Author: Martin "xarragon" Persson
Email: xarragon<magic-symbol><gmail-domainname>
This page provides an overview of the technical differences between the different Microsoft Windows XP versions that exists, and explains the details of product activation, pre-activated OEM installs, BIOS-locking and how to remaster a custom Windows XP install CD.
These are the luxury editions of Windows XP that you can buy in a computer store. They are licensed to you as a person and you can freely move it to any computer you want, as long as you only have one installation at any time. This is why retail versions are more expensive. They require activation upon installation and may want to reactivate if you change enough hardware.
These licensed are commonly issued to corporations or organizations and have specialized keys (commonly referred to as VLKs) and install media. They do not require activation and have no hardware checks and the install media can be freely duplicated by the computer staff at the corporate entity. These versions have had widespread illegal use since they lack activation out of the box. Product key generators exists that creates valid volume license keys for installation, but these will not pass a WGA validation.
These are the most common versions of Windows. They are sold with new computer systems or hardware and may only be used with that system or hardware. This is also what you will get on your magic "recovery"-cd shipped with your Dell, HP as well as any computer bought from your local computer shop.
Large OEMs (such as Dell and HP, commonly referred to as "royalty OEMs") typically use what is known as a "SLP" (System Locked Pre-installation). In this case the install disc contains a set of special files that matches the hardware (the BIOS, to be more specific) of the OEM system. These systems doesn't require activation unless the BIOS strings doesn't match the files on the CD. This is used so that OEM customers won't have to put up with the activation procedure on the first boot-up of their new brand-name system.
SLP installs typically uses standard keys instead of the actual key found on the side of the computer. This is done in order to automate the install procedure. These keys are actually made public by Microsoft and can be found here. If you have a factory-installed OEM system you can use any key extraction tool and compare the actual key to the one on the side of your computer. They probably won't match.
These are the versions you can buy from a vendor when you purchase hardware. Originally it could only be purchased with "system components" such as motherboards, but a EULA change in 2005 allowed these versions to be sold with almost any hardware, including floppy cables and mice. These will have to be activated just like a retail version.
Small computer businesses typically uses Microsoft's OPK (OEM Preinstallation Kit) in order to tailor installations for their customers. They purchase OEM licenses in bulks from a local Microsoft lackey and uses these to master system-specific images that includes the final product key in a text file on the disc. The end user only has to click on the license agreement one the first boot-up if the OEM system manufacturer has activated the Windows installation before delivery. This is done the same way the end user does it.
On the 28th February 2005 Microsoft changed the policy for product keys from the worlds Top-20 OEM manufacturers.
With the release of Service Pack 1 for Windows XP Microsoft banned two commonly used VLK keys by hard-coding them into the installer. Any key that matches the pattern below will cause the installation to halt with a "Service pack 1 Setup Error".
More information can be found at this Microsoft page. These changes of course only affects customers that uses volume licensing. Further changes include the ability to encrypt and time-limit keys stored on VLK install media for unattended installations as well as restricting access to Windows Update for invalid licenses.
A fairly common practice along brand name computers are properietary "recovery" systems that automatically reinstalls the operating system along with the needed drivers and a load of proprietary software, more often than not of questionable quality.
These systems typically come on dics or are located on a special recovery partition on the hard drive, usually a FAT system residing at the beginning of the drive. Most PC systems don't tend to have any special protection of this partition, so it can usually be deleted by the user. It usually won't show up in Windows unless the user manually assigns a drive letter to it. IBM laptop computers known under the name "ThinkPad" usually has a special hardware protection feature built into the BIOS which prevents any writing to this partition, making them very resilient towards any virus attacks.
Using recovery discs are usually a pretty good idea for a home user system in need of repair, as they typically gets everything set up and are completely unattended. As these systems always come with OEM versions of Windows it would be illegal to try to "move" the Windows software to another computer in any event.
The greatest shortcoming of these systems are often that they are fragile. I've encountered Compaq systems that won't recover if you have installed an extra CD drive or harddrive, and HP systems (even modern ones) that won't boot into the recovery partition more than once. Even if you get them running, it usually a real pain to try to clean out the "wonderful extra software" that came with it. On my own IBM ThinkPad X41 half of this software wouldn't uninstall properly.
Recovery discs typically comes in two shapes: A "value-added" OEM Windows disc or some sort of ghosting software and a basic OS to run it. The latter has the advantage that it usually can restore a system in minutes (esp. if it resides on the harddrive), but it is somewhat more fragile. The OEM Windows disc might either be a royalty OEM with an BIOS lock (SLP) or just a regular OEM disc with some extra drivers an fluff on it.
This has happened to me a couple of times. Your average user has lost his CD or completely screwed the recovery partition. I use my own matching Windows XP disc which is an OEM version. Since the BIOS signature on the disc doesn't match the BIOS on the computer, Windows refuses to let you activate over the Internet. You will have to call up Microsoft and do the phone dance with them. Using the product key on the case side this usually works.
I have called Microsoft about this and they stated that it would be perfectly legal as long as you had a valid license. It's a real pain however, as the voice drones on forever before coming to the actual activation.
You can remaster another OEM SLP disc to match the target system using OEMBIOS-files from oembios.net. This will yield a disc that can be activated over the Internet instead of the phone.
In this section we will explore the contents of different types of Windows XP installation discs.
This section is currently under construction.
Remastering a Windows disc is pretty easy and very useful if you want to make subsequent reinstallations on a specific machine easier. With a proper remastering for a specific machine, you can create a disc that will perform a full install of Windows, with all the current hotfixes and drivers for that machine, which also automatically enters the correct CD-key and doesn't even need to be activated.
This is very useful when your average Joe Sixpack manages to loose his precious recovery CD's for his Eazy@Home system bought at the local grocery store. The alternative is to order new CD's from the manufacturer, but this might not always be feasible because of time or cost constraints. However, if you do this for someone, make sure you get paid. Don't get used as cheap labor!
When reinstalling a Windows system you should always make sure that you are not directly connected to the Internet. This is especially important if your Windows disc doesn't include Service Pack 2. If you don't have a separate firewall between your computer or is not using SP2, your computer might be compromised even before the install completes. This was a very common occurance during the times of the Blaster worm.
It's generally always best to stay disconnected until the system is fully installed. It is also highly recommended to use a separate hardware firewall/router such as an OpenBSD system or a cheap broadband router from ZyXel or Netgear. Avoid D-Link 604's even if you get them for free.
If the circumstances forces you to reinstall with a pre-SP2 disc on a direct Internet connection I would highly recommend using a separate disc with the SP2 install files before connecting the system to the Internet. Such discs should be considered mandatory equipment for any "repair techs" out there.
Most home users are in dire need of some sort of software to prevent their system to become instantly infected with loads of crap. Many brand-name PCs comes complete with software from Symantec or any other vendor for this purpose. The subscriptions vary from 90-day trials to maybe 3 full years. Newer systems can usually handle the added load, but it DOES slow down the system, and it shields the user somewhat.
If the user is to cheap to buy any software for this purpose, there are good alternatives. Avast Antivirus is a good all-around security suite that is free for home use. Another more lightweight alternative is AVG Antivirus, which is also free for home use.
As for firewall needs, the Windows built-in one sould suffice for most uses. If a more powerful alternative is needed Sunbelt Kerio works well.
Windows Defender is Microsoft's answer to the ever-increasing spyware horror that Windows users has to deal with. From what I've heard it is supposed to find more spyware than the two classic competitors Ad-Aware and Spybot Search & Destroy. All of those are free for personal use.
The scenario here is that your system crapped out, you popped the trusty XP cd into the drive, booted and performed a repair install. What happens is that Windows replaces all of the Windows-specific files with the original ones from the CD. This means that security-wise your system will revert back to the original installation; no hotfixes or system updates will be installed. The problem is that Windows Update doesn't understand that you just performed this repair install, and will usually refuse to install any updates or give a generic error message.
This solution outlined belowed has worked for me on a number of systems. Roughly, what you do is to remove all the files that Windows Update has stashed on your computer, re-register a bunch of DLL files and then restart the computer and re-run Windows Update.
Small Windows errors are resolved by restarting.
Severe Windows errors are resolved by reinstalling.
Is's usually best to perform a full reinstall rather than attempting a repair install. Repair installs just buys you more time.
If you have been unsuccesful in resolving an issue for more than 20 minutes, it is better to simply reinstall.
Any error, on any system, on any OS, is always Microsoft's fault.
Windows Vista sucks.
Copyright 2007 Martin "xarragon" Persson