Activation and Resulting Internet Communication in Windows Server 2008
Applies To: Windows Server 2008
In This Section
The purposes of product activation are to reduce software piracy and to ensure that Microsoft customers are receiving genuine Microsoft software. Activation of Windows Server 2008 is required unless you purchase new computers with the operating system preinstalled by the manufacturer and bound to the computer’s basic input/output system (BIOS). A person who purchases Windows Server 2008 to install on an individual computer can carry out activation either through the Internet or by phone. If you acquire licenses through a volume license program, you can perform Volume Activation in one of two ways: the Key Management Service (KMS) or a Multiple Activation Key (MAK). For more information about volume activation, see "Activation Options with Volume Licensing," later in this section.
Product activation means that a specific product key becomes associated with the computer hardware that it is installed on. More information about product activation can be found on the Microsoft Web site at:
In an environment with many computers running Windows Server 2008, you will probably want to use one of the activation options designed for use with volume licensing. The following subsection describes these options.
|To avoid the activation process (online activation or telephone activation), you can purchase new computers with the operating system preinstalled by the manufacturer and bound to the computer’s basic input/output system (BIOS). For these computers, activation of Windows Server 2008 is not necessary.|
Organizations that have a volume license agreement have multiple options for activation:
Key Management Service (KMS): In managed environments where five or more computers running Windows Server 2008 or Windows Vista will be connected to the corporate network, you can use KMS to simplify the activation process. With KMS, you manage activations within your organization's network, rather than having each computer communicate with a Microsoft server during activation. The computers you activate through KMS must connect to your organization's network at least twice a year to stay activated.
Multiple Activation Key (MAK): In networks where users rarely or never connect to the corporate network, you can use a MAK. Each MAK belongs to a specific organization and can activate multiple computers running Windows Server 2008, up to the limit assigned to that MAK. You can activate these computers one at a time (in which case each computer connects to a Microsoft server during activation) or use MAK Proxy Activation, where a centralized activation request is sent (through a single connection to Microsoft) on behalf of multiple computers using the Volume Activation Management Tool. For more information about this tool, see the Microsoft Web site at:
For more information about volume activation, see the Microsoft Web site at:
Windows Server 2008 can be activated through the Internet or by phone. The following list describes how Windows Server 2008 communicates with Web sites when it is activated through the Internet:
Specific information sent or received: During the activation of Windows Server 2008, the following information is sent to an activation server maintained by Microsoft:
Request information, that is, protocol information necessary for successfully establishing communication with the activation server.
The product key and supporting validation data.
A group of hardware hashes (non-unique numbers generated from the computer's hardware configuration). The hardware hashes do not represent any personal information or anything about the software. They are based on the Secure Hash Algorithm 1 (SHA-1) message-digest hash algorithm, and they consist of a combination of partial SHA-1 hash values of various computer components. The hardware hashes cannot be used to determine the make or model of the computer, nor can they be backward-calculated to determine the raw computer information.
Along with the hashes, information about the algorithm used for the hashes is sent.
An XrML license that uses public key encryption.
The operating system being activated and the version number of the activation software.
- Request information, that is, protocol information necessary for successfully establishing communication with the activation server.
Default setting and ability to disable: Product activation cannot be disabled, but if you acquire licenses through a volume license program, you can perform Volume Activation, either through the Key Management Service (KMS) or a Multiple Activation Key (MAK). For more information, see "Activation Options with Volume Licensing," earlier in this section and the volume licensing pages on the Microsoft Web site at:
Note that product activation is not necessary if you purchase new computers with the operating system preinstalled by the manufacturer and bound to the computer’s basic input/output system (BIOS).
Trigger and notification: When activation is required, the operating system provides a reminder each time a user logs on and at common intervals until the end of the activation grace period stated in the Microsoft Software License Terms (60 days is the typical grace period).
Logging: Entries that track the progress of activation (for example, return codes and error codes) are logged in Event Viewer in Windows Logs\Application with a Source of Security-Licensing-SLC. You can use these events for troubleshooting if activation fails.
Encryption and storage: The data is encrypted during transmission using HTTPS, that is, Secure Sockets Layer (SSL) or Transport Layer Security (TLS) with HTTP, and is stored in Microsoft-controlled facilities. The data is accessible to a restricted number of server and program support personnel who oversee and maintain the activation servers and the product activation program.
Privacy: Customer privacy was a paramount design goal in building the product activation technology. Microsoft uses the information to confirm that you have a licensed copy of the software, and then it is aggregated for statistical analysis. Microsoft does not use the information to identify you or contact you.
Transmission protocol and port: When Windows Server 2008 is activated through the Internet and a modem is not used, the first transmission uses HTTP through port 80 and communicates with go.microsoft.com to check the HTTP response code. A response code of less than 500 indicates that a product activation server is available. (With a modem, there is only a check to see whether the modem can currently be used to make a connection to the Internet.) If the product activation server can be reached (or for a modem, if a connection to the Internet can be made), any activation data that is sent by Windows Product Activation uses HTTPS through port 443 to sls.microsoft.com.