Knowledgebase

Question

I want to audit my license key usage to ensure I'm compliant with the terms of the end-user license agreement. How do I do this?

Explanation

License keys of fewer than twenty-five users have an activations list that you can view in your account. This list details the machines on which the license key is activated, and you can use the options there to deregister machines as desired. Further information on those options is available here. These license keys are always in compliance with the end-user license agreement, as it's not possible to exceed the maximum number of users permitted with them.

License keys of twenty-five users or more are preactivated by default. This is done for the convenience of larger-volume clients, who often use roaming profiles, non-persistent machines, server-based operations or other similar setups. Activations of these keys are not tracked, and they do not have an activations list. It is the responsibility of the license key owner to track activations for these keys.

Pre-Activated vs Activation Required License Keys

Some larger-volume users make the mistake of thinking that switching to a license setup that requires activation will make the management/auditing of their license keys easier to do. On the contrary, this often causes more problems than it solves, and it is not recommended. The purpose of the activations list is simply to track activations and prevent users of smaller-volume licenses from exceeding their maximum number of permitted activations. It is not designed for the purpose of auditing larger-volume user licenses. Switching your license activation method for this purpose will significantly increase the complexity of managing your license keys, and there are much more efficient ways to achieve that goal. 

The activations list is simply a list of devices and activation dates. Some of the reasons it may not give you the auditing results you anticipate include:

• Users are allowed two devices per activation - the activations list does not clearly distinguish between them.
• There are no reporting tools associated with it -  the best you can do is to export a list to a spreadsheet.
• Activation is often incompatible with virtual infrastructure environments, which adds unnecessary complexity to large-scale deployments.

Resolution

You can use the process detailed below to maintain/audit a group of licensed users on a preactivated license. It will add license keys to the user device at login, based on their membership in a ‘licensed’ group.

Directory Services and XCVault.exe

The recommended approach to tracking license usage is to leverage the power of existing directory services like Microsoft Active Directory, Entra ID, or one of the many other directory services that use groups. This enables the separation of users into groups such as “licensed” and “unlicensed”, after which it becomes possible to use the native auditing tools available to your chosen directory service to audit group membership. You can then script the application or removal of licenses from user profiles with XCVault.exe, the licensing utility that is installed with our products. You can call XCVault.exe to add, remove, and update license keys based on the group membership of the user in question.

You can view an example of this approach in conjunction with Active Directory in the system administrators' manual here. It uses group membership and a login script to determine whether a user should be licensed or not, and applies/removes license keys accordingly.

The logic of any such script is detailed below:

The script checks users on login to see if they are part of the ‘licensed’ group. If they are a part of the licensed group, then it checks for a license and adds one in cases where no license is present. If they are not part of the licensed group, then it checks for a license and deletes it in cases where a license is present.

XCVault.exe is a very powerful tool and can be used for nuanced license manipulation, such as adding/removing keys, listing existing keys and encrypting/decrypting keys. Full details of the parameters and options of the XCVault.exe licensing utility are available here. 

Once a system such as the above has been set up you can use it to generate lists of group members. This will enable you to see who is using a PDF-XChange license, and audit your license usage effectively.