Friday, August 12, 2011

Convert MAK to KMS Client or KMS Host to Client with slmgr.vbs

By default all Windows Vista and above clients are shipped as a KMS client with a GVLK installed. So, by default if you have a KMS host setup then any new installs will work immediately with your KMS environment.
Lets take a look:
on a fresh system open cmd and go to C:\Windows\System32
run cscript slmgr.vbs /dlv
It will report a KMSCLient
Name: Windows Server(R), ServerStandard edition
Description: Windows Operating System - Windows Server(R), VOLUME_KMSCLIENT channel
Activation ID:
Application ID: 55c92734-d682-4d71-983e-d6ec3f16059f
Extended PID:
Installation ID:
Partial Product Key: BFGM2
License Status: Initial grace period
Time remaining: 86400 minute(s) (60 day(s))

Key Management Service client information
Client Machine ID (CMID):
DNS auto-discovery: KMS name not available
KMS machine extended PID:
Activation interval: -1 minutes
Renewal interval: -1 minutes
Note the partial product key is BFGM2. Also note the description contains VOLUME_KMSCLIENT channel. From the following link provided by MS we can see that this is the key for Windows Server 2008 Standard KMSClient
http://technet.microsoft.com/en-us/library/ff793421.aspx

But lets say you already activated this client with a MAK key or as a KMS Host with the KMS key and now you want it to be a client again. This process is as simple as changing the key back to the GVLK key.

Note: To convert from MAK to KMSClient it is the exact same steps. (the volume descriptions will be different to represent the MAK instead of KMSHost)
__________________________________________________________________________

In the following example the admin accidentally activated the system using the KMS host key.

- Note that running slmgr.vbs /dlv shows it's a KMS Host
C:\Windows\System32>cscript slmgr.vbs /dlv
Microsoft (R) Windows Script Host Version 5.7
Copyright (C) Microsoft Corporation. All rights reserved.

Software licensing service version: 6.0.6002.18005
Name: Windows Server(R), ServerStandard edition
Description: Windows Operating System - Windows Server(R), VOLUME_KMS_B channel
Activation ID:
Application ID: 55c92734-d682-4d71-983e-d6ec3f16059f
Extended PID:
Installation ID:
Processor Certificate URL: http://go.microsoft.com/fwlink/?LinkID=48189
Machine Certificate URL: http://go.microsoft.com/fwlink/?LinkID=48190
Use License URL: http://go.microsoft.com/fwlink/?LinkID=48192
Product Key Certificate URL: http://go.microsoft.com/fwlink/?LinkID=48191
Partial Product Key:
License Status: Licensed

Key Management Service is enabled on this machine
Current count: 0
Listening on Port: 1688
DNS publishing enabled
KMS priority: Normal

Key Management Service cumulative requests received from clients
Total requests received: 0
Failed requests received: 0
Requests with License Status Unlicensed: 0
Requests with License Status Licensed: 0
Requests with License Status Initial grace period: 0
Requests with License Status License expired or Hardware out of tolerance: 0
Requests with License Status Non-genuine grace period: 0
Requests with License Status Notification: 0

- We can see that it's Windows Server 2008 Standard so we can go to our friends at MS and grab the correct GVLP key of TM24T-X9RMF-VWXK6-X8JC9-BFGM2 (http://technet.microsoft.com/en-us/library/ff793421.aspx)


- Then run cscript slmgr.vbs /ipk TM24T-X9RMF-VWXK6-X8JC9-BFGM2
C:\Windows\System32>cscript slmgr.vbs /ipk TM24T-X9RMF-VWXK6-X8JC9-BFGM2
Microsoft (R) Windows Script Host Version 5.7
Copyright (C) Microsoft Corporation. All rights reserved.

Installed product key TM24T-X9RMF-VWXK6-X8JC9-BFGM2 successfully.
- Now if we run cscript slmgr.vbs /dlv again we see
C:\Windows\System32>cscript slmgr.vbs /dlv
Microsoft (R) Windows Script Host Version 5.7
Copyright (C) Microsoft Corporation. All rights reserved.

Software licensing service version: 6.0.6002.18005
Name: Windows Server(R), ServerStandard edition
Description: Windows Operating System - Windows Server(R), VOLUME_KMSCLIENT channel
Activation ID:
Application ID: 55c92734-d682-4d71-983e-d6ec3f16059f
Extended PID:
Installation ID:
Partial Product Key: BFGM2
License Status: Initial grace period
Time remaining: 86400 minute(s) (60 day(s))

Key Management Service client information
Client Machine ID (CMID):
DNS auto-discovery: KMS name not available
KMS machine extended PID:
Activation interval: -1 minutes
Renewal interval: -1 minutes

- Now we can activate it with the KMS Host that you already have setup on the proper server using cscript slmgr.vbs /ato
C:\Windows\System32>cscript slmgr.vbs /ato
Microsoft (R) Windows Script Host Version 5.7
Copyright (C) Microsoft Corporation. All rights reserved.

Activating Windows Server(R), ServerStandard edition...
Product activated successfully.

- Then you can run cscript slmgr.vbs /dlv again and get a good activation description
C:\Windows\System32>cscript slmgr.vbs /dlv
Microsoft (R) Windows Script Host Version 5.7
Copyright (C) Microsoft Corporation. All rights reserved.
Software licensing service version: 6.0.6002.18005
Name: Windows Server(R), ServerStandard edition
Description: Windows Operating System - Windows Server(R), VOLUME_KMSCLIENT channel
Activation ID:
Application ID: 55c92734-d682-4d71-983e-d6ec3f16059f
Extended PID:
Installation ID:
Partial Product Key: BFGM2
License Status: Licensed
Volume activation expiration: 259200 minute(s) (180 day(s))
Key Management Service client information
    Client Machine ID (CMID): 5a05921b-8405-4d46-af89-f40a3d60b698
    KMS machine name from DNS: machinename.fqdn:1688
    KMS machine extended PID:
    Activation interval: 120 minutes
    Renewal interval: 10080 minutes



From this we can see that we've now successfully activated the KMSClient against the KMS Host listed at "KMS machine name from DNS:" and that it will activate again in 180 days.

Once again, here's the KMS Client Setup Keys
http://technet.microsoft.com/en-us/library/ff793421.aspx

Tuesday, August 9, 2011

Understand and Installing KMS Server

There are 2 different types of keys with todays Office and Windows products, KMS and MAK. These are used to manage Windows Server 2008 and 2008 R2, Windows Vista and 7, and Office 2010.

MAK - Multiple Activation Key - Activate one-time basis against MS hosted activation services (across internet)
KMS - Key Management Service - Activate systems within internal network

KMS and MAK can be mixed in an environment based on client needs.

Frequently Asked Questions About Volume License Keys
http://www.microsoft.com/licensing/existing-customers/product-activation-faq.aspx

Why use KMS?
1. MAK has usage limits, this is important in corporate environments especially with virtual desktop environments. Improperly utilizing MAK keys can lead to all of the activations being consumed (see FAQ site linked above).
2. Easier to manage new deployments with KMS. Set it and forget it

Why use MAK?
1. Mobile workstations that will not have visibility to KMS host within timeframe required for activation limits (180 days).
2. Very small deployments of less than 25 workstations, or less than 5 servers (running described OS). See below for KMS Host activation thresholds. Note: if in a vdi environment then review support for MAK deployment by the software vendor (ie Citrix XenDesktop supports MAK for Windows 7 with PVS, but does not support MAK for Office 2010 at time of this writing).

What is a CMID?
The CMID is how KMS identifies unique machines. This is important in environments that utilize virtualization such as XenApp and XenDesktop (or other virtual technologies).

KMS Host activation thresholds:
The activation threshold how many end clients have to request a license from the host before the host will activate and start handing out valid licenses. This is different by product:
Windows OS - Either 5 Server client requests or 25 Workstation client requests
Office 2010 - 5 client requests
Once the proper number of clients have requested activation then the Host will begin handing out licenses.

The KMS Host will also cache twice the number of clients to ensure that the count does not drop below the required count to remain activated.

This is important to note for a few reasons:
1. If your planning redundancy of kms hosts then the number of clients is somewhere over double the minimum number of clients needed for activation. This is due to having to meet the threshold on two hosts and the fact that each has a activation threshold cache.
2. Application virtualization and vdi/workstation virtualization technologies may actually only count as 1 client since they will all have the same CMID.

I will not be focusing on installing / configuring redundant KMS hosts. It should be noted that you can configure the weight / priority of hosts in this type of environment.

Client Discovery:
Client discovery by default is done through dns via a srv record through tcp port 1688. Note that Windows 7 firewall by default blocks so it needs enabled.

Understanding KMS
http://technet.microsoft.com/en-us/library/ff793434.aspx


Installation
Installation of KMS Host is as easy as plugging in the KMS license key for the Windows OS or installing the service for Office.

Note: extra steps may be needed for depending on which OS flavor it would be hosted on. Extra patches may be needed for 2003 and 2008 hosts.

Windows OS Host setup
1. Pull your KMS license key out of your Volume license site. This key should ONLY be used on servers you intend to be hosts.
2. Open Control Panel\System and Security\System
3. Change product key
4. Enter your KMS product key
5. Click Yes to the prompt warning you that you are using a KMS key that will setup activation services

Note that a Windows Server 2008 R2 can activate both servers and clients.
http://technet.microsoft.com/en-us/library/ff793412.aspx

Office 2010 Host setup
1. Go to your volume license downloads
2. Download the "Office 2010 Key Management Service Host". Note that if you have different versions you may see one for Professional, Standard, etc. Either one will do (don't need both). This doesn't include the actual keys
3. Get the Office suites KMS key from the license agreement page
4. Run the installer and accept the EULA.
5. When it asks for the host product key enter the KMS key

Fresh installations of the OS or Office by default are set to search out a KMS host and activate (via the DNS srv record).


Viewing KMS info
In order to see information about the KMS Host you can use the slmgr.vbs script. This is done from a command prompt at C:/Windows/System32

To display Windows license information use cscript slmgr.vbs /dlv
This does not display information regarding Office licensing

In addition you can use /dlv all to display information on all licenses (ie Windows and Office)

If you only want to see office KMS licensing information you can add the activation id of the product. Thus it would look like this:
cscript slmgr.vbs /dlv bfe7a195-4f8f-4f0b-a622-cf13c7d16864


DNS Srv Record
If we look in DNS we'll find a new srv record for each KMS Host.
You'll find the records under the Forward Lookup Zones - your domain - _tcp
The records will be named _VLMCS

Friday, August 5, 2011

Forfiles to manipulate files based on date

Nothing new here...
You can use Forfiles to manipulate files based on their date.

/P Path to search
/M SearchMask
/S Subdirectories
/C Command
/D Date (valid as "mm/dd/yyyy" or in greater than + or less than -)

Examples:
Search current and subdirectories for files older than 30 days from current date and echo them to screen
forfiles /s /d -30 /c "cmd /c Echo @file"

Same but only display iso's
forfiles /s /m *.iso /d -30 /c "cmd /c Echo @file"

Same but this time display the full path to the file
forfiles /s /m *.iso /d -30 /c "cmd /c Echo @path\@file"


So now we have the basic concept you could use this to script to delete files older than x days/date.
forfiles /p C:\backups /s /d -30 /c "cmd /c del @path"
or move them to cheaper storage
forfiles /p C:\backups /s /d -30 /c "cmd /c move /y @path C:\Destination"