Genuine and activated Windows 7 may sometimes been detected as “pirated”, illegal, rogue or not genuine, despite the operating system has been fully paid for, or has been able to used and fully activated all the while. The symptom is that immediately after log on, the following Windows Activation window will be displayed:

Windows is not genuine
Your computer might not be running a counterfeit copy of Windows.
0x80070005


In addition, the computer desktop background is turned to black, and the following error message is shown on the bottom right corner of the screen:

This copy of Windows is not genuine

When user view the system information in System Properties (accessible via Control Panel -> System and Security -> System), the following error message will be visible too:

You must activate today. Activate Windows now

Using slmgr.vbs /dlv or slmgr.vbs /dli in an elevated command prompt with administrator privileges to view the licensing status will return the following message instead:

Error: 0x80070005 Access denied: the requested action requires elevated privileges

Normally, the suddenly or random deactivation of an activated Windows 7 on genuine platform can be resolved by simply restarting the computer, so that Windows 7 can re-access the activation status to return the computer to activated status. However, in some cases, where modification has been done to HKU\S-1-5-20 registry key causing the Network Service account to lose and missing full control and read permissions over the registry key, the losing of activated status may happen on Windows 7 too.

Microsoft explains in KB2008385 that the possible cause for the Windows 7 turned pirated error is likely the result of applying a Plug and Play Group Policy object (GPO):

Computer Configuration -> Policies -> Windows Settings -> Security Settings -> System Services -> Plug and Play (Startup Mode: Automatic)

The Windows 7 Licensing service uses Plug and Play to obtain hardware ID information and binds the license to the computer, thus change to the setting can result in an activated system appearing to be out of tolerance. The default permissions of the Plug and Play policy do not grant the Licensing service, which runs under the Network Service account, the appropriate rights to access the Plug and Play service. To fix and resolve the Windows 7 activation lost issue, and make the Windows 7 activated and genuine again, just follow one of the two workarounds below:

Method A: Disable the Plug and Play Policy

  1. Determine the source of the policy. To do this, follow these steps:
    1. On the client computer experiencing the activation error, run the Resultant Set of Policy wizard by clicking Start -> Run (or press Win+R keys), and entering rsop.msc as the command.
    2. Visit the following location:

      Computer Configuration -> Policies -> Windows Settings -> Security Settings -> System Services

      If the Plug and Play service is configured through a Group Policy setting, you see it here with settings other than Not Defined. Additionally, you can see which Group Policy is applying this setting.

  2. Disable the Group Policy settings and force the Group Policy to be reapplied.
    1. Edit the Group Policy that is identified in Step 1 and change the setting to “Not Defined.” Or, follow the section below to add the required permissions for the Network Service account.
    2. Force the Group Policy setting to reapply: gpupdate /force (a restart of the client is sometimes required).

Method B: Edit the permissions of the Group Policy

  1. Open the Group Policy that is identified in Method A, Step 1 above, and open the corresponding Group Policy setting.
  2. Click the Edit Security button, and then click the Advanced button.
  3. In the Advanced Security Settings for Plug and Play window click Add and then add the SERVICE account. Then, click OK.
  4. Select the following permissions in the Allow section and then click OK:

    Query template
    Query status
    Enumerate dependents
    Interrogate
    User-defined control
    Read permissions

  5. Run gpupdate /force after applying the permissions to the Group Policy setting.
  6. Verify that the appropriate permissions are applied with the following command:

    sc sdshow plugplay
    The following are the rights applied to the Plug and Play service in SDDL:

    D:(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;SY)
    (A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)
    (A;;CCLCSWLOCRRC;;;IU)
    (A;;CCLCSWLOCRRC;;;SU)
    S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)

    Note: (A;;CC LC SW LO CR RC ;;;SU is an Access Control Entry (ACE) that allows the following rights to “SU” (SDDL_SERVICE – Service logon user):

    A: Access Allowed
    CC: Create Child
    LC: List Children
    SW: Self Write
    LO: List Object
    CR: Control Access
    RC: Read Control
    SU: Service Logon User

If there are no GPO’s in place, then another activity may have changed the default registry permissions. To work around this issue, perform the following steps:

  1. On the computer that is out of tolerance, start Registry Editor.
  2. Right-click the registry key HKEY_USERS\S-1-5-20, and select Permissions… button.
  3. If the NETWORK SERVICE is not present, click Add… button.
  4. In Enter the object names to select type Network Service and then click Check Names and OK.
  5. Select the NETWORK SERVICE and Grant Full Control and Read permissions.
  6. Restart the computer.
  7. After the restart, the system may require activation. Complete the activation.

Related Posts