By Michael Cherry, Directions on Microsoft
ITAK V9 I2
Ensuring Windows and Office stay activated and available for users requires the involvement of both procurement personnel and IT. All customers, including those using volume licensing media, must properly activate Windows desktop clients, Windows servers, and the Office suite, including Visio and Project, to ensure the products remain fully operational. Activation requires that procurement personnel acquire the necessary licenses, software, and activation keys and work with the IT personnel who install, configure, and maintain the organization’s activation infrastructure and deploy the software. Although activation requires a dedicated effort, its sole purpose is to help Microsoft address its piracy problem, and it plays no role in either software asset management or license compliance.
What Is Activation?
Activation is the process of associating a product key with an installation of Windows or Office. Consumers must activate to limit end-user copying and other forms of piracy. Corporations have to activate to limit improper use of volume license software outside the organization entitled to it. Software that requires activation will eventually lose functionality and stop running if it is not activated, regardless of whether it is installed on physical hardware or in a virtual machine. Most organizations can reduce any negative impact of activation by ensuring that procurement and IT understand their roles in activation and work together.
Procurement’s Role in Activation
In most organizations, procurement’s primary role in the activation process is to acquire the necessary keys and, often, the product (volume licensing media) from the Volume Licensing Service Center (VLSC), but procurement personnel should also be involved in determining which activation methods the organization uses.
Activation methods that organizations can use fall into two categories:
· On-premises activation allows an organization to perform activation using an in-house activation infrastructure based on Key Management Service (KMS) keys, and it relies on either an organization-installed and -maintained KMS server or the organization’s Active Directory to perform the actual activation process
· Microsoft-hosted activation allows an organization to perform activation using Microsoft’s activation infrastructure, based on Multiple Activation Keys (MAK), which requires computers being activated to connect with Microsoft via the Internet or by telephone (via an automated voice call)
Generally, large organizations tend to favor on-premises activation for most computers, although they may also need to activate some computers with Microsoft’s activation infrastructure.
The primary advantage of on-premises activation is that procurement will not have to periodically request additional keys. If a key is stolen or misappropriated, it is useless to the pirate because the key only activates when the computer being activated can connect through the organization’s firewall to the on-premises activation infrastructure.
On-premises activation does have some disadvantages. The organization will need to set up and maintain an in-house activation infrastructure, and computers activated on-premises must periodically reconnect to the infrastructure to reactivate. Also, in-house activation requires that an organization activate specific minimum numbers of computers for each product family.
Organizations typically set up one or more KMS servers to activate software. Each KMS server requires special, separate initialization keys before the KMS server can be used to activate products. Each KMS key is associated with a specific family of products (for example, Windows or Office) and can activate an unlimited number of computers. Procurement personnel obtain these keys from the VLSC and distribute them to IT personnel, who assign them to KMS servers.
Windows Server 2012 R2 introduces new on-premises activation options that do not require separate KMS servers; for example, activation can be handled by the Active Directory service that also authenticates users and computers. However, KMS keys are still required.
Computers activated on-premises (which can be referred to as KMS clients) must reactivate once every 180 days. They are set to attempt to reactivate every seven days, but they must successfully reactivate at least once every 180 days to remain functional. This requires IT to keep the activation infrastructure up and reachable over the organization’s network for all KMS clients.
Each product family requires the organization to activate a specific number of computers before the activations are valid. For example, to use on-premises activation for Windows client and server activation, the organization must have a combination of more than 25 Windows Servers and Windows clients. To activate Office (2010 or greater), there must be five or more computers to activate. Most organizations can easily meet these minimums, but this means that small departments or branch sites can’t simply use their own KMS servers.
The main advantage of Microsoft-hosted activation is that the organization does not have to install and maintain any infrastructure, everything is handled by Microsoft. There is also no activation threshold (even a single computer can be activated by Microsoft-hosted activation). In addition, once activated, the computer never has to reactivate, unless the hardware in the computer changes substantially so that it appears to activation that the product was moved to a different computer.
Computers using Microsoft-hosted activation must be connected to the Internet. The MAK keys used for Microsoft-hosted activation can activate a specific number of computers, unlike a KMS key, which can activate any number of computers. Therefore, an organization using Microsoft-hosted activation may have to contact Microsoft to increase the number of activations allowed on a specific MAK key.
Finally, MAK keys that are stolen or misappropriated can be used by a software pirate or other unauthorized person because the keys are activated against Microsoft’s infrastructure. If this should occur, the organization would likely find out when their pool of MAK keys was suddenly exhausted, and they would need to work with Microsoft to determine what happened and get replacement MAK keys.
Acquiring Necessary Keys
Procurement personnel have an ongoing role in activation acquiring media and associated KMS and MAK keys from the VLSC. Each key is a unique 25-character, alphanumeric code. To make it easier for people to enter, it is typically provided as five groups of five characters, separated by dashes. The key types are not interchangeable: a MAK key cannot be used with a KMS server, and a KMS key cannot be used with Microsoft’s activation infrastructure. Organizations should make sure they acquire the keys for the products they have deployed, because KMS keys are specific to product families.
Procurement personnel should also be aware that new Windows computers are normally activated with another type of key by the OEM. However, if an organization chooses to reimage a computer that was activated with an OEM key, the reimaged computer will need to be activated by KMS or MAK keys. Reimaging is common. For example, an organization will often buy computers with Windows 8 but reimage with Windows 7 volume licensing media, exercising its downgrade rights and rights to those media. Organizations also reimage computers to deploy Windows 8.1 Enterprise, an edition only available in volume licensing.
Once procurement and IT personnel determine the activation methods best suited for the organization’s needs, the IT department sets up and manages the organization’s activation infrastructure, including updating the infrastructure with each new release of product versions and editions. To keep the infrastructure working, IT personnel need to notify procurement personnel in a timely manner when a new KMS initialization key is needed, or when new MAK keys are required.
Not for Software Asset Management
Many software procurement personnel are also responsible for software asset management (SAM) processes, which aim to ensure software license compliance and more generally match software license purchases to the organization’s IT needs. Activation is of limited value for these processes.
In particular, KMS keys can activate any number of computers, and MAK keys have loose limits to allow for reactivations and reinstalls, so neither one provides a reliable method to limit the number of software installations. Activation just records each time the product is installed, which does not translate directly into license quantities required. There is no clear mapping between activation and licenses used. For example, multiple Office suite activations may have occurred on a single PC because the system was rebuilt or because both Office 2010 and Office 2013 are installed on the same computer and used side by side. Or, in the case of Remote Desktop Services, a single activation may be used to install Office, and many users may connect to Remote Desktop Services to use it.
Consequently, activation data are of limited use for ensuring that software usage matches licenses purchased. Organizations that want technical means of monitoring and enforcing compliance will need to turn to other tools, such as the Microsoft Assessment and Planning (MAP) Toolkit and System Center Configuration Manager.
Availability and Resources
With Windows XP and Windows Server 2003, businesses that purchased Windows or Windows Server through volume licensing programs, such as an Enterprise Agreement, did not have to activate Windows. Now, all customers must activate Windows client (Vista, 7, 8, and 8.1) and Windows Server (2008, 2008 R2, 2012, and 2012 R2). Windows RT, which is only available preinstalled on hardware from OEMs, cannot be reimaged, and it cannot be activated with either MAK or KMS keys.
With Office 2010, activation was expanded to include volume-licensed editions of Office desktop products. All volume-licensed Office 2010 and 2013 desktop suites and applications (Access, Excel, OneNote, Outlook, PowerPoint, Project, Visio, and Word) must be activated using one of the methods described.
Although most Microsoft products use a similar 25-character key for installation, these products are not actually activated using the on-premises or Microsoft-hosted activation processes at this time.