Today is December 4th, 2019, and with 40 calendar days away from the Windows 7 End of Support (EOS) deadline, some organizations are unable to complete the transition from Windows 7 Pro or Enterprise to Windows 10 - or from Windows Server 2008 and 2008 R2 Datacenter, Enterprise, or Standard to the latest version of Windows Server - on time. Microsoft gives these enterprises the option to ensure that these devices running these select editions and versions continue to receive security updates while they complete their Windows upgrade projects.

Microsoft's blog post goes into great detail how volume license customers can purchase, install, and deploy Extended Security Updates for eligible Windows 7, Windows Server 2008, and Windows Server 2008R2 devices to ensure those devices stay protected after January 14, 2020.

Based on interactions with customer's we are seeing certain challenges that may arise when attempting to perform bulk activations on systems (especially those that are completely isolated from any larger network), including:

• Unlike KMS, the client can’t just acquire the key from the server. It needs to be proactively pushed to the client. Clients that are rarely used, might “miss” the installation or activation of the key.
• VAMT requires the input of administrative credentials to connect to the clients
• Firewall rules need to be in place: this may require a lot of time to implement in complex environments
• Clients can’t connect to the Internet or the VAMT host because of security reasons. They can communicate via a few well known ports (e.g. 80/443) only
• Offline activation of thousands of stand-alone clients is very time consuming
• Multiple VAMT hosts need to be set up in a multi-forest environment

To overcome these challenges, Daniel has developed a solution named ActivationWs. ActivationWs provides customers with a “pull-based” activation solution. It eliminates the pre-requisites that VAMT brings along and reduces obstacles our customers could face in the product key activation process. ActivationWs can also be used to support customers in offline based scenarios and this in turn reduces the total activation time by at least 50% .

So how exactly does ActivationWS work and how does it benefit the customers?

1. The customer deploys the Powershell script to the clients (e.g. using ConfigMgr)
2. The script installs the ESU MAK key, queries the Installation ID and Product ID and sends a SOAP request to the ActivationWS web service (e.g. over port 80/443)
   *the ActivationWS web service is installed on the customers’ host (.Net 4.5 application pool) and requires internet connectivity. Windows 7 clients do not need to be connected to the internet
   
3. Installation- and Product IDs are sent to the Microsoft BatchActivation Service
4. Confirmation ID is returned to the customers´ web service, which will then return the Confirmation ID to the client
5. The script deposits the Confirmation ID

Sample code is available on GitHub. Please share your experiences, should you use this solution in your environment.

Happy ESU deploying!

Disclaimer: This sample code is provided as is with no guarantee or waranty concerning the usability or impact on systems and may be used, distributed, and modified in any way provided the parties agree and acknowledge the Microsoft or Microsoft Partners have neither accountabilty or responsibility for results produced by use of this solution. Microsoft will not provide any support through any means.