Windows Vista Volume Activation 2 0 Ramprabhu Rathnam

Windows Vista: Volume Activation 2. 0 Ramprabhu Rathnam Director – Product Management Microsoft Corporation

Agenda • • • Introduction Software Protection Platform Activation Options Resources Q&A

Challenges VLK 1. 0 Realities • • • Unrestrained usage Not easy to track or manage Does not offer tools or means for easier, scalable, and more secure deployments Stolen or compromised Get confused with nongenuine software Goals for Windows Vista • Enable protection and management of license keys • Flexible options to suit varying operating models • Minimal impact to desktop deployment and management • Reduce the risk of running tampered software • Facilitate genuine differentiation

Software Protection Platform Digital licensing and software IP protection solution for Windows Vista & “Longhorn” customers • Improve the security of the software • • Reduce piracy through enhanced and flexible product activation options Protect software from malicious tampering & reverse engineering • Enable differentiation & compliance • Facilitate genuine differentiation • Ease software asset management efforts • • Trusted license store and public APIs Assist in Electronic Software Distribution • Windows Anytime Upgrade

Activation Options l i a t Re M OE Online Phone Volume Multiple Activation Key (MAK) Key Management Service (KMS) BIOS-bound Pre-install

Volume Activation 2. 0 • • • Help automate and manage the activation process for all volume licensed editions of Windows Vista & Windows Server “Longhorn” Two types of Keys • • Three activation methods • • • Multiple Activation Key Management Service Key MAK Independent Activation: Each desktop individually connects and activates with Microsoft (online or telephone) MAK Proxy Activation: One centralized activation request on behalf of multiple desktops with one connection to Microsoft KMS Activation: Activate using customer hosted service and NOT with Microsoft Machines using the OEM SKU do not require VA 2. 0 Planned and managed as part of integrated desktop deployment process

Multiple Activation Key • • One time activation against Microsoft Two methods of activation using a MAK: • MAK Independent Activation: Each desktop individually connects and activates with Microsoft (online or telephone) • MAK Proxy Activation: One centralized activation request on behalf of multiple desktops with one connection to Microsoft • Reactivation may be required if there is significant change in the underlying hardware • Has an associated upper limit, depending on the license agreement, and can be easily refilled

MAK Independent Activation 2 1 1. Distribute MAK : a. Change product key wizard or WMI script b. During OS installation c. Volume Activation Management Tool (VAMT) 2. MAK client(s) connect once to Microsoft via Internet (SSL) for activation or use telephone.

Volume Activation Management Tool • Performs both MAK Proxy and MAK Independent activation • Provides activation status of all machines in the environment • Supports discovery of machines in the environment: • • Active Directory (AD) Workgroup, and Individual machines by IP address or Machine Name Requires remote WMI access Stores all data in a well defined XML format Allows for Import/Export of data Availability in Q 1 of 2007

MAK Proxy Activation using VAMT 3 1. 2. 3. 4. 1 2 Find Windows Vista machine(s) from Active Directory (LDAP) or through network discovery APIs Net. Server. Enum() Apply MAK and collect Installation ID (IID) using WMI optionally export to XML file Connect to Microsoft over Internet (SSL) and obtain corresponding Confirmation ID (CID) optionally update XML file with CIDs Activate MAK Proxy client(s) by applying CID optionally import updated XML file first 4

Key Management Service • Activate using customer hosted service and NOT with Microsoft • Systems must re-activate by connecting to KMS host at least every 180 days • Requires 25+ for Windows Vista and 5+ for Windows “Longhorn” server • Default activation option for all volume editions of Windows Vista and Windows Server “Longhorn” • • Requires no user interaction Currently available on Windows Vista and “Longhorn”. Planned support for Windows Server 2003 in Q 1 2007

How KMS Activation Works 1 4 2 3 1. 2. Discover KMS host via registry or DNS SRV RR (_vlmcs. _tcp) Send RPC request to KMS host on 1688/TCP by default (~250 b) Generate client machine ID (CMID) Assemble and sign request (AES encryption) 3. 4. On failure retry every 2 hours (default) KMS host adds CMID to queue and responds with current count (~200 b) KMS client evaluates count vs. license policy and activates itself Store KMS host Product ID, intervals, and client hardware ID in license store On success renew activation every 7 days (default)

Managing • • • Administrative tools • • Volume Activation Management Tool KMS Management Pack for System Center Operations Manager (MOM Pack) Management interfaces • • Command line interface Public APIs WMI properties Event Logs on every machine Integration with Management tools • • SMS 2003 SP 3 and System Center Configuration Manager will have built-in activation reports Public APIs that can be used by any mgmt tools to duplicate this functionality

Example Configuration using MAK/KMS

Summary • Activation is a required process for all editions of Windows Vista & Windows Server “Longhorn” • Multiple activation options exist for volume customers • MAK independent, MAK proxy and KMS • Provides centralized management and protection of VL keys • • Enhances software asset management efforts Integrated with Business Desktop Deployment for easier deployment and management

Resources • Business Desktop Deployment Solution Accelerator: • • Volume Activation 2. 0 on Tech. Net: • • http: //go. microsoft. com/fwlink/? Link. ID=75673 Volume Activation 2. 0 on Download Center: • • http: //www. microsoft. com/technet/desktopdeployment/bdd http: //go. microsoft. com/fwlink/? Link. ID=75674 For product key information and call center numbers: • http: //www. microsoft. com/licensing/resources/vol/default. mspx

© 2006 Microsoft Corporation. All rights reserved. This presentation is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS OR IMPLIED, IN THIS SUMMARY.

Reduced Functionality Mode • Placed in reduced functionality mode when: • Grace period expired, Hardware changed significantly, Tampering detected, or Windows Genuine validation failed • While in RFM the User experience differs: • Some features will be disabled e. g. Ready. Boost, Defender • Some features will be degraded e. g. Aero • Desktop will display non-Genuine watermark • Users will have access to their desktop and data in “Safe” mode • Multiple options available to restore full functionality

Volume Activation Management Tool User interface is subject to change