Windows Vista Product Activation And The Fashionable LSP Ryan Hartman (firstname.lastname@example.org) March 10, 2014
Overview • Quick review of Office 2007/Windows Vista product lines • Update on Office 2007/Windows Vista availability at IU • Microsoft Production Activation 2.0 • MAK Activation VS. KMS Activation • How to Activate • How to automate Activations
Windows Office 2007 Editions • Consumer Basic 2007 Home and Student 2007 Standard 2007 Ultimate 2007 • Business Small Business 2007 Professional 2007 Professional Plus 2007 Enterprise 2007
Office 2007 Distributions • Volume License – Office 2007 Enterprise • Available IU to the community from IUware Online • Embedded (Shared) Product Key • Available now • Retail Edition – Office 2007 Enterprise • IU Bookstores • Individual Product Key • Cost ?? • Available: April 2007?? • Uses “old school” Production Activation • More about this later
Windows Vista Editions • Consumer Windows Vista Home Basic Windows Vista Home Premium Windows Vista Ultimate • Business Windows Vista Business Windows Vista Enterprise
Windows Vista Enterprise • Similar features to Business • Data Protection • BitLocker™ (don’t forget the ™) • Application Compatibility • VM’s for Legacy Apps • A UNIX based subsystem for UNIX apps • Multi-Language Support • One image-> many languages
Windows Vista Distributions Volume License Edition - Enterprise • Available LSPs only from IUware Online • MAK or KMS Activation Required • Available now Retail Edition – Enterprise & Ultimate • IU Bookstore • Retail Key Activation Only • Cost ?? • Available: April 2007??
Microsoft Volume License Product Keys • Volume Activation 1.0 • The first generation of VLKs • Almost everything but Vista uses this type of key • This key bypasses product activation • Volume Activation 2.0 Multiple Activation Key • Activate products through the internet or telephone • Have a limited number of activations associated with them • Volume Activation 2.0 Key Management Service • Key will be used to enable a new service in your environment that will automatically activate products in your environment
Microsoft Production Activation 2.0 Goals from their FAQ • Close significant piracy loopholes • Volume License keys represent majority of the keys that are involved in Windows piracy. • According to Microsoft 35% all software is stolen. • Improve the volume customer experience. • VA 2.0 also may provide enhanced security • Frequent background validations for genuine modules. • This is currently limited to critical software, but may be expanded greatly over time.
VA 2.0 Covers A Lot of Ground • VA 2.0 will be expanding • Many of the tools and for VA are not currently available! • For the moment let’s limit our discussion to • VA 2.0 and Windows Vista • VA as it exists now • VS as implemented here at IU
Windows Vista - Volume Activation 2.0 at IU • An installation key is not required • Vista installations will install and run for 30 days without any keys • Activation is required • If activation does not occur in that 30-day period, the OS goes into Reduced Functionality Mode (RFM) • Two methods of activating VA2 software • Multiple Activation Key (MAK) • Key Management Service (KMS) • Other Vista activation methods you might see • OEM installs • Retail
Multiple Activation Key (MAK) Activations • How it works • Computers connect directly to servers at Microsoft and perform a one-time, permanent activation • Computers that cannot be connected to the Internet can activate over the phone • Limited Number of Activations • No new activations allowed when this limit is reached • This number can be increased by request • ‘Black Listing’ is Possible • No new activations allowed • Previously activated machines could be mark as non-genuine!!
Activation Hardware Tolerance MAK activations must be renewed if significant hardware changes occur. As hardware changes occur, Windows Vista tracks each change, using a weighted score to accumulate changes made. If a cumulative score reaches 25, the computer is considered out of tolerance and must be activated with a MAK
Key Management Service (KMS)Activations • KMS activation requires a local KMS Server • microsoftkeys.iu.edu • Finding the KMS Server • Put a client Machine in ADS • The activations are leases • Once clients find and activate on the KMS server, their lease is 180 days • If a client is unable to reconnect to the KMS server for 180 days • It will go into a 30-day grace period • If that 30 days passes without activation, the client will enter RFM • Clients will attempt to reconnect to the KMS server at one-week intervals. Every time it succeeds in connecting, it will extend its lease out another 180 days from the date it connects
Choosing between MAK and KMS MAK KMS CONs 180 Day Lease Requires connecting to KMS server Restricted to the IU network PROs Put the machine in ADS and you don’t have to do anything else as long as the machine is on the IU network Unlimited number of Activations! • PROs • One time activation • Doesn’t need KMS • Familiar • CONs • You have do an activation • Reactivate with major upgrades • Possible Black Listing/ Key Exhaustion
My Personal Recommendations • Machines on campus: KMS • Why not? It is really easy and doesn’t burn a MAK key • Machines off campus: MAK • Not as convenient but no worse than the current XP model • Can’t decide? • No problem: it is possible to switch • Ok how do I do this stuff?
To activate KMS clients (easy way) • Install Windows Vista on the Machine • Join the Machine to ADS • Machine needs to be able to reach • Host microsoftkeys.iu.edu (10.79.6.29) • Port 1688 • Done
To activate KMS clients from a script • Tell you Client where the KMS Server lives: • cscript \windows\system32\slmgr.vbs -skms microsoftkeys.iu.edu:1688 • Activate • cscript \windows\system32\slmgr.vbs –ato
To Convert from MAK to KMS • Remove the MAK Key: • cscript \windows\system32\slmgr.vbs -ipk <setup key> • <setup Key> lives in sources\pid.txt on you Vista DVD • If the machine is in ADS KMS will happen by itself • To do it manually just like the last side.
Activation and Multiple Machines • Ghost • Unattended Installs • MAK to KMS GPO scripts etc.
Reduced Functionality Mode • A computer enters RFM if it fails to activate within the 30-day grace period or if it fails to reactivate within 30 days after the 180 days KMS activation expires (in case of a KMS-activated computer). • In RFM, the user is provided multiple options for activation after logon. If the computer is not reactivated within one hour, the user is forcibly logged off. • MAK-activated computers go into RFM if they fail to activate within 30 days of installation or if they fail to renew activation within 30 days of a major hardware replacement
Customize header: View menu/Header and Footer Virtual Machines • VM’s don’t count towards the KMS n-count • So try to use KMS for VM’s • You can do MAK activations on VM’s • If the host machine hardware changes significantly then it might require reactivation • VM’s get the regular 30-day grace period
Questions? Ryan Hartman (email@example.com)