![]() ![]() My assumption is that Microsoft simply "tests" any non-private IP addresses that are being reported as KMS servers, and if they find one is responding affirmatively to the Internet, they go through the appropriate channels to contact the owner. if a business or organization is not allowed to send information about its network to any outside entity? I'm guessing the GP option exists for policy compliance, e.g. Interestingly Microsoft is pretty determined to keep this quiet, as I can't find any actual examples online of C&D letters for KMS servers, nor is there any real discussion of the AVS Validation option anywhere. Setting this to True indicates that the computer "will not report activation state" to Microsoft. However, and I make NO GUARANTEES about this, but there is another possible way - there's a Group Policy setting under Computer->Policies->Admin Templates->Software Protection Platform->Turn off KMS Client AVS Validation. Obviously, don't open your KMS server to the Internet and use a VPN is the best solution. Microsoft calls it part of their "telemetry" services, but obviously they're doing quite a bit more with this data than "using it in a non-personally-identifiable way to improve services." However, this got me a little nervous so I did some digging, and in fact it's true: Windows 10 systems report the IP address and port of the KMS server they are activating against to Microsoft. Nobody ever did follow up, so perhaps Microsoft was just having someone available just in case someone actually needed help understanding how and why to secure KMS. Naturally, he closed down Internet-facing access to the KMS server and decided instead to investigate VPN solutions for activation. The letter was quite ominous and actually said he was "required" to contact a specific person at Microsoft, with contact information, to "discuss the situation." It said that Microsoft had "become aware" of a KMS server running on his IP address, including the random port he chose, which "could be used to illegally activate Windows". Only a week or so ago, he got a C&D letter from someone at Microsoft, forwarded to him by his ISP. He would manually set the KMS host on his machines to his home IP address and port so he could keep activated. ![]() He was running a PyKMS server that was Internet-facing, but on a different port (not 1688). This may sound obvious, but it actually happened to my friend. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |