Modern Management - Part Eight - Windows Activation

So my next hurdle for my recently deployed Autopilot devices was Windows 10 Activation. Using the 'Edition Upgrade' Device Configuration profile did not work (I was using a Windows 10 Pro MAK key), therefore I had to come up with another solution.








These devices were both on AD Hybrid (using the Intune Connector) and Azure AD Joined and I need to use a MAK key for Windows Activation. This is not supported through the Windows Licensing CSP - https://docs.microsoft.com/en-us/windows/client-management/mdm/windowslicensing-csp

The way I got around this was to create an Intune Win32 App called Windows Activation, which is the following PowerShell command:



# ScriptName = WindowsActivation.ps1
# Purpose = Activate Windows 10 Pro via a Scheduled Task. This was created to be used with an Autopilot deployment to allow the use of Volume License MAK Keys (as this is not supported through the Windows Licensing CSP - https://docs.microsoft.com/en-us/windows/client-management/mdm/windowslicensing-csp)
# Author = Neil Petersen
# Date = 20190828
# Version = 1.00
#
# DISCLAIMER - THIS SAMPLE CODE AND ANY RELATED INFORMATION ARE PROVIDED “AS IS” WITHOUT WARRANTY OF ANY KIND.
#
# NOTES
#
# I deploy this through Intune wrapped with the IntuneWinAppUtil.exe assigned to Autopilot devices (c:\IntuneWinAppUtil>IntuneWinAppUtil -c C:\IntuneWinAppUtil\Source -s C:\IntuneWinAppUtil\Source\WindowsActivationV1.00.txt -o C:\IntuneWinAppUtil\Output -q)
# Create a blank text file at C:\IntuneWinAppUtil\Source\WindowsActivationV1.00.txt
# Configure the install command as "powershell -ex bypass -file WindowsActivation.ps1"
# Configure the uninstall command as "powershell -ex bypass -file WindowsActivation.ps1" (This does nothing.)
# Configure the Detection rules as Manual and check for the "C:\Program Files\Windows Activation\Activate Windows.cmd" file


#Check for existence of the "C:\Program Files\Windows Activation" Directory
IF (Test-Path "C:\Program Files\Windows Activation") {Write-Host "Directory Already Exists"} ELSE {New-Item -path "C:\Program Files\" -Name "Windows Activation" -ItemType Directory}

#Create the Activate Windows.cmd Script
Add-Content -Path "C:\Program Files\Windows Activation\Activate Windows.cmd" -Value 'if exist "C:\Program Files\Windows Activation\Windows Activated.txt" goto END '
Add-Content -Path "C:\Program Files\Windows Activation\Activate Windows.cmd" -Value 'cscript slmgr.vbs /ipk XXXXX-XXXXX-XXXXX-XXXXX-XXXXX'
Add-Content -Path "C:\Program Files\Windows Activation\Activate Windows.cmd" -Value 'ECHO Version 1.00 >"C:\Program Files\Windows Activation\Windows Activated.txt"'
Add-Content -Path "C:\Program Files\Windows Activation\Activate Windows.cmd" -Value 'Ping 127.0.0.1 -n 10'
Add-Content -Path "C:\Program Files\Windows Activation\Activate Windows.cmd" -Value ':END'
Add-Content -Path "C:\Program Files\Windows Activation\Activate Windows.cmd" -Value 'Exit'

#Set the Scheduled Task Action
$Action = New-ScheduledTaskAction -Execute '"C:\Program Files\Windows Activation\Activate Windows.cmd"' `

#Set the Scheduled Task Time
$Time = New-ScheduledTaskTrigger -Daily -At 12pm

#Register the Scheduled Task
Register-ScheduledTask ActivateWindows -Action $Action -Trigger $Time -User "System"


 This creates batch file called "C:\Program Files\Windows Activation\Activate Windows.cmd", this batch file is then triggered via a Schedule Task that runs daily at 12pm as the system account.



The batch file uses slmgr.vbs to install the correct product key and then creates a trigger file "C:\Program Files\Windows Activation\Windows Activated.txtso we can ensure this only runs once per device. (The schedule task will run everyday but only takes minimal resources so I'm not too concerned.)



I'm sure there are other ways of achieveing this but, I had a case open with Microsoft support and this was quicker than waiting for a response that actually worked.

If you use this please note the disclaimer, and feel free to leave a comment if this helps you out.





Comments