[German]In another blog post I would like to discuss the activation of ESU licenses for Windows 7 SP1/Windows Server 2008/R2 support renewal in enterprise environments. Microsoft doesn’t offer a viable solution to this issue, but I have found a potentially better approach.
What we are talking about?
Here in the blog, I’ve spent a lot of time discussing support renewals for Windows 7 SP1 (and Server 2008/R2) as part of the Extended Security Updates (ESU) program (see links at the end of the article). Parts 1 and 2 of the article series dealt with the purchase and activation of ESU licenses for SMBs. However, the solution is only practicable for a handful of systems. In part 2 of the article series, German blog reader Shadena immediately asked for a solution to activate ESU within large enterprise environments:
interesting for me would be, how the ESU-Keys can be distributed on Windows 7 clients in large environments, if they can be set up on the domain’s own KMS server.
I myself am not active in this field, and could only refer to the the Microsoft ESU FAQ. And there is the Techcommunity article How to get Extended Security Updates for eligible Windows devices from October 2019, but it doesn’t reflect more than my second part of this article series. Not useful for enterprise environments with many Windows 7 systems where ESU should be activated.
You could create a batch solution with a few commands, which would relieve administrators of some manual effort. In part 2 I had mentioned this post where a script could be found (the batch program could be simplified, since the Activation-ID for all machines is fixed).
ActivationWs: The ESU MAK activation solution
Recently I came across a solution how to solve the problem of activating the ESU keys in enterprise environments, if the clients or servers do not have direct access to the Internet, or where the VAMT solution described by Microsoft is not applicable. Someone has developed a solution and published it as ActivationWs on GitHub.
The ActivationWs GitHub repository is a customizable solution for the distribution and activation of multiple activation keys (MAK). It consists of an ASP.NET web service and a PowerShell script to install and activate the MAK.
The developer of the solution writes that ActivationWs is designed for companies for whom deploying and activating their Extended Security Update (ESU) MAK key on many clients is a certain challenge. The ActivationWs repository offers administrators a “pull-based” activation solution. This eliminates the requirements of the VAMT approach mentioned above. This may reduce some of the obstacles that administrators must overcome when activating the product key.
The picture above shows the scheme of the activation process, including the ConfigMgr (from SCCM).
- The PowerShell script Activate-Product.ps1 is deployed (for example, using ConfigMgr or another solution of choice) on the ESU-enabled device.
- The script installs the MAK, and then queries the installation ID and product ID.
- Then the script sends a SOAP request to the ActivationWs Web Service. The ActivationWs Web Service is installed on a host in the internal network of the company. The communication takes place via a freely selectable port (e.g. 80/443).
- The Installation- and Product IDs are transferred to the Microsoft BatchActivation Service, which then returns the Confirmation ID to the ActivationWs Web Service. This service passes the Confirmation ID to the client that is to receive the ESU Activation.
- The script stores the Confirmation ID and completes the activation.
The ActivationWs Web Service runs on IIS and requires the .NET Framework 4.6 and access to the Microsoft BatchActivation Service (https://activation.sls.microsoft.com). A proxy server can be specified in the web.config file if required. Activate-Product.ps1 requires Windows PowerShell v2.0 or later and must be running with administrator privileges.
See the GitHub page for some more information and a FAQ on how to use this solution. This comes without support, but it should be the solution for some administrators.
Windows 7: Buy and manage ESU licenses – Part 1
Windows 7: Preparing for ESU and license activation – Part 2
Windows 7: ESU Activation inEnterprise Environment – Part 3
Windows 7: ESU questions and more answers – Part 4
Wow! Windows 7 get extended support until January 2023
Windows 7 Extended Security Updates buyable from April 2019
Microsoft offers Windows 7 Extended Update Support to SMBs
Prices for Windows 7 Extended Security Updates till 2023
Windows 7: Free Extended Update Support and usage
Windows 7: Office 365 ProPlus Updates till 2023
Windows 7 Extended Security Updates (ESU) requirements
Windows 7 Extended Security Update (ESU) program available
Windows 7 Extended Security Updates (ESU) program, price and source for SMEs