Windows Activation Technologies in Windows 7
Protecting Customers from the Risks of Counterfeit Software
On This Page
The Risks of Counterfeit Software
Microsoft Genuine Software Initiative
Benefits of Genuine Microsoft Software
Activation Improvements in Windows 7
What Microsoft Is Doing to Help Customers Get Genuine
Software piracy is one of the most significant problems facing the software industry globally. It not only has an impact on the global economy but it affects legitimate businesses that have to compete with those selling counterfeit software. With Windows® 7, Microsoft® has enhanced its Software Protection Platform by expanding on its Windows Activation Technologies. These enhanced technologies bring anti-piracy innovations, counterfeit detection practices, and tamper resistance into a complete platform that provides improved software protection. The need for these technologies continues to grow as the risks of counterfeit software become increasingly damaging to individuals, organizations, and the software industry at large.
This document outlines the activation and validation experience in Windows 7 and provides more information for customers interested in learning about activation , validation, and genuine Windows.
The Risks of Counterfeit Software
The risks and costs of obtaining and using pirated, or counterfeit, software are real, to individual customers and to organizations. Too frequently , counterfeit software is bundled with malicious and unwanted software that can lead to corrupted systems, lost data, and even identity theft. For example , an IDC report that was sponsored by Microsoft® in 2006 found that 25% of websites offering counterfeit software also attempted to install spyware, Trojans, and other malware that can compromise computer systems and environments.1
In organizations, counterfeit software can increase IT costs substantially. A Yankee Group study (sponsored by Microsoft) revealed that “when problems arise with counterfeit software, IT administrators typically require 20% to 30% more time and labor to identify and resolve the problems—at a monetary premium to the business.”2 And a 2008 Harrison Group study (sponsored by Microsoft) concluded that “companies less committed to using genuine software are significantly more likely to have system failures that lead to lost critical data and employee downtime.”3
These security issues are compounded by the fact that only customers with genuine Microsoft software have access to updates and support from Microsoft and its partners.
Additionally, lost and compromised product keys, as well as non-compliant licensing, can result in increased costs from system reactivation, employee work interruptions, damaged reputations, or even costly financial penalties.
Microsoft Genuine Software Initiative
In an effort to ensure that customers avoid the risks of using counterfeit and noncompliant software and experience all of the benefits of using genuine software , Microsoft launched the Microsoft Genuine Software Initiative (GSI). The GSI divides its increasing investments across three strategic areas: education , engineering, and enforcement.
Figure 1: Three Pillars of Microsoft GSI
Microsoft is constantly working to raise the awareness of individual customers, organizations, resellers, and other partners regarding the importance of intellectual property rights for the ecosystem as well as the software industry, the value of using genuine software, and risks of using counterfeit software. This way , they can better protect themselves and help ensure that their software licensing is in order. For example, the Microsoft How to Tell website provides detailed information about, and actual examples of, counterfeit software to help customers identify it.
In addition to providing its own educational resources, Microsoft actively supports industry software and intellectual property associations worldwide, such as the Business Software Alliance (BSA), the Business Action to Stop Counterfeiting and Piracy (BASCAP), and the Alliance for Gray Market and Counterfeit Abatement (AGMA).
Microsoft invests heavily in technologies and product features to make piracy more difficult and to help customers and partners determine whether software packaging and media are genuine. Such investments include improving packaging, making the Software Protection Platform an integral component of Windows , and providing periodic updates to customers that help them identify and differentiate genuine software.
Genuine Microsoft software comes in a large variety of packaging types, often depending on the way the customer acquires the software. For example, they may purchase a computer with the software already loaded on it, purchase the software from a retail location, or for large organizations, purchase the software through one of the Microsoft Volume Licensing programs (on volume media). In some cases, the packaging includes an attractive box with documentation and CDs or DVDs inside. In others, the packaging contains only a printed license with CDs or DVDs inside a sealed envelope.
Although there are many ways to identify genuine Microsoft software packaging, two of the best are a Certificate of Authenticity (COA) and a sophisticated holographic design on the CD or DVD media. A COA is a label that is on the retail product package or included in the materials that come with a computer purchase (for preloaded software). A COA helps customers visually identify whether or not the software they purchased is genuine.
Figure 2: Retail Package COA
A COA is not itself a license—but without it, a customer does not have a legal license to run that copy of the Microsoft software. A COA should never be purchased without the software that it authenticates. Genuine Microsoft software CDs or DVDs (including volume media DVDs) come on holographic discs with multiple defining characteristics that are intentionally hard to duplicate. For example, a genuine hologram image changes as the disc is tilted.
For in-depth information and examples (with visuals) about how to identify genuine Microsoft holographic discs and COAs, visit the How to Tell website.
Software Protection Platform
With the launch of Windows Vista®, Microsoft developed a set of technologies called the Software Protection Platform (SPP). These technologies have been very successful in identifying counterfeit products in Windows Vista, and they are the foundation of Windows Activation Technologies in Windows 7, which includes both activation and validation. The SPP was developed to help fight piracy, protect customers from the risks of counterfeit software, and better enable Volume License customers to manage their software assets. The SPP brings antipiracy innovations, counterfeit detection practices, and tamper-resistance into a complete platform that provides better software protection to individuals, organizations, and the software industry.
Microsoft Product Activation
Windows activation technologies apply to Windows Vista, Windows 7, Windows Server® 2008 and Windows Server 2008 R2. In addition, the Volume Activation (VA) component of the Windows Activation Technologies has applicability to the upcoming release of Microsoft Office® 2010. For further information about how activation and validation applies to Microsoft Office, refer to the Genuine Microsoft Software website.
Activation is the process of establishing an association between a valid product key and a computer. Computers that are purchased from reputable retailers or manufacturers often have Windows preinstalled, and the software has been pre-activated by the original equipment manufacturer (OEM). There is no additional user action required. Customers who obtain their Windows software through other means—for example, from a retail software store, Microsoft volume licensing programs , or MSDN—can activate their software through the Microsoft activation service by using the Internet or phone. In addition, Microsoft provides large organizations with the ability to host and run the activation service within their company environment (which is explained more thoroughly later in this paper).
All methods of activation that are used by Microsoft are designed to help protect user privacy. In cases where information is sent during activation, it is used to confirm that the customer has a legally licensed copy of the software, and then the information is aggregated for statistical analysis. At that point , no data can be traced to an individual customer. At no point in the process does Microsoft use this information to identify or contact customers. For more information about privacy policies, please see the Microsoft Privacy website.
For more details on Microsoft Product Activation, see Protect Yourself from Piracy.
Validation helps confirm that a copy of a Windows operating system is activated and properly licensed. Users may be asked to validate their copy of Windows when they go to the Microsoft Download Center to download content that is reserved for users of genuine Windows software. Validation can also occur as part of an update from Windows Update. In some instances, a computer that has previously passed validation may fail a later validation process. This may happen because Microsoft constantly discovers new forms of piracy, and they then update the antipiracy components of the validation process to help disable the emerging threats.
Microsoft actively supports government officials, organizations, and law enforcement agencies in taking action against software counterfeiters. Microsoft receives thousands of reports each year from customers who are victims of counterfeit software. These reports are generated primarily through the Windows Activation Technologies and the Microsoft Protect Yourself from Piracy websites, as well as by e-mail at email@example.com. For those customers who are able to provide sufficient information indicating that they have been victimized by piracy, Microsoft provides a free replacement product. Such customer-provided information helps Microsoft improve piracy protection in its products and enables Microsoft and law enforcement agencies to successfully litigate against the offending software pirates.
Benefits of Genuine Microsoft Software
In direct contrast to the risks of using counterfeit software, the benefits of using genuine Microsoft software provide real value to both individual customers and organizations. Genuine Microsoft software is published by Microsoft, comes from a trusted source, and is supported by Microsoft or a trusted partner.
With genuine Microsoft software, customers are better protected, receive support when needed, and have exclusive access to updates and downloads that provide additional value and help them get the most from their software investment. With genuine software, customers receive the complete Microsoft software experience: the product works the way it should, and it includes full documentation to help customers get the most from their computers.
In addition, genuine Microsoft software is equipped with piracy prevention features that help customers visually identify that the media and packaging are genuine.
For organizations that exercise Volume Licensing or use Volume License media, genuine Microsoft software provides them with the assurance that the software is reliable and is more easily managed with Volume Activation tools that assist in deployment and help with license compliance.
Windows 7 Activation and Licensing
Customers can obtain licenses for Windows 7 through one of three channels: retail, original equipment manufacturer (OEM), or Volume Licensing (VL). One software license is always required for each computer that uses Windows, and the only ways to legally license a copy of Windows on a new computer are to buy the computer with a licensed (and pre-activated) copy of Windows or to buy a full, packaged Windows product. Volume Licensing is available only for upgrading Windows on computers with an existing Windows license.
Each channel has its own unique activation methods. Because organizations can obtain Windows 7 software through multiple channels, they can use a combination of activation methods. Some editions of Windows, such as Windows 7 Enterprise Edition, are available only through the VL channel.
Windows 7 products that are acquired online or in a store from reputable resellers and retailers (or from Microsoft directly) are individually licensed. Each purchased copy comes with one unique product key, found on the COA on the product packaging. Users can complete the activation by entering the product key during the setup and installation process or by using the “Activate windows” option from the Control Panel within 30 days of installation.
Original Equipment Manufacturers
Original Equipment Manufacturer (OEM) activation is a perpetual, one-time activation that associates Windows 7 with the firmware (BIOS) of a computer. This occurs before the computer ships to the customer, so the end user or organization is not required to take any additional actions. The copy of Windows 7 that the OEM installs on a computer is valid only on that particular computer, and it can be reinstalled and reactivated only from the OEM-provided recovery media.
Sometimes organizations want to create a customized Windows 7 image for their systems, rather than use the image that is provided by an OEM. This is possible , but organizations should understand the available customization options, how to ensure effective deployments, and how to maintain compliance with Microsoft licensing policies. For more information see the Customizing Windows 7white paper.
OEM activation is applicable only to systems that are purchased through OEM channels with Windows installed.
Volume Activation (VA) is a set of technologies and tools that are designed to automate the activation process for systems that are deployed using volume media. Volume media are normally obtained through the Microsoft Volume Licensing Service Center (VLSC). This is an online resource that is designed to help organizations that have a Microsoft Volume Licensing agreement. They can download licensed products, manage Microsoft Volume Licensing agreements, and access product keys.
Volume Activation in Large Organizations
Microsoft policy requires the activation of all editions of Windows 7, including those obtained through a VL program. This requirement applies to Windows 7 running on physical computers or on virtual machines. Volume Activation (VA) includes the set of tools that automates the activation process on computers that are being upgraded to volume editions of Windows 7. VA automates the activation process through the volume media and Volume Activation keys. Organizations can use two methods to activate Windows 7 with Volume Activation keys: the Key Management Service (KMS) or Multiple Activation Keys (MAK).
Key Management Service
Organizations can use Key Management Service (KMS) to host and manage the VA process locally. Through KMS, organizations set up a local KMS host (or hosts) that connect once to Microsoft to activate the KMS host(s). Then the individual systems throughout the organization connect to the KMS host(s) and activate transparently.
With KMS, client computers connect to the local KMS host to activate the first time, then they reconnect periodically to keep the activation current. KMS is capable of activating an unlimited number of computers, so it can be used for a VL agreement of any size.
Multiple Activation Keys
Multiple Activation Keys (MAK) activation is primarily used for one-time activation with activation services that are hosted by Microsoft. It has a predetermined number of allowed activations, which is dependent on the number of licenses that are included in the organization’s licensing agreement with Microsoft. Customers can use MAK to activate their target computers individually through the activation services (online or by phone). Or they can activate the computers collectively by using the Volume Activation Management Tool (a proxy application for managing activation), which is integrated into the Windows Automated Installation Kit (Windows AIK). Additionally, MAK activation is simplified by using the Volume Activation Management Tool (VAMT), which enables organizations to manage MAK-activated systems hroughout their deployments.
Figure 3: Activation Notification Calendar
The Notification Experience
Most customers want to ensure they are being compliant with their license terms. They don’t want to risk their reputation or incur financial penalties by using counterfeit software. To help customers, Windows 7 provides a grace period (usually 30 days) for customers to activate their copies of Windows. Additionally , Windows 7 provides notifications before and after the grace period expires. Within the 30-day grace period, Windows 7 displays a logon activation notification and balloon notifications open above the system tray according to the schedule shown in Figure 3.
Per this notification schedule, on the fourth day after a customer logs on to Windows 7, a screen similar to that illustrated in Figure 4 appears immediately after the customer provides valid credentials.
Figure 4: Grace Period Log-on Notification
If the end user selects the “Ask me later” option, the message in Figure 5 appears providing information on the benefits of using genuine Microsoft software.
Figure 5: Benefits of using Genuine Microsoft Software
Additionally, the balloon notification illustrated in Figure 6 appears above the system tray during the grace period, increasing in frequency in harmony with the schedule shown in Figure 3. Clicking this balloon notification displays an easy-to-use activation dialog.
Figure 6: Grace Period Balloon Notification
If activation does not occur within the provided grace period or the system fails validation, a new set of notifications occur. For example, a persistent desktop notification is shown on top of a black desktop background as illustrated in Figure 7.
Figure 7: Post Grace Period Desktop Notification
While some of activation notifications may briefly interrupt the end user’s workflow, none inhibit the actual functionality of Windows 7.
Activation Improvements in Windows 7
Enhanced User Experience
With improvements in the VA user experience, organizations can customize the interface more precisely, avoid potential problems more effectively, and resolve activation issues faster.
Organizations can change a variety of interface elements to provide a targeted experience for their internal users. For example, if an activation-related issue arises that is specific to an organization’s deployment, administrators can customize the URL under the “Learn about activation online” option in the “Activate Windows now” dialog illustrated in Figure 8.
Figure 8: Administrator-customizable URL Link
Doing so can guide end users to internal information to help them quickly resolve their problem and avoid Help desk costs.
Microsoft has also clarified and improved end-user and administrator error messages throughout the VA experience to include more troubleshooting information. As illustrated in the previous figures, Microsoft has provided more action-based information and options in notification dialogs that lead end users to faster issue resolution.
Improved Activation as Part of Deployment
Microsoft has improved the VA technologies to better integrate with an organization’s current IT infrastructure.
Virtual System Counting
With the Windows Vista release of KMS, organizations received the capability to activate virtual systems as if they were physical computers. With Windows 7 , KMS also counts virtual systems as if they were physical. Therefore, in environments with few physical systems but many virtual ones , KMS now tallies system types as it tracks the minimum thresholds required for KMS activation. This makes KMS a great option for organizations that rely heavily on the virtualization of their infrastructures.
Since the inception of KMS, the KMS-to-client activation process has been automated and transparent (to both end users and administrators). However, customers with complex DNS installations have requested greater control over how KMS and clients interact across their DNS environments. Accordingly, Microsoft has provided the following key improvements:
- Administrators can use common Windows practices (such as Group Policy and DHCP) to ensure that client computers always find the appropriate KMS host. This is especially helpful in environments with multiple DNS zones. In such cases, KMS can be installed on a single server, even though the clients may reside throughout the various DNS zones.
- Administrators can set KMS host priorities and balance traffic to multiple KMS hosts. This overrides the default behavior of KMS clients, which is to randomly choose KMS hosts across a distributed infrastructure.
Token-based activation is a specialized activation option that is available for approved Microsoft Volume Licensing customers. It is designed for specific scenarios in which the end systems are completely disconnected from the network or phone. This option enables customers to use the public key infrastructure (PKI) and digital certificates (or “tokens,” which are typically stored on smart cards) to locally activate Windows 7 (and Windows Server 2008 R2). Customers do not have to activate the software through KMS or MAK.
The following enhancements help administrators better manage their activation service deployment and their activation keys.
Expansion of WMI Properties
With Windows 7, Microsoft has enhanced the Software Licensing Service class WMI properties and methods to allow greater flexibility and control. For example, administrators can access the number of rearms remaining and avoid a situation where they might be unaware that their rearms are low.
Modified Hardware Tolerance Values
With Windows 7, customers are less likely to trigger an out-of-tolerance condition that results in a need to reactivate the computer.
Consolidated Management Portal
Microsoft has consolidated all previous VL portals into the Volume Licensing Service Center (VLSC). This single portal comes with improvements that are designed to help organizations identify all of their keys, track them, and organize them within a single, easy-to-access location.
Transparent MAK Limit Handling
With Windows 7, the VA service regularly monitors a customer’s MAK usage. If usage nears the current MAK limit, the VA service incrementally increases the limit , reducing manual administration time.
In addition to the feature enhancements described above, the VA services and tools in Windows 7 perform better and require fewer system resources. This is the result of:
- Performance improvements to the core service (such as fewer disk I/Os), which make it run more efficiently and only when needed.
- A reduced memory footprint.
What Microsoft Is Doing to Help Customers Get Genuine
Many people, and even organizations, unknowingly acquire counterfeit software. And for large organizations with Volume Licensing agreements , unintended mislicensing can happen, as well as unintentional mistakes in managing Volume Activation keys, resulting in lost and stolen keys.
In all of these cases, Microsoft is working to provide the education, services, and tools to help customers return to genuine status. In addition to the various solutions provided earlier in this document, following are some specific actions that customers can take in response to counterfeit software concerns and compliance issues.
If You Suspect You Have Counterfeit Software
If you believe you have obtained or installed counterfeit software, we invite you to take action in the following ways:
Microsoft also offers several options to obtain a legal copy of Windows, including a complimentary offer for victims who were deceived into buying high-quality counterfeit copies.
If You Encounter Mislicensing Issues
Organizations might encounter the following licensing noncompliance issues:
- Computers without a qualifying operating system (the VL is being used on computers without a qualifying operating system)
- Nonqualifying operating system licenses (for example, attempting to upgrade from Home Edition to Professional Edition)
- Inadequate operating system licenses (for example, the number of deployed systems exceeds the number of licenses acquired
- Licenses in need of reimaging rights.
In these cases, customers can purchase a Get Genuine Windows Agreement through Microsoft or its authorized partners.
The risks and damaging effects of piracy and the use of counterfeit software are real. They expose customers to security threats like exposure to malicious software , the inability to acquire the updates and support they need, and incomplete access to the entire Microsoft software experience. Software piracy has become so sophisticated that even individuals and organizations with the best intensions can be misled into using it. For these reasons, Microsoft continues to increasingly invest in its Genuine Software Initiative, providing the education, engineering tools, and enforcement policies to help individual customers and organizations identify counterfeit software and activate and validate genuine Microsoft software.
Windows Activation Technologies in Windows 7 offers critical improvements. It includes a refined end-user experience with a clear and simplified interface that is configurable by system administrators and provides the ability for enterprise customers to manage activation more effectively as part of deployment. There is improved support for virtual systems and DNS integration, which facilitates improved manageability and reporting.
Learn more about the following topics:
- Protect Yourself from Piracy – Are You Protected?
- Protect Yourself from Piracy – Legalization
- Identifying Counterfeit Software
- Microsoft TechNet Windows Volume Activation
- Microsoft Volume Licensing
- Windows 7 general information
1 The Risks of Obtaining and Using Pirated Software, a report by IDC, John F. Gantz, Christian A. Chritiansen, Al Gillen, October 2006.
2 Genuine Software Is a Win-Win for Customers, Microsoft and Partners, by Laura DiDio, Yankee Group Research, January 2007.
3 Impact of Unlicensed Software on Mid-Market Companies, a report by Harrison Group, 2008.