Presentation is loading. Please wait.

Presentation is loading. Please wait.

WCL320: Activating Windows in Enterprise Environment Kalpesh Patel Ramprabhu Rathnam Software Protection Platform Microsoft Corporation.

Published byCorey Thompson Modified over 8 years ago

Similar presentations

Presentation on theme: "WCL320: Activating Windows in Enterprise Environment Kalpesh Patel Ramprabhu Rathnam Software Protection Platform Microsoft Corporation."— Presentation transcript:

1 WCL320: Activating Windows in Enterprise Environment Kalpesh Patel Ramprabhu Rathnam Software Protection Platform Microsoft Corporation

2 Agenda Introduction Software Protection Platform Activation Planning Deploying Managing Resources Q&A

3 Introduction *Third Annual BSA and IDC Piracy Study, May 2006 Software piracy is an industry problem WW PC Piracy is at 35% with annual loss of $34B in 2005* Driven by economical/technical/process challenges Unawareness on the value of genuine and risks of counterfeit Inadequate technologies and prescriptive guidance to protect and manage software assets Insufficient tools and policies hurting local software economies VL software is major source of pirated Microsoft software Compromised VL keys are primary means of piracy Rekeying happens and it is very cumbersome

4 Reduce VL key leakage significantly Reduce impact of piracy industry wide Develop enterprise class solutions for easier, scalable, and more secure deployments Goals Enable protection and management of license keys Reduce the risk of running tampered software Transparent privacy policy – independently audited Minimal impact to desktop deployment and management Flexible options to suit varying operating models MicrosoftCustomer

5 Software Protection Platform Improve security of the software Reduce piracy through enhanced and flexible product activation options Protect software from malicious tampering & reverse engineering Enable compliance & business models Facilitate genuine differentiation Ease software asset management efforts Support new and flexible business models FlexGo, Windows Anytime Upgrade Digital licensing and software IP protection solution for Windows Vista & “Longhorn” customers

6 Architecture Overview Anti-Theft (Activation)

7 Online Phone BIOS-bound Pre-install Multiple Activation Key (MAK) Key Management Service (KMS) Activation Options

8 Volume Activation 2.0 For activating volume licensed editions of Windows Vista & Windows Server “Longhorn” Two types of Keys Multiple Activation Key Key Management Service Key Three activation methods MAK Independent Activation MAK Proxy Activation KMS Activation Planned and managed as part of integrated desktop deployment process

9 Multiple Activation Key One time activation against Microsoft Two methods of activation using a MAK: MAK Independent Activation: Each desktop individually connects and activates with Microsoft (online or telephone) MAK Proxy Activation: One centralized activation request on behalf of multiple desktops with one connection to Microsoft Reactivation may be required if there is significant change in the underlying hardware Has an associated upper limit, depending on the license agreement, and can be easily refilled

10 MAK – Independent activation 1. MAK keys installed to PC’s via WMI/or in system image 2. PC connects to Microsoft and provides hardware and license information 3. Exchange of certificates between Microsoft and the PC 4. License information is stored in the local license store to indicate successful activation Microsoft

11 Key Management Service Activate using customer hosted service and NOT with Microsoft Systems must re-activate by connecting to KMS host at least every 180 days Requires 25+ for Windows Vista and 5+ for Windows “Longhorn” server Default activation option for all volume editions of Windows Vista and Windows Server “Longhorn” Requires no user interaction Currently available on Windows Vista and “Longhorn”. Planned support for Windows Server 2003 in Q1 2007

12 KMS Activation 1. Setup KMS service inside corporate network. KMS has to activate ONCE against Microsoft 2. Client systems automatically connect to KMS and request activation 3. KMS activates the client systems for 180 days 4. Systems silently re- connect regularly to renew activation – repeat from step 2 KMS Microsoft

13 Agenda Introduction Software Protection Platform Activation Planning Deploying Managing Resources Q&A

14 Planning for Activation Prepare Understand Activation and Windows Vista Deployment options Business Desktop Deployment (BDD) Enumerate target environments and user connectivity to corporate network Acquire license keys from Microsoft using existing processes Map computers to Activation solutions Leverage activation mapping worksheet Determine required infrastructure and resources # of KMS hosts, co-hosting with other services KMS on Windows 2003 available in Q12007 Activation ownership/accountability Health monitoring and reporting Helpdesk readiness

15 Mapping Activation Solutions Criteria# of Computers Total # of computers to be activated100,000 # of computers that will not connect to the network (min. every 180 days) and will be MAK activated -3000 # of computers in environments that don’t have at least 25 machines or don’t have DNS and will be activated by MAK -1000 # of computers that will regularly connect to the network (minimum every 180 days) and will be KMS activated -95,000 # computers in disconnected environments >25 computers in the environment, KMS will be used <25 computers in the environment, MAK will be used -1000 -250 -750 # of computers that have not been associated with an activation method 0

16 Example Configuration using MAK/KMS

17 Deploying for MAK Activation During Setup Specify MAK in “specialize” pass in unattend files (Product key in cleartext) Custom Image defaulting to MAK activation WDS can deploy custom MAK image or in unattend file Sysprep /generalize to reset activation timers After Setup Product Activation Wizard in Control Panel SLMGR.VBS script Volume Activation and Management Tool MAK Proxy Independent MAK It is possible to enable Standard User MAK activation. By default it requires administrator privileges

18 Sample unattend for MAK Deployment http://schemas.microsoft.com/WMIConfig/2002/Statehttp://www.w3.org/2001/XMLSchema-instance Enter your MAK here

19 MAK Independent Activation 1. Distribute MAK : a. Change product key wizard or WMI script b. During OS installation c. Volume Activation Management Tool (VAMT) 2. MAK client(s) connect once to Microsoft via Internet (SSL) for activation or use telephone. Significant hardware changes will require reactivation. 1 2

20 MAK Proxy Activation using VAMT 2. Apply MAK and collect Installation ID (IID) using WMI optionally export to XML file 1. Find Windows Vista machine(s) from Active Directory (LDAP) or through network discovery APIs NetServerEnum() 4. Activate MAK Proxy client(s) by applying CID optionally import updated XML file first Significant hardware changes will require reactivation. 3. Connect to Microsoft over Internet (SSL) and obtain corresponding Confirmation ID (CID) optionally update XML file with CIDs 1234

21 Deploying for KMS Activation Install and activate the KMS host Install KMS key and activate Can be co-hosted with other services Must use SLMGR.VBS to enable KMS Confirm configuration parameters on the KMS host DNS registration (‘SRV’ records) TCP/IP port availability (default 1688) / Firewalls Activation and Renewal Intervals Prepare client machines for KMS activation Modify client parameters, if necessary Auto-discovery of KMS host vs. explicit registration (FQDN, IPv4 or IPv6 or NetBIOS name) Sysprep /generalize master client image Deploy clients using standard methods

22 How KMS Activation Works 1. Discover KMS host via registry or DNS SRV RR (_vlmcs._tcp) 2. Send RPC request to KMS host on 1688/TCP by default (~250b) Generate client machine ID (CMID) Assemble and sign request (AES encryption) On failure retry every 2 hours (default) 3. KMS host adds CMID to queue and responds with current count (~200b) itself 4. KMS client evaluates count vs. license policy and activates itself Store KMS host Product ID, intervals, and client hardware ID in license store On success renew activation every 7 days (default) 1 2 3 4

23 Deploying for KMS Activation

24 Managing Management interfaces Command line interface Public APIs WMI properties Event Logs on every machine Administrative tools Volume Activation Management Tool KMS Management Pack for System Center Operations Manager (MOM Pack) Integration with Management tools Planned for SMS 2003 SP3 and System Center Configuration Manager will have built-in activation reports Public APIs that can be used by any mgmt tools to duplicate this functionality

25 Volume Activation Management Tool Performs both MAK Proxy and MAK Independent activation Provides activation status of all machines in the environment Supports discovery of machines in the environment: Active Directory (AD) Workgroup, and Individual machines by IP address or Machine Name Requires remote WMI access Stores all data in a well defined XML format Allows for Importing and Exporting of data

26 Volume Activation Management Tool User interface is subject to change

27 KMS MOM Reporting Dashboard

28 KMS Activation Count Summary

29 Machine Expiration Chart

30 Machine Expiration Detail

31 Reduced Functionality Mode Systems might be placed in reduced functionality mode (RFM), if: Grace period expired Hardware changed significantly Tampering detected Key Blocked Non-Genuine user experience means: Some features will be disabled e.g. ReadyBoost, Defender Some features will be degraded e.g. Aero Desktop will display non-Genuine watermark Users will have access to their desktop and data in Safe Mode M ultiple options available to restore full functionality

32 Summary Activation is a required process for all editions of Windows Vista & Windows Server “Longhorn” Multiple activation options exist for volume customers MAK independent, MAK proxy and KMS Provides centralized management and protection of VL keys Enhances software asset management efforts Integrated with Business Desktop Deployment for easier deployment and management

33 Resources WCLCT09 - De-mystifying Product Activation Room 125 on Friday, November 17, 2006 9:00 – 10:15 AM WCLLD03 – Windows Vista Product Activation Room 113 on Friday, November 17, 2006 @ 12:50 – 1:15 PM Volume Activation 2.0 on TechNet: http://go.microsoft.com/fwlink/?LinkID=75673 Volume Activation 2.0 on Download Center: http://go.microsoft.com/fwlink/?LinkID=75674 Business Desktop Deployment Solution Accelerator: http://www.microsoft.com/technet/desktopdeployment/bdd For product key information and call center numbers: http://www.microsoft.com/licensing/resources/vol/default.mspx

34

35 Ask The Experts Get Your Questions Answered You can find us at the Microsoft Ask the Experts area, located in the Exhibition Hall: Wednesday15 November16.30 – 17.00 Thursday16 NovemberLunch Thursday16 November14.45 – 15.45

36

37

38 ©2006 Microsoft Corporation. All rights reserved. This presentation is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS OR IMPLIED, IN THIS SUMMARY.

Download ppt "WCL320: Activating Windows in Enterprise Environment Kalpesh Patel Ramprabhu Rathnam Software Protection Platform Microsoft Corporation."

Similar presentations

Volume activation.

Volume activation.
Microsoft Goals Engineer a product less vulnerable to piracy and counterfeit Provide set of tools to help ensure a more managed installation environment.

Microsoft Goals Engineer a product less vulnerable to piracy and counterfeit Provide set of tools to help ensure a more managed installation environment.
IP ADDRESS MANAGEMENT [IPAM]

IP ADDRESS MANAGEMENT [IPAM]
5.1 Overview of Network Access Protection What is Network Access Protection NAP Scenarios NAP Enforcement Methods NAP Platform Architecture NAP Architecture.

5.1 Overview of Network Access Protection What is Network Access Protection NAP Scenarios NAP Enforcement Methods NAP Platform Architecture NAP Architecture.
Introduction to Systems Management Server 2003 Tyler S. Farmer Sr. Technology Specialist II Education Solutions Group Microsoft Corporation.

Introduction to Systems Management Server 2003 Tyler S. Farmer Sr. Technology Specialist II Education Solutions Group Microsoft Corporation.
Planning Server Deployments

Planning Server Deployments
Kim Griffiths Sr. Product Manager Microsoft Corporation

Kim Griffiths Sr. Product Manager Microsoft Corporation
System Center Configuration Manager Push Software By, Teresa Behm.

System Center Configuration Manager Push Software By, Teresa Behm.
Vista Volume Activation Overview VLK 2.0 Anders Björling Senior Consultant Microsoft.

Vista Volume Activation Overview VLK 2.0 Anders Björling Senior Consultant Microsoft.
Unleashing the Power of Ubiquitous Connectivity with IPv6 Sandeep K. Singhal, Ph.D Director of Program Management Windows Networking.

Unleashing the Power of Ubiquitous Connectivity with IPv6 Sandeep K. Singhal, Ph.D Director of Program Management Windows Networking.
1 Week #1 Objectives Review clients, servers, and Windows network models Differentiate among the editions of Server 2008 Discuss the new Windows Server.

1 Week #1 Objectives Review clients, servers, and Windows network models Differentiate among the editions of Server 2008 Discuss the new Windows Server.
1 Week #1 Objectives Review clients, servers, and Windows network models Differentiate among the editions of Server 2008 Discuss the new Windows Server.

1 Week #1 Objectives Review clients, servers, and Windows network models Differentiate among the editions of Server 2008 Discuss the new Windows Server.
Chapter 2: Automating the Windows Vista Installation.

Chapter 2: Automating the Windows Vista Installation.
Kalpesh Patel Ramprabhu Rathnam

Kalpesh Patel Ramprabhu Rathnam
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 10: Server Administration.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 10: Server Administration.
Maintaining and Updating Windows Server 2008

Maintaining and Updating Windows Server 2008
MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration Chapter 11 Managing and Monitoring a Windows Server 2008 Network.

MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration Chapter 11 Managing and Monitoring a Windows Server 2008 Network.
MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration Chapter 2 Installing Windows Server 2008.

MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration Chapter 2 Installing Windows Server 2008.
MICROSOFT ASSESSMENT AND PLANNING (MAP) TOOLKIT LAB Dev Chaudhari zevenseas India.

MICROSOFT ASSESSMENT AND PLANNING (MAP) TOOLKIT LAB Dev Chaudhari zevenseas India.
Windows XP Professional Deployment and Support Microsoft IT Shares Its Experiences Published: May 2002 (Revised October 2004)

Windows XP Professional Deployment and Support Microsoft IT Shares Its Experiences Published: May 2002 (Revised October 2004)

Similar presentations

Ads by Google