1/25/2020 TestOut LabSim

2.2.6 Windows Activation

Windows Activation
In this lesson, we're going to spend some time talking about the process required to activate a Windows system after it has been initially installed.

Product Activation
Product activation confirms that a given copy of Windows has been properly licensed.

If you activate over the Internet, your copy of Windows checks in with Microsoft and reports the product key that you entered. The product key
you've configured is sent through the Internet to Microsoft, and then Microsoft will check and make sure that that key is appropriate for the
version of Windows that you are trying to activate and that nobody has used that key before.

If your product key is valid, then your system is validated, and you can go ahead and use it. On the other hand, if your product key fails the test,
your system will be branded as non-genuine, and it will do various annoying things to remind you of this fact, such as displaying a message on your
desktop or in your notification area, and it may even throw up a pop-up window from time to time to remind you of the fact that your copy of
Windows is not genuine.

You might be asking, what would cause my product key to become invalid? There are actually a couple of different issues that could cause this. For
example, you may have a retail version of Windows, and its key has already been used to activate a different Windows system. Or you may have
successfully activated your copy of Windows, and then later pulled your hard drive out of the original system and moved it to a different system
with totally different hardware. If your product key was a retail key, then Windows will try to reactivate and fail because Microsoft will think that
you're trying to install an additional copy of Windows on a different system. Or maybe you successfully activated your copy of Windows, and then
later on, you do a complete and total upgrade to the system using completely new hardware. Once again, if your product key was a retail key, then
Windows will try to reactivate and fail because Microsoft, once again, is going to think that you're trying to install an additional copy of Windows on
a different system. This can also happen if you're using a volume license key from Microsoft and you've installed one too many systems using that
same key.

With that in mind, let's review the steps that have to occur in order for a copy of Windows on your local system to successfully activate. First of all,
during the initial installation of Windows, the operating system creates a unique product ID using the product key. Also during installation,
Windows will create a unique hardware ID. The hardware ID is a unique number that is tightly tied to your system's hardware.

Understand that every single component within this system has a unique identification number assigned to it. Basically, what happens is Windows
will run a mathematical formula on each serial number of each component to create a one-way hash associated with that individual component.
For example, this happens with your CPU, with your network board, with your hard drive, and so on. Then, between four and 10 bits are used from
each piece of hardware's hash, depending upon the part, to create this 8-bit hardware ID number to make it unique to just your system.

Then Windows will contact Microsoft's servers through the Internet and send a handshake request message. This handshake request message
contains the product ID, the hardware ID, the version number of the activation software running on the local system here, and also a request ID
that is tied to your specific system. At this point, over here at Microsoft, they tie your product ID with your unique hardware ID. This prevents the
same product key from being reused to activate Windows on a different system. If the activation process was successful, then a confirmation is
sent back through the Internet to your local system in the form of a digital certificate signed by Microsoft, at which point your system is
successfully activated.

Here's what you've got to remember: be aware that the process of creating this hardware ID and then verifying it does not happen just once at
activation time. It actually happens every single time you boot the system. That hardware ID is recalculated and then compared against the
hardware ID Microsoft has on file for your system. This ensures that your copy of Windows is still running on the same system where it was
originally installed and activated. If the hardware ID hasn't changed substantially, then your system remains activated.

Impact of Hardware Changes

But if the hardware ID has changed substantially, then your system will become unactivated, and you have to reactivate it in order to keep using
the software.

Note the use of the term substantially. Understand that even the slightest change in your system hardware will cause its hardware ID to change.
For example, suppose you were to remove your old DVD drive in your system and replace it with a newer Blu-ray drive. Well, this is going to change
the hardware ID. In fact, simply adding more RAM to your system will cause the hardware ID to change. Back in the early days of XP, activation was
a royal pain to manage because even very small system changes, such as adding more RAM to the system, would cause your systems to become
unactivated, and it was a nightmare. Due to the ensuing complains, Microsoft kind of loosened things up a bit in later versions of Windows such
that the hardware in the system must change significantly before the system will become unactivated.

That said, you still need to be aware that not all the hardware in the system is weighted the same when calculating the hardware ID. Therefore,
changing certain components in the system could substantially change your hardware ID number. For example, the network card is weighted
much heavier than the other components in the system. As long as the network card remains the same in the system, then you would have to
change six or more other hardware components before reactivation would be required.

This means that as long as the NIC stays the same, you can swap out the CPU, add RAM, change the video board, and replace the DVD drive with a
Blu-ray drive, and the system won't require reactivation. But, if you do change the NIC, things get dicey. If you install a new NIC in the system, then

https://cdn.testout.com/client-v5-1-10-609/startlabsim.html 1/3
1/25/2020 TestOut LabSim
you can only change up to two other hardware devices in the system. If you change a third device, then you'll be required to reactivate.

In addition, be aware that if you don't change any of the original hardware components that were there when the hardware ID was originally
calculated, then you can actually add--not replace, but add--all of the new components you want, and you won't be required to reactivate, provided
those original components are still there in the system. For example, you can add a new hard disk to the system, and it won't affect activation.

That said, here is a key got-ya that you've got to watch out for. Most motherboards include several integrated components. You have an integrated
network adapter. You have an integrated SATA adapter. And, usually, you have an integrated video adapter. Even if you don't use these integrated
components, they're still used, initially after installation, to calculate your system's hardware ID.

Let's suppose you decide to just swap out your motherboard for a newer one with a newer, faster CPU, for example. Well, when you did that, you
just changed four components. You changed out the network board, you changed out the video board, you changed out your SATA interface, and
you changed out the CPU. Notice in this scenario that the network board changed when we swapped out the motherboard. Even if you weren't
using it, even if you had it disabled and you had a different network board installed in an expansion slot, it is still considered a change. Because the
NIC changed, the hardware ID changes substantially because we changed three other components, right? The video board, we changed the SATA
interface, and we changed the CPU when we upgraded the motherboard. Because of this, the hardware ID changes substantially beyond what
Microsoft allows, and you're going to have to reactivate your copy of Windows.

With this in mind, we need to discuss alternative ways to activate Windows. The direct activation method that we've been talking about thus far in
this lesson works fine for home or small business Window systems, but in a very large network, managing activation in this manner would be very
cumbersome. You would have to manage activation on a system-by-system basis, and I don't know about you, but I can think of a lot of other
things I would rather do.

Large Windows networks commonly move the activation mechanism from Microsoft down to a server on the local network. Understand that
Windows systems on a large network usually do not use a retail license. Instead, they're commonly installed under a volume license agreement
using a generic volume license key (GVLK). Essentially, this allows you to use the same key to license multiple systems over, and over, and over,
until you reach the maximum allowed by your license agreement.

Using GVLK also allows you to take advantage of volume activation to automate the activation process and make it easier to deploy a large number
of Windows systems.

Key Management Service

Volume activation can be implemented in two different ways. One is shown here. You can configure activation using the Key Management Service
(KMS). This option allows you to activate Windows systems using the KMS service running on a server in your network. This option is commonly
used in scenarios where the Windows workstations that need to be activated are not members of a domain.

Be aware, also, that KMS activations are valid for up to 180 days, so to remain activated, each system must renew its activation by connecting to a
KMS server at least once every 180 days. By default, the client systems in this type of activation system, the Windows systems over here, will
actually attempt to renew their activation every seven days, just to be safe. But if they're not connected to the network for some reason and can't
contact this KMS server over here, they can stay activated up to 180 days without contacting that KMS server. After that, they will become
unactivated, and you're going to have to reconnect them to the network to get them reactivated.

These client Windows systems locate your KMS server using its DNS host name, so you need to make sure that you have the appropriate resource
records configured in your DNS server. So, when the workstation needs to reactivate, it will send a request to the DNS server to resolve the host
name of the KMS server. The DNS server will respond with the appropriate IP address. The workstation will then contact the KMS server directly
and, hopefully, be able to reactivate.

In order to configure this type of activation system, several steps are required. First of all, you need to find a Windows server in your network. That
server is going to become your KMS server, and you need to install the volume activation services role on that server. Once done, you'll use the
volume activation tools that are provided by the volume activation services role to configure the Key Management Service on this server.

Then you'll install the KMS key, the GVLK that you got from Microsoft, and it will go through the Internet to basically activate that key. It'll tell
Microsoft, "Hey, I am a KMS server. I've got this many licenses. I'm going to take care of activations here, locally." Now the server is going to listen
for activation requests from the Windows workstations in your network, and when activation is required, Windows will issue the DNS query, like we
talked about before, to locate the KMS server. It will contact the KMS server, and if the key over here on the server matches the GVLK configured
on the workstation, it will be activated.

Active Directory Activation

In addition to using a KMS activation system, you can also use Microsoft Active Directory for activation. Active Directory activation is used in
scenarios where Windows systems that need to activate are members of the same domain. This option allows Windows systems that are
connected to the domain to activate automatically during system startup, and that Windows system will then stay activated as long as it remains a
member of the domain and maintains periodic contact with the domain controller.

When the licensing service starts over here on the Windows workstation, it'll contact the domain controller, and it will receive from the domain
controller an activation object. That activation object activates the copy of Windows on the local system.

In order to set up this type of activation system, you need, once again, to install the Volume Activation Service role on the domain controller in your
network. Again, this is a Windows server system, and you need to configure it with the GVLK that you want to use for your organization. Then, of

https://cdn.testout.com/client-v5-1-10-609/startlabsim.html 2/3
1/25/2020 TestOut LabSim
course, the domain controller will go through the Internet to Microsoft to basically activate the GVLK, saying, "Hey, I'm a domain controller. I'm
going to be handling activation locally here for these systems on my network." If Microsoft says, "That sounds good. That's a valid key. You're
allowed to use it," then this domain controller will create the activation object we talked about earlier. Then every Windows system that's a
member of the domain will be automatically activated the next time they boot up and connect to the domain by receiving that activation object
from the domain controller.

Just as with the KMS activation system we looked at a minute ago, clients activated in this manner will stay activated for up to 180 days, and they
will attempt to reactivate every seven days by default, as with KMS activation. If a reactivation event occurs, the Windows system will request a new
activation object from the domain controller. When that activation object is received, Windows will compare it to the GVLK that it has been
configured to use, and if the activation object and the local GVLK match, the activation is successful.

But here's the thing you've got to be aware of--that is the fact that if for some reason you remove this Windows workstation from the domain for
any reason, it will automatically become unactivated.

Summary
That's it for this lesson. In this lesson, we reviewed how Windows activation works. First we discussed the purpose behind activation. Then we
reviewed how the activation process works. We ended this lesson by reviewing several alternative activation methods that you can use in larger
networks.

TestOut Corporation All rights reserved.

https://cdn.testout.com/client-v5-1-10-609/startlabsim.html 3/3