UF and Windows Vista

Windows Vista:
What System Administrators Need to Know


Special Information on Microsoft Licensing at UF! (.pdf)


SUMMARY


Versions:
Students are not eligible for any version of Vista under the campus agreement. If interested, they should ask student government to sign a Microsoft Student Agreement.

If a UF employee wants to install Vista on a personally-owned machine, they can obtain Vista Ultimate media and licensing from the UF bookstore for about $10. This is the only supported method for employees to obtain Vista for personal use. If you want to install Vista on a University-owned machine, Vista Enterprise is the preferred version. Vista Ultimate is available via special request, but the University is limited in the number of available Ultimate licenses. The only difference between Enterprise and Ultimate is that Ultimate includes media center features which are not needed on the majority of campus systems.

Keys:
License keys for a personally owned machine will be unique retail keys that come with the media, obtained at the UF bookstore. License keys should not be entered for University-owned (Vista Enterprise) systems since they will activate automatically with our campus KMS. University-owned systems that will be used exclusively off-campus for extended periods with NO VPN or other contact with campus (several months or longer) may require manual entry of our MAK key. University-owned systems for which Ultimate licensing has been requested and approved will require manual entry of a unique retail key.

Should I Upgrade to Windows Vista?


Three simple questions will help you to make this decision:

If you can answer yes to all of these questions then the time may be right for you to upgrade to Vista. Just be sure to learn as much as possible and make an informed decision before putting Vista on your system(s)!

Obtaining Vista and Office 2007 under the UF Campus Agreement:


Vista and Office 2007 were released to manufacture (RTM) and have been available to UF since November 7, 2006. At this point, certain user groups at UF have been on Vista for nearly 2 years. There is a wealth of information available through this site and other resources on campus. If you have questions, please ask!

Our campus agreement allows us to download and use both Vista and Office 2007 on any University-owned system. The only requirement is that the system must already be licensed for some version of Windows. In other words, you cannot build or purchase a system with no OS and install Vista legally. If you have an available license for a previous version of Windows, you can 'assign' this license to the new system (you don't need to actually install the old OS) and then legally install Vista. Office 2007 may be installed on any University-owned system with no prerequisites for licensing. Vista and Office 2007, McAfee Virus Scan for Vista, and the latest version of the Cisco VPN client for Vista are available on campus by using your Gatorlink credentials (username@ufl.edu) at:

UFAD Download Site for Vista and Office

Windows Vista Ultimate Edition *is* available to us under the UF Campus Agreement. 'Ultimate' adds Windows Media Center features that are not useful on the majority of campus systems. Please note that 'Ultimate' is considered a consumer-based product. This means that enterprise support is *not* available from Microsoft and product keys are issued individually from a *limited* pool of keys. An 'Ultimate' ISO is also available on the download section of this site, however the 'Enterprise' Edition should be considered our first choice for deployment on campus machines.

To request 'Ultimate' keys, please contact the UF MVLS administrator with your first and last name, username, UFID number, department affiliation and reason for needing Ultimate rather than Enterprise.

*HOME USERS*


*This includes anyone employed by UF. Students are not covered unless employed by the University!*

Home use media for Office 2007 Enterprise and Vista Ultimate Edition *IS AVAILABLE THROUGH THE BOOKSTORE* under our campus agreement, much like Windows XP and Office 2003 have been in the past. These include individual, single-use product keys just like other consumer-based versions. Cost is $11.00 for Vista and $7.00 for Office. Again, these are only available to current UF faculty and staff under our Microsoft Campus Agreement and are intended for systems that are personally-owned by UF employees.

*VERSIONS*


On University-owned systems we should be using the 'Enterprise Edition' of both Vista and Office 2007, except for the rare cases in which Vista Ultimate is deemed necessary. For personally-owned systems, Vista Ultimate and Office 2007 Enterprise should be used and should be obtained through the UF bookstore.

Installing and Activating Vista:


Power on your computer with the Vista DVD in the drive and follow whatever steps are necessary to boot your computer to the DVD drive. As with previous versions of Windows, you can answer questions along the way or include an XML based ‘answer file’ either in the root of your DVD or in the root of an inserted USB drive. If you choose to do a clean installation *without* formatting your hard drive, key folders (including the most common locations for data) will be retained on your hard drive under a folder called ‘Windows.old’. This does not mean that your old applications will still be installed under Vista. It simply means that the raw data will not be deleted or lost during the installation of Vista. Please note that *no product key* is necessary during any part of the Vista install process. Do not attempt to enter one manually!

Windows Vista is the first Microsoft product to follow the new volume-licensing model. This requires the Vista installation to activate online with a campus-run Key Management Server (KMS) by using a Volume License Key (VLK), or to activate online directly with Microsoft by using a Manual Activation Key (MAK). The campus KMS is up and running as a service of UF Active Directory (UFAD). The VLK activation process occurs automatically *after* Vista is installed and operating as long as the KMS is reachable by the client. The MAK activation process is manual. Regardless of which activation method is used, activation *must* occur within 30 days or the Vista client will stop functioning!

If you have either knowingly or accidentally entered the campus product key (VLK)during Vista installation, you may have inadvertently activated your machine as a campus KMS. This is undesirable for many reasons and could even be a licensing violation depending on what kind of access is open to your machine. If you think this may be the case, you can check by running the following from a command prompt in the \Windows\System32 directory:

Cscript.exe slmgr.vbs -dli

If you see the line of text 'Key Management Service is enabled on this machine' then you are in fact set up as a KMS. *PLEASE* let us know immediately if your machine is set up as a KMS! Notify us, but please correct this yourself by running:

Cscript.exe slmgr.vbs -upk

Campus Image:


A campus 'base image' of Windows Vista has been developed by the TAP group and is currently available for testing. This image will create a 2 GB partition for BitLocker (should you choose to turn BitLocker on) and partition the remaining drive space for the Vista install. Software that is installed as part of this image includes Office 2007, McAfee 8.5, Acrobat Reader 8, Flash, Shockwave, Quicktime, and the Cisco VPN 2.0.2600.2. Two versions are available for download - one which activates with our campus KMS (preferred) and one that activates with our MAK (for use on disconnected or off-campus machines). If anyone would like to continue development or updating of these campus images now that Vista TAP has concluded, please let us know.

Volume License Key (VLK) Activation:


All machines that will be used on campus or have regular connectivity with the campus network (VPN or otherwise) should be activated with our campus KMS. With this method of activation our campus license key (VLK) is automatically issued to clients by the KMS without ever needing to see or enter a key. If the Vista client is joined to UF Active Directory and connected to the network it should activate automatically with no intervention. A VLK activated client will attempt to contact the KMS to re-activate every two weeks. This re-activation must take place within six months or the client will stop functioning until it is able to contact the KMS again or a MAK is entered. Keep in mind that the KMS is only accessible to clients currently connected to a UF subnet (including VPN). If the Vista client is not joined to UFAD, there are several simple options to allow connectivity to the KMS:

  1. Join the Vista client machine to UF Active Directory. It will activate immediately with no additional steps required.
  2. Point the Vista client at DNS that contains the SRV record for the KMS. This includes the main campus DNS operated by CNS and the DNS operated by UFAD. If you run your own domain or DNS you can also add the SRV record there by using the following DNS information:

    View DNS Entry for KMS SRV Record
  3. On the Vista client, you can add a registry key for "KeyManagementServiceName" to HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SL. This entry will assist the Vista client in locating the KMS and can be viewed here:

    View Registry Entry for Locating Campus KMS
  4. You will also need to add a domain suffix of ‘ufl.edu’ or ‘ad.ufl.edu’ to the Vista client computer. This is *not* the same as adding a suffix on the network interface! To add the suffix:
    • Right click on 'Computer' and choose properties.
    • Next to 'Computer name, domain, and workgroup settings' click on 'Change settings'.
    • Next to 'To rename this computer or change...' click on the 'Change' button.
    • Next to 'Full computer name' click on the 'More' button.
    • Under 'Primary DNS suffix of this computer:' enter either 'ufl.edu' or 'ad.ufl.edu'.

If you are deploying multiple machines or preparing a departmental image or rollout, please consider including this registry entry as part of your base install. You can also use a registry file that will import this entry for you and run it manually or apply it to your Vista clients via group policy. This registry file also includes the "UserOperations" key (see MAK Activation section, below) and can be downloaded from:

Download UF Registry Keys Installer for Vista Clients

Manual Activation Key (MAK) Activation:


All machines that are permanently located off of campus networks or may be used for extended periods without connecting to the campus network (via VPN or otherwise) should be activated with our campus MAK. This will allow them to activate once and never need to contact a KMS or otherwise re-activate. Be aware that a Vista client activated with the VLK using our KMS *CAN* be switched to a MAK activation if there is ever a need to do so. One MAK number has been issued to campus by Microsoft. It can be viewed on the MVLS site or requested.

To allow a standard user to activate with an MAK, a registry key will need to be added on the Vista client. This key should be a DWORD for "UserOperations" with a value of "1" set in:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SL
We recommend adding this key to ALL Vista clients that may be used off campus so that the user can activate with the MAK in case of emergency. Alternatively, the MAK can be distributed and manually entered (typed in) on the Vista client.

A MAK activated client will only need to be connected to the internet one time for initial activation. There are no subsequent attempts to re-activate after the initial activation. This point is key in understanding how to determine whether a client should be activated using a VLK or MAK. An on-campus machine will have no problem contacting the KMS and should be activated with a VLK. A laptop or other off-campus machine may have issues contacting the KMS if it never comes to campus or never uses the VPN. This should be considered as a possible reason to use a MAK.

Application Compatibility in Windows Vista:


Many applications that worked under Windows XP will continue to install and function under Vista, some will require updates from their vendors (which may or may not be available), and some will simply not work. Much testing has been done by the UF Windows Vista Technology Adoption Program (TAP) group. Results of application testing performed by the TAP group can be found here:

UF Vista TAP Application Testing

This list is an excellent place to start when trying to determine whether an application will work under Vista. You may have applications that are not listed. If they are not listed, you may be the first to attempt using that application under Vista, or we simply may not have had an opportunity to test it. If your application is not on this list, please report your results by contacting UFAD.

Applications that are of utmost importance to UF at this time include Office, McAfee, and the Cisco VPN client. Office XP and newer have been tested and are working normally. McAfee has been tested to work properly. The Cisco VPN client is working normally. We have both McAfee and Cisco available for download under the same location as the Vista and Office 2007 files, at the UFAD download site. Alternatively, McAfee can be downloaded from the UF software web site and the Cisco client can be downloaded from the CNS VPN web site.

Using Windows Vista:


Logging On:


When logging on to a Vista machine, you will not be presented with a drop-down menu to select your login context (local or domain (network)). Instead, a local login would be entered as .\username and a network login would be entered as domain\username. Vista will remember the context of the last successful login, so if you normally log on to a domain, subsequent domain logins will not require the use of domain\.

Getting Around:


Play! Get used to the new interface! Things may appear quite different at first, but the concepts are pretty much unchanged since XP. If you can’t find something where you are used to finding it, we’ve discovered that many of these ‘lost’ items can be located under control panel someplace. In any case, control panel is a good starting point for many things in Vista.

Another nice feature is Windows search. At the top of an IE window or at the bottom of the start button is a text box in which you can type whatever it is you are looking for. Once search has indexed your system, it returns results quickly. You can be searching for an application, a file, an e-mail, a website, or pretty much anything and it will return a list of matches. As an example, click the start button and type ‘calc’. You will see a list of matches appear. At the top should be the Calculator application. This is an extremely quick and efficient way to get around in Vista, whether you are actually searching for something or just looking for the quickest way to launch an application.

Installing Software:


Even if you are logged on with an account that is a member of the ‘Administrators’ group on the local machine, many applications (.EXE) will still not install properly. This is because of User Account Control (UAC). UAC is a valuable security feature of Vista and turning it off is not recommended. The proper way to install software is to right-click on the install file and select ‘Run As Administrator’. This is called ‘Elevation of Privilege’ and it allows the install to start with the proper credentials. .MSI install files do not require ‘Elevation of Privilege’ to install properly, so you can simply click them to start the install process.

Run As:


In order to run many of your administrative applications using a domain or other network logon, you will need to follow a different process in Vista. The traditional method of right-clicking your application and selecting ‘Run As’ is not available in Vista. To launch an application with alternate (network) credentials, create a batch file containing the ‘RunAs’ command. For example, to launch a custom MMC for domain administration use the following one line:

Runas /user:domain\usernamemmc c:\pathtosavedconsole.msc

In this example, ‘domain’ should be the domain in which the alternate credentials are stored, ‘username’ should be the domain user account that you wish to log on with, ‘mmc’ should be the application that is used to launch your desired file, and ‘c:\pathtosavedconsole.msc’ should be the explicit path to the file that you want to launch with the application you just specified. To clarify with another example, you could also use domain credentials to open a text document with notepad from a network drive that we’ll call N:

Runas /user:domain\usernamenotepad n:\saveddocument.txt

Play with this a bit. It will make sense once you start using it. After running your batch file, you will simply be prompted for a password for the specified domain account before the application launches. The right password launches it and the wrong one doesn’t!

Working in the Domain:


Installing domain administration tools, such as those provided in 'adminpak.msi', has been problematic. Installing Exchange administration tools has been very difficult and little to no documentation exists online. We have created an install package that will completely install the adminpak tools and 'most' of the Exchange tools. This is accomplished by copying the necessary Exchange DLL files and registering them with the system - but it is all automated by the install package we have developed. With a Gatorlink credential you may download the package here: Adminpak with Exchange Tools for Vista (this download includes documentation). Any interested non-University IT worker should feel free to contact us for details on making the Exchange tools work under Vista.

Log Off and Power Options:


In Vista, when you click the Windows key and the ‘power’ button you are not actually shutting down your computer! By default, this takes advantage of a new Windows power option called ‘sleep’. Sleep mode puts the machine into a very low power consumption state. This will save the University money over a running or logged-off machine, with the added benefit that the machine can still wake up long enough to install patches and updates or run a scheduled task such as defrag. A sleeping Vista machine will wake up according to its own set schedule for updates and will *not* respond to outside attempts to wake up, such as an incoming remote desktop connection or wake-on-LAN request.

When you click the Windows key, at the very bottom right of the menu (to the right of the power button) is a small arrow (>). Clicking on this arrow will display additional options such as log-off, restart and shut down.

Notes on Office 2007:


Office 2007 testing was done in a largely independent manner on campus and was not an activity of of the Vista TAP group. However, the testing that was done has shown that Office 2007 is a very good piece of software that presents few problems. One key thing to be aware of is the new format that Office 2007 saves documents in, ‘X’. Word will save documents as a ‘.docx’, Excel will save spreadsheets as ‘.xlsx’, etc. This new format is XML based and really a very nice concept. Be aware that the new format is *not* readable by older versions of Office unless you have installed Microsoft’s free compatibility tool on the older versions of Office. We have tested this tool and found it to perform very well. It can be downloaded here: Office Compatibility Pack. Keep in mind that you can always save Office 2007 documents in the older, fully compatible formats (.doc, .xls, etc.).

For More Information:


Feel free to send your questions or any feedback on your personal experiences with Vista to UFAD.

Primary Navigation