Microsoft Press
Books designed for the different ways you learn. And across the range of Microsoft technologies. Welcome!
We’re excited to announce that Craig Zacker and Orin Thomas’s MCITP Self-Paced Training Kit (Exam 70-686): Windows 7 Enterprise Desktop Administrator (ISBN 9780735627178; 592 pages) is now available for purchase!
You can find the book’s Contents at a Glance and as excerpt form the introduction in this previous post.
In today’s post, please enjoy an excerpt from Chapter 2, “Designing a Client Life Cycle.”
When you are designing a client life cycle, you should ensure that your plan reduces the amount of time you have to spend maintaining parts of that life cycle. Your aims can include reducing the amount of time you spend managing operating system activation, configuring the operating system so that the installation is easily transferrable to another computer, and minimizing the amount of time it takes to move data from an older computer to its replacement.
Although it is not a problem to enter a unique product key when you perform a traditional installation of Windows 7 on a small number of computers, a simple operation that takes a minute or so becomes problematic when you have to perform the same operation on several thousand. Microsoft offers enterprise customers an alternative way of ensuring that their computers are properly licensed without consuming an inordinate amount of time. The name for this method is volume activation. You will learn about volume activation in the first lesson of this chapter.
A new feature of Windows 7 is the ability to deploy the operating system directly to a VHD file and boot that VHD file on physical hardware. Installing Windows 7 on a bootable VHD allows an installation to be easily migrated to new hardware. When configured in this manner, migration to new hardware is as simple as transferring the VHD container in which Windows 7 has been installed to the new physical or virtual host.
Although the promise of VHD deployments suggest that in the future it will be relatively simple to migrate users from their old computers to their new computers, most of the users coming to a new Windows 7 installation will be coming from computers running the Windows XP or Windows Vista operating systems. The User State Migration Tool offers administrators the ability to automate the process of user data migration, vastly speeding the process of transitioning users from these older computers to new computers that run Windows 7.
Exam objectives in this chapter: ■ Plan and manage client licensing and activation. ■ Plan and manage a physical hardware and virtualization strategy. ■ Design a user state migration strategy.
Lessons in this chapter: ■ Lesson 1: Designing and Managing a Licensing Strategy ■ Lesson 2: Designing a Client Hardware Platform ■ Lesson 3: Migrating User Profiles
To complete the exercises in the practice sessions in this chapter, you need to have done the following: ■ Installed the Windows 7 operating system on a stand-alone client PC named WKSTN1, as described in the introduction. ■ Downloaded and installed the Windows Automated Installation Kit (Windows AIK).
The licensing strategy that you choose depends on the circumstances of your Windows 7 deployment. When you are determining which strategy to pursue, you must take into account factors such as client connectivity to the Microsoft activation servers on the Internet, the number of clients that you need to activate, and the editions of Windows 7 that you have chosen to deploy. In this lesson, you learn about the licensing and activation options that are available to volume licensing customers and how these differ from the licensing and activation options available to normal retail customers.
Windows 7 uses three types of license: the OEM license, the retail license, and the volume license. OEM licenses are tied to a specific hardware vendor. This license type is used with computers that are sold with Windows 7 already installed by the vendor, such as those you might purchase from your local computer retailer. The product keys associated with an OEM license do not allow you to transfer the license to a computer made by a different vendor. Computers that have OEM licenses undergo activation prior to being deployed to customers.
Retail keys are provided when you buy a retail copy of Windows 7. You can use the Home Premium, Professional, and Ultimate editions of Windows 7 with retail keys. Because a retail key is used only for a single computer, this type is not used with zero touch or lite touch automated volume deployments.
Volume License keys are made available to organizations that have a volume licensing agreement with Microsoft. Volume licenses include the Open, Select, and Enterprise agreement types. You can use volume license keys only with computers running the Windows 7 Professional and Enterprise operating systems. You can use a mixture of retail, volume license, and OEM keys in an organizational environment.
Each computer that runs the Windows 7 operating system installed in your organization must undergo Windows Product Activation (WPA). Microsoft uses WPA to ensure that it is possible to use the Windows 7 operating system on a computer only when the computer has a license. Windows 7 must undergo the WPA process within 30 days of the completed installation. You can extend this 30-day period to a total of 120 days by using the slmgr.vbs –rearm command. Each use of this command extends the activation period for 30 days. You can use this command to extend the activation period only three times. After the grace period expires, the WPA process must successfully occur or Windows enters reduced functionality mode.
WPA relies on two specific identifiers and a third identifier that Windows generates based on the previous two identifiers. These identifiers have the following properties: ■ Hardware iD This identifier is generated using information about computer hardware configuration. This ID is unique and changes if the hardware configuration of the computer changes. ■ Product iD 25-character key. This is either a retail key or a Multiple Activation Key. Unless Key Management Services is in use, this key must be input on the computer running the Windows 7 operating system. You can deploy keys through the unattended installation process. You learn about Key Management Services and deploying keys in an unattended installation later in this lesson. ■ installation iD Windows 7 generates this ID using the Hardware ID and Product ID. You forward the installation ID to Microsoft when you perform an activation using the telephone.
During the online WPA process, the computer forwards the Product and Hardware IDs to Microsoft activation servers. If the activation check determines that the Product ID has not exceeded its allowed number of activations, the activation servers record the Hardware ID and Product ID, the number of recorded activations for the Product ID is incremented, and the activation servers forward an activation code to the client. Microsoft allows you to reinstall and reactivate Windows 7 on the same computer once
without incrementing the number of recorded activations. Substantially altering the computer’s hardware configuration also triggers reactivation. This can cause problems if a prior event has triggered a reactivation: you might need to contact Microsoft if a single computer goes through several rapid hardware configuration changes that prompt multiple reactivations.
You can choose from two methods for performing volume licensing activation: Multiple Activation Keys (MAK keys) or Key Management Services. In the real world, one method is more appropriate for some situations but in other situations, the choice is a matter of personal preference. You often need to choose a volume activation method prior to deploying client computers running the Windows 7 operating system. In the next few pages, you learn about the solutions that you can implement and the types of situations in which you would choose one volume licensing activation method over another.
MAK keys are special keys that allow an organization to perform multiple activations using a single key. MAK keys are similar to retail keys except that instead of allowing a single activation, they allow multiple activations from different computers to occur up to the limit defined by the particular key. The number of activations that a MAK key allows depends on the number you purchase when you obtain the key. You cannot recover an activation on a MAK key after you have consumed it. For example, if an organization uses a MAK key and replaces one computer running Windows 7 activated using a MAK key with another computer, the replacement computer consumes a new activation of the MAK key. In some scenarios, this circumstance makes KMS a preferred solution to MAK key activation.
As a single key is used, you can add MAK keys images when deploying them centrally. When using the Sysprep utility to prepare an image, you add a MAK key to an image during the Specialize configuration pass. When performing a traditional installation, you can enter MAK keys in the same way that you would enter a retail key. The main issue that requires consideration when using a MAK key is how you will perform activation.
You can activate a MAK key in one of two ways: ■ MAK independent Activation Similar to normal retail activation in that it requires that each computer independently activate. You can activate the key automatically over the Internet or use the telephone to call the licensing clearinghouse. MAK Independent Activation is a good option for locations in which you do not have sufficient numbers of clients to make KMS or MAK Proxy Activation viable. For example, if you plan to deploy five clients on an isolated network, it is simpler for you to perform MAK Independent Activation over the telephone than it is to configure MAK Proxy Activation for such a small number of clients.
■ MAK Proxy Activation Allows administrators to configure activation of multiple independent clients using a single connection to Microsoft. MAK Proxy Activation is suitable for isolated networks that do not meet the KMS client threshold but have sufficient numbers of clients to make independent activation more time consuming than configuring proxy activation. For example, consider MAK Proxy Activation for an isolated network of 23 clients for the Windows 7 Enterprise operating system. Performing 23 separate telephone activations would take more time than configuring proxy activation. To use MAK Proxy Activation, you need to configure the Volume Activation Management Tool (VAMT). You learn about the VAMT in the next section.
The Volume Activation Management Tool (VAMT) allows you to collect activation requests from multiple computers and then forward those requests to Microsoft all at one time. After the VAMT receives the activation confirmation identifiers from Microsoft, it can distribute those IDs back to the computers that originally requested activation. The term for this process is MAK Proxy Activation, described previously.
The VAMT stores activation confirmation identifiers in a database called a collection. Because these identifiers are stored locally, you can perform operating system reactivation without being required to initiate a new connection between the computer hosting the VAMT and Microsoft. This allows organizations to reimage computers without the concern of consuming an additional activation on an existing MAK key. You can use the Volume Activation Management Tool to transition client computers between MAK and KMS volume activation if necessary.
To use MAK Proxy Activation, perform the following general steps:
You can configure VAMT clients on an Active Directory computer account, a stand-alone workgroup membership, a fully qualified domain name, or an IP address, as shown in Figure 2-1. The tool also allows you to see the current licensing state of clients on your network, allowing you to determine whether your organization is compliant with the number of purchased licenses.
FIGURE 2-1 Volume Activation Management Tool
You can also use the VAMT to activate a large number of computers that are located on a network connected to the Internet. The name for this process is MAK Independent Activation. When you perform MAK Independent Activation, the VAMT installs the MAK key on a group of selected computers and then prompts those computers to undergo the activation process on Microsoft activation servers.
Key Management Service (KMS) allows you to place an activation server on the local area network. Rather than activate on the Microsoft activation servers on the Internet, clients activate on the KMS server on the LAN. Clients locate KMS servers using DNS. Because KMS provides activation servers, you should not expose a KMS server to hosts on the Internet by allowing direct access from the Internet. You can also configure clients to use a specific KMS server by using the VAMT. Computers running the Windows 7, Windows Vista, Windows Server 2008, Windows Server 2008 R2, and Windows Server 2003 operating system can function as KMS servers. When you configure a computer running Windows Server 2008 R2 as a KMS server, you can activate both server and client operating systems. When you configure a computer running the Windows 7 operating system as a KMS server, it is able to activate only computers running Windows client operating systems.
A certain number of clients must contact a KMS server before the KMS activation can occur. This number is the KMS activation threshold. Clients activating on the KMS server can be running in a traditional hardware deployment or as virtual hosts. The KMS activation threshold differs between clients and servers and is as follows: ■ The KMS client threshold is 25 Windows clients. ■ The KMS server threshold is five servers.
When a new client or server contacts the KMS server, the server increments the activation count by one. Clients do not activate until the activation count reaches the threshold value. Clients contact the KMS server every two hours until the activation threshold is reached or the activation grace period expires. After the activation count on the KMS server exceeds 5, any servers that contact or have contacted the KMS server successfully activate. After the activation count on the KMS server exceeds a value of 25, clients that contact or have contacted the server successfully activate.
To configure a host to function as a KMS server, perform the following steps:
Each KMS key can be installed on up to six computers that will function as KMS servers. Each KMS server can be reactivated up to nine times with Microsoft, should it be necessary. If your organization needs more than six KMS servers, you must contact a Microsoft Licensing representative to enable additional activations for the organization’s KMS key. For example, if your organization has 12 separate sites covered by a single Volume Licensing agreement and a KMS server is to be placed at each site, you need to enable additional activations for the organization’s KMS key.
After a KMS client has been activated, it tries to reconnect with the KMS server every 7 days but must reconnect with the KMS server at least once every 180 days. If the client is unable to reconnect with the KMS server in 180 days, it enters a reduced functionality mode. Each time a KMS client successfully connects with a KMS server, the 180-day activation countdown timer is reset.
The software licensing management tool is a command-line utility that you can use to manually manage licensing. The tool uses the slmgr.vbs script. Unlike VAMT, which you must obtain and install manually, slmgr.vbs is included in a default installation of the Windows 7 operating system. The slmgr.vbs script is usually run locally from an elevated command prompt. You can also use it to manage licensing on computers configured for remote management. You can configure the slmgr.vbs command to perform the following tasks: ■ Install and remove product keys from hosts. ■ Display current host licensing information including current license expiration date. ■ Force a host to undergo the activation process. ■ Configure a client to use a KMS server and specify the address of the KMS server. ■ Extend the evaluation period by 30 days up to three times.
■ MAK keys and KMS can be used only with editions of Windows 7 that support volume licensing. Only the Windows 7 Professional and Enterprise editions support this type of licensing. ■ A KMS server requires 25 clients before it can function. A client must check in with the KMS server every 180 days. ■ You can use the VAMT to perform MAK proxy activation. ■ You add the MAK key to an operating system image using Sysprep during the configuration pass.
You can use the following questions to test your knowledge of the information in Lesson 1, “Designing and Managing a Licensing Strategy.” The questions are also available on the companion CD if you prefer to review them in electronic form.
Helpful examples (5)
Well-written (5)
Easy to understand (4)
Hi, the best way to give us book-specific feedback is via our anonymous survey: www.microsoft.com/.../booksurvey
Thanks!