. Apply MAK and collect Installation ID (IID) using WMI optionally export to XML file 1. Find Windows Vista machine(s) from Active Directory (LDAP) or through network discovery APIs NetServerEnum() 4. Activate MAK Proxy client(s) by applying CID optionally import updated XML file first Significant hardware changes will require reactivation. 3. Connect to Microsoft over Internet (SSL) and obtain corresponding Confirmation ID (CID) optionally update XML file with CIDs 1234

Deploying for KMS Activation Install and activate the KMS host Install KMS key and activate Can be co-hosted with other services Must use SLMGR.VBS to enable KMS Confirm configuration parameters on the KMS host DNS registration (‘SRV’ records) TCP/IP port availability (default 1688) / Firewalls Activation and Renewal Intervals Prepare client machines for KMS activation Modify client parameters, if necessary Auto-discovery of KMS host vs. explicit registration (FQDN, IPv4 or IPv6 or NetBIOS name) Sysprep /generalize master client image Deploy clients using standard methods

How KMS Activation Works 1. Discover KMS host via registry or DNS SRV RR (_vlmcs._tcp) 2. Send RPC request to KMS host on 1688/TCP by default (~250b) Generate client machine ID (CMID) Assemble and sign request (AES encryption) On failure retry every 2 hours (default) 3. KMS host adds CMID to queue and responds with current count (~200b) itself 4. KMS client evaluates count vs. license policy and activates itself Store KMS host Product ID, intervals, and client hardware ID in license store On success renew activation every 7 days (default)

Deploying for KMS Activation

Managing Management interfaces Command line interface Public APIs WMI properties Event Logs on every machine Administrative tools Volume Activation Management Tool KMS Management Pack for System Center Operations Manager (MOM Pack) Integration with Management tools Planned for SMS 2003 SP3 and System Center Configuration Manager will have built-in activation reports Public APIs that can be used by any mgmt tools to duplicate this functionality

Volume Activation Management Tool Performs both MAK Proxy and MAK Independent activation Provides activation status of all machines in the environment Supports discovery of machines in the environment: Active Directory (AD) Workgroup, and Individual machines by IP address or Machine Name Requires remote WMI access Stores all data in a well defined XML format Allows for Importing and Exporting of data

Volume Activation Management Tool User interface is subject to change

KMS MOM Reporting Dashboard

KMS Activation Count Summary

Machine Expiration Chart

Machine Expiration Detail

Reduced Functionality Mode Systems might be placed in reduced functionality mode (RFM), if: Grace period expired Hardware changed significantly Tampering detected Key Blocked Non-Genuine user experience means: Some features will be disabled e.g. ReadyBoost, Defender Some features will be degraded e.g. Aero Desktop will display non-Genuine watermark Users will have access to their desktop and data in Safe Mode M ultiple options available to restore full functionality

Summary Activation is a required process for all editions of Windows Vista & Windows Server “Longhorn” Multiple activation options exist for volume customers MAK independent, MAK proxy and KMS Provides centralized management and protection of VL keys Enhances software asset management efforts Integrated with Business Desktop Deployment for easier deployment and management

Resources WCLCT09 - De-mystifying Product Activation Room 125 on Friday, November 17, :00 – 10:15 AM WCLLD03 – Windows Vista Product Activation Room 113 on Friday, November 17, 12:50 – 1:15 PM Volume Activation 2.0 on TechNet: Volume Activation 2.0 on Download Center: Business Desktop Deployment Solution Accelerator: For product key information and call center numbers:

Ask The Experts Get Your Questions Answered You can find us at the Microsoft Ask the Experts area, located in the Exhibition Hall: Wednesday15 November16.30 – Thursday16 NovemberLunch Thursday16 November14.45 – 15.45

©2006 Microsoft Corporation. All rights reserved. This presentation is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS OR IMPLIED, IN THIS SUMMARY.

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.