Technology in terms you understand. Sign up for the Confident Computing newsletter for weekly solutions to make your life easier. Click here and get The Ask Leo! Guide to Staying Safe on the Internet — FREE Edition as my thank you for subscribing!

What's this "Validation Scan" all about?

Question: My computer is running Win XP Pro SP2. I purchased it last year via eBay, no install CD, etc. It’s been working fine. Up until just a few days ago, I had it configured to do almost everything automatically, including Windows Updates (Control Panel -> Security Center.) On a lark, I began playing with “Help and Support” -> Updates. Make a long story short, when I tried to check for updates, I had to run a validation scan and I got a message saying I did not have a valid copy of Windows – that it had been installed with a Volume License Key reported stolen or leaked. I was given an opportunity to download something from Microsoft called “legitcheck” which supposedly will make my copy of XP Pro “genuine” and qualify me for “full” Microsoft support. I guess I’m missing something here.

The whole validation and activation thing (WPA, or Windows Product Activation) is pretty confusing. Most folks were very concerned with it when QPA was first introduced, but we rarely hear much about it these days. In general it kinda, sorta works. We’re just not always sure why or how.

The original question was actually several, which I’ll address in moment. But first, what’s it mean when it reports your install as invalid?

Become a Patron of Ask Leo! and go ad-free!

Naturally, Microsoft doesn’t publish the details of exactly what that means. But at a high level, Microsoft simply keeps track of the Product Keys (those strings of numbers and letters that you have to type in when installing a product), and Product IDs (which are generated from the Product Keys) that it has determined have been stolen or are otherwise invalid. That might mean, for example a product key that’s been used too many times. In fact, this Microsoft Knowledgebase article, “You receive a “The product key used to install Windows is invalid” error message“, lists specific product keys that Microsoft has determined to be invalid. (I’m sure that this list is incomplete, and that other product keys may also be invalid.)

When you install Windows and activate it, Microsoft has the opportunity to record the product key you’ve used. If your single-use product key is suddenly being used to install hundreds of copies of Windows … well, that’s pretty much the definition of piracy.

The same applies for “Volume License Keys”, which are keys that may be used on a pre-defined number of computers. These might be machine resellers who pre-install Windows on all their machines for you, or corporations that use a mass installation approach to building out their machines.

In any case, there are probably additional ways to determine when a key has been abused.

Would it make any difference if the VLK (Volume License Key) was reported stolen or leaked after this computer had the OS installed? In other words, if Dell (for example) buys a VLK from Microsoft, installs XP Pro on “X” number of computers, and then reports the VLK as stolen or leaked, do those “X” computers suddenly become invalid? If a VLK is reported stolen or leaked, doesn’t Microsoft have a way to invalidate the VLK and/or PID so installations can no longer be done using that particular key?

It’s unclear. Certainly they could become “invalid”, but if there’s no way to differentiate the legitimate installs from the invalid ones, I don’t think Microsoft can assume one or the other for all. If, for example, they denied updates to legitimate pre-theft users, that would be both wrong and a PR nightmare for Microsoft.

If I don’t have a legitimate copy of XP Pro installed, why would Microsoft just go ahead and validate it? When did MS become benevolent?

See the previous answer. My guess is that since they can’t positively tell whether or not you, specifically, were the thief, they’re opting simply to educate at this point. I would also guess that it depends on what they know about the specific product key that was used. If they can say for example that it was a one-use key that’d been circulated on the internet, then perhaps they might not be so benevolent. But if they traced it back to a reseller who duped a number of innocent purchasers, the public relations cost of making you pay for that reseller’s theft might simply be too high to be anal about it.

Since I’m getting all the security updates/patches, how critical is it (from an operating standpoint) that the XP be validated? What would validation provide?

Originally it was not important at all. But my understanding is that Microsoft does or will soon require validation in order to receive updates. The bottom line is that if your copy is illegal, you aren’t entitled to updates. At that point, in my opinion, getting legal and registering/validating becomes critical.

Call me paranoid, but if I use the “legitcheck” can MS somehow disable my computer remotely and hold me and my computer hostage until huge sums of money are paid? :-)

OK, you’re paranoid. :-) Of course it could, but I simply can’t see Microsoft doing anything that outrageous. Once again, the public relations fallout would be nightmarish, not to mention potential legal ramifications. (A mission critical computer suddenly stops working because the software’s pirated? Yikes!) And, even worse, what if that detection code had a bug? There are just too many ways where this could cause serious problems. Regardless of how evil or not you think they are, Microsoft simply isn’t that stupid.

Is there a specific Microsoft web site available where I can get additional info about this “legitcheck”? I tried and checked several areas without success.

“The Product Key is computed from the Validation Key.”

Actually heading off to the main Microsoft web site, lead me to some resources. The most interesting, I think, is Windows Validation Assistant Questions. Another good resource is About the Counterfeit Gallery. Among other things, it points out that “The Business Software Alliance (BSA) estimates that ‘a high percentage’ of software sold on auction sites is counterfeit.”

Depending on my access route, I have 3 different PIDs listed for the XP Pro. System Properties shows one PID (start -> right click My Computer); Help and Support -> Pick a task (tools) shows another; and the registry (HKLM/Software/MS/WindowsNT/current version) shows yet another. Would this anomaly have any bearing on MS saying I don’t have a valid copy of XP Pro?

Perhaps. Given that we don’t know exactly how your computer was set up, it’s hard to say why there might be different PIDs. On the machine I checked, PIDs in the locations you reference all match.

I visited Magical Jelly Bean, used their Key Finder program and it gave me a 25 digit alpha/numeric code. How does this “key” relate to the PID? If this computer has 3 different PIDs attached to it, shouldn’t Magical Jelly Bean have found 3 different keys?

Magical Jelly Bean’s Key Finder, which I have an use as well, reports the Validation Key. The product CD’s are all identical, but the validation key that’s printed on each the outside is different for each box. It’s intended that each installation have a different, unique, validation key.

As I discussed above, manufacturers and corporations can purchase keys that allow for volume installations using the same validation key on more than one installation.

The Product Key is computed from the Validation Key.

As we already discussed, it’s unclear why you have three PIDs. I would assume that Key Finder simply uses one of them to recover the Validation Key.

Please understand that I’m not trying to screw Microsoft out of anything. I purchased this computer in good faith. Moral of the story: If it sounds too good to be true it probably is. Buyer beware.

I didn’t suspect you for a moment :-).

But as your adage is correct – the email spam we all get offering cheap software, the software that comes “free”, preinstalled on a machine, or at a discount at the auction sites – it’s all suspect.

And that’s actually too bad, because it does make it difficult for legitimate retailers to sell their wares via the auction sites as well.

Do this

Subscribe to Confident Computing! Less frustration and more confidence, solutions, answers, and tips in your inbox every week.

I'll see you there!

4 comments on “What's this "Validation Scan" all about?”

  1. How do I remove the “LegitCheck” and “GenuineCheck” from my desktop apart from just deleteing the icons? They don’t show up in the list in “add or remove programs” or “Windows Components” list.



  2. How do I remove the “LegitCheck” and “GenuineCheck” from my desktop apart from just deleteing the icons? They don’t show up in the list in “add or remove programs” or “Windows Components” list.


  3. I have recently updated to Windows XP Pro.
    I validated the CD and was told it appears to be a genuine product.
    I cannot download SP2 as the message comes up may not be genuine product.
    I am a complete novice with computers and would like to know if I can Download SP2 in simple terms.


Leave a reply:

Before commenting please:

  • Read the article.
  • Comment on the article.
  • No personal information.
  • No spam.

Comments violating those rules will be removed. Comments that don't add value will be removed, including off-topic or content-free comments, or comments that look even a little bit like spam. All comments containing links and certain keywords will be moderated before publication.

I want comments to be valuable for everyone, including those who come later and take the time to read.