Helping people with computers... one answer at a time.

Windows Product Activation, or WPA, is an anti-piracy measure that tries to ensure a product is only installed legitimately. But what does that mean?

A Microsoft page discussing Product Activation includes the following statement: "Product Activation works by verifying that a software program's product key has not been used on more personal computers than intended by the software's license."

How does activation of, say, WinXP differentiate between multiple installations on one PC (legitimate), compared to single installations on many PC's (pirating)? If I periodically reinstall WinXP on my PC from my legitimate install CD, will the activation process at some point think I'm pirating the software because of multiple re-installations?.

Actually Windows Product Activation is a tad more complex than that text from Microsoft would lead you to believe. There was a lot of concern when WPA was first announced that people wouldn't be able to activate, or re-activate, legitimate copies of Windows. So far that actually hasn't seemed to be the case.

Now, there are cases where WPA might wonder what you're up to ... but even then the process that follows is supposed to handle that case cleanly.

The missing piece of the Microsoft text is that WPA tries to identify your machine. In Microsoft's own Product Activation FAQ they include this cryptic comment:

Product key information, in the form of the product ID, is sent along with a "hardware hash" (a non-unique number generated from the PC's hardware configuration) to Microsoft's activation system during activation.

The key there is that "hardware hash", which is based on 10 hardware characteristics of your machine:

  • Display Adapter

  • SCSI Adapter

  • IDE Adapter

  • Network Adapter MAC Address

  • RAM Amount Range (i.e. 0-64mb, 64-128mb, etc)

  • Processor Type

  • Processor Serial Number

  • Hard Drive Device

  • Hard Drive Volume Serial Number


The bottom line is that WPA tries to form a of picture of your machine, something that will be unique to it, and it alone.

I believe that the hardware hash is one-way. Meaning that only a specific configuration of hardware can be used to generate the hash, but the hash that's generated cannot be used to identify the machine or its configuration. (In fact this one-way nature is a characteristic of the very concept of "hashes" in computer science.)

"While WPA was quite the topic when it was first introduced, my feeling is that it's now essentially a non-issue for legitimate users."

Now, when you activate your copy of Windows, the product ID and your hardware hash are sent to Microsoft. If your product ID has not yet been activated, the information is simply recorded. However, if your product ID has already been activated, then if the hardware hash is the same - meaning you're activating it on the same computer as before - then the activation is simply allowed. You can do this as many times as you like. Quoting the FAQ: "Activations on the same PC using the same product key are unlimited."

And you can probably guess that if your product ID has already been activated, but you're activating it on a completely different machine, the activation may not take. The scenario that Microsoft is concerned about is what they call "casual copying". You install Windows XP and activate it, then hand your CD and product key to your friend to install on a second machine. That's piracy, and is exactly what WPA is designed to prevent.

Now the issue that many people have raised is "what if I upgrade my hardware"?

Referring again to the FAQ, "Product Activation is able to tolerate a certain degree of change in a hardware configuration ...". It's difficult to quantify in readable terms exactly how much can be changed. But common changes such as simple upgrades will not cause an issue. The FAQ actually goes into a little more detail on this.

More wholesale changes, on the other hand, get interesting.

If WPA notices that "a lot" has changed (whatever "a lot" might mean), you may be prompted to activate by calling Microsoft. This might be the result of several changes to the previously activated machine, or by moving your installation to a completely new machine. I believe both are legitimate, but either may trigger that need to activate by phone.

While WPA was quite the topic when it was first introduced, my feeling is that it's now essentially a non-issue for legitimate users. It's been in use now for years and even though many expected it we haven't heard of widespread issues due to WPA. In fact the only people who appear to be affected are those intended to be: software pirates. And while as Microsoft says it's not a "silver bullet" is has made piracy somewhat more difficult while not impacting legitimate users terribly.

Important: Comments to this article which request activation codes or CDs will be deleted.

Article C2970 - March 22, 2007 « »

Leo Leo A. Notenboom has been playing with computers since he was required to take a programming class in 1976. An 18 year career as a programmer at Microsoft soon followed. After "retiring" in 2001, Leo started Ask Leo! in 2003 as a place for answers to common computer and technical questions. More about Leo.

Not what you needed?

March 22, 2007 11:38 AM

However, I understand that Vista's "Windows Genuine Advantage" has problems with "false positives". That is, claiming that legitimate copies are "not genuine".

Leo Notenboom
March 22, 2007 2:20 PM

Hash: SHA1

Thanks for that pointer. Note that the article also points out that there is a
fix for the problem.

Version: GnuPG v1.4.6 (MingW32)


Carl Goodwin
March 23, 2007 6:15 PM

Microsoft Flight Simulator X allows you to activate on 2 machines, and then they (Microsoft) say you have to go buy another copy, which will give you 2 more activations. I have activated my copy several times on the same machine, and not had a problem. I can't upgrade my machine anymore though, so my next activation will be my last, on my next machine. It will also probably be the last Microsoft program that I will purchase! Those Mac's are looking better and better every day! :)

March 26, 2007 2:47 AM

I'm one of those people who are forced to telephone Microsoft for a new key each time I reformat. No I'm not a pirate. I haven't upgraded the hardware. I haven't installed my copy of XP on any other machine. After formatting I get a message about I have exceeded the amount of times I can activate - or words to that effect.

I understand the need to combat piracy but this is simply a pain in the you know what.

James Nguyen
February 23, 2009 4:42 PM

Ok I just reformatted my computer and when I go to register it it tells me that it has already been registered but here is the catch I haven't done it.Why is it doing that and it tells me I have 29 or so many days to register it.Can you help me plz...

Comments on this entry are closed.

If you have a question, start by using the search box up at the top of the page - there's a very good chance that your question has already been answered on Ask Leo!.

If you don't find your answer, head out to to ask your question.