Last active
May 1, 2017 16:06
Star
You must be signed in to star a gist
Activate a Windows Host by Proxy
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
function Invoke-WindowsActivation() | |
{ | |
<# | |
.SYNOPSIS | |
This function reaches out remotely to the specified VAMT server and activates the given machines by proxy. To run this, you must meet the following requirements: | |
* The ActiveDirectory module from Microsoft be installed on the machine this function runs from. Install with: | |
Add-WindowsFeature | |
* It's assumed the machines you are dealing with are on an Active Directory domain. | |
* You have a server with the VAMT 3.0 installed. | |
.PARAMETER ComputerName | |
Specifies one or more computers to activate. | |
.PARAMETER Domain | |
Specifies the AD domain the VAMT server and the machines you are activating are on. Default is the current user DNS Domain ($ENV:USERDNSDOMAIN). | |
.PARAMETER VamtServer | |
Specifies the machine the VAMT toolset is installed on. This machine needs the Windows Assessment and Deployment Kit (VAMT Tool) installed. See: | |
https://www.microsoft.com/en-us/download/details.aspx?id=30652 | |
https://technet.microsoft.com/en-us/library/hh825184.aspx | |
.EXAMPLE | |
Invoke-WindowsActivation -ComputerName myserver1,myserver2 -VamtServer vamt01 | |
ActionsAllowed : 105 | |
ApplicationName : | |
ApplicationId : xxxxx | |
CMID : | |
ConfirmationId : | |
ExportGuid : xxxxx | |
FullyQualifiedDomainName : myserver1.mydomain.com | |
GenuineStatus : Genuine | |
GraceExpirationDate : 4/17/2017 9:56:23 PM | |
InstallationId : xxxxx | |
KmsHost : | |
KmsPort : | |
LastActionStatus : Successfully updated the product information. | |
LastErrorCode : 0 | |
LastUpdated : 4/17/2017 9:56:23 PM | |
LicenseFamily : ServerDatacenter | |
LicenseStatus : Licensed | |
LicenseStatusLastUpdated : 4/17/2017 9:56:23 PM | |
LicenseStatusReason : 0 | |
PartialProductKey : xxxx | |
ProductDescription : Windows(R) Operating System, VOLUME_MAK channel | |
ProductKeyId : xxx | |
ProductName : Windows(R), ServerDatacenter edition | |
ProductKeyType : Mak | |
ProductVersion : 6.3.9600.17809 | |
Sku : xxxxx | |
ProductKeyTypeName : | |
LicenseStatusText : | |
GenuineStatusText : | |
ResourceLanguage : | |
SoftwareProtectionService : SPP | |
VLActivationType : NeverVolumeActivated | |
VLActivationTypeEnabled : Default | |
AdActivationObjectName : | |
AdActivationObjectDN : | |
AdActivationCsvlkPid : | |
AdActivationCsvlkSkuId : 00000000-0000-0000-0000-000000000000 | |
#> | |
[CmdletBinding(SupportsShouldProcess=$true)] | |
param | |
( | |
[Parameter(Mandatory=$true,ValueFromPipeline=$true)] $ComputerName, | |
[string] $Domain = $ENV:UserDnsDomain, | |
[Parameter(Mandatory=$true)] [string] $VamtServer | |
) | |
begin | |
{ | |
function Test-Kerberos() | |
{ | |
[CmdletBinding()] | |
param | |
( | |
[Parameter(Mandatory=$true)] $ComputerName | |
) | |
Import-Module ActiveDirectory | |
$c = Get-AdComputer -Identity $ComputerName -Properties TrustedForDelegation | |
return ( $c.TrustedForDelegation ) | |
} | |
if ( !(Test-Kerberos -ComputerName $VamtServer) ) | |
{ | |
throw ("The VAMT Server ($VamtServer) does not have Kerberos delegation enabled! Use: Set-AdComputer -Identity $VamtServer -TrustedForDelegation $true") | |
} | |
if ( !(Test-Kerberos -ComputerName $Env:COMPUTERNAME) ) | |
{ | |
throw ("This client ($Env:COMPUTERNAME) does not have Kerberos delegation enabled! Use: Set-AdComputer -Identity $VamtServer -TrustedForDelegation $true") | |
} | |
# You must use a 32-bit PowerShell session! VAMT.psd1 does not support 64-bit. | |
$session = New-PSSession -ComputerName $VamtServer -ConfigurationName Microsoft.PowerShell32 | |
$sb = ` | |
{ | |
$psdPath = "" | |
if ( Test-Path -Path "HKLM:\SOFTWARE\Wow6432Node\Microsoft\VAMT3" ) | |
{ | |
$psdPath = Get-ItemProperty -Path "HKLM:\SOFTWARE\Wow6432Node\Microsoft\VAMT3" -Name "SchemaFilePath" | Select-Object -ExpandProperty SchemaFilePath | |
} | |
else | |
{ | |
throw ("VAMT3 is not installed on the local machine: $($ENV:COMPUTERNAME)!") | |
} | |
Write-Verbose ("VAMT Module location: $psdPath") | |
Import-Module -Name (Join-Path -Path $psdPath -ChildPath "vamt.psd1") | |
} | |
$psdPath = Invoke-Command -Session $Session -ScriptBlock $sb | |
} | |
process | |
{ | |
try | |
{ | |
foreach ( $comp in $ComputerName ) | |
{ | |
$sb = ` | |
{ | |
param | |
( | |
[Parameter(Mandatory=$true)] $ComputerName, | |
[string] $Domain = $ENV:UserDnsDomain | |
) | |
$product = Find-VamtManagedMachine -QueryType ActiveDirectory -QueryValue $Domain -MachineFilter $ComputerName | |
if ( !$product ) | |
{ | |
throw ("Unable to find a computer in the VAMT Database named $ComputerName! Verify Kerberos delegation is enabled for both $($ENV:ComputerName) and $ComputerName! Set-AdComputer -Identity $ComputerName -TrustedForDelegation `$true ") | |
} | |
Write-Host ("Product Entry:") | |
Write-Host ($product | Format-List | Out-String) | |
if ( $product.GenuineStatus -ine "Genuine" ) | |
{ | |
# Get the confirmation ID: | |
$confirmation = $product | Get-VamtConfirmationId | |
if ( $confirmation.ConfirmationId ) | |
{ | |
$out = Install-VamtConfirmationId -Products $confirmation | |
$output = Find-VamtManagedMachine -QueryType ActiveDirectory -QueryValue $Domain -MachineFilter $ComputerName | |
Write-Host ("Activated server: ") | |
Write-Host ($output | Format-List | Out-String) | |
$output | |
if ( $output.GenuineStatus -ine "Genuine" ) | |
{ | |
throw ("An error occurred activating Windows OS on $comp. `r`nError message: $($output.LastActionStatus).") | |
} | |
} | |
else | |
{ | |
throw ("Unable to get a confirmation ID for machine $ComputerName!") | |
} | |
} | |
else | |
{ | |
Write-Warning ("$ComputerName has already been activated!") | |
$product | |
} | |
} | |
if ( $PSCmdlet.ShouldProcess($comp, "Activate Windows machine") ) | |
{ | |
Invoke-Command -Session $session -ScriptBlock $sb -ArgumentList $comp,$Domain | |
} | |
} | |
} | |
catch | |
{ | |
if ( $session ) | |
{ | |
$session | Remove-PSSession | |
} | |
throw $_ | |
} | |
} | |
end | |
{ | |
if ( $session ) | |
{ | |
$session | Remove-PSSession | |
} | |
} | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment