The Gears Inside My Head

Throughout my career I've battled with Microsoft licensing as have many of you.  I've heard lot's of complaints about it from almost everyone I've ever worked with.  It's extremely confusing, extremely complex, and it's one of those evils that we have to live with, sort of like toe fungus.  It just never goes away. I've worked with volume licensing and KMS (Key Management Server) for years.  I've never fully understood how it worked, it just sort of did. It's taken me years to truly understand this thing and now that I have I want to document it for anyone else struggling to understand it.  This is for my own reference if for no one else. I always wondered about that warning (see image below) that you got when adding what I always thought was a valid VL key to a server was.  Now I finally get it, and all the servers I've built over the years with a CVLK key that were never intended to be licensing servers.  Thankfully almost all of those were ...

That last script I posted wasn't exactly what I needed.  I had to rewrite it to leave existing permissions in-tact.  The one below accomplishes the same goal without deleting all existing ACLs.  There are a few assumptions in place.  First that the local admins group will be given full control to anything we touch.  Second, the TrustedInstaller account will be given full control, even if it only had read access before.  This just makes life easier.  I also fixed the logging so that everything is logged, just in case.  The application of the new ACLs is done individually instead of via a function so that things can be better customized. There is a reference section at the bottom that lists some permissions options available.  It's not needed by the script. I tested this script against my PC and a few test PCs.  There don't appear to be any ill effects.  Again, use at your own risk and watch for line wrapping. #============...