Make “Pirated” Windows 7 RTM Genuine

Provided that Windows was genuine in the first place

By on January 14th, 2010 15:43 GMT
Pirated copies of Windows 7 RTM can be turned fully genuine, according to Microsoft, but only if the platform was genuine to begin with. The Redmond company has documented two workarounds designed to allow customers to save their copy of Windows, provided that Windows 7 managed to go rogue. According to the software giant, users of the latest iteration of the Windows client have reported that immediately after log on, they were presented with a Windows Activation window featuring the following message: “Windows is not genuine. Your computer might not be running a counterfeit copy of Windows. 0x80070005.”

On a small side note, this has actually happened to me on a Release Candidate build of Windows 7 Ultimate downloaded from my MSDN account and activated with one of the product keys from Microsoft. In this regard, I can confirm the symptoms enumerated by Microsoft, including “the computer desktop background is black, and you receive the following error message on the bottom right corner of the screen: “This copy of Windows is not genuine.” You receive the following error message when you view the System Properties: (Control Panel / System and Security / System): “You must activate today. Activate Windows now.” If you try to use slmgr.vbs /dlv to view the licensing status, you receive the following message: Error: 0x80070005 Access denied: the requested action requires elevated privileges.”

The Redmond company is well aware of the problem and even documented it on Microsoft Support. However, in my case, Windows 7 went pirate all on its own. I hadn’t installed any new applications, hadn’t messed around with the registry, and didn’t play with Group Policy, since this was my home machine. I simply shut the computer down only to find it running a non-Genuine copy of Windows 7. However, all I had to do was restart my Windows 7 machine, and all was well.

Microsoft explained that the issue documented is cause by a lack of permissions in the registry key HKU\S-1-5-20. “The Network Service account must have full control and read permissions over that registry key. This situation may be the result of applying a Plug and Play Group Policy object (GPO). Computer Configuration / Policies / Windows Settings /Security Settings / System Services / Plug and Play (Startup Mode: Automatic),” the company stated.

Apparently, the Licensing service leverages Plug and Play in order to grab hardware ID information. In doing so, it ties the license to the computer. According to Microsoft, such a setting is capable of generating an exception which can throw a genuine, and previously activated copy of Windows 7 out of tolerance.

Microsoft doesn’t have an update designed to resolve the issue, and is not even offering a hotfix. Still, customers affected by this issue can turn to one of two workarounds detailed by the Redmond company, which have been included below:

"Method A: Disable the Plug and Play Policy

1. Determine the source of the policy . To do this, follow these steps:

a. On the client experiencing the Activation error, run the Resultant Set of Policy wizard by clicking Start, Run and entering rsop.msc as the command.
b. Visit the following location: Computer Configuration / Policies / Windows Settings /Security Settings / System Services /

If the Plug and Play service is configured through a Group Policy setting, you see it here with settings other than Not Defined. Additionally, you can see which Group Policy is applying this setting.
2. Disable the Group Policy settings and force the Group Policy to be reapplied.

a. Edit the Group Policy that is identified in Step 1 and change the setting to “Not Defined.” Or, follow the section below to add the required permissions for the Network Service account.
b. Force the Group Policy setting to reapply: gpupdate /force (a restart of the client is sometimes required)


Method B: Edit the permissions of the Group Policy:

1. Open the Group Policy that is identified in Method A, Step 1 above, and open the corresponding Group Policy setting.
2. Click the Edit Security button, and then click the Advanced button.
3. In the Advanced Security Settings for Plug and Play window click Add and then add the SERVICE account. Then, click OK
4. Select the following permissions in the Allow section and then click OK:

Query template
Query status
Enumerate dependents
Interrogate
User-defined control
Read permissions

Note: The Previous rights are the minimum required permissions.

5. Run gpupdate /force after you apply the previous permissions to the Group Policy setting.

6. Verify that the appropriate permissions are applied with the following command:

sc sdshow plugplay

The following are the rights applied to the Plug and Play service in SDDL:

D:(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;SY)
(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)
(A;;CCLCSWLOCRRC;;;IU)
(A;;CCLCSWLOCRRC;;;SU)
S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)

(A;;CC LC SW LO CR RC ;;;SU is an Access Control Entry (ACE) that allows the following rights to "SU" (SDDL_SERVICE – Service logon user)

A: Access Allowed
CC: Create Child
LC: List Children
SW: Self Write
LO: List Object
CR: Control Access
RC: Read Control
SU: Service Logon User

Note: If there are no GPO's in place, then another activity may have changed the default registry permissions. To work around this issue, perform the following steps:

On the computer that is out of tolerance, start Registry Editor.
Right-click the registry key HKEY_USERS\S-1-5-20, and select Permissions...
If the NETWORK SERVICE is not present, click Add...
In Enter the object names to select type Network Service and then click Check Names and OK.
Select the NETWORK SERVICE and Grant Full Control and Read permissions.
Restart the computer.
After the restart, the system may require activation. Complete the activation."

3 Comments