Skip to content

Instantly share code, notes, and snippets.

@BrandonStiff
Last active May 1, 2017 16:06
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
Star You must be signed in to star a gist
Save BrandonStiff/8e8ac4dc04254b85e9c4301346c85798 to your computer and use it in GitHub Desktop.
Activate a Windows Host by Proxy
function Invoke-WindowsActivation()
{
<#
.SYNOPSIS
This function reaches out remotely to the specified VAMT server and activates the given machines by proxy. To run this, you must meet the following requirements:
* The ActiveDirectory module from Microsoft be installed on the machine this function runs from. Install with:
Add-WindowsFeature
* It's assumed the machines you are dealing with are on an Active Directory domain.
* You have a server with the VAMT 3.0 installed.
.PARAMETER ComputerName
Specifies one or more computers to activate.
.PARAMETER Domain
Specifies the AD domain the VAMT server and the machines you are activating are on. Default is the current user DNS Domain ($ENV:USERDNSDOMAIN).
.PARAMETER VamtServer
Specifies the machine the VAMT toolset is installed on. This machine needs the Windows Assessment and Deployment Kit (VAMT Tool) installed. See:
https://www.microsoft.com/en-us/download/details.aspx?id=30652
https://technet.microsoft.com/en-us/library/hh825184.aspx
.EXAMPLE
Invoke-WindowsActivation -ComputerName myserver1,myserver2 -VamtServer vamt01
ActionsAllowed : 105
ApplicationName :
ApplicationId : xxxxx
CMID :
ConfirmationId :
ExportGuid : xxxxx
FullyQualifiedDomainName : myserver1.mydomain.com
GenuineStatus : Genuine
GraceExpirationDate : 4/17/2017 9:56:23 PM
InstallationId : xxxxx
KmsHost :
KmsPort :
LastActionStatus : Successfully updated the product information.
LastErrorCode : 0
LastUpdated : 4/17/2017 9:56:23 PM
LicenseFamily : ServerDatacenter
LicenseStatus : Licensed
LicenseStatusLastUpdated : 4/17/2017 9:56:23 PM
LicenseStatusReason : 0
PartialProductKey : xxxx
ProductDescription : Windows(R) Operating System, VOLUME_MAK channel
ProductKeyId : xxx
ProductName : Windows(R), ServerDatacenter edition
ProductKeyType : Mak
ProductVersion : 6.3.9600.17809
Sku : xxxxx
ProductKeyTypeName :
LicenseStatusText :
GenuineStatusText :
ResourceLanguage :
SoftwareProtectionService : SPP
VLActivationType : NeverVolumeActivated
VLActivationTypeEnabled : Default
AdActivationObjectName :
AdActivationObjectDN :
AdActivationCsvlkPid :
AdActivationCsvlkSkuId : 00000000-0000-0000-0000-000000000000
#>
[CmdletBinding(SupportsShouldProcess=$true)]
param
(
[Parameter(Mandatory=$true,ValueFromPipeline=$true)] $ComputerName,
[string] $Domain = $ENV:UserDnsDomain,
[Parameter(Mandatory=$true)] [string] $VamtServer
)
begin
{
function Test-Kerberos()
{
[CmdletBinding()]
param
(
[Parameter(Mandatory=$true)] $ComputerName
)
Import-Module ActiveDirectory
$c = Get-AdComputer -Identity $ComputerName -Properties TrustedForDelegation
return ( $c.TrustedForDelegation )
}
if ( !(Test-Kerberos -ComputerName $VamtServer) )
{
throw ("The VAMT Server ($VamtServer) does not have Kerberos delegation enabled! Use: Set-AdComputer -Identity $VamtServer -TrustedForDelegation $true")
}
if ( !(Test-Kerberos -ComputerName $Env:COMPUTERNAME) )
{
throw ("This client ($Env:COMPUTERNAME) does not have Kerberos delegation enabled! Use: Set-AdComputer -Identity $VamtServer -TrustedForDelegation $true")
}
# You must use a 32-bit PowerShell session! VAMT.psd1 does not support 64-bit.
$session = New-PSSession -ComputerName $VamtServer -ConfigurationName Microsoft.PowerShell32
$sb = `
{
$psdPath = ""
if ( Test-Path -Path "HKLM:\SOFTWARE\Wow6432Node\Microsoft\VAMT3" )
{
$psdPath = Get-ItemProperty -Path "HKLM:\SOFTWARE\Wow6432Node\Microsoft\VAMT3" -Name "SchemaFilePath" | Select-Object -ExpandProperty SchemaFilePath
}
else
{
throw ("VAMT3 is not installed on the local machine: $($ENV:COMPUTERNAME)!")
}
Write-Verbose ("VAMT Module location: $psdPath")
Import-Module -Name (Join-Path -Path $psdPath -ChildPath "vamt.psd1")
}
$psdPath = Invoke-Command -Session $Session -ScriptBlock $sb
}
process
{
try
{
foreach ( $comp in $ComputerName )
{
$sb = `
{
param
(
[Parameter(Mandatory=$true)] $ComputerName,
[string] $Domain = $ENV:UserDnsDomain
)
$product = Find-VamtManagedMachine -QueryType ActiveDirectory -QueryValue $Domain -MachineFilter $ComputerName
if ( !$product )
{
throw ("Unable to find a computer in the VAMT Database named $ComputerName! Verify Kerberos delegation is enabled for both $($ENV:ComputerName) and $ComputerName! Set-AdComputer -Identity $ComputerName -TrustedForDelegation `$true ")
}
Write-Host ("Product Entry:")
Write-Host ($product | Format-List | Out-String)
if ( $product.GenuineStatus -ine "Genuine" )
{
# Get the confirmation ID:
$confirmation = $product | Get-VamtConfirmationId
if ( $confirmation.ConfirmationId )
{
$out = Install-VamtConfirmationId -Products $confirmation
$output = Find-VamtManagedMachine -QueryType ActiveDirectory -QueryValue $Domain -MachineFilter $ComputerName
Write-Host ("Activated server: ")
Write-Host ($output | Format-List | Out-String)
$output
if ( $output.GenuineStatus -ine "Genuine" )
{
throw ("An error occurred activating Windows OS on $comp. `r`nError message: $($output.LastActionStatus).")
}
}
else
{
throw ("Unable to get a confirmation ID for machine $ComputerName!")
}
}
else
{
Write-Warning ("$ComputerName has already been activated!")
$product
}
}
if ( $PSCmdlet.ShouldProcess($comp, "Activate Windows machine") )
{
Invoke-Command -Session $session -ScriptBlock $sb -ArgumentList $comp,$Domain
}
}
}
catch
{
if ( $session )
{
$session | Remove-PSSession
}
throw $_
}
}
end
{
if ( $session )
{
$session | Remove-PSSession
}
}
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment