After your password is changed, Windows Server 2008 logs you in as an administrator, and the Initial Configuration Tasks screen appears, as shown in Figure 2-7. On this screen, you can complete the numerous but sometimes tedious steps to configure a newly installed machine for daily use, like setting the time zone, adding IP addresses and configuring them, naming the computer and joining it to a workgroup or domain, updating, and so on.
I strongly recommend that the first step you complete on this screen is to immediately click the "Download and install updates" link (assuming you have an active network connection that can route to the Internet) to apply the latest security fixes and service packs before placing the machine into production.
Warning
In today's hostile Internet environment, I strongly encourage you to perform your installation on a machine that is at least protected by a hardware firewall, and preferably on a machine that is completely disconnected from the network, unless you are using a network-based deployment method (more on this later in the chapter). While the Windows Server 2008 firewall is initially on upon first boot, I have never heard of a virus, worm, or Trojan entering a system from the network without that system having network access. And Linksys, D-Link, and other hardware firewalls are cheap, reusable, and can come in handy in a variety of scenarios. It's a simple step to take to prevent hours of headaches.
Retail copies of Windows Server 2008 have a feature known as activation, which is an antipiracy measure instituted by Microsoft. In essence, when you install Windows with a specific license key on a computer, a hash is created using the key and several attributes of hardware on the computer, including the network card's MAC address. (The exact way this hash is created is, of course, secret.) This hash can't uniquely identify a computer, but it identifies a specific installation of Windows. This hash is sent to Microsoft during the activation procedure. The theory is that if you later try to use the same product key for an installation on different hardware (for example, on another computer), the hash created would be different, and activation would fail because it's likely you are trying to use more than one copy of Windows when you're licensed for only a single installation.
You have 30 days to activate the product upon initial installation with a retail-purchased copy of Windows Server 2008. When you reach this deadline, you won't be able to log on to the system, though it will continue to run without console access until you reboot it.
The catch to activation is this: if you change enough hardware in the same system to change the hash, Windows will complain that you need to activate the software again. You might need to actually call a toll-free number to speak with a representative in this case to explain why your hardware changed. This service is available 24 hours a day, 7 days a week, but it's a pain to spend time pleading your case. The service is fast, and many users have reported that the staff running it is helpful and usually quite accommodating, but it's the principle of the situation.
There are two types of product keys that are issued for Windows Server 2008. The first type is what we just discussed, and that's the individual, one-machine license keys that are issued with new computers, retail copies of Windows Server 2008, and so on. (There are minor differences in those keys, such as the OEM-type keys that don't technically require user-initiated activation, but that's outside the scope of this discussion.) The second type is keys meant to unlock software licensed under corporate agreements. Unlike Volume Activation 1.0 (which you may have seen in action in Windows Server 2003), which produced keys that bypassed product activation, Volume Activation 2.0 still gives keys for bulk-licensed copies, but it doesn't disable activation. Instead, these keys have multiple allowed activations associated with them—hence their name, multiple activation keys, or MAKs. According to Microsoft, "computers can be activated on an individual basis or by a central computer" (see the next point) "which can activate multiple computers at a time."
You can manage these activations and individual computers' product keys over the network. The Key Management Service (KMS), which tackles this task, runs on Windows Server 2003 machines with Service Pack 1 or later, or Windows Server 2008. Machines running KMS can handle activations of internal machines that run Windows Vista Business, Windows Vista Enterprise, or any Windows Server 2008 edition without having to route requests to activate each of those computers to Microsoft's public activation service. While this might seem like a great loophole to get around activation, it's not quite set-and-forget; copies of the operating system activated through a business's KMS will be required to reactivate by connecting to machines running KMS at least once every 180 days. Additionally, you must have 25 or more physical Windows Vista machines, or 5 physical Windows Server 2008 machines, on the same network for KMS to function. The machine running KMS will of course need to activate itself using a KMS-specific key, which, once validated, authorizes that machine to activate its subordinates.
Interestingly, the default configuration of a Windows Server 2008 is to act as a KMS client, so with a properly deployed KMS structure, your new Windows Server 2008 installations should automatically detect the KMS servers on your network and activate themselves accordingly.