Microsoft KMS Server

In order to activate Microsoft Office you had to install the Microsoft Office Volume License Pack, this handles the Office KMS key, The windows server kms key is handled directly by the KMS service. So yup, the one server can do both Windows and Office. The "slmgr.vbs /dlv all" command will show all activation information.

Yes, whenever I have needed a KMS key for the server I have had to call Microsoft to have that put into our account. And you are also correct in that in order to Activate windows 10 you need a newer server version. And the newer Windows 10 builds like LTSC 2019 actually require Server 2019 to activate, Here is the link to the chart
docs.microsoft.com/en-us/windows-server/get-started-19/activation-19

@@TomsTechShow
I have question what is different between kms and hack tool auto kms
And dose auto kms dose any damage to a computer ?

Once the KMS server is activated, you can then remove it from internet access, this only has to be activated once. Then place that server in the internal network to activate your locked down clients which must contact the KMS server every 30 to 90 days. If this is a virtual machine you can also have add network adapters to activate the dev and test systems. You will want it to be able to receive windows updates. Which can be done with Windows Update Server.

@@TomsTechShow Thanks again. Does the KMS have to be a Domain member computer? In other words, can the PROD KMS reside in a DMZ and "all computers" connect to it in the DMZ?
Long story made short...I wanted to use an Update Server but we have SCCM...a real pain with separate networks and domains. One of our networks/domains is not connected to the "corporate domain" for security reasons.

The KMS server does not need to be a domain member and can activate computers that' can connect to it, I have systems that activate over a Cisco AnyConnect VPN,. You will have to run a script on each client to perform the initial activation that includes these commands
slmgr.vbs /skms ad-kms-1.openmethods.com Your KMS server name
slmgr.vbs /ipk WC2BQ-8NRM3-FDDYY-2BFGV-KHKQY Key for the system you are acrivating
slmgr.vbs /ATO Activation command
This needs to be run at an elevated command prompt.

@@TomsTechShow I think I saw these commands in your video. Didn't make sense then. I've been reviewing a bunch of MS docs as well. They talk about TCP ports and RDP. Between those docs and your super helpful video I think I'm in the ball park...maybe on 2nd base. Thanks again so very much! I hope my "like" helps you.

KMS is a simple request and response, but the public KMS servers are not allowed by Microsoft and can be taken down at any time. Plus that site will have your public IP address and can start attacking your router.

You just create a virtual machine with virtual box which is free

Right, in order to activate a non-internet connected PC you would need to perform activation with a MAK key and Proxy Activaion docs.microsoft.com/en-us/windows/deployment/volume-activation/proxy-activation-vamt

I think you are mistaken, Key Management Server is ideal for a standalone domain/network. MAK (multiple activation keys) use (1) Code/Key or (2)proxy server. I’ve been doing a lot of research on this last two days for work.

@@rossuser The KMS Server needs access to MIcrosoft and the Clients need access to the KMS server. So a system that has no network connection to either would have to be activated in an alternate way.

Tom's Tech Show! Not true, you can setup a offline kms server without MAC. Install the kms key and then activate it over the phone. The kms server does not require the internet for this.

Yes you will need Licenses for the systems that you will be activating.

As long as the subnets are connected and routes setup, then the KMS server will be able to activate your clients.

As long as there is a network route and the server is reachable. It will work

Tom's Tech Show! Thanks for clearing that up

So once you get the KMS server activated, you only need to put the general KMS key onto the workstation. As long as you have at least 25 workstations activated they will activate. They Keys for the workstation can be found at Microsoft. docs.microsoft.com/en-us/windows-server/get-started/kmsclientkeys No special key is needed for the server other than the main KMS key you get from Microsoft.

@@TomsTechShow Perfect, thank you. I was thinking I needed to install each KMS key. We have well over the threshold for activation. We were just frustrated with not understanding why they were activating when it wouldn't accept the key.

and if you are using it for Servers then you need to keep the number above 5.

In all my years I have never has the chance to setup Office with KMS, I will some research and see what I can come up with.

@@TomsTechShow thanks for quick reply. I am researching on how to do that for office but couldn't find any video. Your video was pretty close.

So yeah, KMS can be used to activate Office, which is why in a business you can install without a Microsoft Account. You may be able to setup your business email account in Microsoft to use the web features. Check with your I.T. department. I have clients that sync active directory to the cloud so that the users can use the Domain account as a Microsoft account.

Microsoft will only allow you to use the key for the server once. However, I have ours setup as a Virtual Machine and I was able to copy the VM, rename it and bring it up in a different location and it started handing out licenses.

This would depend on whether your KMS IP address is a private or public IP. If it begins with 192.168 or 10. or 172.16 then it is on a local network, If it is a public IP your can use a site like www.whatismyip.com/ip-whois-lookup/ to find who owns the IP endpoint.

So you have to purchase at least 5 server licenses or 25 desktop licenses from Microsoft, then you have to request from Microsoft a KMS key, That key is installed and activated with Microsoft. After that for all of the client desktops or servers you use the list of KMS client keys, that is where everyone uses the same key. You have to also tell your system where your KMS server is. For example kms.tomstechshow.com. Then your clients activate against that system. The client system must contact the KMS server every 90 day to stay activated. Legally there is no FREE way to do it. So the last part of the question, if you are using someone else’s KMS server and they shut it down then after 90 days you will be deactivated. You can REARM the system 3 times to get another 120 or so days, but then it will stop working after that.

I can shine some light on that, there are malicious articles out there claiming this is a free and legal way to activate Windows or Office and then point you to a specific kms server they operate. These aren't real kms servers but small programs on their side that always respond to the client with a license.
While it is correct this is a method to activate Windows 10 for free it is NOT a legal way to activate Windows. Neither are OEM keys or those cheap $10 retail keys as the latter are done trough creditcard fraud and OEM keys are only legal when used on the system they shipped with. They will never sell for less than $60.
The last thing people sometimes conflate is a kms activation tool. These tools are based on those fake activation servers or a token that makes the fake kms activation last until 2038. These are also not legal and not what we use in the corporate world.
So when you are setting up a license infrastructure for a company and you think KMS might be a good way to go always use the tools shown in this video and not projects of github or public kms servers.

Check the web page docs.microsoft.com/en-us/windows-server/get-started/kmsclientkeys for the list of keys.
Then the batch file is:
slmgr.vbs /skms ad-kms-1.openmethods.com
slmgr.vbs /ipk KMS-KEY-FROM-ABOVE-SITE
slmgr.vbs /ato

So the servers in the CZcams videos and others that you find online are breaking Microsoft Terms of service and can disappear at any time, the activation is a simple challenge and response but they can track your router IP address and quickly find the model router you have and start sending attacks on your network. KMS activation is for businesses to maintain systems within their own closed network, not for any public use.

@@TomsTechShow how can you remove this? any tips?

@@ichirougillian7015 you need to just add a valid server to activate against. Or apply a windows license directly

@@TomsTechShow So if I remove the KMS based license am I safe? Like removing windows activation?

You can point to a valid KMS server or add a valid windows key.

If you are talking a KMS server someone has put out in the public, be aware Microsoft can shut it down at any time. Currently there are no recent vulnerabilities that I have found. but that does not mean there are none out there. Best to get a licensed copy, you can extend the activation time by entering slmgr.vbs /rearm do that a few times will almost get you a year. Then just re-install windows again.

This is what I have done before, but you will need an OEM or Retail Key to activate after this update:
To convert, do the following:
• Press Windows Key + R
• Type cmd in the run command line and press CTRL + SHIFT + ENTER to gain administrative access
• Type: slmgr.vbs -ipk and press enter
example: slmgr.vbs -ipk 12345ABCDE12345ABCD12345
• Then type: slmgr.vbs -ato
If you have no 25-digit Windows 10 Retail Key and the PC was purchased with pre-installed OEM license, you need to use the following Generic Key:
YTMG3-N6DKC-DKB77-7M9GH-8HVX7 - If your had had Home version even if you upgraded to Pro through Windows Store
VK7JG-NPHTM-C97JM-9MPGT-3V66T - If you had Pro. PC was purchased as Pro not upgraded from Home
BT79Q-G7N6G-PGBYW-4YWX6-6F4BT - If you had a Single Language edition
These Generic keys will just convert KMS to OEM but will not activate Windows. To activate, you need to go through the digital activation after the conversion by signing in with the Microsoft Account where your Digital Key is associated. To do that, go to Settings > Update & Security > Activation > Add an account
* Note: If the activation says "Windows is activated with a digital license lined to your Microsoft Account", no need to do anything.

First, I would check with the institution if they have a window key available to use, I always keep some in reserve just for situations like this. Setting up a KMS server might not work because in order for the KMS server to be activated itself you would need at least 25 windows clients getting their activation from the server before it becomes valid. Lastly in order to get a legal LTSC windows key you need a volume license agreement with Microsoft, you institution may have that which leads me back to the start and that is to see if a spare key is available for this system. Last option is to just purchase Windows 10 Pro and install that on the system. This is where Microsoft kind of shoots themselves in the foot with the activation thing.

The problem is KMS servers on the internet are run by unknown companies, often who sell you windows for cheap just to make a buck, there is no guarantee that these servers will be up for any extended time. and you need to have your windows connect to it every once in a while to validate the license.

@@TomsTechShow Does connecting to those servers have any risk
Like malware or something

While KMS is done through an anonymous remote procedure call. I can potentially expose your public IP address to them. These servers are also breaking MSFT licensing agreement and can be revoked at any time.

@@TomsTechShow MS does not suggest running a kms on a public network . if they do they will send a command to the server to shut down the kms (With a specific key) so i would not advise syncing it to a public network. also you have to have the right media for kms use Oem will not work as well as home pro. we have specific iso from technet that we use for making os builds.. also the machine has to touch the kms every 180 days or it will deactivate.

Thanks for the help 😊

KMS keys for the client are all the same per each version of windows.

KMS is a safe and preferred way to bulk activate computers on a corporate network.

@@TomsTechShow Thank you for answering sir..

@@TomsTechShow Can kms server owner spy on us...like if we've activated our systems using their server and are they able to check out our activities or not?

Using a public KMS server will expose your router IP address to that system. The server can also be taken down by Microsoft at any time. At this time I am not aware of any exploits currently. That does not mean that there are not attacks being developed and some may exist. And your computer has to contact this system every 90 days so you are constantly advertising your connection to the internet.

@@TomsTechShow Thank you for responding sir.

Make sure that your router firmware is up to date and you do not have RDP or any other ports forwarded into your network. Keep your A/V up to date. And know that the KMS server may go away and you will become non-activated.

@@TomsTechShow thanks there is not ports but there is in the router but these ports are from https is it ok and http too

Make sure that external or remote administration of the router is disabled. The best option is to obtain a regular key from Microsoft.

@@TomsTechShow how i can make sure external or remote administration of the router is disabled . and yes i will get a key from microsoft once the kms activation end. and all the ports are just to make the router connect to the internet and i chked all the port in all the devises in the house there is not ports just the ports of the router

In many routers it is called "Remote Management" by default it is disabled, so if you have never changed it then it should be off.