Helping people with computers... one answer at a time.
Windows Product Activation, or WPA, is an anti-piracy measure that tries to ensure a product is only installed legitimately. But what does that mean?
A Microsoft page discussing Product Activation includes the following statement: "Product Activation works by verifying that a software program's product key has not been used on more personal computers than intended by the software's license."
How does activation of, say, WinXP differentiate between multiple installations on one PC (legitimate), compared to single installations on many PC's (pirating)? If I periodically reinstall WinXP on my PC from my legitimate install CD, will the activation process at some point think I'm pirating the software because of multiple re-installations?.
Actually Windows Product Activation is a tad more complex than that text from Microsoft would lead you to believe. There was a lot of concern when WPA was first announced that people wouldn't be able to activate, or re-activate, legitimate copies of Windows. So far that actually hasn't seemed to be the case.
Now, there are cases where WPA might wonder what you're up to ... but even then the process that follows is supposed to handle that case cleanly.
The missing piece of the Microsoft text is that WPA tries to identify your machine. In Microsoft's own Product Activation FAQ they include this cryptic comment:
Product key information, in the form of the product ID, is sent along with a "hardware hash" (a non-unique number generated from the PC's hardware configuration) to Microsoft's activation system during activation.
The key there is that "hardware hash", which is based on 10 hardware characteristics of your machine:
Network Adapter MAC Address
RAM Amount Range (i.e. 0-64mb, 64-128mb, etc)
Processor Serial Number
Hard Drive Device
Hard Drive Volume Serial Number
The bottom line is that WPA tries to form a of picture of your machine, something that will be unique to it, and it alone.
I believe that the hardware hash is one-way. Meaning that only a specific configuration of hardware can be used to generate the hash, but the hash that's generated cannot be used to identify the machine or its configuration. (In fact this one-way nature is a characteristic of the very concept of "hashes" in computer science.)
Now, when you activate your copy of Windows, the product ID and your hardware hash are sent to Microsoft. If your product ID has not yet been activated, the information is simply recorded. However, if your product ID has already been activated, then if the hardware hash is the same - meaning you're activating it on the same computer as before - then the activation is simply allowed. You can do this as many times as you like. Quoting the FAQ: "Activations on the same PC using the same product key are unlimited."
And you can probably guess that if your product ID has already been activated, but you're activating it on a completely different machine, the activation may not take. The scenario that Microsoft is concerned about is what they call "casual copying". You install Windows XP and activate it, then hand your CD and product key to your friend to install on a second machine. That's piracy, and is exactly what WPA is designed to prevent.
Now the issue that many people have raised is "what if I upgrade my hardware"?
Referring again to the FAQ, "Product Activation is able to tolerate a certain degree of change in a hardware configuration ...". It's difficult to quantify in readable terms exactly how much can be changed. But common changes such as simple upgrades will not cause an issue. The FAQ actually goes into a little more detail on this.
More wholesale changes, on the other hand, get interesting.
If WPA notices that "a lot" has changed (whatever "a lot" might mean), you may be prompted to activate by calling Microsoft. This might be the result of several changes to the previously activated machine, or by moving your installation to a completely new machine. I believe both are legitimate, but either may trigger that need to activate by phone.
While WPA was quite the topic when it was first introduced, my feeling is that it's now essentially a non-issue for legitimate users. It's been in use now for years and even though many expected it we haven't heard of widespread issues due to WPA. In fact the only people who appear to be affected are those intended to be: software pirates. And while as Microsoft says it's not a "silver bullet" is has made piracy somewhat more difficult while not impacting legitimate users terribly.
Important: Comments to this article which request activation codes or CDs will be deleted.