Understanding Windows KMS and MAK Volume License Activation

Sat 09 June 2012 Category: Uncategorized


If you have to administer a large number of PCs running Windows, you will end up creating an automated deployment platform for your Windows clients. You may implement something like Windows Deployment Services.

I used WDS to create a fully automated installation of PCs. WDS can also be used for creating images, but using images doesn't scale as you need too much manual intervention with the devices themselves and you need to update images constantly.

With WDS and some driver packs I can support as many different computer brands and models as I want with a single vanilla Windows 7 base image. All customization and automation is done with answer files using the Windows Automated Installation Kit.

When creating an automated deployment environment, one thing you definitely don't want to be doing is having to enter each individual Windows product key as found on the sticker somewhere on the chasis. You want a single key, embedded in the deployment image or script and run with that, or some other solution. Your goal must be to do away with manual product key input and activation.

This is not a problem, but here we have to introduce the topic of licences, especially client licences such as Windows 7. There are only two flavors of Windows:

  1. Retail - this licence is most expensive but allows you to transfer it from one computer to the other one.
  2. OEM - this licence cost you less but is tied to that particular computer.

The important thing for a system administrator to know is this: when buying OEM, you do not have rights to create disk images or do something similar with these computers. You cannot use Windows Deployment Services, You cannot use cloning tools or other solutions.

Volume licensing

Now it is time to talk about volume licensing. A volume licence is an upgrade of a Retail or OEM license. So one thing is sure: you must order every computer with an OEM Windows licence, regardless of your plans. In addition, the volume licence, you have to buy separately, you gain 'reimaging rights'.

Now comes the fun part. You only need one (1) Volume Licence for a specific product to be eligible to image or automatically deploy all PCs running that particular operating system (32 bit or 64 bit doesn't matter).

KMS or MAK activation

With a volume licence, client's don't need to activate with Microsoft through the internet. For larger organisations, that would cause too much internet traffic. Instead, you use a local activation service within your network. You can either deploy a KMS (Key Management Service) or use the Volume Actication Management Tool (VAMT).

Most people may want the KMS service. But a KMS service only starts to validate clients with 25 or more PCs. If you have less than that number of clients, you may resort to MAK validation.

When choosing KMS activation, you install a KMS service on one of your Windows servers and that host will then act as an activation server within your organisation. Systems activated through the KMS must periodically revalidate themselves (as like every 6 months / 180 days). but how do the clients know that they should validate against your KMS? And which product key do you use?

If you buy a volume licence, you will get access to a special ISO image of Windows 7, Vista Business or XP Professional. You also gain access to a special product key, a KMS product key. (Please note that you must by a volume licence for each operating system product version).

You use this special KMS product key to activate the KMS server. This happens only once. So this one time, you activate the KMS server with Microsoft, after that, no communication occurs with clients or the KMS service with Microsoft.

That special ISO image you got contains a special Windows version that does not require a product key. Once a client is installed, it just searches your network for a KMS server through DNS and tries to activate against it. Once validated, clients stay validated as long as they get in contact twice a year (180 days) with your KMS service.

If you have less than 25 PCs, you will use the MAK activation and the VAMT tool. Clients can either activate through Microsoft directly or through the VAMT tool. The VAMT tool collects activation requests within your network like a KMS, however, it does contact Microsoft to validate those activations. And there is a limited number of activations you are entitled to. This VAMT tool can cache activation requests so you can redeploy or re-image systems and reactivate them without seeing your activation limit getting reached.

I hope this information was useful to you and if you've discovered a mistake, please comment.