logging in or signing up WindowsVista volume activation overview Spidermann Download Post to : URL : Related Presentations : Share Add to Flag Embed Email Send to Blogs and Networks Add to Channel Uploaded from authorPOINT Insert YouTube videos in PowerPont slides with aS Desktop Copy embed code: (To copy code, click on the text box) Embed: URL: Thumbnail: WordPress Embed Customize Embed The presentation is successfully added In Your Favorites. Views: 668 Category: Product Traini.. License: All Rights Reserved Like it (1) Dislike it (0) Added: June 18, 2007 This Presentation is Public Favorites: 0 Presentation Description No description available. Comments Posting comment... Premium member Presentation Transcript Vista Volume Activation OverviewVLK 2.0: Vista Volume Activation Overview VLK 2.0 Anders Björling Senior Consultant Microsoft Agenda: Agenda Activation in Vista and Longhorn OEM Key Management Service (KMS) Multiple Activation Keys (MAKs) Supported Scenarios Script for administrative purposes Activation in Vista and Longhorn: Activation in Vista and Longhorn There are three activation options for Vista and Longhorn Server. OEM pre-activated machines These machines do not need VLK 2.0 activation KMS (Key Management Service) For managed environments where users are connected to the corporate network MAK (Multiple Activation Key) For decentralized networks where users are rarely or never connected to the corporate network Vista Volume Activation Scenarios: Vista Volume Activation Scenarios Key Management Service Intro: Key Management Service Intro Key Management Service (KMS) is the central service in VLK 2.0 that handles volume activation of all clients and servers in an enterprise network. Target: Larger networks (at least 25 machines) that clients machines can regularly connect to. Benefits: Secure and centralized key administration Easy OS roll-out with automatic activation of clients Improved ongoing security Better accounting and trouble shooting Runs on Vista client or Longhorn Server WS2K3 support is planned post Vista RTM Key Management Service Setup: Key Management Service Setup Deploying the KMS service is easy and straight forward. Acquire VL Keys and media (same as today via online portal) Install Vista or Longhorn on any machine that will host KMS Install VLK to enable Key Management Service KMS encrypts and stores the VLK in its trusted store for security No other steps required Configure KMS so that clients will be able to communicate with KMS periodically KMS activated machines automatically re-activate, but will go out of tolerance after 180 days if disconnected Configure TCP port and firewall (optional) Configure DNS as needed for KMS discovery Vista/LH Server Client Setup: Vista/LH Server Client Setup After the KMS is running, deploy the clients. Roll out Vista or Longhorn Server 'clients' (using the same methods used to roll-out Windows XP: DVD, Disk Imaging, Remote Imaging - WDS) Optionally configure clients to locate KMS if not using auto-discovery (see next slide) Each client has a 30 day grace period after installation to contact the KMS. The first 25 clients to reach KMS are only counted, and kept in KMS list for 30 days Any subsequent client can automatically activate The first 25 automatically retry every 2 hours, and can then activate KMS Deployment Details: KMS Deployment Details KMS Discovery KMS attempts self-registration with DNS (via SRV resource records) DNS may require setting of permissions for KMS depending on network Client query obtains list of all KMS computers in the DNS domain and selects KMS at random KMS Communication Uses anonymous RPC over TCP (must open firewall port) TCP port (default 1688) configurable via WMI (registry key) Requests are asynchronous and lightweight (200 bytes) A single KMS on a desktop machine can handle 20,000 requests / hour Support for users that connect intermittently by automatic sensing when a machine comes online KMS Management WMI support for remote management of clients and KMS service All activity is logged in application event log of clients and KMS Sample reporting utilities and MOM pack will be provided (Not available now) Multiple Activation Keys (MAKs): Multiple Activation Keys (MAKs) If you are not sure if a user will be regularly on the corporate network, issue them a MAK. MAKs can be used multiple times (e.g. 100 activations), but have an upper limit MAK usage can be viewed via Microsoft online portals, and additional activations can be requested at no charge MAKS are protected in the trusted store, but have less ongoing security, and no centralized accounting (like KMS) Multiple Activation Keys Cont: Multiple Activation Keys Cont MAKs require key roll-out to each machine. This can be scripted or a MAK can be included in the Vista image. MAKs must activate against MS once per machine either online automatically, or offline using a confirmation ID received via telephone. This confirmation ID can be used multiple times to re-activate the same hardware. Auto-activation of MAKs can be setup by an admin. Bulk MAK activation using the telephone activation system is supported, so that the confirmation ID’s for multiple machines can be received with a single transaction MAK activations do not have any expiration associated with them, but they can go out of tolerance if enough hardware has been changed. Users can change from a KMS activation to a MAK by installing the key Activation Scenarios & Timeline: Activation Scenarios andamp; Timeline Grace Activated RFM Grace Automatic Activation Requests (2 hrs by def) Automatic Activation Renewal Requests (7 days by def) 30 days Re-activation after expiration 180 days (Each renewal extends this to the full 180 days) 30 days User Unable to Log On Automatic Activation Requests (2 hrs by def) Machine automatically activates and re-activates within grace or expiration period Machine goes out of 30 day grace period (or tolerance period) and into reduced functionality mode (RFM, which disables interactive log-on) Admin user installs MAK key and activates within 30 day grace (activation does not expire) Reduced Functionality Mode: Reduced Functionality Mode 'Activate today or some features will no longer work' notifications come up frequently near the end of the grace period before RFM. To fix RFM mode: Connect machine to the corporate network with KMS User with admin privilege can manually change to a MAK key (when attempting to log on – this can also be scripted by IT Pro) VLK Customer Experience Comparison: VLK Customer Experience Comparison Common Questions: Common Questions How does this affect my TCO? The impact on total cost of ownership will vary depending on customer corporate network configuration. In most cases the impact will be very small, requiring no new infrastructure or management. For many customers the additional asset management capabilities built on VLK2.0 will offset any additional IT management costs. New hardware is not required. KMS is lightweight and can co-exist with other services. What are the volume editions that support KMS? Client Business, Client Enterprise, Server Enterprise The client versions are upgrade versions only. Why is the value of 'n' set at 25 machines? Extensive research and customer feedback has shown that a network size of 25 machines will balance out a positive customer experience against creation of illegal networks. Customers with networks less than 25 machines will use Multiple Activation keys. Isn’t this just about Microsoft trying to make more money? While decreasing software theft of Windows benefits Microsoft, no enterprise wants to be responsible for illegal use of their volume keys. Improved security and accounting of volume licensing keys and software benefits Microsoft customers. Built-in Scripting Support : Built-in Scripting Support cscript C:\windows\system32\slmgr.vbs [ComputerName UserName Password] andlt;Optionandgt; cscript \windows\system32\slmgr.vbs –ato Activate manually cscript \windows\system32\slmgr.vbs –ipk Activate machine and turn it into KMS Server cscript \windows\system32\slmgr.vbs –dbi Display KMS and client license info Slide16: Questions? VLK 2.0 Activation Policies: VLK 2.0 Activation Policies KMS Activation N-Policy (min. # machines per KMS): 25 Expiration period until reactivation: 180 days (30 days for Beta 2 testing) Hardware tolerance: bound to system hard drive Out-of-box grace period: 30 days Out-of-tolerance: 30 days If user has gone beyond expiration or changed their hard drive MAK Activation No N-Policy No expiration Hardware tolerance: Certain hardware changes will require a re-activation, and will count against MAK total. Out-of-box grace period: 30 days Out-of-tolerance: 30 days For changed hardware only You do not have the permission to view this presentation. In order to view it, please contact the author of the presentation.
WindowsVista volume activation overview Spidermann Download Post to : URL : Related Presentations : Share Add to Flag Embed Email Send to Blogs and Networks Add to Channel Uploaded from authorPOINT Insert YouTube videos in PowerPont slides with aS Desktop Copy embed code: (To copy code, click on the text box) Embed: URL: Thumbnail: WordPress Embed Customize Embed The presentation is successfully added In Your Favorites. Views: 668 Category: Product Traini.. License: All Rights Reserved Like it (1) Dislike it (0) Added: June 18, 2007 This Presentation is Public Favorites: 0 Presentation Description No description available. Comments Posting comment... Premium member Presentation Transcript Vista Volume Activation OverviewVLK 2.0: Vista Volume Activation Overview VLK 2.0 Anders Björling Senior Consultant Microsoft Agenda: Agenda Activation in Vista and Longhorn OEM Key Management Service (KMS) Multiple Activation Keys (MAKs) Supported Scenarios Script for administrative purposes Activation in Vista and Longhorn: Activation in Vista and Longhorn There are three activation options for Vista and Longhorn Server. OEM pre-activated machines These machines do not need VLK 2.0 activation KMS (Key Management Service) For managed environments where users are connected to the corporate network MAK (Multiple Activation Key) For decentralized networks where users are rarely or never connected to the corporate network Vista Volume Activation Scenarios: Vista Volume Activation Scenarios Key Management Service Intro: Key Management Service Intro Key Management Service (KMS) is the central service in VLK 2.0 that handles volume activation of all clients and servers in an enterprise network. Target: Larger networks (at least 25 machines) that clients machines can regularly connect to. Benefits: Secure and centralized key administration Easy OS roll-out with automatic activation of clients Improved ongoing security Better accounting and trouble shooting Runs on Vista client or Longhorn Server WS2K3 support is planned post Vista RTM Key Management Service Setup: Key Management Service Setup Deploying the KMS service is easy and straight forward. Acquire VL Keys and media (same as today via online portal) Install Vista or Longhorn on any machine that will host KMS Install VLK to enable Key Management Service KMS encrypts and stores the VLK in its trusted store for security No other steps required Configure KMS so that clients will be able to communicate with KMS periodically KMS activated machines automatically re-activate, but will go out of tolerance after 180 days if disconnected Configure TCP port and firewall (optional) Configure DNS as needed for KMS discovery Vista/LH Server Client Setup: Vista/LH Server Client Setup After the KMS is running, deploy the clients. Roll out Vista or Longhorn Server 'clients' (using the same methods used to roll-out Windows XP: DVD, Disk Imaging, Remote Imaging - WDS) Optionally configure clients to locate KMS if not using auto-discovery (see next slide) Each client has a 30 day grace period after installation to contact the KMS. The first 25 clients to reach KMS are only counted, and kept in KMS list for 30 days Any subsequent client can automatically activate The first 25 automatically retry every 2 hours, and can then activate KMS Deployment Details: KMS Deployment Details KMS Discovery KMS attempts self-registration with DNS (via SRV resource records) DNS may require setting of permissions for KMS depending on network Client query obtains list of all KMS computers in the DNS domain and selects KMS at random KMS Communication Uses anonymous RPC over TCP (must open firewall port) TCP port (default 1688) configurable via WMI (registry key) Requests are asynchronous and lightweight (200 bytes) A single KMS on a desktop machine can handle 20,000 requests / hour Support for users that connect intermittently by automatic sensing when a machine comes online KMS Management WMI support for remote management of clients and KMS service All activity is logged in application event log of clients and KMS Sample reporting utilities and MOM pack will be provided (Not available now) Multiple Activation Keys (MAKs): Multiple Activation Keys (MAKs) If you are not sure if a user will be regularly on the corporate network, issue them a MAK. MAKs can be used multiple times (e.g. 100 activations), but have an upper limit MAK usage can be viewed via Microsoft online portals, and additional activations can be requested at no charge MAKS are protected in the trusted store, but have less ongoing security, and no centralized accounting (like KMS) Multiple Activation Keys Cont: Multiple Activation Keys Cont MAKs require key roll-out to each machine. This can be scripted or a MAK can be included in the Vista image. MAKs must activate against MS once per machine either online automatically, or offline using a confirmation ID received via telephone. This confirmation ID can be used multiple times to re-activate the same hardware. Auto-activation of MAKs can be setup by an admin. Bulk MAK activation using the telephone activation system is supported, so that the confirmation ID’s for multiple machines can be received with a single transaction MAK activations do not have any expiration associated with them, but they can go out of tolerance if enough hardware has been changed. Users can change from a KMS activation to a MAK by installing the key Activation Scenarios & Timeline: Activation Scenarios andamp; Timeline Grace Activated RFM Grace Automatic Activation Requests (2 hrs by def) Automatic Activation Renewal Requests (7 days by def) 30 days Re-activation after expiration 180 days (Each renewal extends this to the full 180 days) 30 days User Unable to Log On Automatic Activation Requests (2 hrs by def) Machine automatically activates and re-activates within grace or expiration period Machine goes out of 30 day grace period (or tolerance period) and into reduced functionality mode (RFM, which disables interactive log-on) Admin user installs MAK key and activates within 30 day grace (activation does not expire) Reduced Functionality Mode: Reduced Functionality Mode 'Activate today or some features will no longer work' notifications come up frequently near the end of the grace period before RFM. To fix RFM mode: Connect machine to the corporate network with KMS User with admin privilege can manually change to a MAK key (when attempting to log on – this can also be scripted by IT Pro) VLK Customer Experience Comparison: VLK Customer Experience Comparison Common Questions: Common Questions How does this affect my TCO? The impact on total cost of ownership will vary depending on customer corporate network configuration. In most cases the impact will be very small, requiring no new infrastructure or management. For many customers the additional asset management capabilities built on VLK2.0 will offset any additional IT management costs. New hardware is not required. KMS is lightweight and can co-exist with other services. What are the volume editions that support KMS? Client Business, Client Enterprise, Server Enterprise The client versions are upgrade versions only. Why is the value of 'n' set at 25 machines? Extensive research and customer feedback has shown that a network size of 25 machines will balance out a positive customer experience against creation of illegal networks. Customers with networks less than 25 machines will use Multiple Activation keys. Isn’t this just about Microsoft trying to make more money? While decreasing software theft of Windows benefits Microsoft, no enterprise wants to be responsible for illegal use of their volume keys. Improved security and accounting of volume licensing keys and software benefits Microsoft customers. Built-in Scripting Support : Built-in Scripting Support cscript C:\windows\system32\slmgr.vbs [ComputerName UserName Password] andlt;Optionandgt; cscript \windows\system32\slmgr.vbs –ato Activate manually cscript \windows\system32\slmgr.vbs –ipk Activate machine and turn it into KMS Server cscript \windows\system32\slmgr.vbs –dbi Display KMS and client license info Slide16: Questions? VLK 2.0 Activation Policies: VLK 2.0 Activation Policies KMS Activation N-Policy (min. # machines per KMS): 25 Expiration period until reactivation: 180 days (30 days for Beta 2 testing) Hardware tolerance: bound to system hard drive Out-of-box grace period: 30 days Out-of-tolerance: 30 days If user has gone beyond expiration or changed their hard drive MAK Activation No N-Policy No expiration Hardware tolerance: Certain hardware changes will require a re-activation, and will count against MAK total. Out-of-box grace period: 30 days Out-of-tolerance: 30 days For changed hardware only