Been a while since I have posted anything related to deployment, but I have thought a long time about this post. The reason why I have hesitated blogging about this is the legal issues about it. I have finally concluded that this is okay to publish, since the information is already available on the Internet if you search for it. This blogpost is about deploying OEM machines. I did this back in 2011-2012 and have not had a chance to test all the things in this post after I did it. I am now writing this based on my bad memory and some few notes I had about it. The rules for deploying OEM machines is very good explained by Johan Arwidmark (of course) here: http://www.deploymentresearch.com/Research/tabid/62/EntryId/4/OEM-and-imaging-The-rules-of-the-game.aspx
And in another great post about it by Aidan Finn here: http://www.aidanfinn.com/?p=8971
Okay, so you just bought 20 machines HP/Dell/Lenovo or any other major brand and realize that you do not have volume license and you are stuck with OEM license stickers on the machines. You do not care about legal stuff since all you want to do is to deploy those machines unattended. The big question is how are you going to deploy them?
You can of course deploy the machines without specifying a license key when they are done deploying, you could enter the license key that is located on the OEM sticker manually on the machines, but that would not qualify for a blogpost. J
The other way to do this in a geeky fully automated way requires two things in advance. You will need to get your hands on the OEM xrm-ms certificate that is used to activate the machine against the BIOS. In order to use this certificate you will also to need to have the OEM «certificate» activation key.
To summarize what you need:
- OEM specific XRM-MS certicate
- OEM activation key for the certificate.
The easiest way to get your hands on the XRM-MS certificate is probably to mount the disk of one the OEM machines and search the disk for *.XRM-MS. Or if you have a recovery DVD/CD you can find them there. This is pointed out in Morgan Simonsen’s blogpost here: https://morgansimonsen.wordpress.com/2011/11/10/oembios-activating-a-lenovo-x1/ (The friend he mentions in the post is actually me by the way.) When you find the XRM-MS file, copy it out. It’s a thing you want to keep 😉 .
The activation key can be trickier to find. An easy way is to fire up one of the machines and when you have reached Windows you can use this script to recover the key: http://poshcode.org/1544
Or you can use a tool from Nirsoft called Product cd key viewer: http://www.nirsoft.net/utils/product_cd_key_viewer.html
If you are lazy and want to skip them both you can of course find these certificates and product keys online. A clever search like «XRM-MS certificates OEM» will probably work fine. I have linked to a collection of certificates and product keys I have found with Google. ( I take no responsibility for external links )
Enough of the boring stuff. How do we integrate this into Microsoft Deployment Toolkit. Last time I did this in real life was way back with MDT 2010 Update 1, but I am pretty sure this still works.
In all “simpliness” you need to add the following steps in the task sequence:
- Copy the xrm-ms certificate to c:\windows\system32\oem\
- run slmgr /ilc c:\windows\system32\oem\certname.xrm-ms (certname is replaced with what you named your certificate)
- run slmgr /ipk xxxxx-xxxxx-xxxxx-xxxx-xxxxx (replace with your OEM “certificate” activation key”
- run slmgr /ato to activate windows.
(Sorry for the lack of screenshots, have not had a chance to recreate it)
That’s it. Your done.
In this process when I was exploring this I also automated the entire process of reading out the license key from OEM machines during deployment and add it to the MDT database for later deployment. It was not until later in the project I realized that all OEMs only use SLIC (BIOS) activation and does not enter the sticker key on every machine they sell. Please understand that I did this back in 2011-2012. I have not taken notes of everything I did and have not had a chance to test this procedure out again later. So the following information should be tested on OEM machines in order to verify that it still works. The solution I used/customized is described here (great stuff):
I added a new feature to it when I did this. I created an exit script that retrieves the productkey. The script will go into the OEM disc on the machine and mount up the registry of the OEM OS. Then the script will read out the key stored in registry and write it to the %OEMKey% variable. This can then be used later in the task sequence and you can write it to the database. I also removed some stuff from the stored procedures like the TasksequenceID. I am uncertain if I added something new to the stored procedures. Well, if I get a chance to test it again I will verify it. J
You will need the following added to updatedb.ini to trigger the script:
The ProductKeyFinder.vbs script can be found here: