Reimaging with OEM licenses

I came across a TechNet blog post on Microsofts site the other day that taught me something new I thought I would pass along in case it would help someone out.  If you don’t have software assurance with Microsoft but are a volume license customer you can deploy volume license media providing you have keys and the edition of the OEM OS and the Volume License match.  This means you don’t have to be purchasing volume licenses to reimage provided you do have at least a few volume licenses of the software you are trying to deploy.  The below blog posts provide more info.  Guess you learn something new every day.

https://blogs.technet.microsoft.com/volume-licensing/2014/02/13/licensing-how-to-reimaging-rights-top-5-questions/

http://www.aidanfinn.com/?p=14534

 

Advertisements

Filtered GPO’s are broken

I was updating a logon script today and realized that for some reason it wasn’t applying to the machine.   I ran rsop and gpresult but neither one showed the policy or the logon script.  The gpo was filtered to a specific group of users and the user was clearly a member of the group so I was befuddled what was going on.  I finally found a Security update KB 3159398 for Group Policy that came out in June that while fixing a dangerous man-in-the-middle attack breaks filtering if Domain Computer group does not have read permissions to the OU.  Follow the below steps to fix and your gpo will be working like normal.

  1. Open up the gpo in group policy management and click the delegation tab.
  2. Click Add and type in domain computers.capture
  3. Set permissions to read as is the default.capture2
  4. Enjoy your fixed GPO’s!

Link to Microsoft Security update and known issues below.

https://support.microsoft.com/en-us/kb/3159398

 

 

 

Quickly fix Windows is not Genuine from different Windows versions.

I had an issue today with an old KMS server that some machines had been talking to getting shut down and then the machines months later complaining that they couldn’t find the KMS server.  I  then removed the KMS server’s DNS entries and prevented it from publishing them to dns which had been missed before.  That isn’t the purpose of this post though so if you need more info the below two links help out a lot.

How to remove a KMS Server from your Infrastructure

Additional info for Server 2008 only.

Back to the purpose of my post was when I get tickets for activations (as I have over the past few days) I wanted an easy script to run slmgr, remove the product key, input, and activate the new key.  We use MAK keys in our environment so just for the few machines that were set up for KMS a simple script sounded like an easy way to take care of them. Problem is I run Windows 10 and the machines I was trying to fix were Windows 7. SLMGR.vbs is version specific so although I probably could have copied one off a windows 7 machine I came up with the below solution to work on any version of Windows.  To accomplish this I used our old friend psexec which creates a session runs each slmgr command locally on their machine and outputs the result after prompting for a machine name.  A really simple script but maybe someone will find this useful.  Don’t forget to put psexec in the same directory you run the script from.  Happy Friday 🙂

set /p machinename=Input the PC Name:%=%
PsExec.exe \\%machinename% cscript %SystemRoot%\System32\slmgr.vbs /upk
PsExec.exe \\%machinename% cscript %SystemRoot%\System32\slmgr.vbs /ipk xxxxx-xxxxx-xxxxx-xxxxx-xxxxx
PsExec.exe \\%machinename% cscript %SystemRoot%\System32\slmgr.vbs /ato