Volume activation at University of Wisconsin-Madison

Source: https://kb.wisc.edu/page.php?id=5294

These are some of the important characteristics of Volume Activation 2.0 as implemented at the  UW-Madison.

In November 2006, Microsoft rolled out their new volume license activation scheme, Volume Activation 2.0 (VA2). Windows desktop (Vista) was the first software released using VA2, but other Microsoft volume-licensed software will eventually follow. As of late 2010, the current versions of Windows Server, Office, Visio, and Project are also using VA2.

VA2 shifts some of the burden of authenticating software installations and protecting activation keys from Microsoft to institutional users. Microsoft believes that preventing software piracy is an issue for all parties, not just for Microsoft, and VA2 is the next step in turning that belief into an enforceable implementation.

Activation is not licensing; it's a means of ensuring that installations are licensed. The 2006-2010 Microsoft Desktop Campus Agreement that gives users the right to install the most recent version of Office and the Windows OS on computers owned by the UW-Madison is based on the number of Full Time Equivalent employees at UW-Madison, not on the number of computers at UW-Madison. Neither we nor Microsoft negotiated the Campus Agreement with the understanding that there was a fixed relationship between the number of employees and the number of computers eligible for upgrade to the latest version of Office or Windows at the UW-Madison.

The bottom line is that departmental users do not need to concern themselves with the number of licenses or the number of allowed installations on UW-Madison-owned computers. They only need to ensure that the machine can be legally upgraded using departmental media, which means that it must be owned by the UW-Madison (for all software) and have a full Windows OS license associated with it (for the Windows upgrade).

Link to Volume Activation 2.0 FAQ (from Microsoft): https://www.microsoft.com/licensing/existing-customers/product-activation-faq.aspx

What follows are the important characteristics of VA2 as implemented at the UW-Madison.

  • An installation key is not required. Software installations will install and run normally for 30 days without any keys.
  • Activation is required. If activation does not occur during the grace period (usually 30 days), the computer transitions into notification mode. During notification mode, the user will see activation reminders during logon, as well as notification in the Action Center. In addition, the desktop background is set to black (for Windows installations).
  • There are two methods of activating VA2 software:   
  • Other activation methods are used for OEM installations and for retail(shrinkwrap) installations   

MAK

  • How it works   
    • Computers connect directly to servers at Microsoft and perform a one-time, permanent activation.
    • Computers that cannot be connected to the Internet can activate over the phone
  • Activation Hardware Tolerance   
    • A MAK activation key must be renewed if significant hardware changes occur. As hardware changes occur, the software tracks each change, using a weighted score to accumulate changes made. If a cumulative score reaches 25, the software is considered out of tolerance and must be activated with a MAK. Table 3 lists hardware components and their relative weight.
    • Table 3. Activation Hardware Tolerances
Component class name Weight
CD-ROM/CD-RW/DVD-ROM 1
Display adapter 1
RAM amount range (for example, 0–512 MB, 512 MB–1 GB, 2–4 GB) 1
Audio adapter 2
Network adapter Media Access Control (MAC) address 2
Small computer system interface (SCSI) adapter 2
Integrated device electronics (IDE) adapter 3
Processor 3
BIOS identification (0 always matches) 9
Physical operating system hard drive device serial number 11

KMS

  • How it works   
    • KMS activation requires a local machine running the Key Management Service on which client computers activate.
    • There is no limit to the number of computers that can activate against a KMS server.
    • Finding the machine running the KMS       
      • A KMS can be set up to publish SRV records in DNS that will automatically direct volume licensed software to the KMS server. If that is done, any client on a subnet that can access the KMS (and has not been set up to perform some other mode of activation) will find and activate on that KMS.
      • A KMS can be set up to notpublish SRV records in DNS. If that is done, clients will have to know the IP address and/or the DNS name of the machine running the KMS in order to activate.
      • Individual computers can be set up to activate on a specific KMS server.           
        • The procedure to change a machine currently activated with an MAK to KMS can be found in kb doc 5364.
    • The activations are leases. Once clients find and activate on a KMS server, their lease is 180 days.       
      • If a client is unable to reconnect to any KMS server before that 180 days passes, it will go into a 30-day grace period. If that 30 days passes without activation, the client will enter notification mode.
      • Once a client connects to a KMS server, it will attempt to reconnect to that same KMS server at one-week intervals. Every time it succeeds in connecting, it will extend its lease out another 180 days from the date it connects
  • Activation Hardware Tolerance   
    • Computers that use KMS activation do not require reactivation for hardware out of tolerance conditions unless the hard disk on which the operating system resides is replaced.
  • Other   

UW-Madison's VA2 Implementation

  • DoIT distributed Vista with an embedded MAK key. That worked fine for the limited number of Vista activations on campus and we will continue to use that method for additional Vista installations.
  • With the maturation of KMS tools and technology, we began using KMS activation for any Microsoft software that supports it.   
    • For large distributions (Windows 7 and Office 2010, for example), installations performed from media purchased at the Tech Store on machines that are part of the UW network will automatically activate on the UW-Madison's KMS server. They will not require any additional action by the user during installation, nor will they require the input of a key.
    • For smaller distributions (Windows Server 2008R2, for example), we will send instructions on how to activate:       
      • You can specify the KMS server on which any Volume-activation enabled software will activate by following the instructions found on KB doc 5364 (skip steps 1 and 3 if the computer does not currently have a MAK).
    • You can activate from off-campus on the UW-Madison's KMS server if you connect via WiscVPN. Both the OnCampus and OffCampus VPN profiles will allow you to activate. This works with both 32- and 64-bit versions of Windows 7 (64-bit only works with the newer AnyConnect client).
    • Machines that will not connect to the UW network for more than six months at a time (primarily off-campus UW-owned laptops) will still require a MAK.       
      • To get the UW-Madison's MAK, please request it by emailing licensing@doit.wisc.edu.
      • See KB doc 5365 for instructions on how to change a machine from KMS to MAK activation.

Original Equipment Manufacturer (OEM) Activation ? A software installation with OEM Activation is what you would receive from Dell (or another OEM) when you purchase a computer with software pre-installed. The new product activation technology used in software installed by OEMs is called “OEM Activation 2.0,” or OA 2.0.

  • OEM activation uses a special BIOS marker that is pre-loaded by the OEMs. It will never need to activate with either Microsoft or a KMS.
  • If you reinstall the software with media that came from the OEM for your computer, that will also result in an installation that never needs to be activated.
  • If you reload the machine with a volume license image, then it has to be activated using MAK or KMS.
  • Activation Hardware Tolerance
    OEM Activation 2.0 uses information stored in an OEM PC’s BIOS and Hard Disk Drive (HDD) to protect the installation from casual piracy. No communication by the end customer to Microsoft is required and no hardware hash is created or necessary. At boot, the software compares the PC’s BIOS to the OA 2.0 information on the HDD. If it matches, activation is successful.

Retail (shrinkwrap) Activation

  • A software installation installed from a retail version must be activated online or over the telephone. Each retail installation of the software requires a unique product key.