Customizing WinPE 20ppt.ppt by handongqp


									Vista Volume Activation Overview
VLK 2.0

Anders Björling
Senior Consultant
 Activation in Vista and Longhorn
   Key Management Service (KMS)
   Multiple Activation Keys (MAKs)
 Supported Scenarios
 Script for administrative purposes
Activation in Vista and Longhorn
There are three activation options for Vista and
  Longhorn Server.

  OEM pre-activated machines
     These machines do not need VLK 2.0 activation

  KMS (Key Management Service)
     For managed environments where users are connected to the
     corporate network

  MAK (Multiple Activation Key)
     For decentralized networks where users are rarely or never
     connected to the corporate network
Vista Volume Activation Scenarios
We provide our media to the OEM and get our machines pre-installed from      Use OEM (No need
an OEM partner                                                               for KMS or MAK)

Our users are on a managed network and they connect regularly to the         Use KMS

We have a multiple domain, multi-national environment with 100,000           Use KMS
connected PCs

We have a traveling sales force who are connected to the network less than   Use MAK
twice per year

We have a remote office with it’s own network that has fewer than 25 users   Use MAK

We send soldiers into the field who may need to re-install and re-activate   Use MAK (with Conf
Vista without access to the internet or phone                                ID)

We have a completely disconnected lab with 1000 machines that don’t          Use MAK (with bulk
connect to the internet                                                      activation)

We have users in a remote area that only has a very slow and potentially     Use MAK or KMS
expensive link to the internet                                               (modify interval)
Key Management Service Intro
 Key Management Service (KMS) is the central service in VLK
 2.0 that handles volume activation of all clients and servers in
 an enterprise network.

 Target: Larger networks (at least 25 machines) that clients
 machines can regularly connect to.

       Secure and centralized key administration
       Easy OS roll-out with automatic activation of clients
       Improved ongoing security
       Better accounting and trouble shooting
       Runs on Vista client or Longhorn Server
             WS2K3 support is planned post Vista RTM
Key Management Service Setup
 Deploying the KMS service is easy and
  straight forward.

1. Acquire VL Keys and media (same as today via online portal)
2. Install Vista or Longhorn on any machine that will host KMS
3. Install VLK to enable Key Management Service
   • KMS encrypts and stores the VLK in its trusted store for security
   • No other steps required
4. Configure KMS so that clients will be able to communicate
   with KMS periodically
   • KMS activated machines automatically re-activate, but will go
     out of tolerance after 180 days if disconnected
   • Configure TCP port and firewall (optional)
   • Configure DNS as needed for KMS discovery
Vista/LH Server Client Setup
 After the KMS is running, deploy the clients.

1. Roll out Vista or Longhorn Server “clients” (using the same
   methods used to roll-out Windows XP: DVD, Disk Imaging,
   Remote Imaging - WDS)
2. Optionally configure clients to locate KMS if not using auto-
   discovery (see next slide)
3. Each client has a 30 day grace period after installation to
   contact the KMS.
4. The first 25 clients to reach KMS are only counted, and kept
   in KMS list for 30 days
   • Any subsequent client can automatically activate
   • The first 25 automatically retry every 2 hours, and can
     then activate
KMS Deployment Details
KMS Discovery
  KMS attempts self-registration with DNS (via SRV resource records)
     DNS may require setting of permissions for KMS depending on network
     Client query obtains list of all KMS computers in the DNS domain and selects KMS
     at random

KMS Communication
  Uses anonymous RPC over TCP (must open firewall port)
     TCP port (default 1688) configurable via WMI (registry key)
     Requests are asynchronous and lightweight (200 bytes)
     A single KMS on a desktop machine can handle 20,000 requests / hour
  Support for users that connect intermittently by automatic sensing when a
  machine comes online

KMS Management
  WMI support for remote management of clients and KMS service
  All activity is logged in application event log of clients and KMS
  Sample reporting utilities and MOM pack will be provided (Not available now)
Multiple Activation Keys (MAKs)
If you are not sure if a user will be regularly on the
    corporate network, issue them a MAK.

   MAKs can be used multiple times (e.g. 100
   activations), but have an upper limit

   MAK usage can be viewed via Microsoft online
   portals, and additional activations can be
   requested at no charge

   MAKS are protected in the trusted store, but
   have less ongoing security, and no centralized
   accounting (like KMS)
Multiple Activation Keys Cont
  MAKs require key roll-out to each machine. This can be scripted or
  a MAK can be included in the Vista image.
  MAKs must activate against MS once per machine either online
  automatically, or offline using a confirmation ID received via
  telephone. This confirmation ID can be used multiple times to re-
  activate the same hardware.
  Auto-activation of MAKs can be setup by an admin.

  Bulk MAK activation using the telephone activation system is
  supported, so that the confirmation ID’s for multiple machines can be
  received with a single transaction
  MAK activations do not have any expiration associated with them,
  but they can go out of tolerance if enough hardware has been
  Users can change from a KMS activation to a MAK by installing the
   Activation Scenarios & Timeline

1. Machine automatically activates and re-activates within grace or expiration period
2. Machine goes out of 30 day grace period (or tolerance period) and into reduced
   functionality mode (RFM, which disables interactive log-on)
3. Admin user installs MAK key and activates within 30 day grace (activation does
   not expire)

    Automatic                Automatic Activation                Automatic
    Activation                    Renewal                        Activation
     Requests                     Requests                        Requests
  (2 hrs by def)               (7 days by def)                 (2 hrs by def)

    Grace                        Activated                        Grace     RFM

                       Re-activation after expiration            30 days         User
  30 days
                                 180 days                                       Unable
                        (Each renewal extends this                                to
                           to the full 180 days)                                Log On
Reduced Functionality Mode
 “Activate today or some features will no longer work” notifications come up
 frequently near the end of the grace period before RFM.
 To fix RFM mode:
    Connect machine to the corporate network with KMS
    User with admin privilege can manually change to a MAK key (when attempting to log
    on – this can also be scripted by IT Pro)
VLK Customer Experience
                  VLK 1.0 Activation         VLK 2.0 KMS Activation                  VLK 2.0 MAK Activation

 Getting your     1. Locate Licensing Site   1. Locate Licensing Site or phone the   1. Locate Licensing Site or
    Keys             or phone the call          call center                             phone the call center
                     center                  2. Provide credentials                  2. Provide credentials
                  2. Provide credentials     3. Acquire VLK                          3. Request / receive MAK
                  3. Acquire VLK

Configuration     Include VLK in             Install VLK on KMS machine and          NA
                  unattend.txt file for      configure discovery and
                  deployment                 communication for KMS service

OS Installation   Install/Deploy Image       Install/Deploy Image                    Install/Deploy Image

Grace period      NA                         30 days to activate                     30 days to activate

  Activation      NA                         Activation happens automatically on     User with admin privileges enters
                                             the network                             MAK key (UI or script) and
                                                                                     activates online or calls MS for
                                                                                     telephone activation
Expiration &      NA                         Expiration is 180 days. Re-activation   NA
Re-activation                                against KMS automatically

  Hardware        NA                         Hard drive changes will force a need    Certain hardware changes will
  Tolerance                                  for re-activation within 30 days.       force a need for re-activation
                                                                                     within 30 days
 Common Questions
   How does this affect my TCO?
      The impact on total cost of ownership will vary depending on customer
      corporate network configuration. In most cases the impact will be very small,
      requiring no new infrastructure or management.
      For many customers the additional asset management capabilities built on
      VLK2.0 will offset any additional IT management costs.
      New hardware is not required. KMS is lightweight and can co-exist with other
What are the volume editions that support KMS?
      Client Business, Client Enterprise, Server Enterprise
      The client versions are upgrade versions only.
   Why is the value of “n” set at 25 machines?
      Extensive research and customer feedback has shown that a network size of
      25 machines will balance out a positive customer experience against creation
      of illegal networks. Customers with networks less than 25 machines will use
      Multiple Activation keys.
   Isn’t this just about Microsoft trying to make more money?
      While decreasing software theft of Windows benefits Microsoft, no enterprise
      wants to be responsible for illegal use of their volume keys. Improved security
      and accounting of volume licensing keys and software benefits Microsoft
Built-in Scripting Support
 cscript C:\windows\system32\slmgr.vbs [ComputerName
 UserName Password] <Option>
 cscript \windows\system32\slmgr.vbs –ato
   Activate manually

 cscript \windows\system32\slmgr.vbs –ipk
   Activate machine and turn it into KMS Server

 cscript \windows\system32\slmgr.vbs –dbi
   Display KMS and client license info

To top