- Turn the tables on your organization with Adaxes 2018.1’s Web Interface and reporting capabilities - Thu, Sep 20 2018
- Review: Softerra Adaxes – Automating Active Directory management - Thu, Jun 4 2015
- Azure Multi-Factor Authentication – Part 8: Delegating Administration - Tue, Apr 28 2015
There is a need for controlled volume activation in any large networking environment. In the Windows 2000 and Windows XP timeframes, activation was a non-issue; all you needed to do was to make sure your product key wasn’t used to activate millions of copies outside of your company. Today, however, things are different. It’s been harder to control activation in the Windows Vista and Windows 7 timeframes due to the new Windows Genuine Advantage. Also, Office nowadays also needs to be activated and will be checked regularly for product use right compliance, adding further complexity.
For this release, consisting of Windows 8, Office 2013 and Windows Server 2012, Microsoft aimed to make product activation easier for volume-licensed products. They succeeded brilliantly by giving us two more activation methods on top of the available activation methods:
Active Directory-based activation
Organizations running Active Directory can now leverage its multi-master goodness to activate volume licenses of Windows 8, Windows Server 2012 and Office 2013 installations running on these Operating Systems. By adding the product keys for these packages to the Volume Activation Services Server Role, these products will be automatically activated when domain membership is in place. The moment you remove an Active Directory-based activated Windows 8 installation with Office 2013 from the domain, however, both products get deactivated instantly.
The only serious drawback of this activation method is that clients need to contact the Active Directory infrastructure at least every 180 days. There is no minimal amount of installations, no fiddling to make activation hosts highly available (because Active Directory is highly available by default when you follow best practices) and no obscure network port you need to enable in your firewalls.
Office 365 subscription-based activation
Another neat trick for Office 2013 activation is its new Office 365 subscription-based activation. When you purchase a subscription of Office 365 that includes Office and you sign in with your Office 365 account in a local Office 2013 installation, the product gets activated. It gets activated for all the user accounts on the computer for as long as the Office benefit in the Office 365 subscription remains valid, as long as the computer is able to contact the online Office Licensing Services at least once every 30 days.
One of the bigger benefits of using this type of activation is its ease of license management. For each Office 365 subscription, the amount of licensed installations and remaining activations can be viewed. Also installations can be deactivated from the portal by both users and admins, making reporting on licenses a breeze.
In more traditionally-run organizations without Office 365 or without Active Directory and organizations with strict admin role separation (where the Active Directory, licensing and activation people don’t talk to each other), the above two activation methods would not be a match. For these organizations, Key Management Services (KMS) are still around and more than happy to activate your Windows and Office installations. Just be sure to update the KMS hosts with the appropriate update for Windows 8 and Windows Server 2012 activation and, of course, the Office 2013 Volume License Pack.
KMS in Windows 8 and Windows Server 2012 are now part of the same Volume Activation Services as Active Directory-based Activation, but that’s the only change Microsoft made to it. Its largest drawbacks still exist: You still need to activate at least 25 Windows and/or Office licenses, you still need to open a special port in your firewalls, and making KMS hosts highly available still requires you to fiddle with DNS. Once you manage to activate your installations, these installations remain activated as long as they are able to communicate with their KMS hosts at least once every 180 days.
As a fourth product activation method, Multiple Activation Keys (MAKs) can be used. These product keys instruct installed products to contact Microsofts online activation services without the need of on-premises activation services. Phone-based activation is available with MAK activation. While this method offers less control, it is ideally suited for product activation in perimeter networks and environments without an Internet connection.
I see MAK Activation is a last resort volume activation method. The question, however, is finding the systems that need MAK activation. Identifying and switching rarely used and/or rarely online or connected systems from one of the previous activation methods to MAK Activation, however, is pretty easy when you use the Volume Activation Management Tool (VAMT), available for free as part of the Windows Assessment and Deployment Kit (ADK).