Puneet Varma (Editor)

Microsoft Product Activation

Updated on
Edit
Like
Comment
Share on FacebookTweet on TwitterShare on LinkedInShare on Reddit

Microsoft Product Activation is a DRM technology used by Microsoft Corporation in several of its computer software programs, most notably its Windows operating system and its Office productivity suite. The procedure enforces compliance with the program's end-user license agreement by transmitting information about both the product key used to install the program and the user's computer hardware to Microsoft, inhibiting or completely preventing the use of the program until the validity of its license is confirmed.

Contents

The procedure has been met with significant criticism by many consumers, technical analysts and computer experts, who argue that it is poorly designed, highly inconvenient and ultimately does nothing to prevent software piracy. The process has been successfully circumvented on multiple occasions.

Before activation

When installing a retail copy of Windows or Office, the user is asked to input a unique product key supplied on a certificate of authenticity included with the program, which is later verified during activation. Immediate activation is not required following installation, but the program must be activated within a specific period of time in order to continue to function properly. Throughout this grace period, the user will be periodically reminded to activate the program, with warnings becoming more frequent over time.

Certain versions of Windows and Office are available under a volume license, where a single product key is used for multiple installations. Programs purchased under this license must still be activated, with the exception of Windows XP and all versions of Office released prior to Office 2010. Businesses using this licensing system have the option of using Microsoft's activation servers or creating and managing their own.

If Windows is pre-installed on a computer by an original equipment manufacturer (OEM), the operating system is automatically activated without the need for interaction from the user. In this case, the copy of Windows installed does not use the product key listed on the certificate of authenticity, but rather a master product key issued to OEMs called a System Locked Pre-installation (SLP) key. On each boot, Windows confirms the presence of specific information stored in the BIOS by the manufacturer, ensuring the activation only remains valid on that computer, even if the product key is used on another machine.

After grace period

If activation is not performed within the grace period or fails because of an illegal or invalid product key, the following restrictions will be imposed on the user:

  • In Windows XP, Windows Server 2003, and Windows Server 2003 R2, after a grace period of 30 days, the operating system cannot be used at all until the activation process is completed successfully.
  • In Windows Vista RTM, after a grace period of 30 days, the operating system will boot only into a reduced functionality mode. The reduced functionality varies based on whether the operating system is simply out of grace or has undergone a failed activation. In the former case, built-in games and premium features like Windows Aero are disabled, and the system is rebooted every hour; in the latter case, certain premium features are disabled and some content is not available from Windows Update.
  • In Windows Vista SP1, Windows Vista SP2, Windows 7, Windows Server 2008, and Windows Server 2008 R2, after a grace period of 30 days (60 days for Windows Server 2008), the operating system will add a text message in the bottom-right hand corner of the screen stating that the copy of Windows in question is not valid, set the desktop background to black, allow only critical and security updates to be downloaded from Windows Update and give periodic reminders to activate the operating system. However, the operating system otherwise functions normally.
  • In Windows 8, Windows 8.1, Windows 10, Windows Server 2012, Windows Server 2012 R2, and Windows Server 2016, the 30-day grace period has been removed. If the operating system is not activated, there is a watermark showing the edition of Windows (although it does not show to activate) on desktop, personalization features (in PC settings [simply Settings in Windows 10], it is located under Personalize in Windows 8, under PC & devices > Lock screen in Windows 8.1, and under Personalization in Windows 10) are disabled. Entire Screen notification appears periodically, roughly once in 6 hours. However, the operating system otherwise functions normally.
  • In Office XP, Office 2003, Office 2007, Office 2010, and Office 2013, after a grace period of 30–60 days for Office 2010 and 14–60 days in Office 2013 or opening the program 25 times for Office 2007 and 50 times for Office 2003 and XP, the programs will enter a reduced functionality mode, where files can be viewed but not edited.

    • When activation takes place, the program saves a record of the verification data in the user's computer. If the system is booted up with significant hardware changes, the application will likely require reactivation to prevent the same copy of the program being installed on two different systems.

    On Windows 10, the activation process can also generate a "digital entitlement", which allows the operating system's hardware and license status to be saved to the activation servers, so that the operating system's license can automatically be restored after a clean installation without the need to enter a product key.

    During activation

    Activation is performed with a utility supplied with Windows and Office called the Activation Wizard. It can be performed either over the Internet or by telephone. When activating over the Internet, the Activation Wizard automatically transmits and receives verification data to and from Microsoft servers, completing the process without any interaction by the user. Activation by telephone requires that a user and a Microsoft agent verbally exchange activation information. In this case, an installation ID is generated, which is then read to the agent. The agent verifies the information and replies with a confirmation ID, which is then typed into the Activation Wizard.

    The Activation Wizard generates verification data primarily based on information about hardware in the computer. In Windows XP, information about the following eight categories of hardware is included:

  • Display adapter
  • SCSI adapter
  • IDE adapter
  • Network adapter MAC address
  • RAM amount range (e.g. 0-512 MB)
  • Processor type and serial number
  • Hard drive device and volume serial number
  • Optical drive (e.g. DVD-ROM)

    • The verification data is also based on the product key entered during activation. In some cases, the product key is checked against a list of known illegally distributed keys.

    Certain retail copies of Windows and Office sold in certain countries classified as emerging markets have geographical activation restrictions, which only allow the user to activate the product within the indicated region.

    After activation

    If activation completes successfully, the user can continue to use the application without any further issues or impediments.

    Usage

    The following tables illustrate the usage of product activation throughout Microsoft software, specifying whether the programs can be equipped with retail or volume licensing activation as well as geographical activation restrictions.

    Criticism

    While Microsoft says that product activation benefits consumers by allowing Microsoft to produce higher quality software, it has nevertheless received much criticism regarding its design and implementation, effectiveness at stopping piracy and respect of privacy rights. For instance, during the development of Windows XP, beta testers strongly criticized the introduction of product activation, particularly because a change in computer hardware required re-activation. Ken Fischer at Ars Technica questioned whether activation would ultimately be effective in stopping piracy, stating that while casual computer users would be affected, he would "be a fool to think that someone out there won't find a way to break this whole thing." Dave Wilson, a technology columnist at the Los Angeles Times, describes activation as "just another example of a rapacious monopolist abusing computer users who are helpless to do anything about it." He too believed that the system would not have "any significant effect on professional pirates." Fred Langa at InformationWeek, with reference to the transmission of hardware information during activation, stated that "many users are incensed at this level of monitoring, intrusion, and control by Microsoft." Finally, Dr. Cyrus Peikari and Seth Fogie, security consultants, considered product activation to be "hostile both to privacy and to human dignity."

    Others defend Microsoft's use of product activation. The Harrison Group, a market research firm, conducted a study sponsored by Microsoft in 2011 illustrating that computers running activated versions of Windows software were on average 50% faster than their pirated counterparts. The group concluded by stating that users of genuine Microsoft products ultimately receive superior performance while counterfeit users are susceptible to security issues and lost productivity. Fully Licensed GmbH, a developer of digital rights management technology, while criticizing Microsoft for being vague about the nature of information sent from a given computer during activation, nevertheless concluded that activation is not particularly intrusive and does not significantly violate privacy.

    Microsoft Product Activation has also been criticized on multiple occasions for violating patent law. In 2006, Microsoft was required to pay $142 million to z4 Technologies for infringing on a product activation patent, while in 2009 Microsoft was ordered to pay $388 million to Uniloc for patent infringement in product activation in Windows XP, Office XP and Windows Server 2003.

    Circumvention

    Microsoft Product Activation has been cracked or circumvented on numerous occasions since it was introduced in 2001. In 2001, a UK security company called Bit Arts successfully managed to bypass product activation on Windows XP, while in 2003, volume license keys for Windows XP were leaked to the public, allowing users who had not purchased a volume license to the operating system to bypass activation. In 2009, several security flaws in Windows 7 were used by hackers to circumvent activation.

    Since the introduction of Windows Vista, most attempts at circumvention of product activation have focused on using leaked SLP product keys and BIOS information used by OEMs to preactivate Windows. In 2007, a circumvention measure was developed for Windows Vista by warez-group Paradox that simulates the BIOS, allowing leaked SLP information to be fed to the operating system, bypassing activation. In 2009, SLP product keys and certificate information for Windows 7 were leaked to the public, allowing the BIOS to be reconfigured to bypass activation.

    References

    Microsoft Product Activation Wikipedia
    (Text) CC BY-SA