Comment by Wowfunhappy
4 days ago
What does this mean for using Windows in air gapped environments? I would have assumed this was common enough to make Microsoft want to support it.
Is it possible to activate via a web browser on a separate computer, similar to the flow for phone activation?
Microsoft is the US military's biggest supplier. There is definitely a solution for this. And that solution is probably not available to regular users.
There are several solutions, and while most are limited to volume licensing, which, depending on your definition, may exclude "regular users", at least one is not:
1. Supply the code given by the "slmgr /dti" command to Microsoft over the phone or online from a non-air gapped machine.
2. Apply the resulting activation code with the "slmgr /atp" command.
The phone option just went away per TFA, which is why I was wondering if there's still an online (but on a different device) way to do this.
Yeah this. The common man rules don't apply there.
Even in Enterprise by the way. No way we pay the amounts listed on the MS website.
I would guess (no idea) that military computers log into the cloud, maybe it is a special (expensive) ms military cloud.
That then is explicitly not an "air gapped" computer, which there definitely is need for in the military and government.
Regular users buy a PC with Windows pre-activated.
You take it to Base Ops and they imaage it or they come to you and image it.
[flagged]
As per the article:
It does require logging in (to the website) with a Microsoft account, but Microsoft claims:
From there, it's just a web version of phone activation (you enter your Installation ID and presumably they give you the Confirmation ID). No idea what happens when moving a licence between machines (with phone activation, the automated process would fail due to the existing activation and you'd be handed off to someone in a call center who would generate the Confirmation ID for you).
I don't think regular Windows 11 is that useful in those cases. You probably either want an intranet connected Windows client, that gets activated and updated via a local server. Probably also a LTSC release, that doesn't get feature updates all the time.
Or a Windows 11 IoT image, that only enables some specific features, and is stripped down for a specific purpose.
For individual use I guess the solution is to set it up once with internet connectivity and air gap afterwards.
>For individual use I guess the solution is to set it up once with internet connectivity and air gap afterwards.
That's simply not good enough for some purposes. Once a computer is connected to the internet, at all for any amount of time, the system could be considered to be less secure.
Sure, but why do you need to use Windows for such a specific setup?
1 reply →
Key management services or Active Directory activation.
This is a small roadbump to home/smb free activations.
air gapped
AD and KMS work in an air gapped network just fine.
VAMT proxy activation, or full fledged volume licensing with KMS
These acronyms are not super helpful, and just wildly guessing at what "VAMT" means it probably is nowhere near qualifying as airgapped.
Do you have access to Google?
VAMT proxy activation is airgapped in the exact same way the “old” telephone way was; VAMT acts as the server that you used to call on the phone. It trades one token for another. You side channel the tokens across to and from the airgapped machine.
you probably need to stand up a key management server (KMS)
That is not air gapped
The original post said "air gapped environments", not "air gapped computers". Running several computers on a network which has no connections to the outside qualifies as an air gapped environment, and will let you use a key server just fine.
My assumption is that the system is on an air-gapped network, as individual systems that are completely isolated are typically not very useful as a full user environment, and are more likely to be fully embedded systems instead.
Internal key activation can be done through a KMS host , which can be activated by phone (or some other dedicated mean if you're big enough for MS to care)
https://learn.microsoft.com/en-us/windows-server/get-started...
Just don't activate. It's not necessary.
Can't remember what, but there will be functional limitations if you don't activate, even with a verified key.
If you're a home user, I agree. But if you're a business, wouldn't this be a liability?
Liability would be to not purchase a license, not failing to activate it.
Only risk would be to not have suppport available.
3 replies →
I bought the darn thing, I want the full package
The closest solution is using IoT LTSC
Last time I tried to use it for an appliance, we weren't able to buy licenses. Microsoft gave us the contact to the only reseller in our country, and they couldn't find anyone in the company who knew how to sell Windows IoT licenses.
Edit: We only wanted to buy around 20 licenses, so their motivation was also not that big to figure it out.