Win7正版變盜版，怎么辦？再把盜版變正版

Win7之家（ airtaxifl.com）：Win7正版變盜版，怎么辦？再把盜版變正版

軟媒編輯評(píng)論：

這篇文章看完第一篇，糊里糊涂的，看完第二遍還是，第三遍后，決定不看了。但還是發(fā)了出來(lái)，也許對(duì)有些朋友有幫助。

Win7正版變盜版，怎么辦？再把盜版變正版

據(jù)國(guó)外媒體報(bào)道，日前，微軟表示，盜版的Windows 7 RTM能夠被轉(zhuǎn)變?yōu)檎�版的合法軟件，但是前提是這個(gè)平臺(tái)原本就是正版的。

據(jù)了解，微軟一共向用戶提供了兩項(xiàng)措施去使得盜版Windows7還原為正版軟件。微軟表示，前段時(shí)間，有一部分Windows 7用戶反應(yīng)，在他們登錄Windows 7之后，收到了包含以下消息的Windows激活窗口：“Windows不是正版的，您的計(jì)算機(jī)可能無(wú)法運(yùn)行盜版的Windows。0x80070005。”

在Windows7 RTM發(fā)布之前，筆者曾經(jīng)通過(guò)MSDN賬號(hào)下載了Windows 7旗艦版的RC版本進(jìn)行試用，并從微軟那里獲得了一個(gè)正版的產(chǎn)品密匙。后來(lái)，我的Windows系統(tǒng)便出現(xiàn)了微軟所述的狀況：電腦桌面背景變?yōu)榧兒谏�，右下角的屏幕上出現(xiàn)以下錯(cuò)誤信息：“這個(gè)Windows不是正版的”。

當(dāng)筆者查看系統(tǒng)屬性（控制面板/系統(tǒng)和安全/系統(tǒng)）的時(shí)候會(huì)收到如下信息：您必須對(duì)Winodws進(jìn)行激活，立即激活Windows。而當(dāng)筆者使用slmgr.vbs /dlv 去查看許可狀態(tài)的時(shí)候，筆者收到如下信息：“錯(cuò)誤：0x80070005 訪問(wèn)被拒絕：所請(qǐng)求的操作需提升特權(quán)。”

實(shí)際上，微軟深知Windows7由正版變?yōu)楸I版這個(gè)問(wèn)題，并將其記錄在微軟支持中。然而，就筆者的角度來(lái)講，Windows7是自動(dòng)地由正版變?yōu)楸I版的。在安裝Windows 7 RC之后，筆者沒(méi)有安裝任何新的應(yīng)用程序、沒(méi)有攪亂注冊(cè)表、沒(méi)有玩組策略，但是在啟動(dòng)之后就會(huì)發(fā)現(xiàn)運(yùn)行的是一個(gè)非正版Windows 7副本。

對(duì)此，微軟解釋道，之所以會(huì)發(fā)生這個(gè)問(wèn)題，就是因?yàn)樽��?cè)密匙 HKU\S-1-5-20中缺少權(quán)限。微軟表示，網(wǎng)絡(luò)服務(wù)賬號(hào)必須對(duì)注冊(cè)密匙具備完全的控制權(quán)和閱讀密匙的權(quán)限。這種情況可能是套用即插即用組策略對(duì)象（GPO）的結(jié)果。

計(jì)算機(jī)配置/策略/Windows設(shè)置/安全設(shè)置/系統(tǒng)服務(wù)/即插即用（啟動(dòng)模式：自動(dòng)）。顯然地，授權(quán)服務(wù)是利用“即插即用”去攫取硬件的ID信息，以此將許可證綁定到計(jì)算機(jī)中。微軟表示，這種設(shè)置可能會(huì)使得原本正版的激活的Windows 7變成盜版的。

目前，微軟并沒(méi)有發(fā)布更新去解決這個(gè)問(wèn)題，甚至沒(méi)有提供修復(fù)程序。不過(guò)，受到這個(gè)問(wèn)題影響的消費(fèi)者能夠通過(guò)以下措施中的其中一個(gè)去解決這個(gè)問(wèn)題，詳細(xì)步驟如下：

方法A：禁用即插即用策略

1、確定策略的源頭：

　　a：在客戶端遇到激活錯(cuò)誤，通過(guò)單擊開(kāi)始、運(yùn)行、輸入 rsop.msc 命令去運(yùn)行策略向?qū)В?/p>

　　b：訪問(wèn)以下位置：計(jì)算機(jī)配置/策略/Windows設(shè)置/安全設(shè)置/系統(tǒng)服務(wù)；

　　如果即插即用服務(wù)是通過(guò)組策略設(shè)置進(jìn)行配置的，您將會(huì)看到使用這個(gè)設(shè)置的組策略。

2、禁用組策略設(shè)置，重新應(yīng)用組策略：

　　a、編輯步驟1中的組策略，將設(shè)置更改為“Not Defined”（沒(méi)有定義），添加網(wǎng)絡(luò)服務(wù)賬戶所需的權(quán)限；

　　b、重新命令行應(yīng)用組策略：gpupdate /force；

方法B：修改組策略的權(quán)限；

　　1、打開(kāi)A方法步驟1中的組策略，打開(kāi)相應(yīng)的組策略設(shè)置；

　　2、點(diǎn)擊編輯安全按鈕，然后點(diǎn)擊高級(jí)按鈕；

 　　3、在高級(jí)安全設(shè)置的即插即用窗口中，點(diǎn)擊添加，然后添加服務(wù)賬號(hào)，最后單擊確定即可；

　　4、在允許區(qū)域中選擇以下的權(quán)限，然后單擊確定：

　　查詢模板、查詢狀態(tài)、枚舉從屬單元、用戶定義控制、讀取權(quán)限

　　注：原本的權(quán)限是所需的最低權(quán)限

　　5、在組策略設(shè)置中應(yīng)用以前的權(quán)限后，命令行運(yùn)行g(shù)pupdate /force；

　　6、確認(rèn)使用以下命令應(yīng)用適當(dāng)?shù)臋?quán)限：sc sdshow plugplay；

　　以下是SDDL即插即用服務(wù)中的權(quán)限：

　　D:(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;SY)
　　(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)
　　(A;;CCLCSWLOCRRC;;;IU)
　　(A;;CCLCSWLOCRRC;;;SU)
　　S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)
　　(A;;CC LC SW LO CR RC ;;;SU is an Access Control Entry (ACE) that allows the following rights to "SU" (SDDL_SERVICE – Service logon user)

　　A: Access Allowed（允許訪問(wèn)）
　　CC: Create Child （創(chuàng)建子）
　　LC: List Children （列舉子）
　　SW: Self Write
　　LO: List Object（列舉對(duì)象）
　　CR: Control Access （控制訪問(wèn)）
　　RC: Read Control （閱讀控制）
　　SU: Service Logon User（服務(wù)登錄用戶）

　　完成上述操作后，啟動(dòng)注冊(cè)表編輯器，右擊注冊(cè)表項(xiàng) HKEY_USERS\S-1-5-20，然后選擇權(quán)限。如果網(wǎng)絡(luò)服務(wù)不存在，單擊添加，輸入對(duì)象名稱去選擇鍵入網(wǎng)絡(luò)服務(wù)，然后點(diǎn)擊查看名稱和確定。選擇網(wǎng)絡(luò)服務(wù)、授予完全控制和讀取權(quán)限，重啟電腦。重啟之后，系統(tǒng)可能會(huì)需要激活，然后完成激活之后，原本盜版的Windows7就被還原成正版了。

 軟媒特別提供英文原文如下：

Make “Pirated” Windows 7 RTM Genuine
Provided that Windows was genuine in the first place

Pirated copies of Windows 7 RTM can be turned fully genuine, according to Microsoft, but only if the platform was genuine to begin with. The Redmond company has documented two workarounds designed to allow customers to save their copy of Windows, provided that Windows 7 managed to go rogue. According to the software giant, users of the latest iteration of the Windows client have reported that immediately after log on, they were presented with a Windows Activation window featuring the following message: “Windows is not genuine. Your computer might not be running a counterfeit copy of Windows. 0x80070005.”

On a small side note, this has actually happened to me on a Release Candidate build of Windows 7 Ultimate downloaded from my MSDN account and activated with one of the product keys from Microsoft. In this regard, I can confirm the symptoms enumerated by Microsoft, including “the computer desktop background is black, and you receive the following error message on the bottom right corner of the screen: “This copy of Windows is not genuine.” You receive the following error message when you view the System Properties: (Control Panel / System and Security / System): “You must activate today. Activate Windows now.” If you try to use slmgr.vbs /dlv to view the licensing status, you receive the following message: Error: 0x80070005 Access denied: the requested action requires elevated privileges.”

The Redmond company is well aware of the problem and even documented it on Microsoft Support. However, in my case, Windows 7 went pirate all on its own. I hadn’t installed any new applications, hadn’t messed around with the registry, and didn’t play with Group Policy, since this was my home machine. I simply shut the computer down only to find it running a non-Genuine copy of Windows 7. However, all I had to do was restart my Windows 7 machine, and all was well.

Microsoft explained that the issue documented is cause by a lack of permissions in the registry key HKU\S-1-5-20. “The Network Service account must have full control and read permissions over that registry key. This situation may be the result of applying a Plug and Play Group Policy object (GPO). Computer Configuration / Policies / Windows Settings /Security Settings / System Services / Plug and Play (Startup Mode: Automatic),” the company stated.

Apparently, the Licensing service leverages Plug and Play in order to grab hardware ID information. In doing so, it ties the license to the computer. According to Microsoft, such a setting is capable of generating an exception which can throw a genuine, and previously activated copy of Windows 7 out of tolerance.

Microsoft doesn’t have an update designed to resolve the issue, and is not even offering a hotfix. Still, customers affected by this issue can turn to one of two workarounds detailed by the Redmond company, which have been included below:

"Method A: Disable the Plug and Play Policy

1. Determine the source of the policy . To do this, follow these steps:

a. On the client experiencing the Activation error, run the Resultant Set of Policy wizard by clicking Start, Run and entering rsop.msc as the command.
b. Visit the following location: Computer Configuration / Policies / Windows Settings /Security Settings / System Services /

If the Plug and Play service is configured through a Group Policy setting, you see it here with settings other than Not Defined. Additionally, you can see which Group Policy is applying this setting.
2. Disable the Group Policy settings and force the Group Policy to be reapplied.

a. Edit the Group Policy that is identified in Step 1 and change the setting to “Not Defined.” Or, follow the section below to add the required permissions for the Network Service account.
b. Force the Group Policy setting to reapply: gpupdate /force (a restart of the client is sometimes required)

Method B: Edit the permissions of the Group Policy:

1. Open the Group Policy that is identified in Method A, Step 1 above, and open the corresponding Group Policy setting.
2. Click the Edit Security button, and then click the Advanced button.
3. In the Advanced Security Settings for Plug and Play window click Add and then add the SERVICE account. Then, click OK
4. Select the following permissions in the Allow section and then click OK:

Query template
Query status
Enumerate dependents
Interrogate
User-defined control
Read permissions

Note: The Previous rights are the minimum required permissions.

5. Run gpupdate /force after you apply the previous permissions to the Group Policy setting.

6. Verify that the appropriate permissions are applied with the following command:

sc sdshow plugplay

The following are the rights applied to the Plug and Play service in SDDL:

D:(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;SY)
(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)
(A;;CCLCSWLOCRRC;;;IU)
(A;;CCLCSWLOCRRC;;;SU)
S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)

(A;;CC LC SW LO CR RC ;;;SU is an Access Control Entry (ACE) that allows the following rights to "SU" (SDDL_SERVICE – Service logon user)

A: Access Allowed
CC: Create Child
LC: List Children
SW: Self Write
LO: List Object
CR: Control Access
RC: Read Control
SU: Service Logon User

Note: If there are no GPO's in place, then another activity may have changed the default registry permissions. To work around this issue, perform the following steps:

On the computer that is out of tolerance, start Registry Editor.
Right-click the registry key HKEY_USERS\S-1-5-20, and select Permissions...
If the NETWORK SERVICE is not present, click Add...
In Enter the object names to select type Network Service and then click Check Names and OK.
Select the NETWORK SERVICE and Grant Full Control and Read permissions.
Restart the computer.
After the restart, the system may require activation. Complete the activation."