Windows

Microsoft Windows activation work-around

Almost anything is hackable, given enough effort. Working around Microsoft Windows Genuine Advantage is somewhat easier than you might expect, however.

Almost anything is hackable, given enough effort. Working around Microsoft Windows Genuine Advantage is somewhat easier than you might expect, however.


As I mentioned in Mitigating the privilege escalation threat, I ran across a vulnerability in MS Windows NT domains where a file that needed to be world-writable could be used to "trick" the task scheduler into giving elevated privileges to arbitrary user accounts. The key to that vulnerability, as with many such things in the MS Windows world, is complexity. Because of the focus in Microsoft development on constantly adding more features of various descriptions, unintended consequences often arise in the interactions between various features.

A reader named Matthew Hoelscher pointed out another such strange -- and almost certainly unintended -- capability to me recently. Kind of ironically, it is a work-around for Windows Genuine Advantage on MS Windows XP, and thus constitutes a vulnerability in what many have complained is a violation of their privacy, a potential source of security vulnerabilities, and a demonstration of Microsoft's poor customer service attitude. While none of that is particularly mitigated by this work-around, the fact it can become a huge roadblock in the way of using one's own computer can be solved in at least some cases this way.

When starting an MS Windows XP machine that requires activation, and the activation period has run out, it will not let you boot to the desktop. Instead, a Windows Product Activation dialog appears. The text in the dialog reads:

This copy of Windows must be activated with Microsoft before you can log on. Do you want to activate Windows now?

There are two buttons: "Yes" and "No". Click "Yes". At this point, the expected behavior involves following instructions to get your copy of MS Windows activated. It is possible at this point that you cannot do so in the typical manner. For instance, you may need to get into the desktop environment to configure your network connection so you can activate the system over the Internet, or you may need to access the system as part of a penetration test. If, for some reason, you cannot do so in the typical manner, there is a workaround for this.

First, open the Utility Manager and Narrator by holding down the Windows key and pressing the U key.

The Narrator may be minimized to the bottom of the screen. If this is the case, click the Restore button to bring up the Narrator window.

Right-click on the title bar of the Narrator window to bring up the application menu, and select the "About Narrator..." menu item.

The "About Narrator" information window will include a link that reads "Microsoft Web site". Click on that to open Internet Explorer. It may complain that you need a network connection, and open a dialog box asking whether you want to set up a network connection; if that is all you need, go ahead and configure your network there, but if you need to access other configuration options you should exit out of that and click the "Microsoft Web site" link a second time. At this point, IE should open with an error: "The page cannot be displayed".

Click on the address bar and enter c:\ then either press the enter key or click on the "Go" button in the browser.

Depending on the system, this may give you the MS Windows desktop. If not, you will have to do things the hard way, via Windows Explorer and the submenus at the left-hand side of the Internet Explorer window. For instance, clicking the "My Computer" option will change the left-hand menus, bringing up the "Control Panel" option, from which the most common system configuration tools become available.

Given the limitations that you would find in the friendliness of the MS Windows interface when using it this way, this work-around is no simple replacement for just using a fully activated install of MS Windows. Despite the fact it is in fact a work-around for Microsoft's Windows validation system, there is little danger of this particular quirk in the system being used to avoid having to use a properly activated MS Windows. Ultimately, aside from using a cracked (and possibly malware infected) version of MS Windows, there is still no way to avoid having to use an activated install of the OS for general usage other than using an OS other than MS Windows.

About

Chad Perrin is an IT consultant, developer, and freelance professional writer. He holds both Microsoft and CompTIA certifications and is a graduate of two IT industry trade schools.

19 comments
staffordd
staffordd

I am in the position of having Win 7, one expensive licence, which I installed on my machine. I then activated the product online. The machine DIED shortly thereafter. I then replaced it, and installed Win 7 on the replacement machine. And, of course, the activation now shows as expired, and it keeps shutting down features like the desktop background, and threatening me that updates aren't going to take place until I activate, and various threats (which I DO NOT appreciate)... So for a case like this, I just want to install the operating system that I PAID a lot of money for, onto my one working computer. But Microsoft, because of the stupid and inflexible way their minds work, now think I am trying to use the same licence across multiple machines. So is there a way I can "activate" without being forced to buy a whole new complete licence, or, is there a way I can forestall activation by using a hack similar to this one? When I buy a second machine, I will buy a second key - but then, and ONLY then, until now, I will use my very expensive, fully paid for "not genuine" copy of Win 7 that keeps intentionally crippling my one working machine. WHY does Microsoft do this? Computers DIE. ALL the time. Back when I used XP, I had three different XP licences that I bought at different times - but, I used those across five or six machines over several years, and never with the hassle, the threats, and the machine-crippling nonsense of Win 7 - and all I want to do is use my paid for copy on the one machine I still have alive. Any ideas? Or do I have to fork out 150 MORE dollars for something I already paid for ONCE? Not a happy boy! d.

CharlieSpencer
CharlieSpencer

It lets you get to the Control Panel when Windows won't go past the Activation Screen to the desktop. From the Control Panel, you can configure your network and IE settings. The Activation applet will now have the Internet as an connection option and you won't have to activate by phone, fax, or other off-line method. As rarely as I'd need it, I'll forget this quickly and just stick with the phone method. I can complete that in the time it will take me to find another computer and dig this up.

RipVan
RipVan

...and that is EXACTLY why I will NEVER give these clowns any of my money. They don't make life tough on hackers, they make life tough on their CUSTOMERS!!

Realvdude
Realvdude

I could have used this about a month ago, when I tried to move my MSDN XP install to a virtual machine on a new computer. I assumed that the copy didn't like the new CPU family and triggered that activation process again.

alan
alan

Perhaps all the Microsoft Bug-fixers have been diverted from "Zero day Vulnerabilities" to fixing this workaround.

dmiles
dmiles

The work around that may work is to call Microsoft and don't give to much info,just give them info that your hard drive crashed and that you had to replace it,that is if you have not sent your configuration to Microsoft.

zdnet
zdnet

Why not use another OS ?

carlsf
carlsf

I think they will ask it is is running on any other systems. Personall I dislike the WIN7 UI and the changes from VISTA, we use the "CLASSIC" Option which MS has REMOVED, hence we will NOT be going WIN7.

santeewelding
santeewelding

That, once, the voice at the other end asked in a lilting Indian accent, "Is this you again, Santee?" Only, it was $300 for XP and $300 for W7. You're damned right I squeeze them for everything I can.

jcp
jcp

If you go to the Computer Properties screen (Right click on COMPUTER), you can connect online to revalidate the Windows license. However, you can ALSO validate using an 800 number to do the same. Call the 800 number and you will speak with an automated system. Follow the voice prompts and enter the product number generated when you opened the validation screen. When they ask you how many machines the software is installed on, simply answer "1". You will then get a new authentication number. Not all that hard! Good Luck.

jdclyde
jdclyde

If you call them, explain that your system died and rebuilt a new one, they will give you an activation number. All done in a few minutes. If it was a legal copy in the first place, they have always been very helpful to me in the past.

apotheon
apotheon

I find all this talk of how "easy" it is to reactivate by telephone kind of strange, considering how much of a bother it is to even activate MS Windows over the Internet. It's basically punishment for having given Microsoft a bunch of money instead of giving some other OS just a few minutes of your time. Frankly, I'd expect people who read the article to look at it as pointing out how, if Microsoft can't even design an OS that can keep people from using the main functionality of the OS (granted, with a somewhat gimped interface) without paying for it, perhaps Microsoft also can't design an OS that can keep malicious security crackers from running roughshod over the system without its user's permission or knowledge. The way MS Windows is known for its unchallenged records in widespread security breaches (see: botnets, for instance) kinda supports that thesis, too.

cmtbobaz
cmtbobaz

you will NOT be going to windows 7 because of the menu system? I can't believe a tech could not see the advantages. End user i understand but not a tech. Is it because you don't want to learn something new? Maybe technology is not your best choice of careers.

GSG
GSG

I had a machine die, and had to call and get a new activation code. No big deal, and it took all of about 5-10 minutes. In fact, if I remember correctly, and I may not, since it's been a while, aren't there instructions that pop up that say you can call to get the activation code?

jody.burton
jody.burton

It can make a difference if it is a retail copy or OEM. OEM is tied to the motherboard. If the MB dies, so does your license. In either case, follow jdclyde's advice and call MS to plead your case.

dmiles
dmiles

The software requires that kyou call the customer service number on your screenor the,you will then begin the process of re-activation of the product key without any issues,you possibly will not even have to talk to a person,you will be able to use the automated activationas mention no more than five minutes

CharlieSpencer
CharlieSpencer

The activation wizard has an option to activate by telephone. If you choose it, the wizard then generates a 35-character key (seven blocks of five). You dial the 800 number, follow the prompts, enter the key, and it gives you back a 35-char activation key. It takes all of five minutes, IF you're clumsy. If I recall there's even an option to do it by snail mail.

fairportfan
fairportfan

I had a system-builder copy of XP on this machine, which i later upgraded. I was able to call the 800 number and get an activation code.