Re: Recovering the activation key from a Win2K installation

From: Bryan Allerdice (bryanat_private)
Date: Wed Jun 27 2001 - 06:12:27 PDT

Next message: Meritt James: "Re: Valid characters on one o/s are invalid on another"

Previous message: Steven Evans: "RE: Recovering the activation key from a Win2K installation"
In reply to: George Bolton: "Re: Recovering the activation key from a Win2K installation"
Next in thread: meiso: "Re: Recovering the activation key from a Win2K installation"
Next in thread: Zow: "Re: Recovering the activation key from a Win2K installation"
Next in thread: Alexander Sarras (SEA): "RE: Valid characters on one o/s are invalid on another"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

I'm running WIN2K Server and see a key called ProductId rather than
ProductKey in both HKLM\Software\Microsoft\Windows\CurrentVersion and
HKLM\Software\Microsoft\Windows NT\CurrentVersion, and the number there
isn't the CDKEY, it's the registration number that pops up in a little
window during installation just after you enter a CDKEY, name and business -
It's the one you're supposed to write down incase you need support.

I don't think that you can find the CDKEY in the registry for WIN2K. Your
advice for 95 and 98 is right though - haven't touched ME so I can't confirm
your advice there.

BRYAN

----- Original Message -----
From: "George Bolton" <george.boltonat_private>
To: <vuln-devat_private>
Sent: Tuesday, June 26, 2001 11:27 AM
Subject: Re: Recovering the activation key from a Win2K installation


> Short answer:  You're right.
>
> Product ID keys can be recovered from the registry quite quickly.  I've
> looked at this directly for Windows 95, 98, ME and 2kPro.  Can't speak
with
> authority on NT4 as I've not got one to hand.
>
> Please excuse the step-by-step here.  Not wishing to question your
> expertise, but is you're not familiar with the registry then it can become
> quite a minefield.  Careless editing of the registry can cause serious
> problems, so please be careful not to modify things, just look around.
>
> From your Start Menu, choose Run, then type REGEDIT in the box and click
OK.
>
> You will see the Registry Editor start, it looks a bit like an Explorer
> window.  On the left are the keys, on the right is the data.  The registry
> can be navigated in much the same way that Explorer can, for example when
> you see a little + sign next to a folder, click on it and the subfolders
> will be displayed, select it and the contents of the folder will be shown
in
> the right hand pane.
>
> For Windows 95, navigate to
> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion and look for
an
> entry in the right pane called "ProductId"
>
> In Windows 98 and ME, navigate to
> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion and look for
an
> entry called "ProductKey"
>
> In Windows 2000, there are in fact two entries, both called "ProductKey",
> one under HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion and
> another in HKEY_LOCAL_MACHINE\Software\Microsoft\WinNT\CurrentVersion.
> Presumably the reason for the second entry is for backward compatibility,
> but I'm not sure.
>
>
> A way of introducing a limited form of protection for your key would be to
> create a Windows policy which prevents access to the registry editor by
all
> bar the administrative users.  However, you should note that there are a
> number of quick and easy ways of getting around Windows' Policies.  There
> are many pieces of software on the market that will assist you in this,
> should you wish to go down that road.  I have used "S to Infinity" from
> Winvista with a great deal of success, but I'm sure that others will be
able
> to pass recommendations as well.
>
> Regards
>
> George Bolton
> Network & Communications Manager
> Digital Cinema Advertising Ltd
> T +44 (0) 7050 697394
> F +44 (0) 7050 665295
>
>
>
> ----- Original Message -----
> From: "Juan M. Courcoul" <courcoulat_private>
> To: "Vuln-Dev" <VULN-DEVat_private>
> Sent: Monday, June 25, 2001 6:28 PM
> Subject: Recovering the activation key from a Win2K installation
>
>
> > Please bear with me, as I only pretend to have a limited knowledge of
> > Windows internals enough to survive its use.
> >
> > A discussion arose as to the security of Windows 2000's activation key,
> > aka the CD or Product Key. A colleague who handles Win2K installations
> > insisted that once you have keyed in the 29-character string and
> > activated the OS during a full new install, it is unrecoverable and
> > hence safe to install in student labs, etc., without the risk of
> > compromising the corporate license. She went so far as to claim that
> > even a user with Administrator privileges couldn't get it back.
> >
> > My gut feeling is that this is bull and constitutes a prime example of
> > "assumed security thru ignorance".
> >
> > Would you kind Windows gurus please tell me who's got it right this time
?
> >
> > J. Courcoul
> >
>

Next message: Meritt James: "Re: Valid characters on one o/s are invalid on another"
Previous message: Steven Evans: "RE: Recovering the activation key from a Win2K installation"
In reply to: George Bolton: "Re: Recovering the activation key from a Win2K installation"
Next in thread: meiso: "Re: Recovering the activation key from a Win2K installation"
Next in thread: Zow: "Re: Recovering the activation key from a Win2K installation"
Next in thread: Alexander Sarras (SEA): "RE: Valid characters on one o/s are invalid on another"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Wed Jun 27 2001 - 08:56:02 PDT