See here for an interesting article on the subject of cr@pware. According to the author "...The weakest link in the PC ecosystem is, without a doubt, the one right before the hardware reaches your desk...".
Before proceeding it's worth discussing Microsoft Product Activation. See here for an article on Technical Details on Microsoft Product Activation for Windows XP - it's well worth reading and much of it also applies to Windows 7. Some gems from this article -
The majority of customers acquire Windows with the purchase of a new computer, and most new computers pre-loaded with Windows XP will not require activation at all. Microsoft provides OEMs with the ability to "pre-activate" Windows XP in the factory and estimates that upwards of 80% of all new PCs will be delivered to the customer pre-activated.
Some OEMs may protect Windows XP using a mechanism which locks the installation to OEM-specified BIOS information in the PC.
Successfully implemented, SLP uses information stored in an OEM PC's BIOS to protect the installation from casual piracy. No communication by the end customer to Microsoft is required and no hardware hash is created or necessary. At boot, Windows XP compares the PC's BIOS to the SLP information. If it matches, no activation is required.
Every single piece of hardware could be changed on a PC with SLP and no reactivation would be required — even the motherboard could be replaced as long as the replacement motherboard was original equipment manufactured by the OEM and retained the proper BIOS.
The method below has been tested with Windows 7 but should also apply to Windows Vista/2008, as these products all use similar OEM product activation. I have not been able to test this method with Vista or 2008 due to hardware (and software) restrictions - my Samsung NC10 netbook runs Windows 7 fine, but will not work with Vista and I don't have a copy of Windows 2008 to test.
This topic might fall into grey areas in terms of legalities. I would like to make it clear that although some of the information can potentially be abused to help circumvent Windows product activation, I am not advocating any form of piracy.
During the past few years I have noticed an increase in the amount of cr@p that OEM's bundle with new computers. Some of these systems are, to me, almost unusable as a consequence. My first task on purchasing any computer is to remove all of the cr@pware so that I have a clean working system. Some people use the Add/Remove Program features of Windows to complete this task, however in my experience uninstalling a program does not always remove all trace of it. It can also take longer to remove bundled software than to do a clean Windows installation - try uninstalling a Microsoft Office Suite trial for fun!
I prefer a more drastic approach, but like to retain the benefits of OEM product activation. The method I will detail in this post will only work if your computer users the System Locked Pre-installation (SLP) method of activation. A SLP BIOS contains information that is used to automatically activate Windows so that online (or telephone) product activation is not required. I have no intention of discussing how to add this information to a BIOS that does not already contain it - any requests regarding this will be ignored and hopefully deleted. If you purchased your computer from a major OEM (including Acer, Asus, Dell, HP, Samsung, Sony, etc) then there is a very good chance that it uses a form of SLP - whether this be version 1.0 (Windows XP/2003), 2.0 (Vista/Server 2008) or 2.1 (7/Server 2008 R2 - backwards compatible with Vista/Server 2008).
SLP 2.* activation requires three separate components -
- SLIC (Software LICensing) description table in BIOS
- Digital OEM Certificate (*.xrm-ms) - must match information in the SLIC description table
- OEM Product Key
The Product Key on the Certificate of Authenticity (COA) attached to an OEM system is not necessarily the key used to activate the computer if SLP activation is used. To find the SLP Product Key, use a keyfinder (e.g. Magical Jellybean, System Information Windows, etc).
To obtain the OEM certificate extract it using a hex editor (see below). These steps must be completed before installing your clean version of Windows.
I recommend that you take a backup of your system before attempting this tutorial. I'd hate for you to go through these steps to find that your system doesn't actually use SLP activation - having already wiped your working (activated) OEM installation. There are loads of system backup methods including paid and freeware - e.g. Ghost, DriveimageXML, Drive Snapshot. See Jamal's Image your System and Forget about Formatting – Period! for one method of backing up the system.
Checking the BIOS for SLIC information
AIDA64 can be used to check if your BIOS contains SLIC information - download from here. The limited functionality trial version can be used. Start AIDA64 and check Motherboard > ACPI > SLIC to see if a SLIC description table is present in your BIOS. This will display the SLP version used on your system (e.g. 2.0/2.1).
NOTE - The presence of a SLIC description table does not necessarily mean that your computer uses SLP activation - hence my suggestion to back up your system.
Remember to find your license key
As previously stated, the Product Key on the Certificate of Authenticity (COA) attached to an OEM system is not necessarily the key used to activate the computer if SLP activation is used. To find the SLP Product Key, use a keyfinder (e.g. Magical Jellybean, System Information Windows, etc).
Extrating the OEM Certificate (.xrm-ms)
To extract the Digital OEM Certificate you will need to find tokens.dat - this file should be in the Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareLicensing directory (or possibly the same path but SoftwareProtectionPlatform folder). I usually copy this file using WinPE, however it can be copied from a live system - you will have to ensure that hidden folders are displayed. Copy tokens.dat - e.g. to C:\tokens.dat.
1 - Open C:\tokens.dat in a hex editor - I have used the excellent tinyhexer.
2 - Search for text OEM Certificate (Ctrl+F, select/tick the Find Text and Ignore case boxes and click on Find).
3 - Manually scroll upwards and locate the text <? xml version= " 1.0 " encoding= " utf-8 "? > proceeding the OEM Certificate string located in step 2.
4 - Now manually scroll down and find the text string </r:license> directly following the OEM Certificate string located in step 2.
5 - Now highlight from (and including) <? xml version= " 1.0 " encoding= " utf-8 "? > (step 3) to </r:license> (step 4)
6 - Copy the highlighted text (Edit > Copy)
7 - Paste into a new file (File > New, followed by Edit > Paste)
8 - Now save as oemcert.xrm-ms file (File > Save)
NOTE - I managed to obtain over 40 OEM certificates (via google) to check for a common size. All of the SLP 2.1 certificates I obtained were 2731 bytes in size.
Installing Windows and (Re)activating
This is where things can get a bit controversial, as you will probably require a retail disc to complete the steps below. OEM's rarely provide optical media these days, as recovery partitions are used instead. In the days when OEM's did provide optical media it was rarely a proper Windows disc anyway. If you do not have access to a copy of your edition of Windows you won't be able to proceed. Digital River provide downloads on behalf of Microsoft and are seen as a safe source of Media - don't ask for any direct links here though.
Is it legal to install from a retail disc and then convert to OEM after installation? I'm honestly not sure as there are a lot of myths floating around the net and various interpretations of the EULA. I do know that an OEM license is restricted to the computer that was purchased and is not transferable, however this does not apply here.
I am not going to cover the installation here as there are numerous guides out there.
Once Windows has been installed, use the following batch file (run as admin) to (re)activate using the Extracted OEM Certificate and SLP product key taken from your working OEM system (edit the path to your oemcert.xrm-ms file and change the product key) -
@ECHO OFF setlocal SET CERT=OEM.XRM-MS SET KEY=#####-#####-#####-#####-##### :_run cls echo. echo. echo Select one of the following options - echo. echo 1] Activate echo 2] Check activation status echo 3] Abort echo. set choice= set /p choice=Type option [1 - 3] and press ENTER. if '%choice%'=='1' goto _activate if '%choice%'=='2' goto _check if '%choice%'=='3' goto _end goto _run :_activate cls %SYSTEMROOT%\System32\SLMGR.VBS -ilc %CERT% %SYSTEMROOT%\System32\SLMGR.VBS -ipk %KEY% goto _end :_check cls %SYSTEMROOT%\System32\SLMGR.VBS -dlv goto _end :_end endlocal echo. echo. pause