KMS Activation Filtering
We are planning our KMS environment. We would like to be able to have multiple KMS servers and control what types of clients can activate against them. We currently use our Group B key and I realize this can activate both servers and clients. We would like to have one server for activating clients and the other server for activating servers only.Is this possible? To add a wrench to it the KMS hosts are in a forest that is not trusted by any of the other forests.Thanks in advance for any suggestions.
December 16th, 2009 1:13am

Hi, I am afraid that we cannot do this. But you can manually assign a KMS host to a KMS client: 1. Log on to the KMS client computer. 2. Open an elevated command prompt. To do this, click Start, click All Programs, click Accessories, right-click Command Prompt, and then click Run as administrator. 3. At the command prompt, type one of the following options and press Enter: a. Assign a KMS host using the host's FQDN, type: cscript \windows\system32\slmgr.vbs /skms <KMS_FQDN>:<port> b. To assign a KMS host using the host's version 4 IP address, type: cscript \windows\system32\slmgr.vbs /skms <IPv4Address><:port> c. To assign a KMS host using the host's version 6 IP address, type: cscript \windows\system32\slmgr.vbs /skms <IPv6Address><:port> d. To assign a KMS host using the host's NETBIOS name, type: cscript \windows\system32\slmgr.vbs /skms <NetbiosName><:port> Hope it helps. Tim Quan - MSFT
Free Windows Admin Tool Kit Click here and download it now
December 16th, 2009 5:12am

shame....Thanks for the reply !!
December 17th, 2009 8:34pm

Has anyone tried to segregate KMS hosts and the clients that are authorized to activate with them using the "Access this computer from the network" local security policy setting? KMS does use RPC which this setting will impact. A group containing only the "allowed" KMS client computer objects could be added to the local security policy. This would be desirable in environments where there are multiple groups responsible for administering end user systems, all with different volume license product keys that would like to leverage the benefits of KMS and KMS client DNS auto-discovery without inadvertently activating against each others KMS hosts. Manually configuring hosts would introduce the need to push remote jobs to end user systems if a change to the KMS server is necessary in the future. Additionally, only one KMS host can be specified in a manual configuration thereby, removing redundancy capabilities (I know that the extensive grace periods reduce the impact of not having redundancy but, some customers require it).
Free Windows Admin Tool Kit Click here and download it now
April 14th, 2010 10:04pm

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics