Microsoft is building in strict and punitive "protection" controls into Windows Vista and next Windows Server to ensure that consumers and business customers are properly licensed and using legal copies of Windows.

The Microsoft Software Protection Platform, unveiled formally on Wednesday, requires that all customers consumers who buy PCs and business customers with volume licensing agreements activate their Windows Vista and Windows Longhorn Server licenses with Microsoft and prove that they have a genuine copy of Windows client or server running or face punishment.

If a retail consumer fails to active their product within 30 days of purchase, or tries to activate Vista and fails, key features of the new Windows upgrade the "Aero" user interface, Windows Defender, ReadyBoost performance enhancer, Internet Explorer 7 and Windows Media Player 11 will be disabled.

The company acknowledges that customers with non-valid Windows will be nagged with "persistent notifications" and given the chance to get legal, but if they don't comply within 30 days, the product will automatically move into this "reduced functionality mode," Microsoft said.

As part of the new program, Microsoft is introducing new Multiple Activation Key (MAK) options for customers with fewer than 25 PCs and a Key Management Service option for corporations with more than 25 PCs or more than five Windows servers. These licensed customers must activate within 30 days or also be forced to use the crippled version of Vista, Microsoft acknowledged in a detailed paper released Wednesday.

Windows XP has product activation requirements in place today for consumers. The existing Windows OEM activation option, for example, allows PC makers and system builders to pre-activate Windows for their customers via a System-Lock Pre-Installation or end-users can activate systems they purchase at retail on their own.

But the new Microsoft Software Protection Platform, which has been under development for several years, imposes activation requirements on volume licensed customers for the first time, as first reported by CRN.

It also gives business customers new fulfillment options: They can activate, renew and add new licenses online directly via a Microsoft Activation Server.

Volume Activation 2.0, the new policy, requires activation of volume license keys (VLKs). The intent is to make it more difficult for volume license keys to drift out of the corporation and into the hands of thieves, not change fulfillment methods, Microsoft maintains.

In a brief interview with CRN, Microsoft licensing executives noted, for example, that the KMS service can be installed in-house and administered by an IT administrator, solution provider or managed services partner. Still, the company also acknowledges that all customers, including SMB users, must activate going forward.

System builders and resellers were upbeat about the program as long as it works as advertised.

"I think it's about time. Thieves have been costing the software industry too much and legitimate users have nothing to fear so long as the program is accurate in its determination of what is and isn't legit," said Brian Bergin, president of Terabyte Computers. " Barring problems with the accuracy, I'm all for it.

The new platform will debut in Vista and in the Longhorn Windows server, and Microsoft is developing a KMS Service for Windows Server 2003. Microsoft also intends to integrate the activation platform in many other of its software products. Some have criticized Microsoft's initial round of anti-piracy efforts for Windows XP, such a Windows Genuine Advantage and Genuine Software Initiative, as invasive and draconian, since such measures sometimes punish innocent users when their suppliers, solution providers or PC resellers are to blame.

Still, Microsoft said the intent is to reduce software piracy, counterfeiting, illegal loading of Windows on PCs and leakage of volume license keys, all illegal practices that have cost Microsoft and many of its legitimate resellers millions of dollars in lost profits and cheated consumers.

The new activation requirements for small and mid-sized businesses and volume licensed customers will impact OEMs, system builders and solution providers in new ways.

The new OEM activation procedures, for example, will make it far more difficult for unethical dealers to illegally copy legal copies of Windows onto non-licensed computers.

Beginning with Windows XP, Microsoft instituted a System-Locked Preinstallation System. The new OEM Activation process that kicks off with Vista improves upon that by ensuring that Windows Vista SKUs licensed to an OEM function only on that OEM's hardware.

But this means customers and their system builders and solution providers must maintain recovery media for each OEM's system configuration.

It will also force resellers and solution providers to be more accountable for illegal software, implement their customers' activation procedures and implement software asset management systems to ensure license compliance, partners say.

Microsoft is offering two Volume Activation 2.0 options, which are different ways of activating client PCs: Multiple Activation Keys (MAK) and a Key Management Service Key (KMS).

Like retail activation, the MAK key requires activations with Microsoft directly but allows multiple activations at one time. The MAK has a limited number of activations to it and can activate only a specific number of machines. It is the preferred option for customers with fewer than 25 clients or whose clients do not connect up to a network for more than 210 days per year, Microsoft said.

Microsoft said customers can set up a MAK proxy activation service that acts on behalf of multiple PCs with one PC connected to Microsoft server electronically, or they can deploy a MAK Independent Activation service that requires each PC or server to individually connect to the Microsoft activation server.

Customers will be required to seek more activations when the number hits "the pre-set" limit and can request more activations directly from Microsoft.

The other option, the Key Management Service Key, is stored on a systems managed by the IT administrator, solution provider or managed service provider. It is aimed at companies with at least 25 PCs and systems consistently connected to the network, Microsoft said.

With this option, clients must renew their activation by connecting to the KMS server, a local system, every 180 days to stay legal. Clients that have not activated will be nagged. They will, for example, automatically attempt to connect to the KMS service every two hours and renew their activation locally every seven days.

As with other options, clients have 30 days to complete their activation or go into reduced functionality mode, Microsoft said.

Microsoft said the new platform will help business customers comply with licenses and manage their software assets.

Many observers, resellers, system builders and solution providers say the Redmond, Wash., software giant should do all it can to prevent loss and protect its own software assets, as well as those of its resellers and customers within reason.

"Microsoft has the right to ensure its software is legitimate. As long as its not intrusive or violates privacy rights, Microsoft can do what they need to protect their intellectual property," said Ken Winell, CEO of ExpertCollab, a Florham Park, N.J.-based Microsoft partner.

"The protection program will allow companies to focus on deployment instead of compliance so there will be some benefit to it," the solution provider added. "For those companies that have been less than stellar in policing how software is distributed may experience some initial pain as the activation seems to be more stringent, but I also think if the companies want to have improved information about distributed copies of their software, the program will offer better visibility."