Configuring KMS Hosts
Software License Manager, sometimes referred to as SL Manager (Slmgr.vbs), is a script used to configure and retrieve Volume Activation information. The script can be run locally on the target computer or remotely from another computer, but it should be run from an elevated command prompt. If a standard user runs Slmgr.vbs, some license data may be missing or incorrect, and many operations are prohibited.
Slmgr.vbs can use Wscript.exe or Cscript.exe, and administrators can specify which script engine to use. If no script engine is specified, Slmgr.vbs runs using the default script engine, wscript.exe.
Note KMS requires a firewall exception on the KMS host. If using the default TCP port, enable the KMS Traffic exception in Windows Firewall. If using a different firewall, open TCP port 1688. If using a non-default port, open the custom TCP port in the firewall.
The Software Licensing Service must be restarted for any changes to take effect. To restart the Software Licensing Service, use the Microsoft Management Console (MMC) Services snap-in or can run the following command at an elevated command prompt:
net stop sppsvc && net start sppsvc
Slmgr.vbs requires at least one parameter. If the script is run with no parameters, it displays help information. Table 1 lists Slmgr.vbs command-line options along with a description of each. Most of the parameters in Table 1 configure the KMS host. However, the parameters /sai and /sri are passed to KMS clients after they make contact with the host. The general syntax of Slmgr.vbs is as follows:
slmgr.vbs /parameter
Table 1 Slmgr.vbs Parameters
Parameter |
Description |
|---|---|
/sprt PortNumber |
Sets the TCP communications port on a KMS host. Replace PortNumber with the TCP port number to use. The default setting is 1688. |
/cdns |
Disables automatic DNS publishing by a KMS host. |
/sdns |
Enables automatic DNS publishing by the KMS host. |
/cpri |
Lowers the priority of KMS host processes. |
/spri |
Sets the priority of KMS host processes to Normal. |
/sai ActivationInterval |
Changes how often a KMS client attempts to activate itself when it cannot find a KMS host. Replace ActivationInterval with a number of minutes. The default setting is 120. |
/sri RenewalInterval |
Changes how often a KMS client attempts to renew its activation by contacting a KMS host. Replace RenewalInterval with a number of minutes. The default setting is 10080 (7 days). This setting overrides the local KMS client settings. |
/dli |
Retrieves the current KMS activation count from the KMS host. |
Running Slmgr.vbs Remotely
To run Slmgr.vbs remotely, administrators must supply additional parameters. They must include the computer name of the target computer as well as a user name and password of a user account that has local administrator rights on the target computer. If run remotely without a specified user name and password, the script uses the credentials of the user running the script.
The following syntax shows the additional parameters needed to run Slmgr.vbs remotely:
slmgr.vbs TargetComputerName [username] [password] /parameter [options]
Configuring Windows Firewall for Remote Software License Manager Operations
Slmgr.vbs uses Windows Management Instrumentation (WMI), so administrators must configure the Windows Firewall to allow WMI traffic:
For a single subnet, allow the Windows Management Instrumentation (WMI) exception in Windows Firewall.
To allow WMI traffic across multiple subnets, allow the connection for Windows Management Instrumentation (ASync-In), Windows Management Instrumentation (DCOM-In), and Windows Management Instrumentation (WMI-In). Additionally, allow remote access in the scope. Configure these settings by using Windows Firewall with Advanced Security, which is the Administrative Tools folder.
Note By default, Windows Firewall Exceptions in the Private and Public profiles only apply exceptions to traffic originating on the local subnet. To expand the exception so that it applies to multiple subnets, change the exception settings in Windows Firewall with Advanced Security or, if joined to an AD DS domain, choose the Domain Profile.
Remote Operations Targeting Workgroup Computers
Administrators can allow Slmgr.vbs to run remotely against computers that belong to a workgroup. To do so, create the DWORD value LocalAccountTokenFilterPolicy in the registry subkey HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System on KMS clients. Set this value to 0x01.