RE: FOG Client / FOS report bios product key to database (Host) Activate through BIOS key (Deployment)

@sebastian-roth did so check first post but it’s python.

Hi,

i really would like to see the fog clients ability to read out the current windows key and report it back to the fog server, this information should then be added to each specific host definition.

When i first deploy a new computer, i use my tool setkey.exe as a snapin, this will activate the machine with it’s bios embedded key, if the fog client could report that key i can deploy the next time with the exact key instead of usage of my snapin: https://forums.fogproject.org/post/99211

That combined with a new report, “key report” would complete it.
My birthday is at december, 16th. so enough time

What i cannot tell you is howto read out the bios key, i have tools for it but i don’t know howto do it yourself, for example if you use nirsoft’s key view there is a difference between the bios and the current registry key:

Every Win 10 that was activated by a bios key is showing the VK7JG key in its registry.

@Joe-Schmitt @tom-elliott @Wayne-Workman @george1421 @Sebastian-Roth

Edit:

Here is how it works:
https://github.com/christian-korneck/get_win8key/blob/master/get_win8key.py

import sys
import ctypes
import ctypes.wintypes

#####################################################
#script to query windows 8.x OEM key from PC firmware
#ACPI -> table MSDM -> raw content -> byte offset 56 to end
#ck, 03-Jan-2014 (christian@korneck.de)
#####################################################

#for ref: common STR to DWORD conversions: ACPI: 1094930505 - FIRM: 1179210317 - RSMB: 1381190978 - FACP: 1178682192 - PCAF: 1346584902 - MSDM: 1297302605 - MDSM  1296323405

def EnumAcpiTables():
#returns a list of the names of the ACPI tables on this system
	FirmwareTableProviderSignature=ctypes.wintypes.DWORD(1094930505)
	pFirmwareTableBuffer=ctypes.create_string_buffer(0)
	BufferSize=ctypes.wintypes.DWORD(0)
	#http://msdn.microsoft.com/en-us/library/windows/desktop/ms724259
	EnumSystemFirmwareTables=ctypes.WinDLL("Kernel32").EnumSystemFirmwareTables
	ret=EnumSystemFirmwareTables(FirmwareTableProviderSignature, pFirmwareTableBuffer, BufferSize)
	pFirmwareTableBuffer=None
	pFirmwareTableBuffer=ctypes.create_string_buffer(ret)
	BufferSize.value=ret
	ret2=EnumSystemFirmwareTables(FirmwareTableProviderSignature, pFirmwareTableBuffer, BufferSize)
	return [pFirmwareTableBuffer.value[i:i+4] for i in range(0, len(pFirmwareTableBuffer.value), 4)]

def FindAcpiTable(table):
#checks if specific ACPI table exists and returns True/False
	tables = EnumAcpiTables()
	if table in tables:
		return True
	else:
		return False

def GetAcpiTable(table,TableDwordID):
#returns raw contents of ACPI table
	#http://msdn.microsoft.com/en-us/library/windows/desktop/ms724379x
	GetSystemFirmwareTable=ctypes.WinDLL("Kernel32").GetSystemFirmwareTable
	FirmwareTableProviderSignature=ctypes.wintypes.DWORD(1094930505)
	FirmwareTableID=ctypes.wintypes.DWORD(int(TableDwordID))
	pFirmwareTableBuffer=ctypes.create_string_buffer(0)
	BufferSize=ctypes.wintypes.DWORD(0)
	ret = GetSystemFirmwareTable(FirmwareTableProviderSignature, FirmwareTableID, pFirmwareTableBuffer, BufferSize)
	pFirmwareTableBuffer=None
	pFirmwareTableBuffer=ctypes.create_string_buffer(ret)
	BufferSize.value=ret
	ret2 = GetSystemFirmwareTable(FirmwareTableProviderSignature, FirmwareTableID, pFirmwareTableBuffer, BufferSize)
	return pFirmwareTableBuffer.raw
	
def GetWindowsKey():
	#returns Windows Key as string
	table=b"MSDM"
	TableDwordID=1296323405
	if FindAcpiTable(table)==True:
		try:
			rawtable = GetAcpiTable(table, TableDwordID)
			#http://msdn.microsoft.com/library/windows/hardware/hh673514
			#byte offset 36 from beginning = Microsoft 'software licensing data structure' / 36 + 20 bytes offset from beginning = Win Key
			return rawtable[56:len(rawtable)].decode("utf-8")
		except:
			return False
	else:
		print("[ERR] - ACPI table " + str(table) + " not found on this system")
		return False
	
try:	
	WindowsKey=GetWindowsKey()
	if WindowsKey==False:
		print("unexpected error")
		sys.exit(1)
	else:
		print(str(WindowsKey))
except:
	print("unexpected error")
sys.exit(1)

Additional another tool that can read out bios key:
https://github.com/Superfly-Inc/ShowKeyPlus/releases
(but it seems the source is missing)

Another python script: https://github.com/iamacarpet/win10-autoactivate/blob/master/activate.py

Edit2:

Maybe this: https://github.com/mrpeardotnet/WinProdKeyFinder/tree/master/WinProdKeyFind
but i haven’t tried if the code is working. (Damn only registry)

Regards X23

@wayne-workman the only reason for this is that ms is pushing us in the enterprise sector. Think about the SAM examinations in the last couple months all over the world. The question is what could be an indicator for ms to detect an reimaged system that wasn’t allowed to be reimaged? Where are that dirty bits and flags on the system, registry, filesystem?

I even don’t understand why i am should not allowed to reimage such OEM System, every of our computers has its unique key for windows 10 pro in its bios, after each deployment i read out that key from bios and activate that windows with this key right after deployment by executing a snapin thats doing the job.

I would loose a big amount of time if i go to install each computer by hand, even each software and its special settings.

@sunks for my masters i use two old windows 7 oem licenses (dvd box) one for legacy and one for uefi image.
I use virtual box to prepare my images and i activate each with one of the windows 7 oem licenses.
(I need to activate win 10 before sysprep because else you cannot configure all system settings)

Then i sysprep without removing any license information.

After deployment on a computer which has windows 10 oem license key in bios i run my setkey.exe snapin and the machine is activated.

Actually i have no idea why that isn’t working for u.

Is it possible to have access via teamviewer to one of your machines to have a look?

Regards X23

@sunks Hi, do you remove the key before you take your golden image?
I activate all our machines this way (they all have the oem win 10 pro key in the bios).

@sunks why powershell? This is not what i gave you.
Make a dry run with oemkey.exe then you will see the bios embedded license key in a dos box (not powershell)
My Script will automate the process, from running oemkey.exe up to add the key with slmgr and the activation.

Please follow the instructions i wrote in the link i gave u.

Regards X23

@sunks said in Windows 10 key after deployment:

@x23piracy

Thanks, i’ll check that

don’t forget reimaging is not allowed with OEM, but pssst i also do it

Regards X23

@sunks you can activate, but you need the read out the key from the bios, i build a tool for this and this has been documented in this forum, let me find it.
Read this propperly: https://forums.fogproject.org/post/99211

I use my binary as a snapin.

Regards X23

This is my PXE Advanced Menu, all of this is working:

:MENU
menu
item --gap -- blabla - PXE Boot Menu - blabla
item --gap --
item bootlocal Festplatte booten
item --gap Partition/Backup/Restore
item acronis2014 Acronis True Image 2014
item acronis2016 Acronis True Image 2016
item acronis2017 Acronis True Image 2017
item easeuspms EaseUS Partition Master Server 9.2.1
item aomeipau AOMEI Partition Assistant 6
item veeam Veeam Endpoint Backup Recovery
item --gap Password/Recovery/Restore/Repair
item erd2005 ERD Commander Windows XP
item dart7 DaRT 7.0 Windows 7 Server 2008 R2
item dart8 DaRT 8.0 Windows 8 Server 2012
item dart81 DaRT 8.1 Windows 8.1 Server 2012 R2
item dart10 DaRT 10.0 Windows 10 Server 2016
item --gap Destroy
item dban DBAN Darik's Boot And Nuke 2.3.0
item --gap --
item return <---
choose --default bootlocal --timeout 60000 target && goto ${target}
:bootlocal
sanboot --no-describe --drive 0x80 || goto MENU
:acronis2014
initrd http://${fog-ip}/iso/acronis2014.iso
chain memdisk iso raw ||
goto MENU
:acronis2016
initrd http://${fog-ip}/iso/acronis2016.iso
chain memdisk iso raw ||
goto MENU
:acronis2017
initrd http://${fog-ip}/iso/acronis2017.iso
chain memdisk iso raw ||
goto MENU
:easeuspms
initrd http://${fog-ip}/iso/easeuspms.iso
chain memdisk iso raw ||
goto MENU
:aomeipau
initrd http://${fog-ip}/iso/aomeipau.iso
chain memdisk iso raw ||
goto MENU
:veeam
initrd http://${fog-ip}/iso/veeam.iso
chain memdisk iso raw ||
goto MENU
:erd2005
initrd http://${fog-ip}/iso/erd2005.iso
chain memdisk iso raw ||
goto MENU
:dart7
initrd http://${fog-ip}/iso/dart7.iso
chain memdisk iso raw ||
goto MENU
:dart8
initrd http://${fog-ip}/iso/dart8.iso
chain memdisk iso raw ||
goto MENU
:dart81
initrd http://${fog-ip}/iso/dart81.iso
chain memdisk iso raw ||
goto MENU
:dart10
initrd http://${fog-ip}/iso/dart10.iso
chain memdisk iso raw ||
goto MENU
:dban
initrd http://${fog-ip}/iso/dban_2.3.0.iso
chain memdisk iso raw ||
goto MENU
:shell
shell ||
goto MENU
:return
chain http://${fog-ip}/${fog-webroot}/service/ipxe/boot.php?mac=${net0/mac} ||
prompt
goto MENU
autoboot

Hi,

if you say OEM license, do you have Win 7 OEM licenses or Win 10 OEM licenses?
(I talk about a sticker with a unique key)

If so you can add each key to its specific host definition in fog. the fog client will then activate with the entered key.
When you have your keys in the computers bios the way is different, let me know what you have i will explain then.

Regards X23

@george1421 like george is telling, don’t fear of trying the RC’s, i also work with RC9 in a productive environment I have done all the basic stuff (capture, deploy, snapins, active directory join and so on) Feel free to make a backup of your fog instance before going to RC’s

excellent, as always!

@george1421 yes

@sebastian-roth no

Just an idea, isn’t it possible to set a host in two groups?
If so you can create a group for each lab and one group for all labs.

Regards X23

Hi,

when using the “CopyProfile” bit in unattend.xml with Windows 10 1703 you may mention strange problems when creating new user profiles, therefore it’s needed to delete the following file and folders after deployment.

I solve this by adding the following lines to my SetupComplete.cmd:

I’ve added this to my setupcomplete.cmd:

rd /S /Q "C:\Users\Default\AppData\LocalLow"
rd /S /Q "C:\users\Default\AppData\Local\Microsoft\Windows\WebCache"
rd /S /Q "C:\Users\Default\AppData\Local\Microsoft\Windows\INetCache"
del /F "C:\Users\Default\AppData\Local\Microsoft\Windows\WebCacheLock.dat"

When this is done i can start Internet Explorer under every user again and Office 365 registration is functional.
This was the inital issue: https://forums.fogproject.org/topic/10210/windows-10-1703-image-with-strange-issue/21

Regards X23

@Chris6862 success

I’ve added this to my setupcomplete.cmd:

rd /S /Q "C:\Users\Default\AppData\LocalLow"
rd /S /Q "C:\users\Default\AppData\Local\Microsoft\Windows\WebCache"
rd /S /Q "C:\Users\Default\AppData\Local\Microsoft\Windows\INetCache"
del /F "C:\Users\Default\AppData\Local\Microsoft\Windows\WebCacheLock.dat"

My whole SetupComplete.cmd looks like the following:

sc config FOGService start= auto
net start FOGService
PowerShell.exe -ExecutionPolicy Bypass -File C:\Support\Tools\TaskBarLayout.ps1
C:\Support\Tools\Shutup\OOSU10.exe C:\Support\Tools\Shutup\ooshutup10.cfg /quiet
rd /S /Q "C:\Users\Default\AppData\LocalLow"
rd /S /Q "C:\users\Default\AppData\Local\Microsoft\Windows\WebCache"
rd /S /Q "C:\Users\Default\AppData\Local\Microsoft\Windows\INetCache"
del /F "C:\Users\Default\AppData\Local\Microsoft\Windows\WebCacheLock.dat"
del /F C:\Windows\System32\Sysprep\unattend.xml
del /F C:\Windows\Setup\Scripts\SetupComplete.cmd
del /F c:\windows\system32\sysprep\panther\setupact.log
del /F c:\windows\system32\sysprep\panther\setuperr.log
del /F c:\windows\system32\sysprep\panther\ie\setupact.log
del /F c:\windows\system32\sysprep\panther\ie\setuperr.log
shutdown -r -t 60 -f

Regards X23

Hi,

i am currently testing with:

rd /S /Q "C:\Users\Default\AppData\LocalLow"
rd /S /Q "C:\users\Default\AppData\Local\Microsoft\Windows\WebCache"
rd /S /Q "C:\Users\Default\AppData\Local\Microsoft\Windows\INetCache"
del /F "C:\Users\Default\AppData\Local\Microsoft\Windows\WebCacheLock.dat"

within SetupComplete.cmd, i am currently capturing, will test deployment when finished.

Regards X23

@Chris6862
try to delete those files with unlocker and use /quit for sysprep then the machine will not shut down.
https://portableapps.com/apps/utilities/iobit-unlocker-portable
also psexec could also help, with it you can gain system rights and maybe the rights to delete this.
https://blogs.technet.microsoft.com/askds/2008/10/22/getting-a-cmd-prompt-as-system-in-windows-vista-and-windows-server-2008/
if this will work with psexec as system then it’s scriptable.

EDIT:

I tried your method on a problematic computer and it works
i think it must be enough to delete those files in the administrator account before we sysprep, because only at the moment after deployment the unattend.xml will take effect and afaik the admin profile will be used for the default profile on the newly deployed computer and what will happen in that moment the problematic files & folders will be copied from administrator profile to default profile, so in my mind deleting those before taking a capture of the golden image should solve it.

EDIT2:

Only delete those files in the default profile before trying a new user logon, that was enough and all works, so my theory should be true, i will test it on the next image.

lets say this files cannot be deleted when logged in as local admin before sysprep (also with tools and tricks), what about creating another local admin account, login as that, open taskmanager and logoff first local admin (auditmode), delete the files and rerun sysprep /auditmode?

Computer should reboot then and reenter the audit mode, maybe the profile is clean then and we can start regular sysprep. hmmm

I created a package for pdq deploy to fix our problematic computers next morning:

EDIT3:

I took my image deployed it into a vm and take a look howto get quit of that files, and its possible.
locallow can always be deleted, inetcache is blocked by explorer, just use unlocker or kill explorer.exe process to delete that folder, webcache and the lock.dat file is opened by com surrogate, just kill the process dllhost.exe and delete the folder and the file.

When i now just reboot, computer gets back to audit mode and the two folders and the file can deleted without any hassle. so if you want to get sure write something like this in your sysprep script:

taskkill explorer.exe
delete inetcache folder
taskkill dllhost.exe
delete webcache folder
delete lock.dat file

But i am not sure if sysprep needs dllhost.exe, lets try…
…currently capturing, will deploy after that and see if that error is blown away…

EDIT4:

OK that attempt hasn’t worked but i found out what happened.
When the sysprep process is finished the 2 folders and the lock file has be recreated after sysprep was running.
So i use /quit for sysprep and have a pause before shutdown -s -t 0 -f then i kill explorer.exe and dllhost.exe and delete the 2 folders and the lock file after that i ack my pause in my sysprep script and machine shuts down…

I need to try that now, if this is working we can remove pause and script it without interrupt.
I get back to you…

EDIT5:

hmm doesnt work, even when i delete that shit at the latest moment possible (before a shutdown) that files seem to be created by what ever, i can delete them afterwards but i don’t have a real solution yet. damn!

Regards X23

@jim-holcomb said in Can't add new host:

Resolved with the help of Tom. Thanks all!

How?