Introduction

Casual copying of volume-licensed operating systems and applications has been a problem for both Microsoft and its customers. Under these circumstances, Microsoft intellectual property is improperly used, and customers are not able to enjoy full access to features and accessory applications designed for genuine Microsoft Windows® operating systems and genuine Microsoft Office programs. This document explains how the new volume activation features in Windows Vista address these challenges.

A complete understanding of Microsoft’s new volume activation technology helps organizations protect their software investments and allows more effective control and management of Windows and Microsoft Office licensing. Readers of this document will learn how to use product keys in their environment and how to decide which volume activation technology is best for their organizations.

On This Page

The Problem The Problem
The Solution The Solution
Terminology Terminology

The Problem

Traditional volume-licensed media ship with a product key designed to activate an unlimited number of computers. This approach has been effective for organizations that maintain large numbers of systems, enabling them to build deployment images using volume-licensed product keys and to deploy them to hundreds or thousands of systems. Unfortunately, this method of distribution also creates media that can be copied and shared with an unlimited number of users with few repercussions for the party making the copies.

Microsoft does not support users of copied operating systems; those users, when they have a support issue, are often surprised to discover that the application they purchased was, in fact, stolen. In addition to the obvious embarrassment this discovery causes, the customer must then purchase a supported version of the application to gain access to product support—an expense the customer might not be prepared to bear. Also, users of copied software cannot access tools and applications made available under the Windows Genuine Advantage and Microsoft Genuine Software initiatives. These initiatives verify the product key of properly licensed systems before allowing downloads of tools and applications at no charge from Microsoft.

The Solution

Microsoft has devised a means by which Windows operating systems and, in the future, other Microsoft programs such as Microsoft Office can be activated, ensuring that both Microsoft and the customer are protected from casual copying. Through the creation of limited-use product keys (called Multiple Activation Keys, or MAKs) or by requiring systems to periodically renew their activation using a Key Management Service (KMS) infrastructure, Microsoft has given enterprises a solution that may protect their license investments. This solution has several benefits, in addition to help solving the problems of intellectual property theft and customers’ loss of product support.

Flexible, Easy Activation Options

The new KMS infrastructure is simple to operate, requiring little time for proper configuration and activation. Systems imaged for this environment automatically maintain their activation with no additional effort on the part of information technology (IT) administrators. MAKs are easy to distribute, and the entire process is invisible to end users no matter which option is used.

Better Software Asset Management

Although Volume Activation 2.0 is in no way tied to the billing process, administrators will be able to generate reports on software activation using a provided reporting tool, a Microsoft Operations Manager (MOM) pack, or a non-Microsoft license auditing tool. By knowing the number of activated products in their environment, administrators can monitor volume license usage and know when to budget for additional licenses. Microsoft’s online license management portals allow administrators to request additional keys to activate the computers purchased to replace stolen systems or to reactivate systems that have gone out of tolerance (OOT) or have been re-imaged.

Better Volume License Key Management Tools

Volume License Keys are now encrypted and kept in a trusted store on the client, and in general are easy to manage and protect by IT Pros, especially in the case of KMS. Using BDD 2007 tools, administrators can prepare reference systems for image capture. Windows can be activated using scripts after systems are imaged, providing automation of activation and helping to reduce administrative effort. These new capabilities allow much tighter control of activation keys. Organizations can now ensure that their activation keys are used only to activate their systems without extensive custody control processes.

Note   BDD 2007 recommends using a repeatable build process to prepare systems for imaging. This approach could ensure that these system images have never been activated before.

Better Protection for Data on Lost and Stolen Systems

Systems activated with KMS must periodically renew their activation against the customer’s hosted KMS to remain in operation. Systems taken from environments protected by this system eventually revert to Reduced Functionality Mode (RFM), limiting their usefulness and making them less attractive to theft. This initiative, along with new BitLocker™ Drive Encryption and manufacturer-installed Trusted Platform Module (TPM) support, can help ensure that thieves do not profit from organizational data.

Note   For more information on how TPM and BitLocker protect mobile data, see “BitLocker Drive Encryption: Executive Overview” at http://www.microsoft.com/technet/windowsvista/security/bitexec.mspx.

Terminology

This document uses terms specific to volume license activation. The following list describes some of the terms to promote a more complete understanding of this topic:

  • Activation. The process of validating software with the manufacturer. Often, this process unlocks the product’s full functionality or may help prevent the product from dropping to reduced functionality.

  • Confirmation Identifier (CID). A digitally signed value returned by a Microsoft clearinghouse to activate a system.

  • Installation Identifier (IID). A code generated by combining a system’s hardware ID (created by scanning the system hardware) and the product ID (derived from the Windows installation). This code is transmitted to a Microsoft activation clearinghouse during system activation.

    Note   For more information about the Windows Vista Privacy Statement, see http://go.microsoft.com/fwlink/?LinkId=52526.

  • Office Genuine Advantage (OGA). An initiative that tracks the product keys from licensed versions of Microsoft Office programs to help ensure that they are not reused on other computers. Users who validate their copies of Microsoft Office products gain access to add-ins and updates to those products.

  • Product key. A code used to validate installation media, such as a CD, during installation. Product keys, also known as CD keys, do not prove licensing for a product, but they may discourage casual copying of software.

    Note   For identification purposes, all Windows product keys use five groups of five characters, with the format, XXXXX-XXXXX-XXXXX-XXXXX-XXXXX.

  • Software Asset Management (SAM). An initiative promoted by Microsoft as a way to maintain accurate inventories of installed and licensed software. This practice helps organizations maintain legally licensed versions of all the software they need to operate their organizations.

  • Volume license. A license, purchased from Microsoft or another software vendor, to use multiple copies of an operating system or program.

  • Windows Anytime Upgrade (WAU). An upgrade service, primarily intended for home users, to allow upgrades from one edition of Windows Vista to a more advanced edition. WAU is available in Windows Vista Business as a way to upgrade to Windows Vista Ultimate (also a business-compatible product). This feature can be disabled by administrators. (See “Appendix F: Windows Anytime Upgrade.”)

  • Windows Genuine Advantage (WGA). A Microsoft initiative to help ensure that users of copied Windows operating systems become aware of their counterfeit versions. By recording the product key and a signature from the computer’s basic input/output system (BIOS), Microsoft can effectively determine when retail versions of Windows have been copied and when volume-activated versions of Windows have been excessively distributed.

  • Windows Product Activation (WPA). A way to ensure that customers are using genuine Windows operating systems purchased from Microsoft resellers. This tool, which began with Microsoft Windows XP, defeated casual copying of Windows XP by helping to ensure that other systems had not recently been activated with the same product key.

Download

Get the Microsoft Solution Accelerator for Business Desktop Deployment 2007

Update Notifications

Sign up to learn about updates and new releases

Feedback

Send us your comments or suggestions