Activation and Resulting Internet Communication in Windows 7 and Windows Server 2008 R2

  • Article

Applies To: Windows 7, Windows Server 2008 R2

In this section

Purposes of activation for Windows Server 2008 R2 and Windows 7

Overview: Activation in the context of a managed environment

How a computer communicates with sites on the Internet during activation

This section discusses the purposes of product activation in Windows® 7 and Windows Server® 2008 R2 and how activation-related features communicate across the Internet, and it explains steps to take to limit, control, or prevent that communication in an organization with many users.

Purposes of activation for Windows Server 2008 R2 and Windows 7

Product activation reduces software piracy and ensures that Microsoft® customers are receiving genuine Microsoft software. Genuine Windows provides assurance that the software is reliable and helps protect against the security threats and increased cost of ownership that can be introduced by counterfeit software. Windows Activation Technologies help customers ensure that they are using genuine Windows while helping to avoid the risks associated with the use of unlicensed software. Using Genuine Windows helps ensure that software is reliable as follows:

  • Ensures that the software is supported by Microsoft and its partners.

  • Assists with license compliance.

  • Enhances protection from the risks associated with counterfeit software, such as spyware, malware, and viruses.

  • Protects against the potential financial penalties and risks to a company’s reputation due to using non-licensed software.

Activation of Windows operating systems is required unless you purchase new computers with the operating system preinstalled by the manufacturer and bound to the computer’s basic input/output system (BIOS). A person who purchases a Windows operating system to install on an individual computer can complete activation and verify that their software is genuine through the Internet or by phone.

If you acquire licenses through a volume license program, you can perform volume activation and verify that the software is genuine in one of two ways: the Key Management Service (KMS) or a Multiple Activation Key (MAK). For more information about volume activation, see Activation options with volume licensing later in this section.

Note

Product activation means that a specific product key becomes associated with the computer hardware that it is installed on. Making significant changes to computer hardware or other significant configuration changes may require that the activation process be completed again.

For more information about product activation, see Product Activation for Windows Vista and Windows Server 2008.

Overview: Activation in the context of a managed environment

In an environment with many computers running Windows 7 and Windows Server 2008 R2, you will probably want to use an activation option that is designed for use with volume licensing. The following subsection describes these options.

Note

To avoid the activation process (online activation or telephone activation), you can purchase new computers with the operating system preinstalled by the manufacturer and bound to the computer’s basic input/output system (BIOS). For these computers, activation is not necessary.

Activation options with volume licensing

Organizations that have a volume license agreement have multiple options for activation:

  • Key Management Service: In managed environments where five or more computers running Windows 7 or Windows Server 2008 R2 will be connected to the corporate network, you can use Key Management Service (KMS) to simplify the activation process. With KMS, you manage activations within your organization's network, rather than having each computer communicate with a Microsoft server during activation. The computers that you activate through KMS must connect to your organization's network at least twice a year to stay activated.

  • Multiple Activation Key: In networks where users rarely or never connect to the corporate network, you can use a Multiple Activation Key (MAK). Each MAK belongs to a specific organization, and it can activate multiple computers running Windows 7 or Windows Server 2008 R2, up to the limit assigned to that MAK. You can activate these computers one at a time (in which case each computer connects to a Microsoft server during activation) or use MAK Proxy Activation, where a centralized activation request is sent (through a single connection to Microsoft) on behalf of multiple computers by using the Volume Activation Management Tool.

For more information about the Volume Activation Management Tool, see Volume Activation Management Tool (VAMT) 1.1 (x86).

For more information about volume activation, see Volume Activation 2.0 for Windows Vista and Windows Server 2008.

How a computer communicates with sites on the Internet during activation

You can activate Windows Server 2008 R2 and Windows 7 through the Internet or by phone. The following list describes how Windows Server 2008 R2 and Windows 7 communicate with Web sites when they are activated through the Internet:

  • Specific information sent or received: During the activation process, the following information is sent to an activation server that is maintained by Microsoft:

    • Computer make and model

    • Version information for the operating system and software using Genuine Advantage

    • Region and language settings

    • A unique number assigned to your computer by the tools (globally unique identifier or GUID)

    • Product key (hashed) and product ID

    • BIOS name, revision number, and revision date

    • Hard drive volume serial number (hashed)

Important

The tools do not collect your name, address, e-mail address, or any other information that Microsoft can use to identify you or contact you. 

In addition to the configuration information above, status information (such as the following) is also transferred:  
  
  - Whether the installation was successful, if one was performed  
      
  - The result of the validation check, including information about any activation exploits and any related malicious or unauthorized software that is found, disabled, or removed  
      
  - The name and a hash of the contents of the computer's start-up instructions file (commonly called the boot file) to help Microsoft discover activation exploits that modified this file

Note

If your system is identified as non-genuine, additional information may be sent to Microsoft to better understand why your system failed validation. This information can include error codes and the names and paths of files that compromise the integrity of your system. 

For activation of an individual computer (where volume licensing is not being used), owners can allow the preceding information to be sent over the Internet to the activation system at Microsoft, or they can present the product key information and hardware hash (combined into one number) by phone.

  • Default setting and ability to disable: Product activation cannot be disabled, but if you acquire licenses through a volume license program, you can perform Volume Activation, through the Key Management Service (KMS) or a Multiple Activation Key (MAK). For more information, see Activation options with volume licensing earlier in this section and the following pages on the Microsoft Web site:

Note

Product activation is not necessary if you purchase new computers with the operating system preinstalled by the manufacturer and bound to the computer’s basic input/output system (BIOS).

  • Trigger and notification: When activation is required, the operating system provides a reminder each time a user logs on and at common intervals until the end of the activation grace period stated in the Microsoft Software License Terms (30 days is the typical grace period).

  • Logging: Entries that track the progress of activation (for example, return codes and error codes) are logged in Event Viewer. If activation fails, you can use these events to troubleshoot the problem. To locate the events, click Windows Logs, click Application, and the Source is Security-Licensing-SLC.

  • Encryption and storage: The data is encrypted during transmission by using HTTPS, that is, Secure Sockets Layer (SSL) or Transport Layer Security (TLS) with HTTP, and it is stored in Microsoft-controlled facilities. The data is accessible to a restricted number of support personnel who oversee and maintain the activation servers and the product activation program.

  • Privacy: Customer privacy was a paramount design goal in building the product activation technology. Microsoft uses the information to confirm that you have a licensed copy of the software, and then it is aggregated for statistical analysis. Microsoft does not use the information to identify you or contact you.

  • Transmission protocol and port: When Windows 7 and Windows Server 2008 R2 are activated through the Internet and a modem is not used, the first transmission uses HTTP through port 80. It communicates with go.microsoft.com to check the HTTP response code. A response code of less than 500 indicates that a product activation server is available. (With a modem, there is a check to see whether the modem can currently make a connection to the Internet.) If the product activation server can be reached (or if the modem can make a connection to the Internet), any activation data that is sent by Windows Product Activation uses HTTPS through port 443 to sls.microsoft.com.

Additional references

For more information about volume licensing, activation, and Genuine Advantage, see the following pages on the Microsoft Web site: