Registry Key or Files to detect bootleg copy of Windows?

USSteel
USSteel used Ask the Experts™
on
I'm interested in blocking VPN connections from pirated copies of Windows.

Are there any files or registry keys I could search for on a client to indicate a copy of Windows hasn't been activated or has failed the Windows Genuine Authentication?
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Best to run the following to check lic status

Slmgr -dli

Author

Commented:
Hmm, I'll take a look at that and see if it works.

I'm using Cisco's ASA for VPN.  There is an endpoint assessment portion of the client that can do basic checks for files, registry keys, etc.

I'm trying to evaluate if some of the features I am desiring (like evaluating if the OS is pirated) are available using the basic endpoint assessment.
Top Expert 2016
Commented:
I'm interested in blocking VPN connections from pirated copies of Windows.

Are there any files or registry keys I could search for on a client to indicate a copy of Windows hasn't been activated or has failed the Windows Genuine Authentication?


Just because the copy of windows is not activated does not mean nor imply that it is pirated. It could be a new roll out where the minimum of 25 installations has not been reached for KMS activation at a point in time. Microsoft itself issues trial software with different trial periods 30 days-180 days.

Even Microsoft has problems with WGA a slight mistake in the coding could result in a huge amount of mis-identification. Microsoft itself had this problem and it is their code checking their code.

If someone uses slic tables or a slic boot only if you check the oem id against the bios itself will you know if the machine MIGHT be running an unauthorized copy.

If you were to keep a table of the installation id or the actual product keys then even this is prone to problems.  For instance, all Dell machines of a specific model on a particular day have the EXACT same product key installed at the factory and this product key does not match the Genuine Sticker on the side of the machine. Yet the machine is still Genuine.  Even querying this information cannot be done without elevation for a standard user and will bring up the UAC for administrative users.
How to Generate Services Revenue the Easiest Way

This Tuesday! Learn key insights about modern cyber protection services & gain practical strategies to skyrocket business:

- What it takes to build a cloud service portfolio
- How to determine which services will help your unique business grow
- Various use-cases and examples

Author

Commented:
I'm not concerned with the issue of whether software is pirated.  I'm looking for indicators that a system is at risk for malware.

If an end user is connecting with a non-genuine or not yet activated product, it most likely isn't getting patched.

Author

Commented:
Not exactly what I had hoped for, but good insight.
Top Expert 2016

Commented:
Your logic is flawed.

Equating non-genuine/not activated to malware risk is a null argument. A Genuine Activated system is not necessarily a fully patched system.  Just a casual perusal of the number of people with genuine software on this site that have been victims of malware should show you the fallacy of your argument.

The best defense is minimum permissions and educated users.

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial