Volume Activation 2.0 at UW-Madison
These are some of the important characteristics of Volume Activation 2.0 as implemented at the
UW-Madison.
In November 2006, Microsoft rolled out their new volume license activation
scheme, Volume Activation 2.0 (VA2). Vista was the first software released using
VA2, but most other Microsoft volume-licensed software will eventually follow.
VA2 shifts some of the burden of authenticating software installations and
protecting activation keys from Microsoft to institutional users. Microsoft
believes that preventing software piracy is an issue for all users, not just
for Microsoft, and VA2 is the next step in turning that belief into an enforceable
implementation.
Activation is not licensing; it’s a means of ensuring that installations
are licensed. The 2006-2010 Microsoft Desktop Campus Agreement that gives users
the right to install the most recent version of the Windows OS on computers owned by the UW-Madison is based on
the number of Full Time Equivalent employees at UW-Madison, not on the number
of computers at UW-Madison. Neither we nor Microsoft negotiated the Campus
Agreement with the understanding that there was a fixed relationship between
the number of employees and the number of computers eligible for upgrade to
the latest version of Windows at the UW-Madison.
The bottom line is that departmental users do not need to concern themselves
with the number of licenses or the number of allowed installations at the UW-Madison.
They only need to ensure that the machine can be legally upgraded using departmental
media, which means that it must be owned by the UW-Madison and have a full
Windows OS license associated with it.
Windows Volume Activation 2.0 FAQ (from Microsoft): http://www.microsoft.com/licensing/existing-customers/product-activation-faq.aspx
What follows are the important characteristics of VA2 as implemented at the
UW-Madison.
- An installation key is not required. Vista and Windows 7 installations will install and
run for 30 days without any keys.
- Activation is required. If activation does not occur during the grace period (usually 30 days), the computer transitions into notification mode. During notification mode, the user will see activation reminders during logon, as well as notification in the Action Center. In addition, the desktop background is set to black.
- There are two methods of activating VA2 software:
- Other activation methods:
- for OEM installations of Windows
- for retail (shrinkwrap) installations
of Windows
MAK
- How it works
- Computers connect directly to servers at Microsoft and perform
a one-time, permanent activation.
- Computers that cannot be connected to the Internet can activate over
the phone
- Activation Hardware Tolerance
- In much the same way the Windows XP Windows Product Activation functions,
a MAK activation key must be renewed if significant hardware changes
occur. As hardware changes occur, Windows tracks each change,
using a weighted score to accumulate changes made. If a cumulative
score reaches 25, the computer is considered out of tolerance and must
be activated with a MAK. Table 3 lists hardware components and their
relative weight.
- Table 3. Activation Hardware Tolerances
| Component class name |
Weight |
| CD-ROM/CD-RW/DVD-ROM |
1 |
| Display adapter |
1 |
| RAM amount range (for example, 0–512 MB,
512 MB–1 GB, 2–4 GB) |
1 |
| Audio adapter |
2 |
| Network adapter Media Access Control (MAC)
address |
2 |
| Small computer system interface (SCSI) adapter |
2 |
| Integrated device electronics (IDE) adapter |
3 |
| Processor |
3 |
| BIOS identification (0 always matches) |
9 |
| Physical operating system hard drive device
serial number |
11 |
KMS
- How it works
- KMS activation requires a local machine running the Key Management Service on which
client computers activate.
- There is no limit to the number of computers that can activate
against a KMS server.
- Finding the machine running the KMS
- A KMS can be set up to publish SRV records in DNS
that will automatically direct volume licensed Windows
clients to the KMS server. If that is done, any
client on a subnet that can access the KMS (and has
not been set up to perform some other mode of activation)
will find and activate on that KMS.
- A KMS can be set up to not publish
SRV records in DNS. If that is done, clients will have
to know the IP address and/or the DNS name of the machine
running the KMS in order to activate.
- Individual computers can be set up to activate on a specific KMS server.
- The procedure to change a machine currently activated with an MAK to KMS can be found in kb doc 5364.
- The activations are leases. Once clients find and activate on
a KMS server, their lease is 180 days.
- If a client is unable to reconnect to any KMS server before
that 180 days passes, it will go into a 30-day grace period.
If that 30 days passes without activation, the client will
enter RFM.
- Once a client connects to a KMS server, it will attempt to
reconnect to that same KMS server at one-week intervals. Every
time it succeeds in connecting, it will extend its lease out
another 180 days from the date it connects
- Activation Hardware Tolerance
- Computers that use KMS activation do not require reactivation for
hardware out of tolerance conditions unless the hard disk on which the
operating system resides is replaced.
- Other
UW-Madison's VA2 Implementation
- DoIT distributed Vista with an embedded MAK key. That worked fine for the limited number of Vista activations on campus and we will continue to use that method for additional Vista installations.
- Considering the anticipated popularity of Win7 and the maturation of KMS tools and technology, DoIT will distribute Win7 media that uses KMS activation.
- Installations performed with Win7 media purchased from the Tech Store on machines that are part of the UW network will activate on the UW-Madison's KMS server. They will not require any additional action by the user during installation, nor will they require the input of a key.
- You can specify the KMS server on which any Vista or Win7 computer will activate by following the instructions found on KB doc 5364 (skip step 3 if the computer does not currently have a MAK).
- It appears that activation over WiscVPN does work, which may permit remote Win7 installations to activate using KMS as long as they connect at least every six months. However, we have not tested that extensively. If you have experience with activating over WiscVPN on UW-Madison's KMS, please let us know via the comments link at the bottom of this page.
- Machines that will not connect to the UW network for more than six months at a time (primarily off-campus UW-owned laptops) will still require a MAK.
- To get the UW-Madison's MAK, please request it by emailing licensing@doit.wisc.edu.
- See KB doc 5365 for instructions on how to change a machine from KMS to MAK activation.
Original Equipment Manufacturer (OEM) Activation ― A Windows installation
with OEM Activation is what you would receive from Dell (or another OEM)
when your purchase a computer with Windows pre-installed. The new product activation technology used in Windows by OEMs is called “OEM Activation 2.0,” or OA 2.0.
- OEM activation uses a special BIOS marker that is pre-loaded by the
OEMs. It will never need to activate with either Microsoft or a KMS.
- If you reinstall the OS with media that came from the OEM for your computer,
that will also result in an installation that never needs to be activated.
- If you reload the machine with a volume license image, then it has to
be activated using MAK or KMS.
- Activation Hardware Tolerance
OEM Activation 2.0 uses information stored in an OEM PC’s BIOS and Hard Disk Drive (HDD) to protect the installation from casual piracy. No communication by the end customer to Microsoft is required and no hardware hash is created or necessary. At boot, Windows compares the PC’s BIOS to the OA 2.0 information on the HDD. If it matches, activation is successful.
Retail (shrinkwrap) Activation
- A Windows installation installed from
a retail version must be activated online or over the telephone. Each retail
installation of Windows requires a unique product key.
