via eBay, no install CD, etc. It’s been working fine. Up until just a few days
ago, I had it configured to do almost everything automatically, including
Windows Updates (Control Panel -> Security Center.) On a lark, I began
playing with “Help and Support” -> Updates. Make a long story short, when I
tried to check for updates, I had to run a validation scan and I got a message
saying I did not have a valid copy of Windows – that it had been installed with
a Volume License Key reported stolen or leaked. I was given an opportunity to
download something from Microsoft called “legitcheck” which supposedly will
make my copy of XP Pro “genuine” and qualify me for “full” Microsoft support. I
guess I’m missing something here.
The whole validation and activation thing (WPA, or Windows Product
Activation) is pretty confusing. Most folks were very concerned with it when
QPA was first introduced, but we rarely hear much about it these days. In
general it kinda, sorta works. We’re just not always sure why or how.
The original question was actually several, which I’ll address in moment.
But first, what’s it mean when it reports your install as invalid?
Become a Patron of Ask Leo! and go ad-free!
Naturally, Microsoft doesn’t publish the details of exactly what
that means. But at a high level, Microsoft simply keeps track of the Product
Keys (those strings of numbers and letters that you have to type in when
installing a product), and Product IDs (which are generated from the
Product Keys) that it has determined have been stolen or are otherwise invalid.
That might mean, for example a product key that’s been used too many times. In
fact, this Microsoft Knowledgebase article, “You receive a “The product key used to install Windows is invalid”
error message“, lists specific product keys that Microsoft has determined
to be invalid. (I’m sure that this list is incomplete, and that other product
keys may also be invalid.)
When you install Windows and activate it, Microsoft has the opportunity to
record the product key you’ve used. If your single-use product key is suddenly
being used to install hundreds of copies of Windows … well, that’s pretty
much the definition of piracy.
The same applies for “Volume License Keys”, which are keys that may be used
on a pre-defined number of computers. These might be machine resellers who
pre-install Windows on all their machines for you, or corporations that use a
mass installation approach to building out their machines.
In any case, there are probably additional ways to determine when a key has
Would it make any difference if the VLK (Volume License Key)
was reported stolen or leaked after this computer had the OS installed? In
other words, if Dell (for example) buys a VLK from Microsoft, installs XP Pro
on “X” number of computers, and then reports the VLK as stolen or leaked, do
those “X” computers suddenly become invalid? If a VLK is reported stolen or
leaked, doesn’t Microsoft have a way to invalidate the VLK and/or PID so
installations can no longer be done using that particular
It’s unclear. Certainly they could become “invalid”, but if there’s
no way to differentiate the legitimate installs from the invalid ones, I don’t
think Microsoft can assume one or the other for all. If, for example,
they denied updates to legitimate pre-theft users, that would be both wrong and
a PR nightmare for Microsoft.
If I don’t have a legitimate copy of XP Pro installed, why
would Microsoft just go ahead and validate it? When did MS become
See the previous answer. My guess is that since they can’t positively tell
whether or not you, specifically, were the thief, they’re opting simply to
educate at this point. I would also guess that it depends on what they know
about the specific product key that was used. If they can say for example that
it was a one-use key that’d been circulated on the internet, then perhaps they
might not be so benevolent. But if they traced it back to a reseller who duped
a number of innocent purchasers, the public relations cost of making you pay
for that reseller’s theft might simply be too high to be anal about it.
Since I’m getting all the security updates/patches, how
critical is it (from an operating standpoint) that the XP be validated? What
would validation provide?
Originally it was not important at all. But my understanding is that
Microsoft does or will soon require validation in order to receive updates. The
bottom line is that if your copy is illegal, you aren’t entitled to updates. At
that point, in my opinion, getting legal and registering/validating becomes
Call me paranoid, but if I use the “legitcheck” can MS somehow
disable my computer remotely and hold me and my computer hostage until huge
sums of money are paid? 🙂
OK, you’re paranoid. 🙂 Of course it could, but I simply can’t see
Microsoft doing anything that outrageous. Once again, the public relations
fallout would be nightmarish, not to mention potential legal ramifications. (A
mission critical computer suddenly stops working because the software’s
pirated? Yikes!) And, even worse, what if that detection code had a bug? There
are just too many ways where this could cause serious problems. Regardless of
how evil or not you think they are, Microsoft simply isn’t that stupid.
Is there a specific Microsoft web site available where I can
get additional info about this “legitcheck”? I tried support.microsoft.com and
checked several areas without success.
Actually heading off to the main Microsoft web site, microsoft.com lead me
to some resources. The most interesting, I think, is Windows Validation Assistant Questions. Another good
resource is About the Counterfeit
Gallery. Among other things, it points out that “The Business Software
Alliance (BSA) estimates that ‘a high percentage’ of software sold on auction
sites is counterfeit.”
Depending on my access route, I have 3 different PIDs listed
for the XP Pro. System Properties shows one PID (start -> right click My
Computer); Help and Support -> Pick a task (tools) shows another; and the
registry (HKLM/Software/MS/WindowsNT/current version) shows yet another. Would
this anomaly have any bearing on MS saying I don’t have a valid copy of XP
Perhaps. Given that we don’t know exactly how your computer was set up, it’s
hard to say why there might be different PIDs. On the machine I checked, PIDs
in the locations you reference all match.
I visited Magical Jelly
Bean, used their Key Finder program and it gave me a 25 digit alpha/numeric
code. How does this “key” relate to the PID? If this computer has 3 different
PIDs attached to it, shouldn’t Magical Jelly Bean have found 3 different
Magical Jelly Bean’s Key Finder, which I have an use as well, reports the
Validation Key. The product CD’s are all identical, but the validation key
that’s printed on each the outside is different for each box. It’s intended
that each installation have a different, unique, validation key.
As I discussed above, manufacturers and corporations can purchase keys that
allow for volume installations using the same validation key on more than one
The Product Key is computed from the Validation Key.
As we already discussed, it’s unclear why you have three PIDs. I would
assume that Key Finder simply uses one of them to recover the Validation
Please understand that I’m not trying to screw Microsoft out of
anything. I purchased this computer in good faith. Moral of the story: If it
sounds too good to be true it probably is. Buyer beware.
I didn’t suspect you for a moment :-).
But as your adage is correct – the email spam we all get offering cheap
software, the software that comes “free”, preinstalled on a machine, or at a
discount at the auction sites – it’s all suspect.
And that’s actually too bad, because it does make it difficult for
legitimate retailers to sell their wares via the auction sites as well.