It doesn’t happen very often, but sometimes you might find that you need to remove the Windows Enterprise Edition license from a computer.
The machine may, for instance, have reached the end of its useful life for your organisation, but your team has decided that in an effort to increase your social responsibility, you might donate the machines to charity, or you might decide to make these machines available for staff members to purchase.
When a machine with a Windows Enterprise Edition license is restored to factory settings, during the sign in portion of OOBE, it is not possible to set the machine up as personal, only for organisational use.
(Note: This scenario is not for everyone – you need to check what your compliance requirements are before making those sort of decisions)
Your company may have downsized and are now making use of Microsoft 365 Business Premium, instead of Microsoft 365 E3 or E5 licenses.
The Windows machine may not pick up this change automatically and so you need to come up with a way to remediate this issue and stay compliant with your licensing levels.
This can be achieved quite easily through conditions in NinjaOne and this article will show you how.
Thank you to Mikey over at Homotechsual for the assist with getting the syntax right.
Step 1: Creating a detection script for Windows Enterprise Edition
First we need to create our detection script.
In the NinjaOne console, head to Administration, then in Library, choose Automation. Click “+ Add” to add a new script. We’ll be using a powershell script to check a WmiObject for the word “Enterprise”.
# Get the operating system information
$osInfo = Get-WmiObject -Class Win32_OperatingSystem
# Check if the operating system edition contains “Enterprise”
if ($osInfo.Caption -like “*Enterprise*”) {
Write-Host “Windows Enterprise edition is installed.”
} else {
Write-Host “Windows Enterprise edition is not installed.”
}
Put the script into the editor, then set up the parameters are below:
Save out of this script, it’s time to create the script to remove the Enterprise License.
Step 2: Creating the script to remove Windows Enterprise Edition and reinstall the Original OEM license.
You should still be in the automations screen, but if not, go back into Administration, then Library, then Automation. Click “+ Add” to create a new script. Here we will be using PowerShell to call the original OEM key from the Software Licensing Service and add that as a variable. We’ll then use SLMGR to remove the current license key, and call the variable to install the original key and activate the license.
# Retrieve original OEM license key and store as a variable
$ProductKey = (Get-CimInstance -Query “SELECT * FROM SoftwareLicensingService”).OA3xOriginalProductKey
# Uninstall Windows Enterprise license key
slmgr /upk
# Use variable to reinstall original OEM license key
slmgr /ipk $ProductKey
# Reactivate Windows
slmgr /ato
Write-Host “Windows has been successfully reactivated with the original OEM license key.”
Put the script into the editor, then set the parameters as below:
Save out of this. Now its time to put it all together and automate the process!
Step 3: Creating the condition to automate removing the license and reinstall the original license.
Now its time to set up the condition to automate this process and save you some time!
In the NinjaOne console, head on over to Administration, then Policies, then Agent Policies. Select the Windows Desktops and Laptops Device Class to which you will be applying the condition.
Under conditions, select Add a condition. In the dialogue, choose select a condition.
From the drop down, select “Script Result Condition”
Once you have selected the condition, you’ll be presented with some options on how to set up the condition.
For Evaluation script, choose your Windows Enterprise Detection script from the first step.
For my environment, I have set the run time to be every 10 minutes. This is because when setting a run time for conditions in NinjaOne, the run time starts from when the machine boots, so if you set it to every 24 hours or so, it may never actually run if the user is shutting their machine down at the end of the day. I will adjust this to a bit longer once the initial run has finished.
Set the result code to “any” and “0” and the With Output to Contains and “Windows Enterprise edition is installed.” If you’ve edited the script results in the detection script, you will need to reflect whichever result indicates Enterprise is installed in this box for the condition to work.
You can then click Apply.
Next to Automations, click Add, then choose the “Remove Windows Enterprise Edition and reinstall Original OEM License Key” script from step two. When asked, set the script to run as System.
Name the condition something appropriate for your needs and environment. I went with “Windows Enterprise installed”.
The rest of the parameters you can set up to your needs. I’ve set Severity to Minor, Priority to Low and set Auto-reset to 4 hours or when no longer met.
I’ve chosen not set send any alerts, but to create a ticket just so I can keep track of which machines have been done.
And that’s it!
Click on Add (or Apply if you’re adjusting one you already created) and then Save out of the policy.
What to expect and considerations.
OK, so you’ve created your automation, and you’re wondering what will happen next.
Once the timer you set for the script to run expires, the detection script will run and you will see something similar to this in the activities section of the device overview:
Condition: Triggered
‘Windows Enterprise installed’, evaluation script ‘Detect Windows Enterprise License’ with output ‘Windows Enterprise edition is installed.’
This will be followed by:
Condition Action: Started
Action started: Run Remove Windows Enterprise License and reinstall Original OEM License Key.
Once the script has completed, you will see this:
Action completed: Run Remove Windows Enterprise License and reinstall Original OEM License Key Result: SUCCESS Output: Action: Run Remove Windows Enterprise License and reinstall Original OEM License Key, Result: Success
Windows has been successfully reactivated with the original OEM license key.
At this point, you can check in with the user. Ask them to right click on start, then select “System” and in the Windows Specifications box, it will either say Windows Professional if its been restored to the original OEM license, or Windows Business if its been restored, but you have Microsoft 365 Business Premium licenses.
The NinjaOne console and the results of the detection will not update until the machine has been restarted!!!
Its entirely up to you if you want to force a reboot. I’ve decided that its not important enough to force a reboot, as this will be disruptive to the user and they will reboot in the next few days anyway due to the patching schedule.
You should note however that this also means the condition will trigger after it automatically resets and run the script again. For my environment I have decided that this is ok, i’d rather be safe than sorry, but you may wish to turn off time based auto-reset and just have the condition resetting when its no longer met.
