Cam C
asked on
Unique Windows 10 licensing scenario - after ideas
Hi all,
We have a fleet of 30 x disconnected workstations that have no connectivity to the internet. They are the same make/model. I have a Windows 10 Enterprise MAK volume license for this fleet. We operate from a master (Windows 10 Ent VL gold image) HDD. This environment is such that these 30 x workstations are often geographically separated. They operate at a workgroup level but generally
are only deployed in groups of two or three workstations. We may have 10 of these groups out in the field throughout the year. They are imaged on-demand and then put into production.
A few ideas spring to mind...KMS, VAMT, dedicated HDDs + once off activation...but none of these solutions fit.
Activation options:
1. KMS - no network connectivity, HDDs are activated on demand and we wouldn't have 25 workstations active at any one time to meet the activation threshold requirements.
2. VAMT Disconnected activation - impossible to bring the full fleet of 30 x workstations together to build the CIL for export, then activate. The workstations are not unique or dedicated so I can't generate a full CIL for each workstation hardware profile.
https://technet.microsoft.com/en-us/library/ff686875.aspx
3. Activate then clone - have tried activating the gold image via phone activation, then cloning this image. As expected, HWIDs change when the cloned HDD boots up onto a new workstation, thus rendering the HDD de-activated.
We currently use RHEL for these workstations, but due to software requirements are looking to move to Windows. RHEL can function between cloned systems perfectly fine with no activation concerns. A workaround in the past for a different group of Windows 7 based laptops was to use an OEM license. This solution worked well. Unfortunately these 30 x workstations were not delivered with any form of OEM license.
My problem is finding a way of activating these HDDs. I have a pool of licenses, I have the key, but short of phone activating each individual workstation every time I re-image, I cannot see a way of maintaining activation. Phone activation is obviously a very tedious way of performing the required activation function and will not be suitable.
Is there a legal flexible Windows 10 licensing solution that can provide activation services for this unique scenario? For legitimate and genuine cases can the Software protection policy rules engine be relaxed? Is activation in the above scenario even possible? Would a workaround be to keep re-arming the workstations until they are returned to me for re-image/updating?
I had thought of running something like Windows Embedded Standard. I believe you can activate a gold image with that and then clone appropriately without the activation issues but I can't get hold of it.
I'm running out of ideas. Any assistance would be appreciated.
Thanks
We have a fleet of 30 x disconnected workstations that have no connectivity to the internet. They are the same make/model. I have a Windows 10 Enterprise MAK volume license for this fleet. We operate from a master (Windows 10 Ent VL gold image) HDD. This environment is such that these 30 x workstations are often geographically separated. They operate at a workgroup level but generally
are only deployed in groups of two or three workstations. We may have 10 of these groups out in the field throughout the year. They are imaged on-demand and then put into production.
A few ideas spring to mind...KMS, VAMT, dedicated HDDs + once off activation...but none of these solutions fit.
Activation options:
1. KMS - no network connectivity, HDDs are activated on demand and we wouldn't have 25 workstations active at any one time to meet the activation threshold requirements.
2. VAMT Disconnected activation - impossible to bring the full fleet of 30 x workstations together to build the CIL for export, then activate. The workstations are not unique or dedicated so I can't generate a full CIL for each workstation hardware profile.
https://technet.microsoft.com/en-us/library/ff686875.aspx
3. Activate then clone - have tried activating the gold image via phone activation, then cloning this image. As expected, HWIDs change when the cloned HDD boots up onto a new workstation, thus rendering the HDD de-activated.
We currently use RHEL for these workstations, but due to software requirements are looking to move to Windows. RHEL can function between cloned systems perfectly fine with no activation concerns. A workaround in the past for a different group of Windows 7 based laptops was to use an OEM license. This solution worked well. Unfortunately these 30 x workstations were not delivered with any form of OEM license.
My problem is finding a way of activating these HDDs. I have a pool of licenses, I have the key, but short of phone activating each individual workstation every time I re-image, I cannot see a way of maintaining activation. Phone activation is obviously a very tedious way of performing the required activation function and will not be suitable.
Is there a legal flexible Windows 10 licensing solution that can provide activation services for this unique scenario? For legitimate and genuine cases can the Software protection policy rules engine be relaxed? Is activation in the above scenario even possible? Would a workaround be to keep re-arming the workstations until they are returned to me for re-image/updating?
I had thought of running something like Windows Embedded Standard. I believe you can activate a gold image with that and then clone appropriately without the activation issues but I can't get hold of it.
I'm running out of ideas. Any assistance would be appreciated.
Thanks
Mal Osborne
Do you NEED them to be activated? The only downside in your situation of having these machines unactivated is an annoying watermark in the lower right. Perhaps your users could just learn to live with that?
They have to be activated or eventually they will not run. I am quite sure this is correct.
Windows 10 workstations DHCP internet access issue was announced by Microsoft and there is a fix for this
https://support.microsoft.com/en-us/help/4004227/windows-10-update-kb3206632
Please apply this patch and check if this did the job.
https://support.microsoft.com/en-us/help/4004227/windows-10-update-kb3206632
Please apply this patch and check if this did the job.
You say you have enterprise MAK keys. That's exactly what MAK keys are for (as opposed to KMS, etc.) Make MAK activation part of you image deployment process (don't activate then clone, but automate MAK activation with an unattend file) and your machines will activate when you image them.
John wrote: "They have to be activated or eventually they will not run. I am quite sure this is correct"
Got a cite on that? Everything I have read claims otherwise.
It should be simple to test anyway, just change the clock and see what happens. Having no network connection, these machines cannot receive updates from Microsoft, and have no way of verifying the time.
Got a cite on that? Everything I have read claims otherwise.
It should be simple to test anyway, just change the clock and see what happens. Having no network connection, these machines cannot receive updates from Microsoft, and have no way of verifying the time.
If you do not activate, the license is not legal and you must stop using the software
http://www.computerworld.com/article/2973453/microsoft-windows/microsoft-tells-some-insiders-to-stop-using-windows-10-preview.html
http://www.computerworld.com/article/2973453/microsoft-windows/microsoft-tells-some-insiders-to-stop-using-windows-10-preview.html
ASKER
Cliff said:
Hi Cliff, does this method rely on the access to the internet to verify against MS activation servers? How would the client verify the MAK?
You say you have enterprise MAK keys. That's exactly what MAK keys are for (as opposed to KMS, etc.) Make MAK activation part of you image deployment process (don't activate then clone, but automate MAK activation with an unattend file) and your machines will activate when you image them.
Hi Cliff, does this method rely on the access to the internet to verify against MS activation servers? How would the client verify the MAK?
ASKER
Malmensa said:
Thats a very good question. As long as they function and don't shutdown or otherwise impair the operators experience, I would be happy to run them deactivated. Performing a slmgr /dlv shows the volume license has 1001 rearms available, thinking outside the box, if I scripted a slmgr /rearm every month this would effectively give the machines plenty of time until the next image so it may not be an issue anyway. Obviously its not ideal but there seems to be no clean way of doing. Unless the MAK activation via unattend works...
Do you NEED them to be activated?
Thats a very good question. As long as they function and don't shutdown or otherwise impair the operators experience, I would be happy to run them deactivated. Performing a slmgr /dlv shows the volume license has 1001 rearms available, thinking outside the box, if I scripted a slmgr /rearm every month this would effectively give the machines plenty of time until the next image so it may not be an issue anyway. Obviously its not ideal but there seems to be no clean way of doing. Unless the MAK activation via unattend works...
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Cliff, appreciate your response. You have inferred quite correctly, the environment does have an aggressive security posture. Its the bane of many of my problems, sadly I'm not in a position to change that posture due to security requirements; both technically and from an accreditation standpoint.
Connectivity via KMS is remotely possible, but will heavily rely on the installation of new equipment and links. I may push this agenda through my managers as it seems that this really is the only legal way in my environment. The unattended MAK scenario would be great but these HDDs can't touch the outside world.
Out of curiosity, can you expand on the rearm scenario? Is there something in the EULA which doesn't permit using this command?
Cheers.
Connectivity via KMS is remotely possible, but will heavily rely on the installation of new equipment and links. I may push this agenda through my managers as it seems that this really is the only legal way in my environment. The unattended MAK scenario would be great but these HDDs can't touch the outside world.
Out of curiosity, can you expand on the rearm scenario? Is there something in the EULA which doesn't permit using this command?
Cheers.
I know there is. I no longer recall where. Licensing training was a prerequisite for a MS partner status for a time (gold as I recall) years and years ago was pretty in-depth. Going through docs paragraphs at a time and discussing applicable scenarios. So remembering that something is true and remembering where it is covered in EULA/PUR are two different things. And I'm no lawyer.