locked
Legality of cloning RRS feed

  • Question

  • I work for a local state government and we have Windows 7 Enterprise with MAK licensing.  We are using Microsoft Deployment Toolkit (MDT) currently to deploy to computers.  That is working fine and validating as it should.  I want to use a 3rd party software like Acronis Backup and Recovery or Norton Ghost, because they can clone the computer without Sysprep (Windows 7 can only be Sysprep 3 times from what I have read), and MDT deploys in about 30 minutes versus Acronis in 7. 

    I load Windows 7 Enterprise on my system and use the MAK license to activate Windows, then I create an image of that computer and save it to a network share.  When I deploy this image to 20 more computers they are already activated, and it's not asking me to reactivate Windows.

    I want to make sure that in the eyes of Microsoft, this is a valid way to put a Windows 7 Enterprise configuration onto multiple computers with the same hardware. 

     

     

    Thursday, March 24, 2011 7:11 PM

Answers

  • Hi Lee,

      From a Licensing Standpoint, the scenario you describe is allowable as long as the MAK license has at least 21 licenses available (1 license for the original install and 20 licenses for the 20 deployed clones/images). 

      In other words, as long as you have enough Licenses to cover the original and all the clones/images, it doesn't matter how you actually make the clones/images.

     

      From Technical, Security and Support standpoints, there are some concerns with not using Sysprep.

     

      Technical and Security concerns:

      Sysprep is responsible for removing system-specific data from Windows, such as the Computer SID. During installation of Windows, a computer SID is computed to contain a statistically unique 96-bit number. The computer SID is the prefix of the user account and group account SIDs that are created on the computer. The computer SID is concatenated together with the Relative ID (RID) of the account to create the account's unique identifier.
      Cloning or duplicating an installation without taking the recommended steps could lead to duplicate SIDs. For removable media, a duplicate SID might give an account access to files even though NTFS permissions for the account specifically deny access to those files. Because the SID identifies both the computer or domain and the user, unique SIDs are necessary to maintain support for current and future programs.

     

     

      Support concerns:

      Microsoft supports operating systems that are prepared by using the Sysprep utility and then imaged.

      Microsoft does not provide support for computers that are set up by using SID-duplicating tools other than the System Preparation tool.

    Please see support doc "The Microsoft policy for disk duplication of Windows installationshttp://support.microsoft.com/default.aspx?scid=kb;EN-US;314828 for more details.

     

    I hope this helps to answer your question,


    Darin MS

    • Proposed as answer by Darin Smith MS Friday, March 25, 2011 4:49 PM
    • Marked as answer by Lee Weems Friday, March 25, 2011 5:50 PM
    Friday, March 25, 2011 4:49 PM

All replies

  • Please repost your inquiry in the more appropriate Windows 7 Installation, Setup, and Deployment Forum.  Thank you!
    Carey Frisch
    Thursday, March 24, 2011 8:41 PM
    Moderator
  • I have posted there, they couldn't help either and said to try the MDT forum.  I am beginning to think that noone knows the answer to this question but since these companies are still in business it MUST be legal.  Someone please give me an e-mail address to someone who CAN help me.
    Thursday, March 24, 2011 8:43 PM
  • Darin Smith (MSFT) reviews this forum and is knowledgeable in your issue so just stand by until he sees this thread.  I suspect that you need to be syspreping the base image.  Besides the licensing procedure, the duplicate MAC addresses on the network is one problem that comes to my mind.  It sounds like you are going to have confilicts without unique addresses.
    Colin Barnhorst Windows 7 Ultimate x64 on DIY with 6GB ram.
    Thursday, March 24, 2011 8:52 PM
    Answerer
  • Darin Smith (MSFT) reviews this forum and is knowledgeable in your issue so just stand by until he sees this thread.  I suspect that you need to be syspreping the base image.  Besides the licensing procedure, the duplicate MAC addresses on the network is one problem that comes to my mind.  It sounds like you are going to have confilicts without unique addresses.
    Colin Barnhorst Windows 7 Ultimate x64 on DIY with 6GB ram.

    Colin,

    Thank you for your reply.  I will wait for Darin and see if he has a similar answer.

     

    Lee

    Thursday, March 24, 2011 9:40 PM
  • Hi Lee,

     

      From a licensing point of view, I don't see a problem with what you describe, but just in case, I have sent a few mails around Microsoft to make sure there aren't any problems that I may not have thought of.

      I will post back as soon as possible,


    Darin MS
    Thursday, March 24, 2011 10:01 PM
  • Hi Lee,

      From a Licensing Standpoint, the scenario you describe is allowable as long as the MAK license has at least 21 licenses available (1 license for the original install and 20 licenses for the 20 deployed clones/images). 

      In other words, as long as you have enough Licenses to cover the original and all the clones/images, it doesn't matter how you actually make the clones/images.

     

      From Technical, Security and Support standpoints, there are some concerns with not using Sysprep.

     

      Technical and Security concerns:

      Sysprep is responsible for removing system-specific data from Windows, such as the Computer SID. During installation of Windows, a computer SID is computed to contain a statistically unique 96-bit number. The computer SID is the prefix of the user account and group account SIDs that are created on the computer. The computer SID is concatenated together with the Relative ID (RID) of the account to create the account's unique identifier.
      Cloning or duplicating an installation without taking the recommended steps could lead to duplicate SIDs. For removable media, a duplicate SID might give an account access to files even though NTFS permissions for the account specifically deny access to those files. Because the SID identifies both the computer or domain and the user, unique SIDs are necessary to maintain support for current and future programs.

     

     

      Support concerns:

      Microsoft supports operating systems that are prepared by using the Sysprep utility and then imaged.

      Microsoft does not provide support for computers that are set up by using SID-duplicating tools other than the System Preparation tool.

    Please see support doc "The Microsoft policy for disk duplication of Windows installationshttp://support.microsoft.com/default.aspx?scid=kb;EN-US;314828 for more details.

     

    I hope this helps to answer your question,


    Darin MS

    • Proposed as answer by Darin Smith MS Friday, March 25, 2011 4:49 PM
    • Marked as answer by Lee Weems Friday, March 25, 2011 5:50 PM
    Friday, March 25, 2011 4:49 PM
  • This does help!  Thank you Darin for your response.  One followup question about the SID, in the past I have used a program called New SID when using Norton Ghost on Windows XP to generate a new unique SID for the target computers.  I could possibly use this tool and not have the probability of unauthorized network access?
    Friday, March 25, 2011 5:53 PM
  •   Unfortunately, my knowledge in the area of Deployment, SIDs and such is very limited. The general information I was able to dig up for you is about the best I can provide.  For more specific technical questions, one of the Community Contributes may be able to help or I would suggest asking in either the Technet or MSDN forums.

    Technet: http://social.technet.microsoft.com/Forums/en-us/categories

    MSDN: http://social.msdn.microsoft.com/Forums/en-US/categories/

     

    Note: I dislike having to refer you somewhere else (considering you've been bounced around so much already) but I'm just not the best resource for non-Licensing/non-Piracy related questions.

     

    Very sorry I couldn't be more help,


    Darin MS
    Friday, March 25, 2011 6:25 PM
  • Darin, you have been more help than anyone else and I thank you for that!!  I will look onto the other community boards as you suggested and see if I can find my other answer there.

     

    Friday, March 25, 2011 8:16 PM
  • Wow, this thread helped me a lot in deciding efficient ways of deploying Win7 on my computers . I had the similar scenario as Lee (mine is Win7Pro). I have 32 allowable license for MAK, and I want to clone the original activated image since its more efficient than installing OS one by one on each of them

    I believe this is also applicable if the main image has Office Professional 2010 activated with 32 allowable license for MAK? :D Thanks for responding even if this thread is already resolved. I just need affirmation. Thanks!!!

    Saturday, May 7, 2011 10:14 AM
  • "Conrado Villena" wrote in message news:3bb8bc63-f08e-450c-acd1-98e779a4f820...

    Wow, this thread helped me a lot in deciding efficient ways of deploying Win7 on my computers . I had the similar scenario as Lee (mine is Win7Pro). I have 32 allowable license for MAK, and I want to clone the original activated image since its more efficient than installing OS one by one on each of them

    I believe this is also applicable if the main image has Office Professional 2010 activated with 32 allowable license for MAK? :D Thanks for responding even if this thread is already resolved. I just need affirmation. Thanks!!!


    You really would be better asking this in the ITPro forums in TechNet or MSDN - they have more experience with volume situations than we do (and the Office specialists rarely look into these forums now that the Office Genuine program has closed down.).

    --


    Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth
    Saturday, May 7, 2011 12:44 PM
    Moderator
  • Is it possible to deploy windows 7 image which is already activated using MDT? This way I wouldn't need to activated the target machines.
    Wednesday, May 11, 2011 10:40 AM
  • "Bhakt Parmeshwaracha" wrote in message news:39d09ff3-e1e9-4c7b-860e-0fdee91766c8...
    Is it possible to deploy windows 7 image which is already activated using MDT? This way I wouldn't need to activated the target machines.

    again - you'd be much better asking this in the MSDN/TechNet forums, where the deployment people hang out.

    --


    Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth
    Wednesday, May 11, 2011 11:11 AM
    Moderator