Everything you wanted to know about Microsoft OS Activation

There seems to be some confusion as to how Vista/Windows 7/Server 2008/Server 2008 R2 OS activation works both inside/outside the campus domain and on/off the university network so I’ll try and explain what the options are:

KMS activation

KMS (Key Management Server) activation is designed for machines (doesn’t matter which OS) which are connected to the University network at least once in every 6 months.

If a machine is joined to the campus domain then you don’t need to do anything else, the machine will just activate against the ISS KMS server and you can forget about it.

If the machine is on the University network but not in the campus domain then you can manually point the machine at the ISS KMS server and it will activate (see below)

Once a machine has activated against the ISS KMS server it will periodically re-activate automatically, you’ll only a have a problem with it if it doesn’t talk to the KMS server for over 6 months in which case you should use….

MAK Activation

MAK (Multiple Activation Key) activation should be used for machines which are off the campus network for periods of 6 months or more e.g. a University laptop which is always used off campus. If you need a MAK key then you should email the ISS Helpline and ask for a MAK code stating that you need a MAK code along with the OS that you are using e.g. Windows 7. Once you have the MAK code activate windows by typing activate windows in the search box on the start and follow the on screen prompts and enter the MAK code when asked to do so.

MAK activation requires an internet connection but once it’s done your machine will never need activating again unless you re-install the OS (this is the same type of activation you would use on a computer you bought from PC World etc).

Useful activation commands

All of these commands need to be run from a command prompt running with administrator rights, the easiest way to do this is by typing cmd in the search box on the start menu then right click the cmd icon that it finds and select run as administrator.

1 – Activate a machine on the University network which is NOT in the campus domain

cscript c:\windows\system32\slmgr.vbs -skms locksmith.campus.ncl.ac.uk:1688

cscript c:\windows\system32\slmgr.vbs -ato

2 – Force activation on a machine that is in the campus domain (if you’re impatientJ)

cscript c:\windows\system32\slmgr.vbs -ato

3 – Convert a machine from using MAK to KMS activation and vice versa (you’ll still need to request and use a MAK code if you need one).

N.B. These are generic product keys that are available for all to see at http://technet.microsoft.com/en-us/library/ee355153.aspx

slmgr -upk

slmgr -ipk 33PXH-7Y6KF-2VJC9-XBBR8-HVTHH

slmgr -ato

The above is for Windows 7 Enterprise, replace the product key as appropriate from the table below

Platform
Operating system edition
Product key

Windows 7 and Windows Server 2008 R2

Client
Windows 7 Professional
FJ82H-XT6CR-J8D7P-XQJJ2-GPDD4

Client
Windows 7 Professional N
MRPKT-YTG23-K7D7T-X2JMM-QY7MG

Client
Windows 7 Professional E
W82YF-2Q76Y-63HXB-FGJG9-GF7QX

Client
Windows 7 Enterprise
33PXH-7Y6KF-2VJC9-XBBR8-HVTHH

Client
Windows 7 Enterprise N
YDRBP-3D83W-TY26F-D46B2-XCKRJ

Client
Windows 7 Enterprise E
C29WB-22CC8-VJ326-GHFJW-H9DH4

Server
Windows Server 2008 R2 Web
6TPJF-RBVHG-WBW2R-86QPH-6RTM4

Server
Windows Server 2008 R2 HPC edition
FKJQ8-TMCVP-FRMR7-4WR42-3JCD7

Server
Windows Server 2008 R2 Standard
YC6KT-GKW9T-YTKYR-T4X34-R7VHC

Server
Windows Server 2008 R2 Enterprise
489J6-VHDMP-X63PK-3K798-CPX3Y

Server
Windows Server 2008 R2 Datacenter
74YFP-3QFB3-KQT8W-PMXWJ-7M648

Server
Windows Server 2008 R2 for Itanium-based Systems
GT63C-RJFQ3-4GMB6-BRFB9-CB83V

Windows Vista and Windows Server 2008

Client
Windows Vista Business
YFKBB-PQJJV-G996G-VWGXY-2V3X8

Client
Windows Vista Business N
HMBQG-8H2RH-C77VX-27R82-VMQBT

Client
Windows Vista Enterprise
VKK3X-68KWM-X2YGT-QR4M6-4BWMV

Client
Windows Vista Enterprise N
VTC42-BM838-43QHV-84HX6-XJXKV

Server
Windows Web Server 2008
WYR28-R7TFJ-3X2YQ-YCY4H-M249D

Server
Windows Server 2008 Standard
TM24T-X9RMF-VWXK6-X8JC9-BFGM2

Server
Windows Server 2008 Standard without Hyper-V
W7VD6-7JFBR-RX26B-YKQ3Y-6FFFJ

Server
Windows Server 2008 Enterprise
YQGMW-MPWTJ-34KDK-48M3W-X4Q6V

Server
Windows Server 2008 Enterprise without Hyper-V
39BXF-X8Q23-P2WWT-38T2F-G3FPG

Server
Windows Server 2008 HPC
RCTX3-KWVHP-BR6TB-RB6DM-6X7HP

Server
Windows Server 2008 Datacenter
7M67G-PC374-GR742-YH8V4-TCBY3

Server
Windows Server 2008 Datacenter without Hyper-V
22XQ2-VRXRG-P8D42-K34TD-G3QQC

Server
Windows Server 2008 for Itanium-Based Systems
4DWFP-JF3DJ-B7DTH-78FJB-PDRHK

Security Principals, ACE, ACLs, DACLs, and SACLs

As a follow up to an earlier post I made on Advanced NTFS Permissions I thought I’d post some notes I made recently on Security Principals, ACE, ACLs, DACLs, and SACLs

Security Principals

A security principal is an entity that can be authenticated by the system, such as a user account, a computer account, or a thread or process that runs in the security context of a user or computer account and Security groups of these accounts. The important thing to remember is that each principal is automatically assigned a security identifier (SID)when it is created and that these are unique. This is why a domain computer cannot access domain resources if its account is deleted even when a new account with the same name exists.

Access Control Entry (ACE)

An Access Control Entry (ACE) is an element in an access control list (see below). Each ACE controls or monitors access to an object. We see an ACE when we look in the list of security principals which have access tab on an object.
Access Control Lists (ACL)
Broadly speaking an ACLs are the lists of security principals (users, groups and computers that have access to an object. There are two types of ACL. The DACL and the SACL.

Discretionary access control lists (DACLs).

DACLs identify the users and groups that are assigned or denied access permissions on an object. If a DACL does not explicitly identify a security principal it will be denied access to that object.

System access control lists (SACLs).

SACLs identify the users and groups that you want to audit when they successfully access or fail to access an object. Auditing is used to monitor events related to system or network security. A SACL can be found by selecting the Advanced Security settings on an object button and selecting the Auditing Tab

Security

Windows 7 / Windows Server 2008 R2: RemoteApp and Desktop Connection

If you are testing Windows 7 and are a user of one of the ISS Remote Desktop Services Servers you can import all of the applications available to you directly to you Start Menu by following these instructions:

1. Navigate to Control Panel\All Control Panel Items\RemoteApp and Desktop Connections on the Start Menu.

2. Select ‘Set up a new connection with RemoteApp and Desktop Connections

.

3. In the connection box URL type https://servername.ncl.ac.uk/RDWeb/feed/webfeed.aspx

4. Acknowledge the messages at the next 2 screens.

5. You will receive confirmation that the connection has been setup.

.

The applications will now be visible under: Start Menu > Programs > RemoteApp and Desktop Connections

Filestore Best Practices #3: Only ever assign group permissions even if the group has only one member.

Assigning the permissions to Filestore resources is easy but managing permissions for an expanding volume of data in an ever evolving department is not. It can however be made easier by only using security groups.

Most people reading this will look after Filestore resources which are accessed by various people within their departments. The data structure may be made up of hundreds or even thousands of folders for which a complex set of permissions are required.

The problem with assigning individual users permissions is that there will come a point eventually where you will not be able remember who a user (let’s call them) n563456 is, why they were assigned permissions and if they should still have access. The situation would be worse still for someone taking over or assisting with management of the resources.

The best way to avoid this is to never assign individual users permissions on a resource but to create a Security group even if only one user will be the only member in it.

This will allow you to do the following:

Give the group a meaningful name.

For example, calling the group HR – Directors Shared Filestore (Read\Write) will help you identify it’s function, level of access and who should be a member at a glance.

TIP: Prefix all of your group names with your departments name e.g. ISS XXXX XXXXX. A group called ‘Research Shared Folder’ will not be as easy to find.

Allow you to add and remove users without having to browse to the resource.

It’s much easier to open the ADUC snap-in and add to or remove from a group than it is to browse to a nested folder and examine the ACLs.

Avoid Ghost s-ids

Ghost sids occur when an account has been deleted but the permission persists on the resource.

Document, audit and manage access from one place.

You can add comments to groups and manage all of your permissions from one central location, perhaps by a regular review of group membership.

Make things easier on team members or your successors.

By using a group based approach new team members and your successors will be able to easily see changes and see how permissions are configured.

SUMMARY: Never assign individual users permissions to a Filestore resource as they will grow too complex. Only ever use groups even if there is only one user on it and always add a description to the group.

A hand-drawn look at Windows 7 and Server 2008 R2

For those who have been struggling to find information about the new features of Windows 7 and Windows Server 2008 R2 (you likely don’t read this blog or mine!), or if you just like to see information presented in a creative way, you should check out the series of cleverly hyperlinked videos put together by my good friends Andrew and James from the TechNet UK IT Professional Technical Evangelist Team.

Since I can’t embed the launchpad video on this blog engine, head over to Andrew’s post to get started.

23rd September: Three fantastic Microsoft enterprise IT presentations

We are very pleased to be able to announce a stellar line up of technical presentations and speakers from Microsoft at the September VBUG Newcastle IT Pro meeting here on the Newcastle University campus…

The Dynamic Desktop Experience – Windows 7, Windows XP Mode, App-V, MDT, MDOP and System Center – Dan Oliver

Windows 7 offers Microsoft’s customers with an opportunity to deliver a platform that releases new capabilities that deliver real business benefit and significantly reduced cost of ownership. The challenge for most companies is that deploying and migrating desktops is time consuming and traditionally offers service continuity risks with Application Compatibility that can prevent progress. This presentation will show capabilities, architectures and strategies that allow companies to move forward cost effectively to the benefits of a modern operating system. Level: 100

Dan Oliver is a Pre Sales Architect within Microsoft UK’s Speciality Technology Unit with some 14 years’ experience of Microsoft-based solutions primarily in the virtualization and systems management fields. Dan has a background that covers a broad spectrum of industry sectors ranging from Financial, Telecoms, Partners, Legal, Professional Services and Healthcare. Dan has also had the opportunity to work as a Chief Technology Officer for the Faculty of Advocates in the Scottish Legal Sector.

Novell and Lotus Notes – Migrating to Microsoft – Conrad Sidey

The business value of implementing Microsoft technologies like Active Directory, Exchange 2007 and SharePoint are clearly understood within Microsoft. For our customers that are still running their organisation on technologies like Novell and Lotus Notes they are starting to gain an understanding of the value of migrating to Microsoft technologies. The purpose behind this presentation is to provide the technical community with an insight into leading a project and architecting a solution to migrate environment that are running both Novell Netware and Lotus Notes. The presentation will discuss envisioning & planning of a Novell and Notes migration project, approaches to undertaking the migration depending upon the business drivers, providing an overview of the approach we are taking in migrating a UK Local City Council while providing coexistence, as well as presenting a number of migration & coexistence recommendations or lessons learnt from the project. Level: 200

Conrad Sidey is a Solution Architect within Microsoft Consulting Services with some 17 years’ experience of Microsoft-based solutions primarily in the infrastructure field. Conrad has a background that covers a broad spectrum of industry sectors ranging from Financial and Insurance, Manufacturing, Aero-Engineering, Defence, UK and European Government Agencies, Power Generators, Retail and Brewing. Conrad has also had the opportunity to work with large scale outsourcing services providers.

Implementing the “Black Box” – Performance Monitoring and Analysis for proactive and reactive support, server baselining and capacity planning – Richard Diver

All current versions of Windows come with a free tool that can prevent server downtime and solve many mysteries – Perfmon!

A little bit of practice with this tool can really help to solve issues with servers that may not even be performance related. Working at the OS level, you can find cause to most performance bottlenecks regardless of server function (Exchange, DC, Web etc).

This is something that has even more focus in future versions of Windows; a brief overview of these benefits will be shown also! Level: 300

Richard Diver is a Premier Field Engineer with 10 years experience implementing and supporting a range of Microsoft technologies, specialising in Active Directory, Server Platform and Virtualisation.

Wrap up Q&A with all presenters at the end.

Time: 18:45 to 21:00

Location: Room 118, Claremont Tower, Newcastle University, Newcastle-upon-Tyne, NE1 7RU

Price: FREE

Please register for your place at the VBUG site so we can make sure we have enough space and refreshments. 🙂

RSAT released for Windows 7

Microsoft has released the Remote Server Administration Tools (RSAT) for Windows 7. These tools allow you to “manage roles and features that are installed on computers that are running Windows Server 2008 R2, Windows Server 2008, or Windows Server 2003, from a remote computer that is running Windows 7”.

Download from:
http://www.microsoft.com/downloads/details.aspx?FamilyID=7d2f6ad7-656b-4313-a005-4e344e43997d&displaylang=en

Windows 7 and Windows Server 2008 R2 Event – 8th July

For Windows sys admins, the biggest contacts on your approach radar right now are Windows 7 and Windows Server 2008 R2, due to release later in the year (but be complete and released to manufacture next month). This free evening event, right here on the campus, couldn’t be much more timely then.

Rik Hepworth, the IT Director at Black Marble, will cover some of the great new features of the new operating systems, including BranchCache, XP Mode and what I personally think is the number one feature, DirectAccess.

This is bound to be a popular event, so sign up early over at the VBUG site.

TechNet Conference goes virtual (19 June 2009)

From Microsoft:

We’re pleased to announce the launch of the very first TechNet Virtual Conference taking place on 19 June 2009.

You told us that time and budget pressures make attending in person events difficult – so to help both you and the environment we decided to take the TechNet Conference virtual. Now you and your colleagues can join us to get a flavour of some key Microsoft technologies from the comfort of your own desks.

  • Windows 7 – Deployment and Management
  • Windows Server 2008 R2 – 10 things to make life easier for IT Pros
  • An overview of Office Communications Server R2 and voice capabilities
  • The trials and tribulations of SharePoint implementation

We are also really pleased to announce an exclusive Keynote featuring Mark Russinovich, Microsoft Technical Fellow specialising in the Windows platform.

And that’s not the only difference this year. In addition to Microsoft technology news and product overviews from the experts, the TechNet Virtual Conference will also feature a second auditorium focused on IT Management, including:

  • How IT will change over the next 10 years and why you should care – an exclusive session delivered at TechEd EMEA
  • Growing the Business and Managing Costs at Microsoft – An Insider’s View, presented by Asif Jinnah, IT Manager, Microsoft UK

Click here to see the full agenda.

http://technet.microsoft.com/en-gb/dd819085.aspx