Directly from Microsoft.
Microsoft has implemented a stricter validation system
for Windows 7 and Vista. A valid key will be required for
product activation and Volume License Keys will only be
valid on OEM installed OSs and can only be validated and
installed via a hardware interlock provided to the OEM manufacturer.
See "Token Based Activation in Blue Below".
The following information comes directly from Microsoft.
Software Protection Platform
With the launch of Windows Vista®, Microsoft developed a set of technologies called the Software Protection Platform (SPP). These technologies have been very successful in identifying counterfeit products in Windows Vista, and they are the foundation of Windows Activation Technologies in Windows 7, which includes both activation and validation. The SPP was developed to help fight piracy, protect customers from the risks of counterfeit software, and better enable Volume License customers to manage their software assets. The SPP brings antipiracy innovations, counterfeit detection practices, and tamper-resistance into a complete platform that provides better software protection to individuals, organizations, and the software industry.
Microsoft Product Activation
Windows activation technologies apply to Windows Vista, Windows 7, Windows Server® 2008 and Windows Server 2008 R2. In addition, the Volume Activation (VA) component of the Windows Activation Technologies has applicability to the upcoming release of Microsoft Office® 2010. For further information about how activation and validation applies to Microsoft Office, refer to the
Genuine Microsoft Software website.
Activation is the process of establishing an association between a valid product key and a computer. Computers that are purchased from reputable retailers or manufacturers often have Windows preinstalled, and the software has been pre-activated by the original equipment manufacturer (OEM). There is no additional user action required. Customers who obtain their Windows software through other means—for example, from a retail software store, Microsoft volume licensing programs , or MSDN—can activate their software through the Microsoft activation service by using the Internet or phone. In addition, Microsoft provides large organizations with the ability to host and run the activation service within their company environment (which is explained more thoroughly later in this paper).
All methods of activation that are used by Microsoft are designed to help protect user privacy. In cases where information is sent during activation, it is used to confirm that the customer has a legally licensed copy of the software, and then the information is aggregated for statistical analysis. At that point , no data can be traced to an individual customer. At no point in the process does Microsoft use this information to identify or contact customers. For more information about privacy policies, please see the Microsoft
Privacy website.
Online Validation
Validation helps confirm that a copy of a Windows operating system is activated and properly licensed. Users may be asked to validate their copy of Windows when they go to the Microsoft Download Center to download content that is reserved for users of genuine Windows software. Validation can also occur as part of an update from Windows Update. In some instances, a computer that has previously passed validation may fail a later validation process. This may happen because Microsoft constantly discovers new forms of piracy, and they then update the antipiracy components of the validation process to help disable the emerging threats.
Windows 7 Activation and Licensing
Customers can obtain licenses for Windows 7 through one of three channels: retail, original equipment manufacturer (OEM), or Volume Licensing (VL). One software license is always required for each computer that uses Windows, and the only ways to legally license a copy of Windows on a new computer are to buy the computer with a licensed (and pre-activated) copy of Windows or to buy a full, packaged Windows product. Volume Licensing is available only for
upgrading Windows on computers with an existing Windows license.
Each channel has its own unique activation methods. Because organizations can obtain Windows 7 software through multiple channels, they can use a combination of activation methods. Some editions of Windows, such as Windows 7 Enterprise Edition, are available only through the VL channel.
Original Equipment Manufacturers
Original Equipment Manufacturer (OEM) activation is a perpetual, one-time activation that associates Windows 7 with the firmware (BIOS) of a computer. This occurs before the computer ships to the customer, so the end user or organization is not required to take any additional actions. The copy of Windows 7 that the OEM installs on a computer is valid only on that particular computer, and it can be reinstalled and reactivated only from the OEM-provided recovery media.
Sometimes organizations want to create a customized Windows 7 image for their systems, rather than use the image that is provided by an OEM. This is possible , but organizations should understand the available customization options, how to ensure effective deployments, and how to maintain compliance with Microsoft licensing policies.
OEM activation is applicable only to systems that are purchased through OEM channels with Windows installed.
Volume Activation
Volume Activation (VA) is a set of technologies and tools that are designed to automate the activation process for systems that are deployed using volume media. Volume media are normally obtained through the Microsoft Volume Licensing Center (VLSC). This is an online resource that is designed to help organizations that have a Microsoft Volume Licensing agreement. They can download licensed products, manage Microsoft Volume Licensing agreements, and access product keys.
Volume Activation in Large Organizations
Microsoft policy requires the activation of all editions of Windows 7, including those obtained through a VL program. This requirement applies to Windows 7 running on physical computers or on virtual machines. Volume Activation (VA) includes the set of tools that automates the activation process on computers that are being upgraded to volume editions of Windows 7. VA automates the activation process through the volume media and Volume Activation keys. Organizations can use two methods to activate Windows 7 with Volume Activation keys: the Key Management Service (KMS) or Multiple Activation Keys (MAK).
Key Management Service
Organizations can use Key Management Service (KMS) to host and manage the VA process locally. Through KMS, organizations set up a local KMS host (or hosts) that connect once to Microsoft to activate the KMS host(s). Then the individual systems throughout the organization connect to the KMS host(s) and activate transparently.
With KMS, client computers connect to the local KMS host to activate the first time, then they reconnect periodically to keep the activation current. KMS is capable of activating an unlimited number of computers, so it can be used for a VL agreement of any size.
Multiple Activation Keys
Multiple Activation Keys (MAK) activation is primarily used for one-time activation with activation services that are hosted by Microsoft. It has a predetermined number of allowed activations, which is dependent on the number of licenses that are included in the organization’s licensing agreement with Microsoft. Customers can use MAK to activate their target computers individually through the activation services (online or by phone). Or they can activate the computers collectively by using the Volume Activation Management Tool (a proxy application for managing activation), which is integrated into the Windows Automated Installation Kit (Windows AIK). Additionally, MAK activation is simplified by using the Volume Activation Management Tool (VAMT), which enables organizations to
manage MAK-activated systems hroughout their deployments.
Improved Activation as Part of Deployment
Microsoft has improved the VA technologies to better integrate with an organization’s current IT infrastructure.
Virtual System Counting
With the Windows Vista release of KMS, organizations received the capability to activate virtual systems as if they were physical computers. With Windows 7 , KMS also counts virtual systems as if they were physical. Therefore, in environments with few physical systems but many virtual ones , KMS now tallies system types as it tracks the minimum thresholds required for KMS activation. This makes KMS a great option for organizations that rely heavily on the virtualization of their infrastructures.
Improved DNS
Since the inception of KMS, the KMS-to-client activation process has been automated and transparent (to both end users and administrators). However, customers with complex DNS installations have requested greater control over how KMS and clients interact across their DNS environments. Accordingly, Microsoft has provided the following key improvements:
- Administrators can use common Windows practices (such as Group Policy and DHCP) to ensure that client computers always find the appropriate KMS host. This is especially helpful in environments with multiple DNS zones. In such cases, KMS can be installed on a single server, even though the clients may reside throughout the various DNS zones.
- Administrators can set KMS host priorities and balance traffic to multiple KMS hosts. This overrides the default behavior of KMS clients, which is to randomly choose KMS hosts across a distributed infrastructure.
Token-based Activation
Token-based activation is a specialized activation option that is available for approved Microsoft Volume Licensing customers. It is designed for specific scenarios in which the end systems are completely disconnected from the network or phone. This option enables customers to use the public key infrastructure (PKI) and digital certificates (or “tokens,” which are typically stored on smart cards) to locally activate Windows 7 (and Windows Server 2008 R2). Customers do not have to activate the software through KMS or MAK.
Improved Manageability
The following enhancements help administrators better manage their activation service deployment and their activation keys.
Expansion of WMI Properties
With Windows 7, Microsoft has enhanced the Software Licensing Service class WMI properties and methods to allow greater flexibility and control. For example, administrators can access the number of rearms remaining and avoid a situation where they might be unaware that their rearms are low.
Modified Hardware Tolerance Values
With Windows 7, customers are less likely to trigger an out-of-tolerance condition that results in a need to reactivate the computer.
Consolidated Management Portal
Microsoft has consolidated all previous VL portals into the Volume Licensing Service Center (VLSC). This single portal comes with improvements that are designed to help organizations identify all of their keys, track them, and organize them within a single, easy-to-access location.
Transparent MAK Limit Handling
With Windows 7, the VA service regularly monitors a customer’s MAK usage. If usage nears the current MAK limit, the VA service incrementally increases the limit , reducing manual administration time.
