Microsoft Allows Bypass of Vista Activation
By Brian
Livingston, Author of "Windows Vista Secrets"
Microsoft
always says it opposes "software pirates" who sell
thousands of unauthorized copies of Windows.
But
the Redmond company has made things a
lot
easier for pirates by adding a line to the Registry that can be changed
from 0
to 1 to postpone the need to "activate" Vista
indefinitely.
As
most Windows users know, Microsoft has
required "product activation" since the release of Windows XP in
2001. XP must be activated by communicating with servers in Redmond within 30
days of installation. By
contrast, Microsoft Office XP, 2003, and 2007 require activatation
before the
package is used 5 to 50 times, depending on the version, according to a
company
FAQ. If a
PC has no Internet connection, a user may activate a product by dialing
a
telephone number in various countries.
The
activation process will complete successfully only if
the
software has not been previously activated, such as on a different
machine. If
activation isn't completed within the trial period, Microsoft products
temporarily shut down some of their features. MS Office loses the
ability to
edit and save files. After Vista's
activation
deadline runs out, the user can do little other than use Internet
Explorer to
activate the operating system or buy a new license.
Microsoft
describes its product activation scheme as a way to foil software
pirates. However, as I previously described in an InfoWorld Magazine
article on
Oct. 22, 2001,
activation does nothing to stop mass piracy. The Redmond company actually included in
Windows
XP a small file, Wpa.dbl, that makes it easy for pirates to
create
thousands of machines that validate perfectly.
Far
from stopping software piracy, product activation has primarily been
designed to prevent home users from installing one copy of Windows on a
home
machine and a personal-use copy on a laptop. As I explained in an
article on Mar. 8,
buying a copyrighted work and making another copy strictly for personal
use is
specifically permitted to consumers by the U.S. Copyright Act and the
copyright
laws of many other countries.
For
example, courts have repeatedly ruled that consumers can make copies of
copyrighted songs or television programs for personal use (not for
distribution
or resale). This principle is legally known as "fair use." The home
edition of Microsoft Office 2007 reflects this principle, allowing
consumers to
activate three copies of a single purchased product.
Microsoft
Windows XP and Vista, however, allow
only one
activation.
Surprisingly,
Microsoft has embedded into its new Vista
operating system a feature that makes things easier than ever for true,
mass
software pirates. These tricksters will be able to produce thousands of
Windows
PCs machines that won't demand activation indefinitely — at least for a
year or
more.
Leaving the activation barn
door open
I reported
in a Feb. 1 article that the
upgrade
version of Windows Vista allows itself to be clean-installed to a new
hard
drive. The new Microsoft operating system completely omits any checking
for a
qualifying previous version of Windows. This allows the upgrade version
of Vista to successfully upgrade over
a nonactivated, trial
version of itself.
After
my article appeared, ZDnet blogger Ed Bott summarized the secret in a
post on Feb. 15. He
flatly states, "You satisfied every condition of the license agreement
and
aren't skating by on a technicality. The fact that you have to use a
kludgey
workaround to use the license you've purchased and are legally entitled
to is
Microsoft's fault."
In my
own piece, I had speculated that clean-installing the upgrade version
of Vista "probably violates the Vista
EULA (End User
License Agreement)." But more and more computer experts are saying that
the procedure is fully compliant with the EULA and, in any event, is
perfectly
legal.
I
wrote a follow-up story on Feb. 15. I reported that
Microsoft includes in Vista a
one-line command
that even novices can use to postpone the product's activation deadline
three
times. This can extend the deadline from its original 30 days to as
much as 120
days — almost four months.
PCWorld.com
posted a report on my story on Feb. 17.
The magazine quotes a Microsoft spokeswoman as saying that extending Vista's activation deadline as I described it
"is
not a violation of the Vista End User License Agreement." I'm glad
that's
clear.
The
feature that I've revealing today shows that Microsoft has built into Vista a function that allows anyone to extend
the
operating system's activation deadline not just three times, but many
times.
The same one-line command that postpones Vista's
activation deadline to 120 days can be used an indefinite number of
times by
first changing a Registry key from 0 to 1.
This
isn't a hacker exploit. It doesn't require any tools or utilities
whatsoever. Microsoft even documented the Registry key, although
obtusely, on
its Technet site.
But
dishonest PC sellers could use the procedure to install thousands of
copies
of Vista and sell them to
unsuspecting
consumers or businesses as legitimately activated copies. This would
certainly
violate the Vista EULA, but consumers might not realize this until the
PCs they
bought started demanding activation — and failing — months or years
later.
The
following describes the Registry key that's involved.
Step
1. While running a copy of Windows Vista that hasn't yet been
activated, click the Start button, type regedit into the Search
box,
then press Enter to launch the Registry Editor.
Step
2. Explore down to the following Registry key:
HKEY_LOCAL_MACHINE
\ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ SL
Step
3. Right-click the Registry key named SkipRearm and click
Edit. The default is a Dword (a double word or 4 bytes) with a hex
value of
00000000. Change this value to any positive integer, such as 00000001,
save the
change, and close the Registry Editor.
Step
4. Start a command prompt with administrative rights. The fastest
way to do this is to click the Start button, enter cmd in the
Search
box, then press Ctrl+Shift+Enter. If you're asked for a network
username and
password, provide the ones that log you into your domain. You may be
asked to
approve a User Account Control prompt and to provide an administrator
password.
Step
5. Type one of the following two commands and press
Enter:
slmgr
-rearm
or
rundll32
slc.dll,SLReArmWindows
Either
command uses Vista's built-in
Software
Licensing Manager (SLMGR) to push the activation deadline out to 30
days after
the command is run. Changing SkipRearm from 0 to 1 allows SLMGR
to do
this an indefinite number of times. Running either command initializes
the
value of SkipRearm back to 0.
Step
6. Reboot the PC to make the postponement take effect. (After you
log in, if you like, you can open a command prompt and run the command slmgr
-xpr to see Vista's new
expiration date
and time. I explained the slmgr command and its parameters in
my Feb. 15 article.)
Step
7. To extend the activation deadline of Vista
indefinitely, repeat steps 1 through 6 as necessary.
Any
crooked PC seller with even the slightest technical skill could easily
install a command file that would carry out steps 1 through 6
automatically.
The program could run slmgr -rearm three times, 30 days apart,
to
postpone Vista's activation deadline
to 120
days. It could then run skip -rearm every 30 days, for a period
of
months if not years, by first resetting the SkipRearm key.
The
program could be scheduled to check Vista's
activation deadline during every reboot, and to remind the user to
reboot once
a month if a deadline was nearing. The buyer of such a PC would never
even see
an activation reminder, much less be required to go through the
activation
process.
If you
happen to buy a Vista PC from a little-known seller, and the price was
too good to be true, use Vista's
search
function to look for the string SkipRearm in files. You may
discover
that your "bargain" computer will mysteriously start demanding
activation in a year or two — but your product key won't be valid.
I
asked Microsoft why SkipRearm is included in Vista
if it can be used to create machines that appear not to need activation
for
long periods. A Microsoft spokewoman replied, "I connected with my
colleagues and learned, unfortunately, we do not have information to
share at
this time." (I can't identify the speaker because the policy of
Waggener Edstrom,
Microsoft's public-relations firm, prohibits the naming of p.r.
spokespersons.)
In my
testing of Microsoft's back-door loophole, I've found that the
technique
can be used to postpone the activation deadline one year or longer. It
may or
may not, however, work forever, as I describe below.
Why does SkipRearm even exist
in Vista?
The Vista
development teaam apparently inserted the SkipRearm loophole to help
major
corporations work around Microsoft's new Volume Licensing Agreement.
This new
program, which the Redmond
company calls "Volume Licensing 2.0," requires buyers to set up a Key
Management Service (KMS) host, as described by a Microsoft FAQ.
Companies must choose from two types of digital keys and three
different
methods of activation to validate thousands of individual Vista
machines within the corporate LAN.
Activation
of Windows XP, by comparison, requires merely that volume purchasers
use a single product key. Corporate buyers obtain a unique key when
signing a
Volume Licensing Agreement. Microsoft has said, however, that most
Windows XP
piracy involves stolen product keys that are used by others to activate
unauthorized machines.
The
new KMS requirement is intended to discourage such piracy, but it
places a
heavy burden on corporate IT administrators. For example, Microsoft
provides a
tool called System Preparation (sysprep.exe) to prepare Vista machines for use. If a system can't be
completely
prepped within 30 days after installation, an admin can run the command
sysprep
/generalize to postpone the activation deadline another 30 days.
However,
like the slmgr -rearm command, sysprep /generalize will
only
succeed three times.
To
work around this, as a Technet document
states, "Microsoft recommends that you use the SkipRearm
setting if
you plan on running Sysprep multiple times on a computer." This is
echoed
by Microsoft Knowledge Base article 929828.
Contributing
editor Susan Bradley points out, "The good guys have to go
through this stupid implementation of a KMS deployment because of bad
guys
abusing the system." She strongly feels that users should comply with
Microsoft's EULA provisions. "The operating system license has always
been
a one-machine install. ... Many of us forget the multiple-install rule
[for
Microsoft Office] since we are so used to the one license, one install
rule," she adds.
In its
TechNet documents, Microsoft recommends the repeated use of SkipRearm.
How many times is "multiple times"? My testing revealed that the
answer is, well, indefinite.
• On
a copy of Vista Ultimate that Microsoft released in New York City on Jan. 29, I found that changing SkipRearm
from 0 to 1 allowed the command slmgr -rearm to postpone Vista's activation deadline eight separate
times. After
that, changing the 0 to 1 had no effect, preventing slmgr -rearm
from
moving the deadline. The use of slmgr -rearm 3 times, plus
using SkipRearm
8 times would eliminate Vista's
activation nag
screens for about one year (12 periods of 30 days).
• On
a copy of the upgrade version of Vista
Home Premium that I bought in a retail store on Jan. 30, slmgr
-rearm
also worked 3 times and SkipRearm worked 8 times before losing
their
effect. This combination would, as with Vista Ultimate, permit a
one-year use
of Vista without nag screens
appearing.
• On
a copy of the full version of Vista
Home Premium that I bought in a retail store on Mar. 14, SkipRearm
had no effect on extending the use of slmgr -rearm at all. This
suggests
that Microsoft has slipstreamed a new version into stores, eliminating
the SkipRearm
feature in Vista Home. That could mean that changing the key from 0 to
1 will
now work only in the business editions of Vista — Business, Enterprise, and
Ultimate — so corporations
can use the loophole.
Where
is the usage count of slmgr -rearm stored? Where is the usage
count of SkipRearm stored? These bytes won't be hard for expert
users to
find. The use restrictions may be easily lifted. If so, this would
allow
crooked PC sellers to truly create machines that would never need
activation,
ever.
The financial impact of
SkipRearm on Microsoft
I'd like to
repeat here that I'm not advocating
that anyone use the above technique to violate Microsoft's EULA or
avoid paying
for Vista. Any company that used SkipRearm
to install Vista on multiple machines
for as
long as possible would have little defense against a surprise
inspection by the
Business Software
Alliance. This coalition of software makers, which includes
Microsoft, investigates reports of unlicensed software and obtains
warrants to
conduct audits.
As a
journalist, my job is to report the facts. SkipRearm was
specifically built into Vista to be
used.
Microsoft executives made Vista's
activation
overly complex and cumbersome. So the development team apparently
invented a
Registry key to lift the burden of Vista's
activation deadline, for at least a year and probably more.
The
technique is so powerful and basic, however, that hackers around the
world
may soon use the feature to install millions of extra copies of Vista without buying them. This could have a
major impact
on Microsoft's revenues. The company's employees and shareholders might
want to
be aware of this.
Product
activation does little or nothing to stop mass software piracy. It's
become so convoluted, the way Microsoft has implemented it, that it's
more of
an irritation to legitimate users than a worthwhile antipiracy measure.
In my
opinion, Microsoft should concentrate on legal action against true
pirates
instead of inventing more ways to drive honorable users bonkers.