I'm going to start off looking at a mass activation script on github that somebody else wrote. I want to see if I can port that over because I need to activate windows pro keys. The last part that's missing in that script, if I fix the issue yesterday for onboarding the computers, is that the windows key activation is missing. I tried to do something before, but it didn't work. So this would convert windows home versions to windows pro versions, and I've tried to do something with the windows activation itself, with the windows license key management and windows activation service, but it didn't seem to work. So I want to look at this mass activation script and see if I could add it in and test it right now, because these computers will need to be updated from home to pro as well. This would be a good testing time.

I'm still looking into this Mass Gravel Microsoft activation script here.

I've read through the code of the script on the github, I'm reading the documentation in terms of command line usage and how it's used. It's meant to be used dynamically online, but I want to download the code and embed it into our program, just so that it's available there. There's two ways that we can, where is this here, command line switches, activation methods. The main ways to activate that we're going to look at are going to be hardware ID based and KMS38 based. Hardware ID, the activation is permanent, doesn't leave any files in the system to maintain, however it does not work offline, and it does not persist between hardware changes, but it persists between clean installations on the same hardware, so if we reinstall, then that's fine, and persists between Windows 10 and 11 feature upgrades, which is good, supports Windows 10 11 and 11 26 100.4188 and later, so it's the most common ones, and it works with different licensing including volume licensing, KMS38, that one works offline, the activation is permanent until 2038, which is more than enough, because the operating system will be changed by then, same thing, doesn't leave any files in the system to maintain the activation status, it's not persistent between hardware changes, like the hardware ID, and the only issue is it does not persist between clean installations on the same hardware, so because it doesn't use a hardware ID, it's not saved in the BIOS. It does, however, persist through Windows 10 and 11 feature upgrades, but yeah, it doesn't require internet connection, it can work offline, and same thing, it supports Windows 10 11 and 11 26 100.4188 and later, but it looks like it's only capable to work on volume activation capable editions only, which is the licensing that we have, but I think I would prefer to do the hardware ID version, just because then it becomes persistent, and if we have to reinstall, we don't have to set this whole version all over again, so I'm going to look into that a little bit more.

I'm still reading over this. So this Microsoft activation script, it's something submitted in GitHub. There's about 20,000 lines of code in it, and what it does is it works with changing versions and activating product keys. So the main reason for looking into this is that all these computers that we buy, if they come with Windows Home, they cannot be domain joined. We have to apply a Windows Professional license, Windows 11 Professional or Windows Enterprise license or higher. Now, some of the functionality in Intune is only supported on enterprise versions as well. So like changing background, apparently, is only or background, background or lock screen, I think, is apparently only an enterprise, only capable to be done on Windows Enterprise system. So here's a big situation, or the big issue and the reason that I'm doing this, and actually I'll do it in a new message, just so it's clear.

The issue and the reason behind what I'm doing is that when we buy a new computer, if it comes with a professional version, we pay a lot more for the computer, fine. Some of them come with professional versions. But those that don't come with a professional version, they come with a Windows Home license key. You cannot domain join to enter ID a Windows Home license. Windows does that specifically. So Windows Home is meant to be a home use, you know, you're a regular home user. Windows Pro is meant to be used for business. Businesses should not be buying Home Edition versions, aka Microsoft wants you to pay more money for the business version to use for your business. So that's how they're kind of hooking in home users and, you know, they don't really care about the home user licensing. They care more about the business or the server licensing, which is a lot higher. So that's why when you buy a new computer and it comes with Windows Home and you try to domain join it, Microsoft will not allow that, even if, even if you have something like Microsoft Business Premium, which automatically includes an enterprise license. You will not be able to join a computer that you purchased with Windows Home, which is absolutely stupid because you are paying for a Windows Enterprise license as part of the business premium. Technically, though, how Microsoft licensing works is it upgrades based on tier. So from Home, you'd have to upgrade to Pro, and then for Pro, you could upgrade to Enterprise, but you couldn't directly move from Home to Enterprise, which is still stupid because if you buy a brand new operating system on your own and you just want it to come with Enterprise and it should come with Enterprise. Anyways, that's just Microsoft and how they do their billing and how they play their money game, their semantics for billing. So yeah, that's why I need to do this.

In summary, what this script does, or what it's supposed to do, is it's supposed to change the activation version, and then use a generic online activation, or online or offline activation, either using hardware ID or KMS38, which now that I look into it might be a better option because we don't lose our genuine license key, which is good to retain. But what it does is it uses a generic product key, and so if we use a generic Windows Professional product key, or generic Windows Enterprise product key, then it'll allow us to domain join the computer, and then either way, whenever a domain joins it, and the license is assigned to the computer, it's going to get that free upgrade to Enterprise or Business version of the operating system anyways, which means that everything should be legit after that. The reason this is taking so long is there's 20,000 lines of code, 19,434 lines of code, and I could just take this script and I could just run it, but the problem is, if I run this script and it downloads some kind of malware, then our computers are infected. So the advantage of open source is that you can read through all this code, and there's a lot of garbage in here actually that we don't need, and there is some things that kind of worry me a little bit, not really that much, but I want to try to figure out how this is working, and I want to make sure that everything is safe and it's not downloading any kind of malware or causing any kind of vulnerabilities, because that's the last thing that we want, is to use an activation script and do that, and use it, and then we get some kind of malware in the future, and then we're kind of screwed.

The alternative to this is purchasing these volume license keys, which some are legit, some are not. We purchased a bunch of them, we're kind of running out of them now, so we'd have to purchase more of them coming up, and then we'd have to store those license keys somewhere. That kind of becomes a bit of a headache, because then we always have to replenish that. So using mass activation or Microsoft mass activation script would be better, because we'd never have to purchase those keys again. We could just activate a key and then rely on Microsoft to assign us a new key. So that removes a cost and complexity in doing it, and time delay whenever we need to, and it becomes very scalable. The alternatives would be buying these kind of cheap licenses, or buying the full licenses, resetting the product key, manually adding it in, either through Terminal, like PowerShell, or Command Prompt, or actually spooling up the computer, creating a user profile, applying the license key, and then resetting the computer, and then domain joining the computer. It just becomes like, it turns a process that we could streamline, and the self-installer does everything within 15-20 minutes on its own, unattended, or it's something that ends up taking two hours, and sufficient technical knowledge of what to do, how to do it, etc. And the advantage as well of looking over this activation script, because yeah, you could just run it a one-off. The problem is that I do see that there is an update function right at the beginning of the script, somewhere around line 2000, I think. It checks for an update, and so the issue with that is, even if I check this version, and somebody runs a mass activation script in the future, then there could be potential malware in the updated version. So what I would be doing is, I would be taking a stripped-down version of this, removing the update features, removing all the unnecessary features, and just trying to focus it on doing that product upgrade to Windows Professional, or to Windows...

I kind of forgot where I was now, so I'm going to have to go backwards now to figure out where I was in this script.

Maha called me about 15 minutes ago. I'm still on the phone with her. I just got the email set up for her.

Alright, so I just finished with Maha. I was on the phone 20 minutes, 11 seconds from 10.28am until 10.49pm. I connected to her computer remotely, tried the email, something didn't work so I ended up just resetting the password and we made it something easy. I texted the password to Maha, I think she saved it. Tried it on the computer, everything logged in and it worked. Oh my god, Microsoft updated something. What the flip is going on here? I don't like this at all. Anyways, they did that. Sorry, we did that and then I just made sure she changed it on her mobile phone, the password for her email app, which she did and everything seemed to work. So that was all. I just have to look into one more thing here because when I was changing the password for Maha, I did notice that there was some kind of an issue with the server that she's on. It was using really high load. So I'm just going to look into that right now. And also when I tried to do the initial voice update when Maha was calling, it failed to do it as well because of the high load. I think I know why, but I just want to double check.

I'm not sure what's going on. Anyways, I'm going to import this and go back to that. Everything seems to be working fine for everything. So I guess I can close this and exit. Okay, I've closed that. Okay, back to this mass activation script.

Tony just messaged me and I'm not sure what's going on, so I'm gonna have to deal with him right now. Jesus Christ. How are you? I'm fine. Get to the point. Good. How can I... Oh. I don't have any info on the laptop. Jeez. I'm a fucking mind reader. I'm just inquiring about the laptop. So anyways, I'm gonna get back to this so I can do this and activate everything and get it done.

All right, I just wrote, actually using chat GPT 4.5 research preview. This is totally what I want to do and what I've tried using the SL MGR, IPK didn't work. So I told it that may reference some of the documents that I was looking at. And then it just asked me some questions and I answered them. It asked me some more questions and I answered some more. And I'm gonna let it try to do the research and I'll see what it kind of comes up with to save myself some time. Cause I have like 40 tabs open right now of research and it's taking a long time. And I know that there is a way and I have an idea of how to do it, which I kind of hinted to chat GPT because originally it was just telling me to do the SL MGR approach, but you can't do that. Going from home to pro, you could only do that home to education or pro education, or you can go from pro to pro or pro to enterprise with a command line script, but anything else going from a home version of Windows needs to be done manually through the Windows license management, which means there is a way to do it actually. There definitely is a way to do it. But my idea is actually using this mass script and there must be a way to force an addition upgrade. So I wanna do an addition upgrade to pro and when I'm doing that, use a temporary product key and digital license, kinda like a fake activation, I guess. And then that will apply this license. And then if we wanna apply our own license after, then we can do a pro to pro and it'll work. The issue is that Microsoft just doesn't support a home to pro approach. So it's a little bit limiting. Anyways, I'm gonna let this do its digging. And in the meantime, I guess I'm just gonna look over the rest of my script to make sure, because I think I'm just missing the final restart when everything was done. Oh, actually, the final restart is probably there actually. It's just that the script never actually went that far because... It just never got to the final screen. So final screen here is saying, summary of actions....

Alright, I got the computer now and I'm gonna unbox it. I'm gonna actually unbox both of them and put the other one on charge as well. Jesus, this looks like a pretty fucking decent laptop. Thin, lightweight, has a number pad as well. It's definitely a little bit gamey. Has a Thunderbolt port as well. Caution, high frame rate zone. I wish they did not put these additional stickers on that are really not necessary. What can you do? There is definitely gonna be deep loading necessary on this computer. I can feel it. I can feel, I can feel that there's gonna be a lot of game bloatware already on there. But, whatever, it is what it is. This script should do fine.

The other option that I actually have to all of this license management is, I can actually create an ISO, which is an image, a system image, and I can load it onto a USB, and then every time we have to reset a computer or get a new computer, plug that in and reset pretty much everything on the computer to our own ISO. The only thing that I don't like about doing that, and that would be completely clean, we wouldn't actually have to debloat the system after anything as well. The only thing I don't like about that approach is that sometimes these computers, they have drivers specific to this computer, so for example, Nvidia drivers, they should be available in Windows Update, but there may be certain display drivers that are not available right away, and the issue that I have with that is, if we get a computer that's got some kind of new display technology, and we don't have that driver ready to go, then when we try to, it's got an Ethernet port and everything, beauty, and it has an HDMI, so the only problem is that if we get a new computer and it has some kind of a custom new driver, or display driver, or the ISO at a certain time, will need to be maintained, will need to be updated, because when the drivers become outdated, then we won't actually have the driver, and the monitor will not even turn on at that point in time, so there is a slight risk in doing that. I don't know how to work around that, because once you flash it, you flash it, and you don't have any way to go back, and at that point in time, it would be like an emergency, you know, re-stream, like re-create a new ISO with the drivers. That would be actually a pretty good thing, so create our own ISO, that would probably take me a bit of time, that would probably take me a couple days to do that, so I'm hoping that this might work, I don't know, we'll see, maybe I just have to include very good instructions to update the license key, I don't know.

Anyways, the computer is plugged in, and ChatGPT just got me actually the response that I needed. So I'm going to read through that and evaluate that right now, and then just explore this real quick right now.

I just read the comprehensive thing that it wrote, and it's saying that apparently, apparently, the solution should work, that I have. For some reason I feel like it doesn't work, and I don't know why. But, there are a couple things that it suggests, like starting the License Manager, and the Windows Update Authentication User Service, which I haven't done in my script. And, the other thing that it says is, that I should unlicense the current key. Do I do that? So, I do upgrade from home, manual input key, blah blah blah, SL Manager, ok, so I don't release, I don't release the old key, so I'm going to try adding that in here, to release the old key. Genuine Pro Key Retail Version, yada yada yada, or use a temporary generic. Optional uninstall current home product, SL MGR VBS UPK. I do not do that. Or equivalent SL UI slash UPK will remove the installed key, the OEM from the home. This can prevent conflict when applying the new key. Then, I have to make sure that the License Management and the Windows Update Authentication, or Windows Update whatever service, is started. And then initiate, not using SL MGR, but using changepk.exe instead. And then I would be best off doing a timeout. Doing a timeout. That would... restart after the timeout. Just in case, because it would have to restart on its own within a given time frame. So, I'm going to actually modify this script right now, and see that. Thanks for watching.

I'm gonna see if I just tasked AI with finishing up my code for me, so we're gonna see what it does. In the meantime I'm gonna tweak this code a little bit more and hopefully within half an hour I will be able to run that install. Computer's just charging right now. In the meantime I feel like I've gotten a few emails since then and I wouldn't be surprised if it was from... no email, but I did get a text message. I'm gonna log in and see if there's an update on that social media platform there because we don't get new notifications, only reminders every day at 8.

I'm just updating my script now.

Alright, I think I'm done, so we're gonna try it, I guess, and we'll go from there. So I just modified it to use DISM instead, which might work, might not work, I don't know. We'll give it a try. If not, I have a failover, which is gonna start the SLUI to do the update manually, and hopefully that will do it, and by the time we get in the second time, it should be able to update and run. So we will do that, and see if it works right now.

I'm starting up the computer now, and I have to look up the documentation for this because I forget the password that I used, but it should be in the README file. It is. Perfect. So I'm going to give this a try. It's booting up right now. All these colorful lights.

all right the computer just I guess it didn't have it fully installed yet so it was running the install and 10 right there come in here oh I need to connect to internet first it's a country right we are Canada yeah yes skip you gotta connect to Wi-Fi I need to get the password I'm gonna do it right now and I'll check back to see how it goes

I don't know I was saying it for some reason didn't work but we'll see now that it's rebooting if it's gonna do anything saying just a moment so who knows I'll give it a try now and if not I'll have to set it manually

Well, it's safe to say that AI will not be taking my job anytime soon, because I just wasted time trying something with AI to speed my time up, and it's now going to take me a lot longer to get this shit done. Anyways, AI, yeah, rely on it to save you time, obviously not.

all right so I ended up changing it manually like the whole thing that AI did suck I'm not gonna redo it now I'll redo it on the next computer just because I want to get this dropped off today because I don't want to do I don't want to waste time tomorrow if I go in tomorrow IEX new object net web client .download.https://mdm.manifest.com magentaconstruction.com slash windows slash OOBE slash run enter my credentials initializing computer nameset okay autopilot registration let's see if this time at least the one thing that Conrad changed will work provider must be yes install and admin.microsoft.com and I'm going into installing windows autopilot intune module graph intune graph authentication installing installing installing windows where's my enrollment policies devices we're gonna see if it sets my computer name please wait please wait up to 30 minutes for device import now we're waiting should only take 10 minutes that started at 237 actually I should be in active directory portal.issuer.com oops I'm still recording

Alright, so I see it here in Microsoft Azure, so it shows up right away. So the registration started at 2.37 and it's already showing up in Microsoft Azure. I'm just waiting for it to show up in Autopilot Profile. It's not enabled yet, unknown, Microsoft, enter, join, no owner, no MDM, no security settings and not yet evaluated for compliance. We'll let this do its thing, I think it should take 10 minutes.

Nope, apparently it only takes 3 minutes and 30 seconds. And it has been imported, so that's good. Now it's going on to check the synchronization with Autopilot. And in fact, I do see it now in the Autopilot enroll, just no profile is assigned. Oh! Oh! Oh! Oh! Damn! So, apparently it set the computer name, and everything is set up. But it has not updated in the system yet, but it's saying, set new hostname, hostname assigned, no fucking errors this time, registered new device with Autopilot. But the profile status is still not yet assigned. I will have to add a wait for profile status. In Autopilot enrollment script, need to wait for profile status to be assigned. Not pending. And then when it becomes assigned, we can do the, it will automatically enroll. But it made it through without errors, on my part, that I fixed.

So I just hit the key to restart it and actually I wonder if the profile status is based on whether it's been assigned to a computer or not. It still says pending. We're gonna see if it pulls up. Still says pending here. Still pending because I wonder if it becomes assigned when when it loads now. And the righteous side of that... The righteous side doing some updates Still pending. Computer is saying just a moment. It has now rebooted which to me means that it realized that we're now going into an autopilot device. S-L-U-I. S-L-U-I.exe to do manually. It's still pending here and it still doesn't have an MDM assigned in the other one. I feel that this profile status will change to the sign whenever I sign in. Probably. Conrad at magentaconstruction.com. Pending, pending, pending. Because maybe it needs the authentication. But it is picking it up. Microsoft seems slow to update their stuff. But I think this is good enough. So all I have to do is worry about the license and how to do that. That could be a manual step I guess. Seems to be good so I'm going to let it do its thing right now and install these apps.

Yeah, the profile must be assigned because it's working on setting it up right now. It's just not, uh, it's just not completely there yet, so probably just slow updating on Microsoft's side.

Oh, looks like it assigned the name and everything as well. So I'm going to add this member right here for the debloat as well. And has been added. So hopefully it will debloat the computer as well. I just got to check if this is a required or not. Windows apps, magenta, computer debloater properties. It is required. Okay. But in autopilot, enrollment, deployment profile, autopilot, profile, properties. Okay. Let's see how the box experience. Ba, ba, ba, ba, ba, ba, ba, ba, ba, ba, ba, ba, ba, ba. Okay. Hmm. Hmm, hmm, hmm, hmm, hmm, hmm, hmm, hmm, hmm, hmm, hmm. Always on the run. But how am I including software in here now? I forget how to do this. User-driven software terms show, privacy settings show, account administrator allow pre-provisioned deployment. Yes, language. Eek, I don't know if that's going to be good. I think this has to run. Hmm. Oof. I'm not sure if I made a mistake here or not. We're going to have to find out very shortly. Possibly. I made a mistake with the enrollment profile. One sec here. Windows protection, manage apps, Windows apps, no, we want to go into devices and then we want to go into enrollment and it's enrollment status page, all users. Okay, properties and edit. Oh, the Magenta computer deployer should be running right now actually as part of it if it's included in the group, which it is. I don't know when I added that. Apparently I did. Securing, blah, blah, blah, registering, completed. Three of four apps installed. One, two, three, four. Hmm. Should be a lot more than three of four. There should be the company portal, should be the debloater, the wallpaper lock screen, the management is a number one that's required and OneDrive and OneDrive machine-wide. Four of four apps installed. Let's see how it's going to do. So I'm going to leave this. I think it's pretty much good. And, oh. I think it's done. So I'm going to go drop this computer off at Magenta, I think.

I'm going to let it do its update and I'm just going to do some stuff so I'm going to let it do its thing and I'm going to go to the office as soon as it's done and give this to Tony. Oh, I need to assign him as a primary user right after as well. Yeah, okay.

All right, I had to do the activation for some reason over the phone with Microsoft. Oh, I took a bit of time entering nine pairs of six-digit numbers and then waiting for another nine pairs of six-digit numbers coming back at me. But anyways, it's good now, I'm going to go drop it off at the office where it's there. One thing I'm struggling with is this annoying fucking e-board that they have with this fucking backlight shit going on, but it's all right, I will figure it out on the other computer and then I will push the update to this computer.

But I will have to do that tomorrow. So anyways, I am just going to get changed and I'm leaving now.

I'm at Magenta now, dropping off the laptop, just about to walk through the door.

upstairs in the office right now.

you

Look into the company portal because it wasn't working on a standard user account and I had to download it from Microsoft Store.

McAfee needs to be uninstalled on a user level probably, I don't know if it can be uninstalled machine-wide or not, so we'll have to change the app from per device to per user.

I need to change the light on the keyboard, so it's not annoying. I will have to look at the registry on the other computer.

Microsoft Store was still popping up suggestions which should have been disabled on a machine-wide level. Check that.

Get Allison to give Tony access downstairs on his card because it doesn't work.

Just got an email back from Bluebeams, it looks like for the SSO setup we'd need a minimum of 50 licenses, but apparently there's a way to request an exception, so I'm going to file that. But she, Jennifer, whoever from Bluebeams, said that I have to request the exception, but didn't give me any information on where to request it, so now I've got to send another message back to her, ask her where to get that exception, and then I guess go from there.

Anyways, Tony's computer is set up. For some reason, stuff was loading very slow. Company Portal didn't work, so I had to reinstall that. Teams didn't install, probably because the debloater took out Teams, but it was only supposed to take out the personal Teams, so I got to check to make sure. And it should have installed Teams automatically, so I don't know why it didn't, and it's not showing up in Company Portal, even though I added it, and I saw it just a couple minutes ago. So I'm going to have to look at that tomorrow. And there was some other weird behavior, and the Magenta Construction web drive wasn't showing up again, but I think that'll probably resolve itself by tomorrow. Microsoft works in these mysterious ways, and I've kind of given up trying to figure it out. But I will have to see what's going on with the Teams and keep in touch with Tony tomorrow about the Teams. And I did grab the old tablet that he was using, so I'll put that back in inventory, and it's ready for the next person anyways.

Leaving to go back home now, and then just going to compile these to-do list things that I have to do. And we still haven't heard back anything from the social media people. So I'm going to forward them a quick message as well later on.

I think I forgot to sign out here. Fuck. Obviously, I forgot to sign out here because I see it's on. I signed out on my other app at like 6.08 or 6.18. I don't remember anymore. Anyways, I got back home. I don't remember what I did anymore. But I do remember that I realized one thing. Number one, AI is not going to replace me anytime soon. Because what I had AI do, it sucked. It made it worse. In fact, I had to call Microsoft and get on the phone before taking off to do a manual activation on the Windows device, which I've never had to do. And trying to figure out why that happened, I realized when I got back that AI suggested that I unlicense or remove the serial key for the Windows key, Windows product key, Windows Home product key, before adding the Pro product key. Because apparently, people had complained that there was an error trying to do that. So the error happens because Microsoft doesn't allow you to do a Home to Pro update. Because obviously, they're selling a Home edition. Why would you need to do a command line Home to Pro update? You should just do a manual one if you do decide to go down that route. Command line is more implemented for automation. So it'd be like Windows Pro. Or if you're going Home to Education, for example, because Home and Education are allowed to work. Education kind of gets discounts that way. Anyways, command line changing Home to Pro is not possible. So I guess one could think, hey, if we unlicense Home, then we can license Pro. But here's the kicker. And here's where AI is fucking stupid, is that Pro is not a Pro license. Pro is an upgrade of a Home license, most of them anyways. You can get a straight Pro license, but those cost a couple hundred dollars. And most licenses that are sold as Pro are not standalone Pro. So a standalone Pro license might cost like $300, $400, $500. An upgrade license from Microsoft is like $100 or $200. We got an aftermarket license, which was a retail license. But it was equivalent to that $100, $200 Pro upgrade license, which...