Activation, Registration, and Resulting Internet Communication in Windows Server 2003 with Service Pack 1

  • Article

Applies To: Windows Server 2003 with SP1

This white paper provides information about the communication that flows between components in Windows Server 2003 with SP1 and sites on the Internet, and it describes steps to take to limit, control, or prevent that communication in an organization with many users.

This section of the white paper provides information about:

  • The purposes of activation and registration associated with a new installation or an upgrade

  • How a computer running Windows Server 2003 with SP1 communicates with sites on the Internet during activation and registration

  • Choosing volume licensing so that product activation need not take place (to limit the flow of information to and from Internet sites)

  • Using Group Policy to prevent a connection between a server running Windows Server 2003 with SP1 and the Microsoft Web site for online registration

Purposes of Activation and Registration Associated with a New Installation or an Upgrade

This subsection briefly describes the differences between product activation and registration, and then describes the purpose of each.

Product registration involves the provision of personally identifiable information, such as an e-mail address, to Microsoft for the purpose of receiving information about product updates and special offers. Registration is usually done on a per-product basis and is not required for Windows Server 2003. If registration is completed, all registration information is stored using a variety of security technologies. When you register, you can specify what kinds of communication you wish to receive and whether your information can be used in particular ways. For example, if you provide a mailing address during registration, you can specify whether your mailing address can be shared with other companies. Other than the uses you specify, your registration information is never loaned or sold outside Microsoft.

Product activation involves the authentication with Microsoft of nonpersonal information, including the product identifier for Microsoft Windows Server 2003 with Service Pack 1 (SP1) and a hardware hash representing the computer, for the purpose of reducing software piracy. (A hardware hash is a non-unique number generated from the computer's hardware configuration.) Activation of Windows Server 2003 is required in situations where the product is not purchased through a volume licensing program such as Microsoft Select License, Microsoft Enterprise Agreement, or Microsoft Open License. Many computer manufacturers can bypass activation on software preinstalled on a new computer by binding the software to the computer’s basic input/output system (BIOS). In this situation, no activation of that software is required. Detailed information about product activation can be found on the Microsoft Web site at:

https://go.microsoft.com/fwlink/?LinkId=29484

For more information about volume licensing, see "Choosing Volume Licensing So That Individual Product Activation Need Not Take Place," later in this section.

Activation is aimed at reducing software piracy as well as ensuring that Microsoft customers are receiving the product quality that they expect. Activation means that a specific product key becomes associated with the computer (the hardware) it is installed on. After that happens, that product key cannot be used for activation on other computers (unless you are enrolled in a special program that permits additional activations, for example, a program through the Microsoft Developer Network [MSDN]).

Overview: Activation and Registration in the Context of a Managed Environment

Product activation is an anti-piracy technology designed to verify that software products have been legitimately licensed. If you have software re-imaging rights granted under a Microsoft volume license agreement, and if you obtained Windows Server 2003 through a retail channel or preinstalled by the computer manufacturer, you can re-image it with the product that you licensed through one of the Microsoft volume licensing programs. With volume licensing, there is no need to perform product activation.

Product registration involves the provision of personally identifiable information, such as an e-mail address, to Microsoft for the purpose of receiving information about product updates and special offers. In a managed environment, you might want to prevent administrators from registering the product with Microsoft. You can use Group Policy to do this.

How a Computer Communicates with Sites on the Internet During Activation and Registration

Windows Server 2003 with SP1 can be activated through the Internet or by phone. When it is activated through the Internet, the operating system communicates with Web sites as follows:

  • Specific information sent or received: During activation of Windows Server 2003 with SP1, the following information is sent to the activation server at Microsoft:

    • Request information, that is, protocol information necessary for successfully establishing communication with the activation server.

    • Product key information in the form of the product ID, plus the product key itself.

    • A hardware hash (a non-unique number generated from the computer's hardware configuration). The hardware hash does not represent anything about the software or any personal information (such as user name or e-mail address). It is based on the MD5 message-digest hash algorithm, and consists of a combination of partial MD5 hash values of various computer components. The hardware hash cannot be used to determine the make or model of the computer, nor can it be backward-calculated to determine the raw computer information.

    • Date and time.

    • The language being used on the system (so that any error message that is sent back can be in the correct language).

    • The operating system being activated (and the version number of the activation software).

    Depending on your preference, the preceding information is either sent over the Internet to the activation system at Microsoft, or the product key information and hardware hash (combined into one number) are called in by phone.

  • Default setting and ability to disable: Product activation can only be disabled by installing the operating system with software acquired through one of the Microsoft volume licensing programs. Product activation can be bypassed by many computer manufacturers if they bind the product to the computer’s BIOS instead. In all other cases, product activation cannot be disabled.

  • Trigger and notification for activation: When activation is required, the operating system provides a reminder each time you log on and at common intervals until the end of the activation grace period stated in the End-User License Agreement (thirty days is the typical grace period). With software acquired through one of the Microsoft volume licensing programs, there is no need for activation, and therefore there are no reminders that appear about activation.

  • Trigger and notification for registration: Registration is optional for Windows Server 2003. You can register at activation time by choosing appropriate options on the Windows Product Activation interface. As an alternative, you can type regwiz /r to start the Registration Wizard for Windows Server 2003 with SP1. Before the wizard starts and in the first page of the wizard, brief explanations notify you that completing the wizard will cause the product to be registered.

  • Logging: Entries that track the progress of activation and registration (for example, return codes and error codes) are logged into a text file, systemroot\setuplog.txt. This file can be used for troubleshooting if activation (or any part of setup) fails. If you choose to register the product, two entries are made in this text file. One entry records the country or region that was chosen for the operating system. A second entry records whether you chose to have Microsoft (or the computer manufacturer) send information about product updates and special offers. No other registration data is logged.

  • Privacy, encryption, and storage for activation data: Customer privacy was a paramount design goal in building the product activation technology. No personal information, such as user name or e-mail address, is collected as part of activation. The data is encrypted (using HTTPS) during transmission and is stored on servers located in controlled facilities at Microsoft. The data is accessible to a restricted number of server and program support personnel who oversee and maintain the activation servers and the product activation program.

    To review the Microsoft online privacy statement on activation, see the Microsoft Web site at:

    https://go.microsoft.com/fwlink/?LinkId=29923

  • Privacy, encryption, and storage for registration data: When you register at activation time (through the Windows Product Activation interface), registration data is encrypted (using HTTPS) during transmission. When you register by using the Registration Wizard (which you start by typing regwiz /r), registration data is encrypted (using HTTPS) during transmission unless the wizard is unable to establish an HTTPS connection through port 443 with the Microsoft registration server. In this situation, registration data will be sent unencrypted, using HTTP through port 80.

    Registration data, which contains information that you choose to send to Microsoft, is stored on servers with restricted access that are located in controlled facilities. The data can be seen by customer service representatives and marketing personnel. To review the Microsoft online privacy statement on product registration, see the Microsoft Web site at:

    https://go.microsoft.com/fwlink/?LinkId=29508

  • Transmission protocol and port:

    • For Windows Product Activation: When the operating system is activated through the Internet and a modem is not used, the first transmission uses HTTP through port 80 and goes to wpa.one.microsoft.com/ to check the HTTP response code. A response code of less than 500 indicates that a product activation server is available. (With a modem, there is only a check to see whether the modem can currently be used to make a connection to the Internet.) If the product activation server can be reached (or for a modem, if a connection to the Internet can be made), any activation or registration data that is sent by Windows Product Activation uses HTTPS through port 443.

    • For the Registration Wizard: When you register by using the Registration Wizard (which you start by typing regwiz /r), HTTPS is used through port 443 unless the wizard is unable to establish an HTTPS connection through port 443 with the Microsoft registration server. In this situation, HTTP is used through port 80.

Activation Improvements in Windows Server 2003 Compared to Windows XP

After the original release of Windows XP, Microsoft introduced improvements to activation that are aimed at ensuring that customers receive the full benefits of purchasing valid licenses. Windows Server 2003 and Windows Server 2003 SP1 contain these improvements, as do Windows XP SP1 and Windows XP SP2. Some of the changes include:

  • The addition of a three-day grace period, where re-activation is required because of a significant hardware change. (When Windows XP was originally released, there was no grace period for reactivation after a significant hardware change.)

  • The ability for volume license customers to encrypt their volume license product keys in unattended installations.

For more information about the changes to activation that were made after the original release of Windows XP, see the Microsoft Web site at:

Choosing Volume Licensing So That Individual Product Activation Need Not Take Place

If you use the rights granted under a volume licensing agreement to purchase or re-image software, you cannot and need not perform activation on the individual computers that are installed under the volume license. Qualifying as a volume licensing customer is not difficult. Customers can qualify for a Microsoft volume license by purchasing as few as five licenses. For more information, see the Microsoft Web site at:

https://go.microsoft.com/fwlink/?LinkId=29878

Procedure for Preventing Online Product Registration with Microsoft

Use the following procedure to configure Group Policy to prevent online registration with Microsoft.

  1. See Appendix B: Resources for Learning About Group Policy for information about using Group Policy. Ensure that your Administrative templates have been updated, and then edit an appropriate GPO.

  2. Click Computer Configuration, click Administrative Templates, click System, click Internet Communication Management, and then click Internet Communication settings.

  3. In the details pane, double-click Turn off Registration if URL connection is referring to Microsoft.com, and then click Enabled.

Important

You can also restrict Internet access for this and a number of other components by applying the Restrict Internet communication policy setting, which is located in Computer Configuration/Administrative Templates/System/Internet Communication Management. For more information about this Group Policy and the policies that it controls, see Appendix C: Group Policy Settings Listed Under the Internet Communication Management Key.