Activation after imaging and rekeying

[BC]

As a consultant of last resort, I get called in when
IT staff and tech support can't resove a problem,
and by that time, people are pissy, angry and/or
defensive. Usually it's a highly technical problem,
and my latest "house call" involved creating a new
public access workstation model for a large public
library that's going from Win95 systems to Win
XP Pro. (Yeah, I know Win95 seems ancient, but
they had Firefox for web browsing, Office 97 for
letters and spreadsheets and such, 3rd party
security apps that really locked down the units,
and a simple, fast reimaging system that made
recovery from blown hard drives and such trivial.)

The only thing technically out of the ordinary was
that at one point years ago they wanted an easy
way to manage and control patron access to the
public worstations. After examiing and testing a
lot of library and cybercafe software, I picked this
cybercafe package by an English company. And
not only did the package rock, bur the software
made a couple of key mods to optimize it for
libary use. It ended being far more sophisticated
and less troublesome than typical much most
expensive and conventional library software.

So the library REALLY wanted to keep using this
cybercafe software for the new workstations, but
their tech staff had trouble figuring out how to do
that, and the tech support from the company
leasing and maintaining the PC's didn't know
anything about that stuff and didn't want to get
involved, and there were deadlines looming.... so I
get called in.

Getting the cybercafe software up and running was
actually pretty trivial -- they simply haven't had to
touch anything all these years, so they were still
using the old version, and weren't too sure about
the new one, blah, blah, blah. The only
complicating factor was deciding on the level of
desired security and how to control it: the cybercafe
software came with workstation security
management, a product called "Deep Freeze" that
they were also using also provides workstation
security, and good old, primitive Active Directory
Services would also be available to manage security
policies. Since Deep Freeze had the most robust
and slick security features (it creates a virtual
sandbox that make it seems like people have a lot
of access to the PC, but actually don't), it was
decided to use that plus a few features of the
cybercafe software to lock down the workstations.

Lastly, since I was working on a model PC that
would be imaged onto about 70 other workstation
PC's, I recommended wiping the retail image
off the PC and doing a clean install from scratch to
create a nice pristine model with all the latest
updates, and a complete, cover-all-bases, updated
program list, especially for multimedia. I knew that
the model and its clones will not be updated for
some time to come.

Wiping a PC and reinstalling from scratch is a
pretty basic thing. I've done it countless times.
Making a standard model PC and cloning/
reimaging that to identical new models is also
pretty basic as well, and I've done that plenty o'
times as well, including XP Pro systems. If you
have an install CD and a valid key, no big whoop.
But this is where my project developed a pile of
problems. I was told that there would be a volume
key for the PC's, but that never materialized --
instead the sticker key had to be used on the
model. Fine. But no CD's came with the HP's.
However you could create them, and these
weren't just image CD's but reinstallation ones.
OK, good. Made 2 sets of those. Good to go.

Wiped the hard drive and created a small 20Gb
partition (nobody will be saving things to the
hard drive, so they was no point to using the
entire drive, and then used the HP CD's to
install XP Pro. It looked like a normal install
but then it started asking for the CD already
inserted. Hmmm..not good. It got stuck in that
loop, so scratch that. Tried the other CD set.
Again normal but then it asked for an unknown
CD for verification -- WTF!? It figures -- the easy
part will be the hard part. Screw this, so I used
my VLK XP Pro SP2 CD I have for repairs to put
back the OS. Everything after that went as
expected.

But the company leasing and managing the
PC's then said that I did a bad thing -- the key
has to be the one on the sticker. They were
reminded that they were suppose to have
delivered a volume key, but .... Alright, fine.
Going from a VLK to an OEM is not that
complicated -- so I had the PC back to its
original sticker key and fully activated and
validated and good to go in about 45 minutes.

The leasing and management company takes
it away to reimage it to a small number of PC's
that were going to be used for initial testing,
especially in the "bad" parts of the library where
the pervs and would be hackers tend to loiter.

But the leasing and management company
said that model was still no good because
they couldn't activate the first clone they made
and they didn't understand why. I asked for them
to drop off the cloned PC so I can take a look
(aka see where they screwed up) but they have
dancing around doing this.

At this point, I'm more then a little bit annoyed.
The leasing and management company is also
some sort of Microsoft partner, but they are
obviously not very technical people at all despite
setting up large corporate networks being one of
their things.

Supposedly they are using Ghost to reimage.

Is there anything in the above sequence that
cause validation to not work? The managing and
leasing company now says they put the PC's
they reimaged back to factory condition so there's
nothing for me to look at. Are they just screw-ups?
Things are not getting done is the bottom line now.

Any thoughts will be appreciated.

-BC

 

[BC]

As a consultant of last resort, I get called in when
IT staff and tech support can't resove a problem,
and by that time, people are pissy, angry and/or
defensive. Usually it's a highly technical problem,
and my latest "house call" involved creating a new
public access workstation model for a large public
library that's going from Win95 systems to Win
XP Pro. (Yeah, I know Win95 seems ancient, but
they had Firefox for web browsing, Office 97 for
letters and spreadsheets and such, 3rd party
security apps that really locked down the units,
and a simple, fast reimaging system that made
recovery from blown hard drives and such trivial.)

The only thing technically out of the ordinary was
that at one point years ago they wanted an easy
way to manage and control patron access to the
public worstations. After examiing and testing a
lot of library and cybercafe software, I picked this
cybercafe package by an English company. And
not only did the package rock, bur the software
made a couple of key mods to optimize it for
libary use. It ended being far more sophisticated
and less troublesome than typical much most
expensive and conventional library software.

So the library REALLY wanted to keep using this
cybercafe software for the new workstations, but
their tech staff had trouble figuring out how to do
that, and the tech support from the company
leasing and maintaining the PC's didn't know
anything about that stuff and didn't want to get
involved, and there were deadlines looming.... so I
get called in.

Getting the cybercafe software up and running was
actually pretty trivial -- they simply haven't had to
touch anything all these years, so they were still
using the old version, and weren't too sure about
the new one, blah, blah, blah. The only
complicating factor was deciding on the level of
desired security and how to control it: the cybercafe
software came with workstation security
management, a product called "Deep Freeze" that
they were also using also provides workstation
security, and good old, primitive Active Directory
Services would also be available to manage security
policies. Since Deep Freeze had the most robust
and slick security features (it creates a virtual
sandbox that make it seems like people have a lot
of access to the PC, but actually don't), it was
decided to use that plus a few features of the
cybercafe software to lock down the workstations.

Lastly, since I was working on a model PC that
would be imaged onto about 70 other workstation
PC's, I recommended wiping the retail image
off the PC and doing a clean install from scratch to
create a nice pristine model with all the latest
updates, and a complete, cover-all-bases, updated
program list, especially for multimedia. I knew that
the model and its clones will not be updated for
some time to come.

Wiping a PC and reinstalling from scratch is a
pretty basic thing. I've done it countless times.
Making a standard model PC and cloning/
reimaging that to identical new models is also
pretty basic as well, and I've done that plenty o'
times as well, including XP Pro systems. If you
have an install CD and a valid key, no big whoop.
But this is where my project developed a pile of
problems. I was told that there would be a volume
key for the PC's, but that never materialized --
instead the sticker key had to be used on the
model. Fine. But no CD's came with the HP's.
However you could create them, and these
weren't just image CD's but reinstallation ones.
OK, good. Made 2 sets of those. Good to go.

Wiped the hard drive and created a small 20Gb
partition (nobody will be saving things to the
hard drive, so they was no point to using the
entire drive, and then used the HP CD's to
install XP Pro. It looked like a normal install
but then it started asking for the CD already
inserted. Hmmm..not good. It got stuck in that
loop, so scratch that. Tried the other CD set.
Again normal but then it asked for an unknown
CD for verification -- WTF!? It figures -- the easy
part will be the hard part. Screw this, so I used
my VLK XP Pro SP2 CD I have for repairs to put
back the OS. Everything after that went as
expected.

But the company leasing and managing the
PC's then said that I did a bad thing -- the key
has to be the one on the sticker. They were
reminded that they were suppose to have
delivered a volume key, but .... Alright, fine.
Going from a VLK to an OEM is not that
complicated -- so I had the PC back to its
original sticker key and fully activated and
validated and good to go in about 45 minutes.

The leasing and management company takes
it away to reimage it to a small number of PC's
that were going to be used for initial testing,
especially in the "bad" parts of the library where
the pervs and would be hackers tend to loiter.

But the leasing and management company
said that model was still no good because
they couldn't activate the first clone they made
and they didn't understand why. I asked for them
to drop off the cloned PC so I can take a look
(aka see where they screwed up) but they have
dancing around doing this.

At this point, I'm more then a little bit annoyed.
The leasing and management company is also
some sort of Microsoft partner, but they are
obviously not very technical people at all despite
setting up large corporate networks being one of
their things.

Supposedly they are using Ghost to reimage.

Is there anything in the above sequence that
cause validation to not work? The managing and
leasing company now says they put the PC's
they reimaged back to factory condition so there's
nothing for me to look at. Are they just screw-ups?
Things are not getting done is the bottom line now.

Any thoughts will be appreciated.

-BC

Nevermind -- it appears that they never ever reimaged
using OEM keys and didn't know what to do. They
now are asking the library to buy a VLK at $65 per
workstation.

Are all Microsoft Gold partners so, ummm, technically
proficient?

-BC

 

[Richard M.]

Hello,

My first concern is that apparently you will duplicate a licence meant for a
single computer onto the whole library. I fear that this is a contract
breach.

my VLK XP Pro SP2 CD I have for repairs to put
back the OS. Everything after that went as
expected.

But the company leasing and managing the
PC's then said that I did a bad thing -- the key
has to be the one on the sticker. They were
reminded that they were suppose to have
delivered a volume key, but .... Alright, fine.
Going from a VLK to an OEM is not that
complicated -- so I had the PC back to its
original sticker key and fully activated and
validated and good to go in about 45 minutes.

Do you mean you forced the OEM key into the registry ?
How do you performed that step ?
(You can't just install a VLK disk with OEM key.)

[...]

Is there anything in the above sequence that
cause validation to not work? The managing and
leasing company now says they put the PC's
they reimaged back to factory condition so there's
nothing for me to look at. Are they just screw-ups?
Things are not getting done is the bottom line now.

Any thoughts will be appreciated.

-BC

Are you using "Sysprep" ?
You will need a Volume Licence Key there.

Is it the Sysprep version for XP SP2 ?
Using the previous version (SP1) made several funny things to me...

--Richard.

 

[Adam Leinss]

Do you mean you forced the OEM key into the registry ?
How do you performed that step ?
(You can't just install a VLK disk with OEM key.)

Yeah, I was wondering the same thing. There's no way of going from VL to
OEM, especially in cases were SLP is used to preactivate the PCs. The
files are just too different.

So what's this magical process of converting VL to OEM that you speak of?


Also, I would recommend that this library find a new partner. How can a
company that "leases and manages" as their bread and butter not figure out
how to setup a library kiosk? Hell, you don't even need Deep Freeze...the
Shared Computer Toolkit works just as good. I used it for setting up
kiosks on an assembly line. The only thing the user can do is log off and
then it logs right back on. USB is disabled, as well as the CD-ROM and
floppy disk. The only way they are cracking anything is if they lift up
the PC and throw it against the wall.

Adam

 

[BC]

@TK2MSFTNGP03.phx.gbl:





Yeah, I was wondering the same thing. There's no way of going from VL to
OEM, especially in cases were SLP is used to preactivate the PCs. The
files are just too different.

So what's this magical process of converting VL to OEM that you speak of?


Also, I would recommend that this library find a new partner. How can a
company that "leases and manages" as their bread and butter not figure out
how to setup a library kiosk? Hell, you don't even need Deep Freeze...the
Shared Computer Toolkit works just as good. I used it for setting up
kiosks on an assembly line. The only thing the user can do is log off and
then it logs right back on. USB is disabled, as well as the CD-ROM and
floppy disk. The only way they are cracking anything is if they lift up
the PC and throw it against the wall.

Adam

It's simple enough -- you just need an OEM installation CD and
optionally a key changer program (I used Magic Jellybean). Since
the HP CD creator wouldn't work, I used one of the OEM Dell XP
Pro SP2 CD's the library had lying around and did a repair install.
While that may appear to change nothing, it converts the type of
XP Pro on the system back to an OEM flavor, allowing you to then
change to key to any OEM one -- like that on the sticker on the
HP. The PC needs to be authenticated again at that point, but
just run the activation process as you normally do (Start->All
Programs->Accessories->System Tools->Activate Windows.)

Good point about the Shared Computer Toolkit (the Gates
Foundation also offers a different version of it) -- while I
personally
would never, EVER recommend any Microsoft product for security,
as a Microsoft shop, they really should have thought to bring it up
with the library's IT person early on.

OK -- my question to you guys is: isn't the normal method for
Microsoft shops to image a large number of PC's is to use the
Sysprep tool in conjunction with a VLK? I know that you can
use Sysprep with OEM keys, but it's not as straightforward and
I have the feeling that not many of the Microsoft shops know how
to do this, despite instructions like this:
http://www.microsoft.com/technet/prodtechnol/winxppro/deploy/oempreac.mspx

How often is that OEM variation used, by your estimate.

-BC

 

[Adam Leinss]

It's simple enough -- you just need an OEM installation CD and
optionally a key changer program (I used Magic Jellybean). Since
the HP CD creator wouldn't work, I used one of the OEM Dell XP
Pro SP2 CD's the library had lying around and did a repair
install. While that may appear to change nothing, it converts the
type of XP Pro on the system back to an OEM flavor, allowing you
to then change to key to any OEM one -- like that on the sticker
on the HP. The PC needs to be authenticated again at that point,
but just run the activation process as you normally do (Start->All
Programs->Accessories->System Tools->Activate Windows.)

Sounds simple enough, but seems a bit dangerous and unpredictable to
me. What happens if you applied post-SP2 hotfixes to the system?
Since it pulls the registry information forward but back revs most of
the operating system files to the ones on the disc, does that mean
that you get outdated SP2 files in Windows, but it thinks it's
updated because the update information is still in the registry?

OK -- my question to you guys is: isn't the normal method for
Microsoft shops to image a large number of PC's is to use the
Sysprep tool in conjunction with a VLK? I know that you can
use Sysprep with OEM keys, but it's not as straightforward and
I have the feeling that not many of the Microsoft shops know how
to do this, despite instructions like this:
http://www.microsoft.com/technet/prodtechnol/winxppro/deploy/oempre
ac.mspx

Yes, VL is used for most setups dealing with more than 25 computers.
I do support an auxiliary company that provides alternative
instruction for students. I used the same sysprep program and INF
file as I did for my VL images, except I commented the line defining
the product key. When the laptop comes up, it requires immediate
entry of the product key on the bottom of the laptop and on the first
boot into Windows it wants activation. This poses no problems. I
left the Dell copy of the OS on the laptop and did not use our VL
media for this however.

Unfortunately, the library "tech staff" and the company managing the
computers seem to be incompetent if the story you tell is accurate.
If I told my boss he needed to hire outside help to setup a PC kiosk
I would be shown the door.

Most OEM computers come with a preload disk anyways...our Dells do.
Of course, I made my own brew using a virgin Windows VL disc, but I
guess you are bounded by whatever the customer you are dealing with
is using.

Adam

 

[BC]

Sounds simple enough, but seems a bit dangerous and unpredictable to
me. What happens if you applied post-SP2 hotfixes to the system?
Since it pulls the registry information forward but back revs most of
the operating system files to the ones on the disc, does that mean
that you get outdated SP2 files in Windows, but it thinks it's
updated because the update information is still in the registry?

As you might imagine, I really wasn't all that keen
at that point to explore all the finer points of this
technique -- I just to get the friggin thing done. There
seemed to be no discernable difference, though,
before and after aside from being able to change the
key the way I wanted. And in theory, there really
shouldn't be -- Microsoft can only screw so far with
version differences before risking too high a problem
rate when it comes to updates and such. I suspect
their WGA BS is the limit of their splitting hairs.

Yes, VL is used for most setups dealing with more than 25 computers.
I do support an auxiliary company that provides alternative
instruction for students. I used the same sysprep program and INF
file as I did for my VL images, except I commented the line defining
the product key. When the laptop comes up, it requires immediate
entry of the product key on the bottom of the laptop and on the first
boot into Windows it wants activation. This poses no problems. I
left the Dell copy of the OS on the laptop and did not use our VL
media for this however.

As I thought (as you might suspect, I'm not a fan of
Microsoft stuff) -- deploying with OEM keys just entails
a little bit more work. Big whoop. I was also kind of
annoyed that no CD's were included with the HP's the
way they were with the Dell's at the library (the library
had spec'd Dells but that management company said
the HP's were cheaper...). Dell may have some big
problems these days, but their corporate competitors
don't exactly inspire a whole of confidence

Unfortunately, the library "tech staff" and the company managing the
computers seem to be incompetent if the story you tell is accurate.
If I told my boss he needed to hire outside help to setup a PC kiosk
I would be shown the door.

That's why people are sometimes not in the best of
moods when I'm called in (although I don't take that
personally...) At least nobody was threatening non-
payments, legal action or major contract canceling
this time around.

Most OEM computers come with a preload disk anyways...our Dells do.
Of course, I made my own brew using a virgin Windows VL disc, but I
guess you are bounded by whatever the customer you are dealing with
is using.

Adam

I've made a few special purpose XP CD's myself for
different situations. All of this plus some disturbing
PC cleanups I did in recent months will keep me using
a hopped-up Win98 PC as my primary for web surfing
and email until I can't anymore.

Here; you might find this an interesting read about how
ever slick and sophisticated the bugs have been getting:
http://www.secureworks.com/research/threats/spamthru

And thanks for the info.

-BC