I have been spending quite some time now figuring out Vista's activation mechanisms, and I think I know all of its options. The main question, however, is, would you use MAK (Multiple Key Management) or KMS (Key Management Service)? In this article, I summarized the pros and cons of KMS. In one of my next posts, I'll write about the advantages and disadvantages of MAK activation. If you are not yet familiar with both technologies, I suggest reading one of my introductory articles about Vista activation first (see links above).

Microsoft recommends using KMS in environments with more than 25 computers. When I first read about KMS, I also thought that it is the best option for us. However, I am not so sure about this, anymore. Actually, at the moment, it is fifty-fifty.

KMS Pros

  • No client configuration necessary: All you have to do is to install KMS. Your Vista machines will find the KMS automatically using DNS. So, any time, you install a new Vista machine, you don't even need to worry about having it activated.
  • Vista computers don't need special internet access: Since KMS activates the Vista machines; they don't need any kind of internet access. Essentially, this means that you don't have to change the firewall configuration for your clients. You only have to make sure that your KMS host can connect to Microsoft's volume licensing servers.

KMS Cons

  • Vista clients have to renew their activation every 180 days: By default, each KMS activated Vista computer will contact the KMS every 7 days. They have to confirm their activation at least every 180 days (plus grace period.) This means that you always have to keep an eye on your KMS, DNS, your Vista clients, etc. to see if everything is still working, properly. If technical problems come up, then you'll have to spend extra time fixing them.
  • The KMS host has to renew its activation every 180 days: In my view, this is the biggest disadvantage of KMS. If there are problems with your KMS key, activation might fail. We already had such an incident. So, this is not just theory. In such case, you will be dependent on Microsoft. I, personally, feel very uncomfortable with this idea.
  • KMS is difficult to implement with decentralized infrastructure: If your organization has multiple branches, you have to make sure that those Vista clients can connect to your KMS host, for example, by VPN. Depending on your network infrastructure this might cause extra work. You could also install a KMS host in every branch which also means more work. It is possible to use a Vista machine as KMS host in smaller branches. But then you have to make sure that this computer is always available.
  • In the field computers: If your company has many employees working in the field using laptops, then KMS might not be the best activation method. You probably will use MAK to activate these machines. Of course, you can combine KMS and MAK. You could use KMS for the Vista computers in your corporate network and MAK for the rest. However, you then have to deal with two different activation methods which means that you need the corresponding know-how and infrastructure for both technologies.
  • KMS needs dynamic DNS with SRV record support: If you don't use Active Directory, you might not have your own DNS server and use the one of your ISP, instead. Your ISP probably will not allow you to modify their DNS records. That means having to mess with the registry on your Vista clients to tell them where they can find the local KMS.
  • It is difficult to test KMS: Before using such an important new technology, I always want to try it, to see if it is reliable and to get some experiences, also. This is difficult with KMS since you can't test it in a virtual environment and you need at least 25 different Vista clients before KMS will activate them.

Please, let me know if I missed arguments for or against KMS. The question of using KMS or MAK certainly depends on the features of MAK activation, also. I'll write about it soon.

  1. Hugo Escobar 11 years ago

    Has their been any improvements to KMS since the introduction of Windows 7 and Server 2008 R2. Or is the concept still the same.

Leave a reply

Your email address will not be published.


© 4sysops 2006 - 2023


Please ask IT administration questions in the forums. Any other messages are welcome.


Log in with your credentials


Forgot your details?

Create Account