Software License Key Harvesting
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-18-2022 06:05 AM
In the past, the harvesting of the software license key has been a sore point when performing software reclamation. The key is vital to the reuse of the software and many organization did not capture this artifact when they were handling software purchases and installs from the finance or desktop support teams. As SAM moves in, it is key to capture this data during the reclamation phase to have it available for redeployment.
Has this function been brought to the latest SAM Pro iteration?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-18-2022 07:08 AM
In general, this is still an issue, and is exacerbated by the new activation methods of modern software. ServiceNow does not find and load license keys from registries. There is no foolproof method to do this reliably for the slight majority of software products. There are perhaps methods to do this on client computers and some server systems, but even then ServiceNow relies on SCCM and would normally recommend running SCCM scripts to locate them and manually enter keys where found.
More generally, you run into issues with cloud-authenticated activations (which will use a username and password), encrypted keys, and multi-field authentication that requires other data like "customer name" or Site ID.
The software publishers will tell you that a discoverable license key has the following risks:
- A discoverable key by you, a system admin, may also be discoverable by a bad actor.
- Any activation details, whether discoverable or not, could be used again elsewhere to activate something else that you're not looking for at the time of discovery.
- A discoverable key might be bought as a personal purchase, meaning it might not be usable by the organization legally.
- Even for a product that registers an individual person where the activation is transferrable to a new person, often you have to initiate the transfer with the original buyer.
- A discoverable key may prove to be expired, absorbed and invalidated by consolidation, or otherwise invalid.
SAM practitioners continue to wage war against rogue installs for this exact reason. There is still a risk of re-buying software because a user was allowed to bring their own license in the sense that they were able to activate with a license key that was not registered and known to the company. ServiceNow is not the right solution for achieving what you're trying to achieve. Building a library of scripts and discovery commands for products with the ability to discover activation details through hard drive search is still, and will likely always, be the best method, albeit probably 40-60% at most of products being capable of this activation detail discovery. Gartner and several other consultants could get you started with scripts they are aware of to decipher products and locate keys.
Hope that helps frame your approach and is worth an upvote.
