据国外媒体报道,日前,微软表示,盗版的Windows 7 RTM能够被转变为正版的合法软件,但是前提是这个平台原本就是正版的。
据了解,微软一共向用户提供了两项措施去使得盗版Windows7还原为正版软件。微软表示,前段时间,有一部分Windows 7用户反应,在他们登录Windows 7之后,收到了包含以下消息的Windows激活窗口:“Windows不是正版的,您的计算机可能无法运行盗版的Windows。0x80070005。”
在Windows7 RTM发布之前,笔者曾经通过MSDN账号下载了Windows 7旗舰版的RC版本进行试用,并从微软那里获得了一个正版的产品密匙。后来,我的Windows系统便出现了微软所述的状况:电脑桌面背景变为纯黑色,右下角的屏幕上出现以下错误信息:“这个Windows不是正版的”。
当笔者查看系统属性(控制面板/系统和安全/系统)的时候会收到如下信息:您必须对Winodws进行激活,立即激活Windows。而当笔者使用slmgr.vbs /dlv 去查看许可状态的时候,笔者收到如下信息:“错误:0x80070005 访问被拒绝:所请求的操作需提升特权。”
实际上,微软深知Windows7由正版变为盗版这个问题,并将其记录在微软支持中。然而,就笔者的角度来讲,Windows7是自动地由正版变为盗版的。在安装Windows 7 RC之后,笔者没有安装任何新的应用程序、没有搅乱注册表、没有玩组策略,但是在启动之后就会发现运行的是一个非正版Windows 7副本。
对此,微软解释道,之所以会发生这个问题,就是因为注册密匙 HKU\S-1-5-20中缺少权限。微软表示,网络服务账号必须对注册密匙具备完全的控制权和阅读密匙的权限。这种情况可能是套用即插即用组策略对象(GPO)的结果。
计算机配置/策略/Windows设置/安全设置/系统服务/即插即用(启动模式:自动)。显然地,授权服务是利用“即插即用”去攫取硬件的ID信息,以此将许可证绑定到计算机中。微软表示,这种设置可能会使得原本正版的激活的Windows 7变成盗版的。
目前,微软并没有发布更新去解决这个问题,甚至没有提供修复程序。不过,受到这个问题影响的消费者能够通过以下措施中的其中一个去解决这个问题,详细步骤如下:
方法A:禁用即插即用策略1、确定策略的源头:
a:在客户端遇到激活错误,通过单击开始、运行、输入
rsop.msc 命令去运行策略向导;
b:访问以下位置:计算机配置/策略/Windows设置/安全设置/系统服务;
如果即插即用服务是通过组策略设置进行配置的,您将会看到使用这个设置的组策略。
2、禁用组策略设置,重新应用组策略:
a、编辑步骤1中的组策略,将设置更改为“Not Defined”(没有定义),添加网络服务账户所需的权限;
b、重新命令行应用组策略:
gpupdate /force;
方法B:修改组策略的权限; 1、打开A方法步骤1中的组策略,打开相应的组策略设置;
2、点击编辑安全按钮,然后点击高级按钮;
3、在高级安全设置的即插即用窗口中,点击添加,然后添加服务账号,最后单击确定即可;
4、在允许区域中选择以下的权限,然后单击确定:
查询模板、查询状态、枚举从属单元、用户定义控制、读取权限
注:原本的权限是所需的最低权限
5、在组策略设置中应用以前的权限后,命令行运行gpupdate /force;
6、确认使用以下命令应用适当的权限:sc sdshow plugplay;
以下是SDDL即插即用服务中的权限:
D:(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;SY)
(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)
(A;;CCLCSWLOCRRC;;;IU)
(A;;CCLCSWLOCRRC;;;SU)
S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)
(A;;CC LC SW LO CR RC ;;;SU is an Access Control Entry (ACE) that allows the following rights to "SU" (SDDL_SERVICE – Service logon user)
A: Access Allowed(允许访问)
CC: Create Child (创建子)
LC: List Children (列举子)
SW: Self Write
LO: List Object(列举对象)
CR: Control Access (控制访问)
RC: Read Control (阅读控制)
SU: Service Logon User(服务登录用户)
完成上述操作后,启动注册表编辑器,右击注册表项 HKEY_USERS\S-1-5-20,然后选择权限。如果网络服务不存在,单击添加,输入对象名称去选择键入网络服务,然后点击查看名称和确定。选择网络服务、授予完全控制和读取权限,重启电脑。重启之后,系统可能会需要激活,然后完成激活之后,原本盗版的Windows7就被还原成正版了。
软媒特别提供英文原文如下:
Make “Pirated” Windows 7 RTM Genuine
Provided that Windows was genuine in the first place
Pirated copies of Windows 7 RTM can be turned fully genuine, according to Microsoft, but only if the platform was genuine to begin with. The Redmond company has documented two workarounds designed to allow customers to save their copy of Windows, provided that Windows 7 managed to go rogue. According to the software giant, users of the latest iteration of the Windows client have reported that immediately after log on, they were presented with a Windows Activation window featuring the following message: “Windows is not genuine. Your computer might not be running a counterfeit copy of Windows. 0x80070005.”
On a small side note, this has actually happened to me on a Release Candidate build of Windows 7 Ultimate downloaded from my MSDN account and activated with one of the product keys from Microsoft. In this regard, I can confirm the symptoms enumerated by Microsoft, including “the computer desktop background is black, and you receive the following error message on the bottom right corner of the screen: “This copy of Windows is not genuine.” You receive the following error message when you view the System Properties: (Control Panel / System and Security / System): “You must activate today. Activate Windows now.” If you try to use slmgr.vbs /dlv to view the licensing status, you receive the following message: Error: 0x80070005 Access denied: the requested action requires elevated privileges.”
The Redmond company is well aware of the problem and even documented it on Microsoft Support. However, in my case, Windows 7 went pirate all on its own. I hadn’t installed any new applications, hadn’t messed around with the registry, and didn’t play with Group Policy, since this was my home machine. I simply shut the computer down only to find it running a non-Genuine copy of Windows 7. However, all I had to do was restart my Windows 7 machine, and all was well.
Microsoft explained that the issue documented is cause by a lack of permissions in the registry key HKU\S-1-5-20. “The Network Service account must have full control and read permissions over that registry key. This situation may be the result of applying a Plug and Play Group Policy object (GPO). Computer Configuration / Policies / Windows Settings /Security Settings / System Services / Plug and Play (Startup Mode: Automatic),” the company stated.
Apparently, the Licensing service leverages Plug and Play in order to grab hardware ID information. In doing so, it ties the license to the computer. According to Microsoft, such a setting is capable of generating an exception which can throw a genuine, and previously activated copy of Windows 7 out of tolerance.
Microsoft doesn’t have an update designed to resolve the issue, and is not even offering a hotfix. Still, customers affected by this issue can turn to one of two workarounds detailed by the Redmond company, which have been included below:
"Method A: Disable the Plug and Play Policy
1. Determine the source of the policy . To do this, follow these steps:
a. On the client experiencing the Activation error, run the Resultant Set of Policy wizard by clicking Start, Run and entering rsop.msc as the command.
b. Visit the following location: Computer Configuration / Policies / Windows Settings /Security Settings / System Services /
If the Plug and Play service is configured through a Group Policy setting, you see it here with settings other than Not Defined. Additionally, you can see which Group Policy is applying this setting.
2. Disable the Group Policy settings and force the Group Policy to be reapplied.
a. Edit the Group Policy that is identified in Step 1 and change the setting to “Not Defined.” Or, follow the section below to add the required permissions for the Network Service account.
b. Force the Group Policy setting to reapply: gpupdate /force (a restart of the client is sometimes required)
Method B: Edit the permissions of the Group Policy:
1. Open the Group Policy that is identified in Method A, Step 1 above, and open the corresponding Group Policy setting.
2. Click the Edit Security button, and then click the Advanced button.
3. In the Advanced Security Settings for Plug and Play window click Add and then add the SERVICE account. Then, click OK
4. Select the following permissions in the Allow section and then click OK:
Query template
Query status
Enumerate dependents
Interrogate
User-defined control
Read permissions
Note: The Previous rights are the minimum required permissions.
5. Run gpupdate /force after you apply the previous permissions to the Group Policy setting.
6. Verify that the appropriate permissions are applied with the following command:
sc sdshow plugplay
The following are the rights applied to the Plug and Play service in SDDL:
D:(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;SY)
(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)
(A;;CCLCSWLOCRRC;;;IU)
(A;;CCLCSWLOCRRC;;;SU)
S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)
(A;;CC LC SW LO CR RC ;;;SU is an Access Control Entry (ACE) that allows the following rights to "SU" (SDDL_SERVICE – Service logon user)
A: Access Allowed
CC: Create Child
LC: List Children
SW: Self Write
LO: List Object
CR: Control Access
RC: Read Control
SU: Service Logon User
Note: If there are no GPO's in place, then another activity may have changed the default registry permissions. To work around this issue, perform the following steps:
On the computer that is out of tolerance, start Registry Editor.
Right-click the registry key HKEY_USERS\S-1-5-20, and select Permissions...
If the NETWORK SERVICE is not present, click Add...
In Enter the object names to select type Network Service and then click Check Names and OK.
Select the NETWORK SERVICE and Grant Full Control and Read permissions.
Restart the computer.
After the restart, the system may require activation. Complete the activation."