Windows 10 / Server 2019 / Exchange Licences

I try to learn this erm great operating system, but see massive licencing cost ahead. How do you guys do it?

Warning: Please do NOT offer me cracks or keygens or any of that "oldschool" stuff ;)

Hack The Box

Comments

  • windows server has a 180 day trial - should be loads of learning time.

  • It's something.

    But now I booted my Win 10 VM, completely installed for HTB, and it reminds me that only 20 days are left.. What I'm trying to say I'm looking for more permanent solutions. I'm not yet broke but can't pay 1000€ for licences.

    EU now allows reselling of software is that an option?

    Again, how do YOU do it?

    Hack The Box

  • I bought the licences.
    Tools of my trade.

  • You can extend those 180 days by another 180 days ( 3 times in total, if I remember correctly) by running sysprep to re-arm the counter.
    I usually install, patch and configure Windows VMs using the so-called "Audit Mode" to get a template base system. I then copy that template, make it complete the sysprep stage (you're getting bugged on each boot to run sysprep, while in Audir Mode) and have the full 180 days (plus another 180 days) to use the machine for whatever I want (e.g. DomainController, Exchange, whatever), and can spin up a new one in a matter of minutes.
    There are also Trial versions for stuff like Sharepoint, Exchange, MSSQL Server (not 100% sure about this one, but 99% sure) that can then be easily installed into those template machines.

    Just make sure to keep a copy of the "Audit Mode" VM, since you can basically trash the Windows machine after the third trial activation (you can't even activate it with a valid License key, by then)


    Hack The Box
    GREM | OSCE | GASF | eJPT

  • So did I get that right? You make these Template Images and clones these to new VMs which then have 3x180 days trial? Do you need a new Live-Account for that trial?

    Also I've been wondering what kind of licences I would actually need? Consider I want to built a complete, enterprise-grade setup with Exchange and what not (forget the Windows 10 for now, I just bought 2 licences on eBay :D ).

    I don't get what "CAL" means or if it's relevant for me. Could you guys help me out with a simple list on what you would need to buy, if you built what I want?

    Hack The Box

  • I bought an MSDN subscription, which gives you licenses for all Windows operating systems (client and server, all current and previous versions) for you to test software on. The basic level I bought only includes operating systems though, not things like Exchange and SQL Server. I think there is another version that includes them but it gets real pricey.

    As for CAL - it stands for "client access license" and is a ridiculous way to make money that Microsoft somehow got away with. Basically even though you pay for the client OS and you pay for the server OS, you ALSO have to pay for a license for them to talk to each other :lol: So say you have 500 workstations in your network communicating with your servers, you need 500 CALs. In reality there's nothing that actually checks for this until you get into terminal services servers (now rebranded to Remote Desktop Services or something) and they need a special kind of CAL anyway. For your scenario of wanting to just test stuff, no need to worry about CALs.

  • edited March 16

    @sparkla said:
    So did I get that right? You make these Template Images and clones these to new VMs which then have 3x180 days trial? Do you need a new Live-Account for that trial?

    Exactly. You don't need a Live-Account for anything. The ISO files can be downloaded without having to login to Microsoft. The "Trial Keys" are directly built into the installation media. You simply install and spin-up the machines, and the first trial period starts.
    Keep in mind, though, that you "can't" use those mac

    Also I've been wondering what kind of licences I would actually need? Consider I want to built a complete, enterprise-grade setup with Exchange and what not (forget the Windows 10 for now, I just bought 2 licences on eBay :D ).

    The datacenter license would probably be overkill, though it would allow infinite concurrent machines.
    The Windows Server Standard license allows up to 2 concurrent installations (if I remember correctly).
    For Exchange/Sharepoint/etc. you need a dedicated license which usually allows 1 concurrent installation (except for MSSQL Server which has its own licensing model).

    I don't get what "CAL" means or if it's relevant for me. Could you guys help me out with a simple list on what you would need to buy, if you built what I want?

    CALs are "Client Access Licenses". You need one for each user that connects to the server. Also, those licenses are "non-revocable". Once a license is used, it is used. Even if you remove the "claiming user/machine" from your AD/systems. In a production environment, you will definitely need those, though there are already X licenses included with the Windows Server license (with X being somewhere between 2 and 5, can't really remember).
    While using the trial/evaluation licenses, there are no restrictions, if I remember correctly.

    It's been quite some time (4+ years) since I last had to deal with that stuff, but @VbScrub might know more about the whole licensing topic.

    EDIT:
    Seems like @VbScrub already sneaked in, while I was typing :lol:


    Hack The Box
    GREM | OSCE | GASF | eJPT

  • @HomeSen & @VbScrub thank you both so much, that's invaluable info you both gave me.

    About that MSDN subscription, how much do you pay? I only see a asking price of > 5000€ for the first year and on MSDN I'm redirected to "Visual Studio Subscription". M$ Webseites being a mess as usual.

    So I'll probably go with the trials for now and skip the $40-eBay-Serverlicences (although I'm tempted to "own" my personal, full-featured AD to play with)

    One more question: Is Azure an option for me? I got a subscription on a learning platform that gives me unlimited Azure access (well not really unlimited I gues but enough to try everything). Do companies nowadays run AD in the cloud or are they only using like Exchange in the cloud and I don't really know what people need AD else for, Terminal & Account management...?

    Hack The Box

  • I don't know if this is still relevant, but if you have an msdn account (the free one, that the subscription based) you should be able to get SQL Server Dev Edition for free (it's exactly like Enterprise edition aka it's overkill for home use, but close to real-live scenarios, but it's not for running prod stuff off of if).

  • Yes, it's still of interest to me. MS licencing is somewhat overwhelming and I struggle to find my way through their sh** websites, clicking a thing, being redirected to "Buy Surface Laptop".

    I got a trial of Server 2019 installed in VirtualBox, but it naggs me each login that some Remote Licencing isn't working correctly. I made a forest, managed to install some components like Active Directory, configured Powershell remote access and IIS. But then I tried to get "Server Manager" work remotely and add new "Nano Server" machines to the forest, couldn't get either to work.

    At a Server Core installation I give a password for admin but later I'm unable to login with that password. Happened 3 times in a row, working on a "physical access privesc" right now. :D - I managed to give Server Core static addressing (IP, DNS, etc) but can't integrate it in the forest.

    And always when I boot up: Some services don't work, error messages are extremly non-saying / confusing. This thing appears so random.

    I don't want to make my real machines part of the AD cause it's only running in VirtualBox - now here's the reason I've been asking for real licences and a permanent solution. But with the current financial crisis on it's way and eBay $40 licences not being an option, I'm not sure how to continue. Hyper-V won't work in VirtualBox and I can't pay for new hardware atm. Selling all my stuff on eBay to make it through...

    Hack The Box

  • As a starting point for creating (and attacking) your own AD, maybe take a look at this guide: https://1337red.wordpress.com/building-and-attacking-an-active-directory-lab-with-powershell/ ;)


    Hack The Box
    GREM | OSCE | GASF | eJPT

  • Thanks, your article does look great, but I saw it still uses RSAT - according to MS that is now deprecated? But I installed it anyway, yet I couldn't get either working: RSAT or Server Manager remotely. Is that because my remote machine isn't part of the AD?

    Hack The Box

Sign In to comment.