Windows Vista Corporate Activation (VLK 2.0)

So… you’ve been wondering just what Microsoft has been up to in regards to implementing tighter measures with corporate volume licensing in Windows Vista and Longhorn Server, huh? Well, look no further, my friend, because you’ve come to the right place! Let’s take a moment to reflect upon the day „Devil’s Own“ leaked that infamous corporate copy of Windows XP of Intel’s for all the world to pirate. Sure, Microsoft took a big hit with that but what a lot of people fail to realize is how much Intel had to pay Microsoft (a figure in the millions of dollars) for that leak. (Read the fine print, if you’re a corporation with Volume Licensing… wink.gif ) Microsoft’s plans for foiling pirates with their brand new, shiny activation movement with Windows XP was certainly something seemingly laughable at that rate… especially when activation was exploited the way it was, but now it’s time to see just what they’ve learned from the VLK 1.0 experience.

Key Terms:

VLM: Volume License Media (SKU/SKU’s containing the files necessary for corporate activation which differ from files used to activate retail versions)
VLK: Volume License Key (A key containing unique characters which works only with VLM; not Retail media, thus, the distinction between corporate and retail activation)
KMS: Key Management Service (The central service in VLK 2.0 that handles volume activation of all clients and servers in an enterprise network. Target: Larger networks (at least 25 machines) that client machines can regularly connect to.)
MAK: Multiple Activation Keys (This is the new implementation of activation via the VLK 1.0 method… but with quite a few differences. They will be leveraged the same way as original VLK’s were in XP and Windows Server VLM except, unlike XP and Windows Server-generation volume licensing, MAK’s, like retail keys, *WILL* need to be activated through Microsoft, so… bye-bye to corporate keys not needing activation!)

Let’s go in-depth with KMS and MAK activations, shall we? Yes, we shall. =)

KMS Activation: This is the service that will be used for managed environments where users are connected to a corporate network. Activation by means of KMS will go as follows:

– Corporation obtains Vista and/or Longhorn VLK(s) and VLM from Microsoft.
– Corporation installs Vista and/or Longhorn VLM, using their VLK, to a machine which will host KMS.
– KMS is enabled and stores the VLK in its trusted store for security. (Think: nixing the use of “key-finder” programs by keeping keys off of each individual machine on a corporate network.) KMS is also configured so that required client machines will be able to communicate with it periodically.

So, you have installed Vista and have enabled and set up KMS. Now what? Well, now every computer on your network that you install Vista on will need to be pointed to your KMS “server” so that it can activate. No key is entered or stored in the client machines and the KMS method requires that every client re-activate itself periodically! If a client machine is disconnected from the network for 180 days, it will be considered “out of tolerance” and will be placed into RFM (Reduced Functionality Mode). RFM makes it so that no user can log in to that machine. The way to alleviate RFM is to re-connect that client to the network and it will re-activate via the KMS “server.”

It’s also worth noting that KMS will require a minimum number of clients to be rolled out successfully within a corporation. At the time of this writing, the current number of required clients is 25. In up-to-date documentation, Microsoft is still representing this number 25 with an “n” to show that it’s still subject to change, but what else is new? =) The first 25 clients installed will hit the KMS “server” first and will be kept in a list for 30 days.

Every flavor of Vista, as well as Longhorn Server, will have KMS functionality and support for KMS in Windows Server 2003 is currently planned for post-Vista RTM.

Over-simplified, KMS is essentially Microsoft’s counter-measure to the employees of a corporation getting hold of their corporation’s volume license key. With such a low number of machines set as a requirement to leverage KMS (at the time of this writing, 25 clients), you can tell that Microsoft is *really* pushing to get VLK’s into the hands of as few individuals as possible within a corporation. I’m guessing Microsoft will try to make the KMS solution as cost-effective as possible so that this initiative will really take off with great success. (See: More money and less piracy. smile.gif )

Key policies to remember with VLK 2.0 KMS activation:

N-Policy (Minimum # of machines per KMS): Currently 25.
Expiration period until re-activation: 180 days.
Hardware tolerance: Bound to system hard drive.
Out-of-box grace period: 30 days
Out-of-tolerance: 30 days (If user has gone beyond expiration or changed their hard drive.)

MAK Activation: This method of activation stands to be leveraged for decentralized networks where users are rarely or never connected to the corporate network. In English, lol, this is THE key that pirates will hope to get and stand a better chance of getting a hold of to leak to the masses along with the appropriate VLM. (VLK 1.0, anyone?) Ah, but this time, Microsoft has a new plan. Let’s see what they’re doing with what they’ve learned:

The foremost change with volume licensing is that no key will go without needing to be activated – period. Knocking VLK’s down to Retail level in terms of activation creates a whole new playing field for corporations and Microsoft. Perhaps equally as notable of a change is all MAK activations and activity can be viewed via Microsoft online portals. With MAK’s having an upper-limit in terms of how many activations each key can sustain, this keeps any one key from doing world-wide damage in terms of piracy. Something else unique about MAK’s is that the confirmation ID generated by them can be used to re-activate a machine! For instance, if you need to reinstall a client machine, you can use the confirmation ID that was given after installing with the MAK the first time you installed on that machine – so long as there have been no hardware changes. This also keeps it so that reinstalling a machine doesn’t count against your MAK total.

So, in essence, a MAK is nothing more than a retail license that can be used a pre-determined number of times on multiple machines.

Key policies to remember with VLK 2.0 MAK Activation:

MAK total policy (Each key has a pre-determined number of activations.)
No N-Policy
No expiration
Hardware tolerance: As with current retail versions of Windows, certain hardware changes will require a re-activation, and will count against MAK total.
Out-of-box grace period: 30 days
Out-of-tolerance: 30 days (For changed hardware only.)

There is a lot more to learn about VLK 2.0 as Microsoft approaches Vista RTM. Likewise, there is also a lot that Microsoft could change between now and then, but until then, the information provided above should give those interested plenty of insight into what to expect with corporate licensing and activation.

-Stephen

Resource: Windows Vista Volume Activation Overview VLK 2.0 (Partner Presentation)
Source: In-house