Step-By-Step Guide: VAMT MAK Proxy Activation For Isolated Air-Gapped Networks

Introduction

Purpose

The purpose of this guide is to provide a step-by-step instruction on how to activate a Multiple Activation Key (MAK) using the Volume Activation Management Tool (VMAT) in a isolated air-gapped network. This method leverages Proxy activation on an Internet-connected VAMT host computer.

What Is VAMT

Definition of VAMT

The Volume Activation Management Tool (VAMT) enables network administrators and other IT professionals to automate and centrally manage the Windows®, Microsoft® Office®, and select other Microsoft products volume and retail activation process. VAMT can manage volume activation using Multiple Activation Keys (MAKs) or the Windows Key Management Service (KMS). VAMT is a standard Microsoft Management Console (MMC) snap-in and can be installed on any computer that has one of the following Windows operating systems: Windows® 7, Windows 8, Windows 8.1, Windows 10,Windows Server 2008 R2, Windows Server 2012 R2 or Windows 2016.

Proxy Activation Diagram Illustrate

 

Install VAMT In Isolated Air-Gapped Network

Important Note: If you are not running an offline version of ADK install select the option (Download the Windows Assessment and Deployment Kit – Windows 10 for installation on separate computer) for section 3.1.2. Once downloaded, re-run the offline ADK install and continue with step 2.

Install VAMT using Windows Assessment and Deployment Kit (ADK) for Windows 10.

    1. Download and open the Windows 10, version 1903 ADK package. Reminder: There won’t be new ADK release for 1909.
    2. Enter an install location or use the default path, and then select Next.
    3. Select a privacy setting, and then select Next.
    4. Accept the license terms.
    5. On the Select the features you want to install page, select Volume Activation Management Tool (VAMT), and then select Install. (You can select additional features to install as well.)
    6. On the completion page, select Close.

Decide if you want to use SQL Express or a full SQL instance. Below are links to the offline installation of SQL Express. For this guide we will be using SQL express.

    1. Execute the executable SQL Express download.
    2. Select Basic. Accept the license terms.
    3. Enter an install location or use the default path, and than select Install.
    4. On the completion page, note the instance name for your installation, select Close, and then select Yes.

Configure VAMT to connect to SQL Server Express or full SQL Server

  1. Open Volume Active Management Tool 3.1 from the Start menu.
  2. Enter the server instance name (for a remote SQL use the FQDN) and a name for the database, select Connect, and then select Yes to create the database.

Adding Firewall Exception For Windows Management Instrumentation (WMI)

If your target computers/servers have the local Windows firewall enabled, add a firewall exception to allow for Windows Management Instrumentation (WMI).

  1. Edit an existing Group Policy object or create a new one using the Group Policy Management Tool.
  2. Expand the Computer Configuration/Policies/Windows Settings/Security Settings/Windows Firewall with Advanced Security/Windows Firewall with Advanced Security/Inbound.
  3. Create a new Rule by right-clicking “Inbound Rules” and select “New Rule”.
  4. Check the Predefined: radio button and select Windows Management Instrumentation from the drop down list. Click Next.
  5. Check the WMI rules for the Domain Profile. Click Next.
  6. Check the Allow the Connection radio button and click finish exiting and saving the new rule. Apply the Group Policy Object to the relevant computers using the Group Policy Management Tool.

Add Computers To The Computer Information List Within VAMT

There are four (4) discovery methods that you can use when adding computers to VAMT. The discover method being used in this guide will be “Search for computers in the Active Director”.

  1. Open VAMT
  2. In the right-side Actions pane on select click “Discover products…”.
  3. Select “Search for computers in the Active Directory” is selected.
  4. Under “Domain Filter Criteria” select your network domain.
  5. Under “Filter by computer name” enter a computer object and click “Search”. Dialog box “VAMT successfully discovered 1 machine” will display if computer object is found.

Discover Products And Collect Status Information

In order for the VAMT to perform an action on any products, it must have current license-status data for those products. Collect status from individual products by directly selecting one or more computers in the product list-view pane.

  1. Right-click the selected computers and choose “Update license status” and select “Current credential”.

Import Note: if you are activating products that require administrator credentials different from the ones you are currently using, choose the Alternate Credential option and provide an appropriate account and the corresponding password when prompted.

The VAMT will display the Collecting computer information dialog box while it collects the status of all installed products on the selected computers. When the process is finished, the updated status of those products will appear in the product list view in the center pane. It is possible to show more items in the product list pane after updating the status, as there could be one or more Microsoft.

Add A Multiple Activation Key (MAK)

  1. In the left-side pane of VAMT, click Product Keys.
  2. In the right-side pane of VAMT, click “Add a product keys..”
  3. Enter a Multiple Activation Key (MAK) and then click “Add Keys”. If MAK key is valid, you will receive a dialing message indicating, “X product key was successfully verified and added to VAMT”. Once verified, the Edition field will automatically populate.

Import Note: If you are adding the Extended Support Update (ESU) MAK, you must update the VAMT – ESU Configuration files by downloading them here –> https://www.microsoft.com/en-us/download/details.aspx?id=100304

 

Install Instructions:

  1. Download the configuration file for the respective platform For Windows 7, Windows Server 2008R2: pkconfig_win7.xrm-ms For Windows Server 2008 pkconfig_vista.xrm-ms
  2. Replace the files here: C:\Program Files (x86)\Windows Kits\10\Assessment and Deployment Kit\VAMT3\pkconfig with the new files
  3. Get the latest ADK/VAMT here: https://go.microsoft.com/fwlink/?linkid=2026036 For VAMT Setup and Activation, Refer to: https://docs.microsoft.com/en-us/windows/deployment/volume-activation/introduction-vamt

Install The MAK Key On The Isolated Air-Gapped Computers

  1. Select the discovered computers that require having this MAK key.
  2. Right-click the selected computer’s and select “Install product key…”.
  3. Select the desired MAK key and click “Install Key”.

The VAMT displays the Installing product key progress window while it attempts to install the product key to the selected products. When the process is finished, the status will appear in the Action Status column of the progress window. Click Close to close the progress window.

Export VAMT Data

Exporting VAMT data from a non-Internet-connected VAMT host computer is the first step of proxy activation.

  1. In the left-side pane, select the products or individual products for exporting.
  2. In the right-side Actions pane on, click Export list to open the Export List dialog box.
  3. In the Export List dialog box, specify an “Export to File” location with a filename such as “IslatedObjectsExport.cilx”
  4. Under Export options, select one of the following data-type options: (Will be selecting Export products only)
Export products and product keys
Export products only
Export proxy activation data only: Selecting this option ensures that the export contains only the licensing information required for the proxy web service to obtain CIDs from Microsoft. No Personally Identifiable Information (PII) is contained in the exported .cilx file when this selection is checked.

 

  1. If you have selected products to export, select the export selected product rows only check box.
  2. Click Save. VAMT displays a progress message while the data is being exported. Click OK when a message appears and confirms that the export has completed successfully.
  3. Copy the IsolatedObjectExport.cilx file to a removable media USB drive to be used in the next section.

Import VAMT Data To A VAMT Host Computer With Internet Access

Assumption: VAMT is installed on an internet connected server/client machine. If you do not have VAMT installed, repeat Step 3 of this guide on an internet connected computer.

  1. Copy IsolatedObjectExport.cilx file from the removable media (from steps above) to a drive on a VAMT node that has Internet access.
  2. Open VAMT.
  3. In the right-side Actions pane, click Import list to open the Import List dialog box.
  4. In the Import List dialog box, navigate to the IsolatedObjectExport.cilx file location, select the file, and click Open.
  5. In the Volume Activation Management Tool dialog box, click OK to begin the import. VAMT displays a progress message while the file is being imported. Click OK when a message appears and confirms that the import has completed successfully.

Request CIDs From Microsoft

  1. Select the products requesting activation and right-click, select “Activate”, and select “Proxy activate”.
  2. Within the “Proxy Activate” dialog box, select “Acquire and save confirmation ID Only”.
  3. Click Ok.
  4. Once the CIDs have been retrieved for all products, you will receive the following action status “Successfully acquired Confirmation ID for the product”.

Export The Proxy Activation Data From The Internet-Connected VAMT Host Computer

  1. In the left-side pane, select the products or individual products for exporting that you have received CIDs for.
  2. In the right-side Actions pane, click Export list to open the Export List dialog box.
  3. In the Export List dialog box, specify an “Export to File” location with a filename such as “IsolatedObjectsExportwithCID.cilx”
  4. Under Export options, select “Export products only”
  5. If you have selected products to export, select the Export selected product rows only check box.
  6. Click Save. VAMT displays a progress message while the data is being exported. Click OK when a message appears and confirms that the export has completed successfully.
  7. Copy the “IsolatedObjectsExportwithCID.cilx” file to a removable media USB drive to be used in the next step.

Import The CILx File On The Original VAMT Host Computer Within The Isolated Air-Gapped Network

  • Copy the “IsolatedObjectsExportwithCID.cilx” file from the removable media (see Step 12) onto a drive on the VAMT host in the isolated air-gapped network.
  • Open VAMT.
  • In the right-side Actions pane, click Import list to open the Import List dialog box.
  • In the Import List dialog box, navigate to the IsolatedObjectsExportwithCID.cilx file location, select the file, and click Open.
  • In the Volume Activation Management Tool dialog box, click OK to begin the import. This will start the merge process that matches the Confirmation IDs to the IIDs of the products.

Apply The CIDs And Activate The Isolated Air-Gapped Network Computers

  1. Select the products that have been merged with the CIDs in from the steps above.
  2. Right-click the selected computer’s and select “Activate” and select “Apply confirmation ID”.

Note: If you are activating products that require administrator credentials different from the ones you are currently using, select the Use Alternate Credentials check box.

  1. The “Applying confirmation ID” dialog box will appear and you should see the following message under the Action Status, “Successfully deposited Confirmation ID for the product.”
  2. Click “Close”.

Conclusion

I hope this step-by-step guide has helped you successfully activated products in an isolated air-gapped networking using the Proxy activation method from an Internet-connected VAMT host computer.

If you have any questions or comments please leave them below!

ITsPaul is a Managed Service Provider located in Ottawa, Ontario. We provide IT Support, services and offer web development.

Leave a Reply

Your email address will not be published.

You may use these <abbr title="HyperText Markup Language">HTML</abbr> tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>

*

Request a Call Back