SOLVED FOG Client / FOS report bios product key to database (Host) Activate through BIOS key (Deployment)


  • @george1421 said in FOG Client report Windows key to FOG WebIf (Host definition) Activate through BIOS key (Deployment):

    Well we have to remember or be sure to create an isolation between FOS and the target OS. For windows activation that needs to be done inside windows. Either through the unattend.xml file or slmgr or fog client.

    FOG Client should trigger slmgr with the apropriate key from the database.

    What would be interesting is if / when FOS takes an inventory of the target computer it could also read the bios key and store it in a field.

    Yes, i think thats the way to go but what if someone uses FOG in an already deployed but growing environment. Typically FOG Client would be mass installed, is the FOG Client reporting the same inventory stuff like the inventory been done by the boot menu? If not FOG Client also should have the ability to read the key from bios and report it.

    Maybe not the activation key field but a bios key field. Then at some time that bios key may be copied to the activation key field and let the fog client do its thing. OR within the FOS post install scripts to be able to have access to that information (via the gethost.php script) so the post install script can use it to update the unattend.xml or patch a setupcomplete.cmd line that runs the slmgr command. But the idea is that if we collect this during inventory then I don’t see any other bits of fog needing to be changed other than adding a field to the inventory table, making that new field visible in the webgui and changing the inventory script to collect the key.

    Why not keeping it simple? Would it not be enough if the fog client checks if the client has it’s key and if not just trigger slmgr with the information we have in the db?

    I can’t say for sure that the stuff that I found works. My Linux Mint laptop is built for Win7 so there is no key to be found when I inspect the MSDM table.

    I tried this with my work pc over the ubuntu bash windows 10 offers, there are the acpi tables missing but i think that have to be done in a native running linux not in an emulated one.

    @george1421 can i try your usb FOS Image, maybe boot from the stick and try if i can get the serial from bios?
    Lets say that works can’t we start with sending that key to fogs database for the current product key field? If this has been done we are good to go because currently fog client can activate a deployed system by an entered key in that host definition field.

    Bild Text

    I have a notebook with windows 10 key in bios beside me where i can try it this evening.

  • Moderator

    Well we have to remember or be sure to create an isolation between FOS and the target OS. For windows activation that needs to be done inside windows. Either through the unattend.xml file or slmgr or fog client.

    What would be interesting is if / when FOS takes an inventory of the target computer it could also read the bios key and store it in a field. Maybe not the activation key field but a bios key field. Then at some time that bios key may be copied to the activation key field and let the fog client do its thing. OR within the FOS post install scripts to be able to have access to that information (via the gethost.php script) so the post install script can use it to update the unattend.xml or patch a setupcomplete.cmd line that runs the slmgr command. But the idea is that if we collect this during inventory then I don’t see any other bits of fog needing to be changed other than adding a field to the inventory table, making that new field visible in the webgui and changing the inventory script to collect the key.

    I can’t say for sure that the stuff that I found works. My Linux Mint laptop is built for Win7 so there is no key to be found when I inspect the MSDM table.


  • @sebastian-roth @george1421 if you are able to inject the key like slmgr is doing that with (/ipk and /ato) on a running windows system why not doing it in the moment of deployment under FOS. 🙂 I like the idea, but how can you inject it?

    If we have this feature in the client we have to think howto implement without polling this information again and again, we need it only once so i think the FOS method would be the best if you can do it.

    Here is the slmgr.vbs: https://pastebin.com/a2yP1MfD
    I’ve taken it from a Windows 10 Pro 1703 System.

    Install Product Key:

    Private Sub InstallProductKey(strProductKey)
        Dim objService, objProduct
        Dim lRet, strDescription, strOutput, strVersion
        Dim iIsPrimaryWindowsSku, bIsKMS
     
        bIsKMS = False
     
        On Error Resume Next
     
        set objService = GetServiceObject("Version")
        strVersion = objService.Version
        objService.InstallProductKey(strProductKey)
        QuitIfError()
     
        ' Installing a product key could change Windows licensing state.
        ' Since the service determines if it can shut down and when is the next start time
        ' based on the licensing state we should reconsume the licenses here.
        objService.RefreshLicenseStatus()
     
        For Each objProduct in GetProductCollection(ProductIsPrimarySkuSelectClause, PartialProductKeyNonNullWhereClause)
            strDescription = objProduct.Description
     
            iIsPrimaryWindowsSku = GetIsPrimaryWindowsSKU(objProduct)
            If (iIsPrimaryWindowsSku = 2) Then
                OutputIndeterminateOperationWarning(objProduct)
            End If
     
            If IsKmsServer(strDescription) Then
                bIsKMS = True
                Exit For
            End If
        Next
     
        If (bIsKMS = True) Then
            ' Set the KMS version in the registry (64 and 32 bit versions)
            lRet = SetRegistryStr(HKEY_LOCAL_MACHINE, SLKeyPath, "KeyManagementServiceVersion", strVersion)
            If (lRet <> 0) Then
                QuitWithError lRet
            End If
     
            If ExistsRegistryKey(HKEY_LOCAL_MACHINE, SLKeyPath32) Then
                lRet = SetRegistryStr(HKEY_LOCAL_MACHINE, SLKeyPath32, "KeyManagementServiceVersion", strVersion)
                If (lRet <> 0) Then
                    QuitWithError lRet
                End If
            End If
        Else
            ' Clear the KMS version in the registry (64 and 32 bit versions)
            lRet = DeleteRegistryValue(HKEY_LOCAL_MACHINE, SLKeyPath, "KeyManagementServiceVersion")
            If (lRet <> 0 And lRet <> 2 And lRet <> 5) Then
                QuitWithError lRet
            End If
     
            lRet = DeleteRegistryValue(HKEY_LOCAL_MACHINE, SLKeyPath32, "KeyManagementServiceVersion")
            If (lRet <> 0 And lRet <> 2 And lRet <> 5) Then
                QuitWithError lRet
            End If
        End If
     
        strOutput = Replace(GetResource("L_MsgInstalledPKey"), "%PKEY%", strProductKey)
        LineOut strOutput
    End Sub
    

    Activate:

    Private Sub ActivateProduct(strActivationID)
        Dim objService, objProduct
        Dim iIsPrimaryWindowsSku, bFoundAtLeastOneKey
        Dim strOutput
        Dim bCheckProductForCommand
     
        strActivationID = LCase(strActivationID)
     
        bFoundAtLeastOneKey = False
     
        set objService = GetServiceObject("Version")
     
        For Each objProduct in GetProductCollection(ProductIsPrimarySkuSelectClause & ", LicenseStatus, VLActivationTypeEnabled", PartialProductKeyNonNullWhereClause)
     
            bCheckProductForCommand = CheckProductForCommand(objProduct, strActivationID)
     
            If (bCheckProductForCommand) Then
                iIsPrimaryWindowsSku = GetIsPrimaryWindowsSKU(objProduct)
                If (strActivationID = "") And (iIsPrimaryWindowsSku = 2) Then
                        OutputIndeterminateOperationWarning(objProduct)
                End If
     
                '
                ' This routine does not perform token-based activation.
                ' If configured for TA, then show message to user.
                '
                If (objProduct.VLActivationTypeEnabled = 3) Then
                    LineOut GetResource("L_MsgTokenBasedActivationMustBeDone")
                    Exit Sub
                End If
     
                strOutput = Replace(GetResource("L_MsgActivating"), "%PRODUCTNAME%", objProduct.Name)
                strOutput = Replace(strOutput, "%PRODUCTID%", objProduct.ID)
                LineOut strOutput
                On Error Resume Next
                '
                ' Avoid using a MAK activation count up unless needed
                '
                If (Not(IsMAK(objProduct.Description)) Or (objProduct.LicenseStatus <> 1)) Then
                    objProduct.Activate()
                    QuitIfError()
                    objService.RefreshLicenseStatus()
                    objProduct.refresh_
                End If
                DisplayActivatedStatus objProduct
     
                bFoundAtLeastOneKey = True
                If (strActivationID <> "") Or (iIsPrimaryWindowsSku = 1) Then
                    Exit Sub
                End If
            End If
        Next
     
        If (bFoundAtLeastOneKey = True) Then
            Exit Sub
        End If
     
        LineOut GetResource("L_MsgErrorProductNotFound")
    End Sub
    

    But remember we should not force to use a bios key if available maybe we have cases where people use Volume License (KMS Server) while they having computers with BIOS key inside (ok would be stupid) but i am sure this case is existing. So we need a switch or something in the host definition to turn on/off activation with bios key.

    But what if we have a allready installed system that wasn’t deployed by FOG, i really like to gain such keys after the installation of the fog client. Maybe we need both FOS’s ability to inject and detect a key and the same with the fog client for existing computers that naver had contact with FOG but going to have FOG Client installed on it.

    Challenge accepted? 😄

    EDIT:

    I have the feeling we need to write to the windows registry under FOS if we would like to inject the Windows Product Key:
    http://www.dagondesign.com/articles/windows-xp-product-key-recovery/
    http://geekswithblogs.net/willemf/archive/2006/05/31/80203.aspx

    I am not sure but maybe we don’t need (slmgr /ato), windows should activate automatically by itself.

    The more i think about i came to conclusion that the mechanism of reading and injecting the key should done by the fog client, while the system is running.

    What do you think guys?

    Regards X23

  • Moderator

    @x23piracy @george1421 I was just about to create an issue on github (which I use to keep track of things I work on with the fog-client) for this request as I had the impression that it’s worth and doable. But Georg’s post now suggests that it can be done from Linux, so on the capture/deploy process in FOS. Now I am wondering which way to go. Please keep discussing this here till we decide how and where to add this (fog-client, FOS, …?).

  • Moderator

    @george1421 And then the post after the accepted one here: https://askubuntu.com/questions/233181/retrieve-windows-8-product-key-from-mainboard

    sudo tail -c+57 /sys/firmware/acpi/tables/MSDM

  • Moderator

    @x23piracy I’ve been lurking on this thread. Isn’t the goal here to be able to read the key from bios using linux? (BTW, your PS code is pretty sweet!! Nice job)

    I think I found something–>

    To get it, you need to read the contents of the /sys/firmware/acpi/tables/MSDM file.

    Here’s an example:

    riking@hp-laptop:~$ sudo xxd /sys/firmware/acpi/tables/MSDM
    0000000: 4d53 444d 5500 0000 0313 4850 514f 454d  MSDMU.....HPQOEM
    0000010: 534c 4943 2d4d 5043 0100 0000 4850 2020  SLIC-MPC....HP  
    0000020: 0000 0400 0100 0000 0000 0000 0100 0000  ................
    0000030: 0000 0000 1d00 0000 4639 XXXX XXXX XXXX  ........F98**-**
    0000040: XXXX XXXX XXXX XXXX XXXX XXXX XXXX XXXX  ***-*****-*****-
    0000050: XXXX XXXX XX                             ****T
    

    *** are the contents of the license key, in ASCII text.
    <–

    ref: Accepted post here https://superuser.com/questions/637971/how-do-i-get-out-my-embedded-windows-8-key-from-a-linux-environment


  • Hi,

    i’ve got a ps cmd line that offers the bios key in one single line.

    Powershell

    (Get-WmiObject -query ‘select * from SoftwareLicensingService’).OA3xOriginalProductKey
    

    Bild Text

    Commandline

    powershell -Command (Get-WmiObject -query ‘select * from SoftwareLicensingService’).OA3xOriginalProductKey
    

    Activation in one line with powershell:

    slmgr /ipk (Get-WmiObject -query ‘select * from SoftwareLicensingService’).OA3xOriginalProductKey ; slmgr /ato
    

    returning messages should be send to nirvana 🙂


  • @sebastian-roth said in FOG Client report Windows key to FOG WebIf (Host definition):

    @x23piracy I am still not sure if I get this right. Should we also extract the key from the registry if we don’t find it in the firrmware table? What if we find both, what if they don’t match (is this possible)??

    • If we find both, we take the one from bios, if only registry found we take this.
    • They will never match a windows 10 pro bios activated computer always has the following generic key in it’s registry:
      VK7JG-NPHTM-C97JM-9MPGT-3V66T

    since i know that u are german: https://www.deskmodder.de/wiki/index.php/Seriennummern_Key_generischer_Schlüssel_Windows_10

    Additional to the feature request itself, it would be a really cool if we could embed the activation with what i am doing with my setkey.exe snapin into fog, so under host definition could be a checkbox near the windows key labeled “activate with bios key”. That could be checked by default, so if i deploy a new computer fog will automatically activate with the bios key and the fog client will report the specific bios key back to fogs host definition and if there would be a report the pakage would be complete.

    For the client interval how often to check the key i would recommend to only do it on first client checkin, we just need to check this once, the key will never be changed. so if we once collected a key from a specific host we can stop crawling the key for it. Maybe it could be useful to have a function to say he try to recrawl the key for that client without resetting this for all.

    Bild Text

    Maybe we also need a global option for the fog client: “Report Client Windows Key” @tom-elliott

    Bild Text

    As i can see we still have a product key report 🙂

    Bild Text

    Regards X23

  • Moderator

    @x23piracy I am still not sure if I get this right. Should we also extract the key from the registry if we don’t find it in the firrmware table? What if we find both, what if they don’t match (is this possible)??


  • @sebastian-roth yes me, because that python code is part of the binary i use for my snapin, it works great.
    i am using the exe binary: https://github.com/christian-korneck/get_win8key

    from a system without key in the bios
    Bild Text

    from a system with key in the bios
    Bild Text

    i just bypass the output of that binary to slmgr /ipk key and then trigger slmgr /ato, thats it.

    @echo off
    for /f “tokens=*” %%i in (’%cd%\oemkey’) do set oemkey=%%i
    cscript %systemroot%\system32\slmgr.vbs /ipk %oemkey% >nul
    cscript %systemroot%\system32\slmgr.vbs /ato >nul
    exit
    
  • Moderator

    @x23piracy said in FOG Client report Windows key to FOG WebIf (Host definition):

    … GetSystemFirmwareTable … EnumSystemFirmwareTables …

    Looks like those calls are available in native C++ (ref1 / ref2) and AFAIK using that from C# is possible (ref3).

    But I am wondering if that is really the way to go to get that key? Can anyone confirm this is really working using the python code?


  • @sebastian-roth i am finding a lot of tools but non where the source is available and if so it’s not in net c#


  • @sebastian-roth did so check first post but it’s python.

  • Moderator

    @x23piracy said in FOG Client report Windows key to FOG WebIf (Host definition):

    What i cannot tell you is howto read out the bios key, i

    Why not start by helping us and doing some research if and how this can be done using .NET C#…

308
Online

10.1k
Users

16.3k
Topics

149.5k
Posts