OEM license activation, quality control & workstation provisioning platform for PC builders.
Secure, database-driven system that automates Windows OEM key distribution, activation, and tracking across technician workstations. Includes QC compliance checks, hardware fingerprinting, white-label branding, and a Joomla-style upgrade wizard. Deploy on any LAMP server — no Docker required.
Technician Workstation Production Server
+-------------------------+ +------------------------------------------+
| | | |
| OEM_Activator.cmd | | +------------+ +----------------+ |
| | | HTTPS | | | | | |
| +-> PowerShell v7 |--------->| | PHP 8.0+ |--->| MariaDB/MySQL | |
| (slmgr /ipk/ato) |<---------| | (Apache) | | (oem_keys, | |
| | JSON | | | | technicians, | |
+-------------------------+ | +-----+------+ | audit_log) | |
| | +----------------+ |
Admin Browser | | |
+-------------------------+ | +-----v------+ |
| | HTTPS | | | |
| React Admin Panel |--------->| | Redis | (rate limiting, |
| - Key management |<---------| | (optional)| graceful degradation)|
| - QC compliance | | +------------+ |
| - Subscription mgmt | | |
+-------------------------+ +------------------------------------------+
- Technician runs
OEM_Activator.cmdon a fresh Windows PC - CMD launcher installs PowerShell 7 (if needed), runs pre-activation tasks (WSUS cleanup, security hardening)
- PowerShell script authenticates via REST API, collects hardware info, requests an OEM key
- Key is installed and activated using
slmgr.vbswith adaptive timing based on server latency - Result is reported back to the API; key is marked as
goodor recycled for retry - Full audit trail logged in the database with hardware fingerprint
| Component | Technology | Purpose |
|---|---|---|
| Web App | PHP 8.0+ / Apache | Admin panel, REST API |
| Frontend | React 19 / Vite / shadcn/ui | Admin dashboard (i18n: EN + RU) |
| Database | MariaDB 10.5+ / MySQL 5.7+ | Keys, technicians, audit logs |
| Cache | Redis (optional) | API rate limiting (graceful degradation without it) |
| Client | PowerShell 7 (Get-CimInstance) | Windows activation automation |
| Launcher | CMD batch | PS7 install, pre-activation tasks |
| Hardware Bridge | C# .NET 8 + Chrome Extension | USB device detection |
- Apache or Nginx web server
- PHP 8.0+ with extensions: PDO, pdo_mysql, json, mbstring, openssl, curl
- MariaDB 10.5+ or MySQL 5.7+
- SSL certificate (recommended for production)
1. Download and upload FINAL_PRODUCTION_SYSTEM/ to your web server document root
2. Navigate to http://your-server/install/ in your browser
3. Follow the 6-step setup wizard:
Step 1 - Environment check (PHP, extensions, permissions)
Step 2 - Database connection (host, port, credentials)
Step 3 - Install tables (runs database migrations automatically)
Step 4 - Create admin account
Step 5 - System settings (name, URL, timezone, language)
Step 6 - Done! Delete /install/ directory for security
4. Open admin panel at http://your-server/secure-admin.php
No Docker, no Composer, no npm -- just upload and run the installer.
docker compose up -d
# Web app: http://localhost:8080
# PHPMyAdmin: http://localhost:8081
# DB: localhost:3306
# React frontend dev server:
cd FINAL_PRODUCTION_SYSTEM/frontend && npm run dev
# Admin panel: http://localhost:5173Key Management
- Bulk CSV import with validation and duplicate detection
- Atomic single-key distribution (prevents race conditions)
- Automatic key lifecycle: unused -> good/bad/retry
- Key recycling rules for failed activations
- Configurable retry strategy per error code (UI-configurable)
QC Compliance
- Hardware quality checks: Secure Boot, BIOS version, boot logo (HackBGRT), partitions, drivers
- Cascade enforcement hierarchy: Global -> Product Line -> Manufacturer -> Model
- Motherboard registry with approved BIOS versions
- Unallocated disk space detection
Hardware Collection & Fingerprinting
- Full hardware inventory: MB, CPU, RAM, GPU, disks, TPM, network adapters, monitors
- HWFingerprint (SHA256 hash of key hardware serials) for machine identity
- Windows 11 25H2 compatible (Get-CimInstance, not deprecated Get-WmiObject)
Network Diagnostics
- MAS-style tiered connectivity checks (4-host ping + COM fallback)
- Microsoft licensing server HTTPS test
- Pathping DNS fallback for ICMP-blocked environments
- Hosts file inspection for blocked activation servers
Subscription & Licensing
- Community (free) / Pro / Enterprise tiers
- JWT-based license keys with instance fingerprinting
- GitHub Sponsors integration (international payments)
- Russia/CIS invoice payment support (bank transfer, crypto)
- Feature gating with graceful degradation
System Upgrade
- Joomla-style 5-step upgrade wizard (Upload -> Preflight -> Backup -> Apply -> Verify)
- GitHub Releases as update server (auto-detect new versions)
- Full rollback capability (DB + file restoration)
- CI/CD release pipeline (auto-builds upgrade ZIP on version tags)
Admin Dashboard (React)
- Real-time statistics and charts
- Full audit log with filtering
- Client configuration (activation timing, retry strategy, network diagnostics)
- Integration framework (osTicket, 1C ERP)
- White-label branding (logo, colors, company name)
- Bilingual interface (English / Russian)
- Database backup management
- Responsive design (mobile/tablet/desktop)
cd FINAL_PRODUCTION_SYSTEM/frontend && npm testRuns i18n completeness, API contract, and route permission tests via Vitest.
- PHP Lint -- syntax check all PHP files
- Frontend Build & Test -- TypeScript compilation + Vitest
- Docker Stack -- full container health check
- Integration Tests -- API endpoint validation with real DB
| Branch | Purpose |
|---|---|
main |
Production-ready, matches deployed system |
develop |
Active development, merged to main when stable |
| Document | Location |
|---|---|
| Web installer | Upload FINAL_PRODUCTION_SYSTEM/ -> navigate to /install/ |
| Production deployment (aaPanel) | docs/PRODUCTION_DEPLOYMENT_GUIDE.md |
| Development guide | CLAUDE.md |
Proprietary — KeyGate by ChesnoTech