Windows 10 key after deployment
-
Well first the bad news, the OEM EULA doesn’t allow you to create a master image and then replicate that image to multiple computers. That is not allowed. You need to purchase a Volume License Key for that. You are only allowed to install the OEM version from the original OEM media unaltered.
The better news is that you only need to purchase 1 volume license key per OS version you plan on cloning. For example, if you want to deploy Win10 pro and Win10Edu, you need 2 VLK keys regardless of how many of each you want to deploy. You need this vlk key if you want windows 10 to activate. MS changed this to protect against OS pirating.
-
Hi,
if you say OEM license, do you have Win 7 OEM licenses or Win 10 OEM licenses?
(I talk about a sticker with a unique key)If so you can add each key to its specific host definition in fog. the fog client will then activate with the entered key.
When you have your keys in the computers bios the way is different, let me know what you have i will explain then.Regards X23
-
@x23piracy I think it’s Win 10 OEM licenses, there is no sticker on the computer.
The key is on the computer bios. Can i still activate the windows or do i have to install computer one per one… ?
thanks
-
@sunks you can activate, but you need the read out the key from the bios, i build a tool for this and this has been documented in this forum, let me find it.
Read this propperly: https://forums.fogproject.org/post/99211I use my binary as a snapin.
Regards X23
-
Thanks, i’ll check that
-
@sunks said in Windows 10 key after deployment:
Thanks, i’ll check that
don’t forget reimaging is not allowed with OEM, but pssst i also do it
Regards X23
-
I just tried to activate my windows 10 computer with the licence key the powershell gave me:
(Get-WmiObject -query ‘select * from SoftwareLicensingService’).OA3xOriginalProductKey
And it’s not working, the key is not valid. It’s a cloned windows 10.
-
@sunks why powershell? This is not what i gave you.
Make a dry run with oemkey.exe then you will see the bios embedded license key in a dos box (not powershell)
My Script will automate the process, from running oemkey.exe up to add the key with slmgr and the activation.Please follow the instructions i wrote in the link i gave u.
Regards X23
-
-
@x23piracy Yea sorry. I used oemkey.exe, he don’t want to activate it aswell, it say that the previous windows version wasn’t activate before the upgrade to windows 10. So he don’t want to activate my windows 10 with the OEM key.
-
@sunks Hi, do you remove the key before you take your golden image?
I activate all our machines this way (they all have the oem win 10 pro key in the bios). -
@x23piracy No, habitually we activate the windows and then we take the master image.
-
@sunks for my masters i use two old windows 7 oem licenses (dvd box) one for legacy and one for uefi image.
I use virtual box to prepare my images and i activate each with one of the windows 7 oem licenses.
(I need to activate win 10 before sysprep because else you cannot configure all system settings)Then i sysprep without removing any license information.
After deployment on a computer which has windows 10 oem license key in bios i run my setkey.exe snapin and the machine is activated.
Actually i have no idea why that isn’t working for u.
Is it possible to have access via teamviewer to one of your machines to have a look?
Regards X23
-
@x23piracy said in Windows 10 key after deployment:
@sunks said in Windows 10 key after deployment:
Thanks, i’ll check that
don’t forget reimaging is not allowed with OEM, but pssst i also do it
Regards X23
You crack me up, x23.
Personally, my view of the OEM thing is that the rules explained in layman’s terms are outdated. Computer cloning was what we did in the past (an absolute copy in every regard from one computer to another) and that computer imaging is what we have now with FOG (image deployment that is not an exact copy). FOG is able to deploy sysprepped systems, and deploy the exact OS key to the exact system it belongs to - without re-using keys. I think that if the actual words in Microsoft’s TOS were re-evaluated today while taking into consideration what FOG can offer, I believe wholehartedly that MS would find FOG’s capabilities to be within compliance of their TOS if the admin inputs each OEM key for each individual host that it belongs to. Failure to see this would just mean more organizations abandoning windows totally (like my last job did) in favor of ChromeOS or Linux…
-
@wayne-workman the only reason for this is that ms is pushing us in the enterprise sector. Think about the SAM examinations in the last couple months all over the world. The question is what could be an indicator for ms to detect an reimaged system that wasn’t allowed to be reimaged? Where are that dirty bits and flags on the system, registry, filesystem?
I even don’t understand why i am should not allowed to reimage such OEM System, every of our computers has its unique key for windows 10 pro in its bios, after each deployment i read out that key from bios and activate that windows with this key right after deployment by executing a snapin thats doing the job.
I would loose a big amount of time if i go to install each computer by hand, even each software and its special settings.
-
I’ll keep you update soon for my problem and the resolution, for now i’m a bit busy,
Thanks for your help !
-
@x23piracy How are you fogging your Win10 machines?
I can create a fresh image and deploy to Bios in Legacy mode but then I can’t use the embedded key.
All my attempts at UEFI capture/deploy fail.
We are a Dell shop – would love to know how you are accomplishing this.
-
@thequicken i setup two virtual windows 10 machines in virtual box. one will be installed with gpt and one with mbr (legacy, efi image). (The ISO for install is created by the windows media creation tool, windows 10 pro).
I start the install and then i go into admin-mode (when the first settings appear in the setup strg + shift +f3). Then i activate both machines with oem licenses (win 7 dvd box with a sticker), if windows 10 is not activated you cannot set every option until it’s activated.
Then i install software and play with the settings.
Finally i sysprep the machines and capture them.When i now deploy such image, i use setkey.exe as a snapin to read the bios key and activate the machine with it.
don’t forget i use an answer file (unattend.xml) so the windows setup (oobe) will run automatically.If you need i can show you the scripts i use.
FYI virtual box doesnt offer a EFI network boot, to capture or deploy a virtual box EFI system i disable EFI and boot via network boot in legacy mode, after deployment or capturing i enable EFI again for that vm host (else it won’t boot).
What’s your installation base if you say you cannot activate with bios key? Do you use something else then OEM Media? Maybe a Install Base for VL?
Regards X23
-
@x23piracy In the past we had some problems with sysprep and our anitivirus, so we are not using it. We don’t have a windows domain so it’s not a problem.
I still would like to see ur unattend.xml to see how you make it work!
-
<?xml version="1.0" encoding="utf-8"?> <unattend xmlns="urn:schemas-microsoft-com:unattend"> <settings pass="windowsPE"> <component name="Microsoft-Windows-International-Core-WinPE" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"> <SetupUILanguage> <UILanguage>de-DE</UILanguage> </SetupUILanguage> <InputLocale>0407:00000407</InputLocale> <SystemLocale>de-DE</SystemLocale> <UILanguage>de-DE</UILanguage> <UILanguageFallback>de-DE</UILanguageFallback> <UserLocale>de-DE</UserLocale> </component> <component name="Microsoft-Windows-Setup" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"> <DiskConfiguration> <Disk wcm:action="add"> <CreatePartitions> <CreatePartition wcm:action="add"> <Order>1</Order> <Type>Primary</Type> <Size>100</Size> </CreatePartition> <CreatePartition wcm:action="add"> <Extend>true</Extend> <Order>2</Order> <Type>Primary</Type> </CreatePartition> </CreatePartitions> <ModifyPartitions> <ModifyPartition wcm:action="add"> <Active>true</Active> <Format>NTFS</Format> <Label>System Reserved</Label> <Order>1</Order> <PartitionID>1</PartitionID> <TypeID>0x27</TypeID> </ModifyPartition> <ModifyPartition wcm:action="add"> <Active>true</Active> <Format>NTFS</Format> <Label>OS</Label> <Letter>C</Letter> <Order>2</Order> <PartitionID>2</PartitionID> </ModifyPartition> </ModifyPartitions> <DiskID>0</DiskID> <WillWipeDisk>true</WillWipeDisk> </Disk> </DiskConfiguration> <ImageInstall> <OSImage> <InstallTo> <DiskID>0</DiskID> <PartitionID>2</PartitionID> </InstallTo> <InstallToAvailablePartition>false</InstallToAvailablePartition> </OSImage> </ImageInstall> <UserData> <AcceptEula>true</AcceptEula> <FullName>admin</FullName> <Organization>company</Organization> </UserData> <EnableFirewall>true</EnableFirewall> </component> </settings> <settings pass="offlineServicing"> <component name="Microsoft-Windows-LUA-Settings" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"> <EnableLUA>false</EnableLUA> </component> </settings> <settings pass="generalize"> <component name="Microsoft-Windows-Security-SPP" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"> <SkipRearm>1</SkipRearm> </component> </settings> <settings pass="specialize"> <component name="Microsoft-Windows-International-Core" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"> <InputLocale>0407:00000407</InputLocale> <SystemLocale>de-DE</SystemLocale> <UILanguage>de-DE</UILanguage> <UILanguageFallback>de-DE</UILanguageFallback> <UserLocale>de-DE</UserLocale> </component> <component name="Microsoft-Windows-Security-SPP-UX" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"> <SkipAutoActivation>true</SkipAutoActivation> </component> <component name="Microsoft-Windows-SQMApi" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"> <CEIPEnabled>0</CEIPEnabled> </component> <component name="Microsoft-Windows-Shell-Setup" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"> <WindowsFeatures> <ShowMediaCenter>false</ShowMediaCenter> <ShowWindowsMail>false</ShowWindowsMail> </WindowsFeatures> <ShowWindowsLive>false</ShowWindowsLive> <DoNotCleanTaskBar>true</DoNotCleanTaskBar> <BluetoothTaskbarIconEnabled>false</BluetoothTaskbarIconEnabled> <ComputerName>company-pc</ComputerName> <CopyProfile>true</CopyProfile> </component> <component name="Microsoft-Windows-IE-InternetExplorer" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"> <BlockPopups>yes</BlockPopups> <CompanyName>company</CompanyName> <Home_Page>http://www.google.de</Home_Page> <DisableFirstRunWizard>true</DisableFirstRunWizard> </component> </settings> <settings pass="oobeSystem"> <component name="Microsoft-Windows-Shell-Setup" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"> <AutoLogon> <Password> <Value>password</Value> <PlainText>true</PlainText> </Password> <Enabled>true</Enabled> <LogonCount>1</LogonCount> <Username>username</Username> </AutoLogon> <OOBE> <HideEULAPage>true</HideEULAPage> <HideOEMRegistrationScreen>true</HideOEMRegistrationScreen> <HideOnlineAccountScreens>true</HideOnlineAccountScreens> <HideWirelessSetupInOOBE>true</HideWirelessSetupInOOBE> <NetworkLocation>Work</NetworkLocation> <SkipUserOOBE>true</SkipUserOOBE> <SkipMachineOOBE>true</SkipMachineOOBE> <ProtectYourPC>3</ProtectYourPC> </OOBE> <UserAccounts> <LocalAccounts> <LocalAccount wcm:action="add"> <Password> <Value>password</Value> <PlainText>true</PlainText> </Password> <Description></Description> <DisplayName>username</DisplayName> <Group>Administrators</Group> <Name>username</Name> </LocalAccount> </LocalAccounts> </UserAccounts> <RegisteredOrganization>company</RegisteredOrganization> <RegisteredOwner>admin</RegisteredOwner> <DisableAutoDaylightTimeSet>false</DisableAutoDaylightTimeSet> <FirstLogonCommands> <SynchronousCommand wcm:action="add"> <Description>SetupComplete</Description> <Order>1</Order> <CommandLine>C:\Windows\Setup\Scripts\SetupComplete.cmd</CommandLine> <RequiresUserInput>false</RequiresUserInput> </SynchronousCommand> <SynchronousCommand wcm:action="add"> <Description>Control Panel View</Description> <Order>2</Order> <CommandLine>reg add "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ControlPanel" /v StartupPage /t REG_DWORD /d 1 /f</CommandLine> <RequiresUserInput>false</RequiresUserInput> </SynchronousCommand> <SynchronousCommand wcm:action="add"> <Description>Control Panel Icon Size</Description> <Order>3</Order> <CommandLine>reg add "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ControlPanel" /v AllItemsIconView /t REG_DWORD /d 1 /f</CommandLine> <RequiresUserInput>false</RequiresUserInput> </SynchronousCommand> </FirstLogonCommands> <TimeZone>W. Europe Standard Time</TimeZone> </component> </settings> </unattend>