deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-06-18 11:53:37 +00:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity

broken link and Acrolinx

Browse Source
This commit is contained in:
Aaron Czechowski
2022-09-26 11:28:19 -07:00
parent 4f27cf27a1
commit 5b81672332
1 changed files with 86 additions and 71 deletions
Download Patch File Download Diff File Expand all files Collapse all files

151
windows/deployment/vda-subscription-activation.md
View File

@ -1,150 +1,165 @@
--- ---
title: Configure VDA for Windows 10/11 Subscription Activation title: Configure VDA for Windows subscription activation
description: Learn how to configure virtual machines (VMs) to enable Windows 10 Subscription Activation in a Windows Virtual Desktop Access (VDA) scenario.
ms.reviewer: ms.reviewer:
manager: dougeby manager: dougeby
ms.author: aaroncz ms.author: aaroncz
author: aczechowski author: aczechowski
description: Learn how to configure virtual machines (VMs) to enable Windows 10 Subscription Activation in a Windows Virtual Desktop Access (VDA) scenario.
ms.custom: seo-marvel-apr2020 ms.custom: seo-marvel-apr2020
ms.prod: w10 ms.prod: windows-client
ms.technology: itpro-deploy
ms.localizationpriority: medium ms.localizationpriority: medium
ms.topic: article ms.topic: how-to
ms.collection: M365-modern-desktop ms.collection: M365-modern-desktop
ms.date: 09/26/2022
--- ---
# Configure VDA for Windows 10/11 Subscription Activation # Configure VDA for Windows subscription activation
Applies to: Applies to:
- Windows 10 - Windows 10
- Windows 11 - Windows 11
This document describes how to configure virtual machines (VMs) to enable [Windows 10/11 Subscription Activation](windows-10-subscription-activation.md) in a Windows Virtual Desktop Access (VDA) scenario. Windows VDA is a device or user-based licensing mechanism for managing access to virtual desktops. This document describes how to configure virtual machines (VMs) to enable [Windows subscription activation](windows-10-subscription-activation.md) in a Windows Virtual Desktop Access (VDA) scenario. Windows VDA is a device or user-based licensing mechanism for managing access to virtual desktops.
Deployment instructions are provided for the following scenarios: Deployment instructions are provided for the following scenarios:
1. [Active Directory-joined VMs](#active-directory-joined-vms) 1. [Active Directory-joined VMs](#active-directory-joined-vms)
2. [Azure Active Directory-joined VMs](#azure-active-directory-joined-vms) 2. [Azure Active Directory-joined VMs](#azure-active-directory-joined-vms)
3. [Azure Gallery VMs](#azure-gallery-vms) 3. [Azure Gallery VMs](#azure-gallery-vms)
## Requirements ## Requirements
- VMs must be running Windows 10 Pro, version 1703 or later. Windows 11 is "later" in this context. - VMs must be running a supported version of Windows Pro edition.
- VMs must be Active Directory-joined or Azure Active Directory (AAD)-joined. - VMs must be joined to Active Directory or Azure Active Directory (Azure AD).
- VMs must be hosted by a Qualified Multitenant Hoster (QMTH). - VMs must be hosted by a Qualified Multitenant Hoster (QMTH). For more information, download the PDF that describes the [Qualified Multitenant Hoster Program](https://download.microsoft.com/download/3/D/4/3D445779-2870-4E3D-AFCB-D35D2E1BC095/QMTH%20Authorized%20Partner%20List.pdf).
- For more information, see [Qualified Multitenant Hoster Program](https://download.microsoft.com/download/3/D/4/3D445779-2870-4E3D-AFCB-D35D2E1BC095/QMTH%20Authorized%20Partner%20List.pdf) (PDF download).
## Activation ## Activation
### Scenario 1 ### Scenario 1
- The VM is running Windows 10, version 1803 or later (ex: Windows 11). - The VM is running a supported version of Windows.
- The VM is hosted in Azure or another Qualified Multitenant Hoster (QMTH). - The VM is hosted in Azure or another Qualified Multitenant Hoster (QMTH).
When a user with VDA rights signs in to the VM using their Azure Active Directory credentials, the VM is automatically stepped-up to Enterprise and activated. There is no need to perform Windows 10/11 Pro activation. This eliminates the need to maintain KMS or MAK in the qualifying cloud infrastructure. When a user with VDA rights signs in to the VM using their Azure AD credentials, the VM is automatically stepped-up to Enterprise and activated. There's no need to do Windows Pro activation. This functionality eliminates the need to maintain KMS or MAK in the qualifying cloud infrastructure.
### Scenario 2 ### Scenario 2
- The Hyper-V host and the VM are both running Windows 10, version 1803 or later. - The Hyper-V host and the VM are both running a supported version of Windows.
[Inherited Activation](./windows-10-subscription-activation.md#inherited-activation) is enabled. All VMs created by a user with a Windows 10/11 E3 or E5 license are automatically activated independent of whether a user signs in with a local account or using an Azure Active Directory account. [Inherited Activation](./windows-10-subscription-activation.md#inherited-activation) is enabled. All VMs created by a user with a Windows E3 or E5 license are automatically activated independent of whether a user signs in with a local account or using an Azure AD account.
### Scenario 3 ### Scenario 3
- The VM is running Windows 10, version 1703 or 1709, or the hoster is not an authorized [QMTH](https://download.microsoft.com/download/3/D/4/3D445779-2870-4E3D-AFCB-D35D2E1BC095/QMTH%20Authorized%20Partner%20List.pdf) partner. - The hoster isn't an authorized QMTH partner.
In this scenario, the underlying Windows 10/11 Pro license must be activated prior to Subscription Activation of Windows 10/11 Enterprise. Activation is accomplished using a Generic Volume License Key (GVLK) and a Volume License KMS activation server provided by the hoster. Alternatively, a KMS activation server can be used. KMS activation is provided for Azure VMs. For more information, see [Troubleshoot Azure Windows virtual machine activation problems](/azure/virtual-machines/troubleshooting/troubleshoot-activation-problems). In this scenario, the underlying Windows Pro license must be activated prior to using subscription activation Windows Enterprise. Activation is accomplished using a generic volume license key (GVLK) and a volume license KMS activation server provided by the hoster. Alternatively, a KMS activation server can be used. KMS activation is provided for Azure VMs. For more information, see [Troubleshoot Azure Windows virtual machine activation problems](/troubleshoot/azure/virtual-machines/troubleshoot-activation-problems).
For examples of activation issues, see [Troubleshoot the user experience](./deploy-enterprise-licenses.md#troubleshoot-the-user-experience). For examples of activation issues, see [Troubleshoot the user experience](./deploy-enterprise-licenses.md#troubleshoot-the-user-experience).
## Active Directory-joined VMs ## Active Directory-joined VMs
1. Use the following instructions to prepare the VM for Azure: [Prepare a Windows VHD or VHDX to upload to Azure](/azure/virtual-machines/windows/prepare-for-upload-vhd-image) 1. Use the following instructions to prepare the VM for Azure: [Prepare a Windows VHD or VHDX to upload to Azure](/azure/virtual-machines/windows/prepare-for-upload-vhd-image)
2. (Optional) To disable network level authentication, type the following at an elevated command prompt: 2. (Optional) To disable network level authentication, type the following command at an elevated command prompt:
``` ```cmd
REG ADD "HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp" /v UserAuthentication /t REG_DWORD /d 0 /f REG ADD "HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp" /v UserAuthentication /t REG_DWORD /d 0 /f
``` ```
3. At an elevated command prompt, type **sysdm.cpl** and press ENTER. 3. At an elevated command prompt, type **sysdm.cpl** and press ENTER.
4. On the Remote tab, choose **Allow remote connections to this computer** and then click **Select Users**. 4. On the Remote tab, choose **Allow remote connections to this computer** and then select **Select Users**.
5. Click **Add**, type **Authenticated users**, and then click **OK** three times. 5. Select **Add**, type **Authenticated users**, and then select **OK** three times.
6. Follow the instructions to use sysprep at [Steps to generalize a VHD](/azure/virtual-machines/windows/prepare-for-upload-vhd-image#steps-to-generalize-a-vhd) and then start the VM again. 6. Follow the instructions to use sysprep at [Steps to generalize a VHD](/azure/virtual-machines/windows/prepare-for-upload-vhd-image#generalize-a-vhd) and then start the VM again.
7. If you must activate Windows 10 Pro as described for [scenario 3](#scenario-3), complete the following steps to use Windows Configuration Designer and inject an activation key. Otherwise, skip to step 20. 7. If you must activate Windows Pro as described for [scenario 3](#scenario-3), complete the following steps to use Windows Configuration Designer and inject an activation key. Otherwise, skip to step 8.
8. [Install Windows Configuration Designer](/windows/configuration/provisioning-packages/provisioning-install-icd). 1. [Install Windows Configuration Designer](/windows/configuration/provisioning-packages/provisioning-install-icd).
9. Open Windows Configuration Designer and click **Provision desktop services**. 1. Open Windows Configuration Designer and select **Provision desktop services**.
10. Under **Name**, type **Desktop AD Enrollment Pro GVLK**, click **Finish**, and then on the **Set up device** page enter a device name. 1. Under **Name**, type **Desktop AD Enrollment Pro GVLK**, select **Finish**, and then on the **Set up device** page enter a device name.
- Note: You can use a different project name, but this name is also used with dism.exe in a subsequent step.
11. Under **Enter product key** type the Pro GVLK key: **W269N-WFGWX-YVC9B-4J6C9-T83GX**. > [!NOTE]
12. On the Set up network page, choose **Off**. > You can use a different project name, but this name is also used with dism.exe in a later step.
13. On the Account Management page, choose **Enroll into Active Directory** and then enter the account details.
- Note: This step is different for [Azure AD-joined VMs](#azure-active-directory-joined-vms). 1. Under **Enter product key** type the Pro GVLK key: `W269N-WFGWX-YVC9B-4J6C9-T83GX`.
14. On the Add applications page, add applications if desired. This step is optional. 1. On the Set up network page, choose **Off**.
15. On the Add certificates page, add certificates if desired. This step is optional. 1. On the Account Management page, choose **Enroll into Active Directory** and then enter the account details.
16. On the Finish page, click **Create**.
17. In file explorer, double-click the VHD to mount the disk image. Determine the drive letter of the mounted image. > [!NOTE]
18. Type the following at an elevated command prompt. Replace the letter **G** with the drive letter of the mounted image, and enter the project name you used if it is different than the one suggested: > This step is different for [Azure AD-joined VMs](#azure-active-directory-joined-vms).
1. On the Add applications page, add applications if desired. This step is optional.
1. On the Add certificates page, add certificates if desired. This step is optional.
1. On the Finish page, select **Create**.
1. In file explorer, open the VHD to mount the disk image. Determine the drive letter of the mounted image.
1. Type the following command at an elevated command prompt. Replace the letter `G` with the drive letter of the mounted image, and enter the project name you used if it's different than the one suggested:
```cmd ```cmd
Dism.exe /Image=G:\ /Add-ProvisioningPackage /PackagePath: "Desktop AD Enrollment Pro GVLK.ppkg" Dism.exe /Image=G:\ /Add-ProvisioningPackage /PackagePath: "Desktop AD Enrollment Pro GVLK.ppkg"
``` ```
19. Right-click the mounted image in file explorer and click **Eject**.
20. See instructions at [Upload and create VM from generalized VHD](/azure/virtual-machines/windows/upload-generalized-managed#log-in-to-azure) to log in to Azure, get your storage account details, upload the VHD, and create a managed image. 1. Right-click the mounted image in file explorer and select **Eject**.
8. See the instructions at [Upload and create VM from generalized VHD](/azure/virtual-machines/windows/upload-generalized-managed#upload-the-vhd) to sign in to Azure, get your storage account details, upload the VHD, and create a managed image.
## Azure Active Directory-joined VMs ## Azure Active Directory-joined VMs
>[!IMPORTANT] > [!IMPORTANT]
>Azure Active Directory (Azure AD) provisioning packages have a 180 day limit on bulk token usage. You will need to update the provisioning package and re-inject it into the image after 180 days. Existing virtual machines that are Azure AD-joined and deployed will not need to be recreated. > Azure AD provisioning packages have a 180 day limit on bulk token usage. After 180 days, you'll need to update the provisioning package and re-inject it into the image. Existing virtual machines that are Azure AD-joined and deployed won't need to be recreated.
For Azure AD-joined VMs, follow the same instructions (above) as for [Active Directory-joined VMs](#active-directory-joined-vms) with the following exceptions: For Azure AD-joined VMs, follow the same instructions as for [Active Directory-joined VMs](#active-directory-joined-vms) with the following exceptions:
- In step 9, during setup with Windows Configuration Designer, under **Name**, type a name for the project that indicates it is not for Active Directory-joined VMs, such as **Desktop Bulk Enrollment Token Pro GVLK**.
- In step 11, during setup with Windows Configuration Designer, on the Account Management page, instead of enrolling in Active Directory, choose **Enroll in Azure AD**, click **Get Bulk Token**, sign in and add the bulk token using your organization's credentials. - During setup with Windows Configuration Designer, under **Name**, type a name for the project that indicates it isn't for Active Directory-joined VMs, such as **Desktop Bulk Enrollment Token Pro GVLK**.
- In step 15, sub-step 2, when entering the PackagePath, use the project name you entered in step 9 (ex: **Desktop Bulk Enrollment Token Pro GVLK.ppkg**) - During setup with Windows Configuration Designer, on the Account Management page, instead of enrolling in Active Directory, choose **Enroll in Azure AD**, select **Get Bulk Token**, sign in, and add the bulk token using your organization's credentials.
- When attempting to access the VM using remote desktop, you will need to create a custom RDP settings file as described below in [Create custom RDP settings for Azure](#create-custom-rdp-settings-for-azure). - When entering the PackagePath, use the project name you previously entered. For example, **Desktop Bulk Enrollment Token Pro GVLK.ppkg**
- When attempting to access the VM using remote desktop, you'll need to create a custom RDP settings file as described below in [Create custom RDP settings for Azure](#create-custom-rdp-settings-for-azure).
## Azure Gallery VMs ## Azure Gallery VMs
1. (Optional) To disable network level authentication, type the following at an elevated command prompt: 1. (Optional) To disable network level authentication, type the following command at an elevated command prompt:
``` ```cmd
REG ADD "HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp" /v UserAuthentication /t REG_DWORD /d 0 /f REG ADD "HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp" /v UserAuthentication /t REG_DWORD /d 0 /f
``` ```
2. At an elevated command prompt, type **sysdm.cpl** and press ENTER. 2. At an elevated command prompt, type `sysdm.cpl` and press ENTER.
3. On the Remote tab, choose **Allow remote connections to this computer** and then click **Select Users**. 3. On the Remote tab, choose **Allow remote connections to this computer** and then select **Select Users**.
4. Click **Add**, type **Authenticated users**, and then click **OK** three times. 4. Select **Add**, type **Authenticated users**, and then select **OK** three times.
5. [Install Windows Configuration Designer](/windows/configuration/provisioning-packages/provisioning-install-icd). 5. [Install Windows Configuration Designer](/windows/configuration/provisioning-packages/provisioning-install-icd).
6. Open Windows Configuration Designer and click **Provision desktop services**. 6. Open Windows Configuration Designer and select **Provision desktop services**.
7. If you must activate Windows 10 Pro as described for [scenario 3](#scenario-3), complete the following steps. Otherwise, skip to step 8. 7. If you must activate Windows Pro as described for [scenario 3](#scenario-3), complete the following steps. Otherwise, skip to step 8.
1. Under **Name**, type **Desktop Bulk Enrollment Token Pro GVLK**, click **Finish**, and then on the **Set up device** page enter a device name. 1. Under **Name**, type **Desktop Bulk Enrollment Token Pro GVLK**, select **Finish**, and then on the **Set up device** page enter a device name.
2. Under **Enter product key** type the Pro GVLK key: **W269N-WFGWX-YVC9B-4J6C9-T83GX**. 2. Under **Enter product key** type the Pro GVLK key: `W269N-WFGWX-YVC9B-4J6C9-T83GX`.
8. Under **Name**, type **Desktop Bulk Enrollment**, click **Finish**, and then on the **Set up device** page enter a device name. 8. Under **Name**, type **Desktop Bulk Enrollment**, select **Finish**, and then on the **Set up device** page enter a device name.
9. On the Set up network page, choose **Off**. 9. On the Set up network page, choose **Off**.
10. On the Account Management page, choose **Enroll in Azure AD**, click **Get Bulk Token**, sign in, and add the bulk token using your organizations credentials. 10. On the Account Management page, choose **Enroll in Azure AD**, select **Get Bulk Token**, sign in, and add the bulk token using your organizations credentials.
11. On the Add applications page, add applications if desired. This step is optional. 11. On the Add applications page, add applications if desired. This step is optional.
12. On the Add certificates page, add certificates if desired. This step is optional. 12. On the Add certificates page, add certificates if desired. This step is optional.
13. On the Finish page, click **Create**. 13. On the Finish page, select **Create**.
14. Copy the .ppkg file to the remote Virtual machine. Double click to initiate the provisioning package install. This will reboot the system. 14. Copy the PPKG file to the remote virtual machine. Open the provisioning package to install it. This process will restart the system.
- When attempting to access the VM using remote desktop, you will need to create a custom RDP settings file as described [below](#create-custom-rdp-settings-for-azure). > [!NOTE]
> When you try to access the VM using remote desktop, you'll need to [create a custom RDP settings file](#create-custom-rdp-settings-for-azure).
## Create custom RDP settings for Azure ## Create custom RDP settings for Azure
To create custom RDP settings for Azure:
1. Open Remote Desktop Connection and enter the IP address or DNS name for the remote host. 1. Open Remote Desktop Connection and enter the IP address or DNS name for the remote host.
2. Click **Show Options**, and then under Connection settings click **Save As** and save the RDP file to the location where you will use it. 2. Select **Show Options**, and then under Connection settings select **Save As**. Save the RDP file to the location where you'll use it.
3. Close the Remote Desktop Connection window and open Notepad. 3. Close the Remote Desktop Connection window and open Notepad.
4. Drag the RDP file into the Notepad window to edit it. 4. Open the RDP file in Notepad to edit it.
5. Enter or replace the line that specifies authentication level with the following two lines of text: 5. Enter or replace the line that specifies authentication level with the following two lines of text:
```text ```text
enablecredsspsupport:i:0 enablecredsspsupport:i:0
authentication level:i:2 authentication level:i:2
``` ```
6. **enablecredsspsupport** and **authentication level** should each appear only once in the file.
7. Save your changes, and then use this custom RDP file with your Azure AD credentials to connect to the Azure VM.
## Related topics The values `enablecredsspsupport` and `authentication level` should each appear only once in the file.
[Windows 10/11 Subscription Activation](windows-10-subscription-activation.md) 6. Save your changes, and then use this custom RDP file with your Azure AD credentials to connect to the Azure VM.
<BR>[Recommended settings for VDI desktops](/windows-server/remote/remote-desktop-services/rds-vdi-recommendations)
<BR>[Licensing the Windows Desktop for VDI Environments](https://download.microsoft.com/download/9/8/d/98d6a56c-4d79-40f4-8462-da3ecba2dc2c/licensing_windows_desktop_os_for_virtual_machines.pdf) ## Related articles
[Windows subscription activation](windows-10-subscription-activation.md)
[Recommended settings for VDI desktops](/windows-server/remote/remote-desktop-services/rds-vdi-recommendations)
[Whitepaper on licensing the Windows desktop for VDI environments](https://download.microsoft.com/download/9/8/d/98d6a56c-4d79-40f4-8462-da3ecba2dc2c/licensing_windows_desktop_os_for_virtual_machines.pdf)