Funny. I had been asked a few times by customers and in online forums about
the activation, or more precisely the reactivation of Windows XP after moving
it from one PC to another, or after an upgrade of a major component/reinstall.
Then my neighbour pops round with a similar question.
I had a quick look into it and found a few facts out.

Retail Package

A retail package is one that you buy from PC World and comes in a fancy package
with documentation and loads of bumpf inside the packet.
It has no relationship to the PC on which you install it, until you install

OEM Package

An OEM package is a copy of Windows that was supplied with a PC, (or with
a piece of hardware, but most often, it is the complete PC). OEM stands for
Original Equipment Manufacturer.
The OEM licence is directly related to the PC or hardware with which is was
supplied. You cannot transfer the licence from one PC to another PC.
So if you purchase your new PC and then want to transfer your XP Professional
from your old PC to your new one, you can’t.
For one it will fail the online automated registration process, and will not
pass the manual registration when you phone up (unless you manage to convince
them, but that is difficult).

But, there are two methods of OEM OS verification processes. One uses a similar
format the the normal retail package and it works in pretty much the same way,
(it just does not contain all the extra junk in the box and usually the disc
comes in a sleeve with the product ID on a label on the outside.

The other method is called SLP ( or System Locked Pre-Installation). With
this method, SLP uses information stored in an OEM PC’s BIOS to protect the
installation from casual piracy.

No communication by the user to Microsoft is required and no hardware hash
is created or necessary. At boot, Windows XP compares the PC’s BIOS to the
SLP information. If it matches, no activation is required. Every single piece
of hardware could be changed on a PC with SLP and no reactivation would be
required — even the motherboard could be replaced as long as the replacement
motherboard was original equipment manufactured by the OEM and retained the
proper BIOS. In the unlikely scenario that the BIOS information does not
match, the PC would need to be activated within 30 days by contacting the
Microsoft activation centre via the Internet or telephone call — just as
in a retail scenario.

The Product Activation Process

Product Activation requires the submission of an installation ID to Microsoft.
Usually this is done ‘behind the scenes’ when you register your product over
the internet.
If you re-register the product a number of times (usually 3), after you have
reinstalled XP for example, the automatic registration process usually fails.
It is now that you get to see the installation ID for the first time.

The Installation ID is comprised of two different pieces of information
— the product ID and a hardware hash (a hash is a numeric value derived through
a mathematical formula and based upon some other, original value). The product
ID is unique to the installation of Windows and is created from the product
key used during installation. Each product key delivered with retail boxed
software is unique, and the product ID it creates is unique. Microsoft uses
the product ID for other purposes in addition to product activation such
as when requesting product support. The product ID can be found by viewing
the Properties of My Computer (an example of a product ID is 12345-123-1234567-12345).
The hardware hash is an eight byte value that is created by running 10 different
pieces of information from the PC’s hardware components through a one-way
mathematical transformation This means that the resultant hash value cannot
be backwards calculated to determine the original values. Further, only a
portion of the resulting hash value is used in the hardware hash in order
to ensure complete anonymity.

The above has certain implications, namely, that if you change a piece of
hardware that was used to generate the Installation ID.
Below is a list of the components that are used to create the Installation


Component Name


Display Adapter


SCSI Adapter


IDE Adapter


Network Adapter MAC Address


RAM Amount Range (i.e. 0-64mb, 64-128mb, etc)


Processor Type


Processor Serial Number


Hard Drive Device


Hard Drive Volume Serial Number




Hardware Hash version (version of algorithm used)

This means that if you were to change any of the hardware in the table above,
then you are likely to fail authentication next time the PC boots.
There are some gray areas as to when it will fail and some people state it
is happens at boot up, where others have said it is only when performing an
update that uses the Genuine Advantage Tool. (I’ll try and check that out and
post the answer later).

There is also some confusion as to how much of a change of a component will
result in a failure.
For example, I have changed memory in systems from 128meg to 2gig and I have
never seen a problem.
I have added new Network adaptors but then it may only take the MAC address
from the onboard Network Adaptor.

One problem I have encountered was in changing the drive on which XP was installed.
In that example, I had replaced a failing drive with a totally different brand
of a much bigger size. Because I had previously registered the copy of XP 3
times before due to re-imaging the old hard drive, I had to phone customer
support to manually activate the copy of windows. They questioned the change
but never rejected it. On other times, I just explained that I had performed
a reinstall and it failed verification and they issued a new number.

I have never had a copy of XP fail after boot up because I had changed an
internal component, only because I have registered it automatically multiple
One reason for this is that a single hardware change does not trigger a failure,
nor most likely will be multiple items. Microsoft apparently use the figures
in the Installation ID to create a weighting factor. So if you changed everything,
then it would trigger a failure. The exact point at which it will fail verification
is unsure.

Changes Afoot with Windows Vista

I have seen rumours that
in Windows Vista, they will only allow you one major hardware upgrade, but
I am yet to find anything at Microsoft about that.
The only ‘new news’ I have seen references Software
Protection Platform

Of re-activations and algorithms –

– from Ars

A Microsoft spokesperson told Ars Technica that “the hardware tolerance
of product activation for Windows Vista has been improved and is more flexible
than that for Windows XP,” indicating that re-activations caused by minor
changes to a PC should be less common.  “We believe these improvements
will better accommodate the needs of our PC enthusiast customers,” the spokesperson


As to the exact definition of ‘a significant hardware change’ I am yet to
find a decent reference. Regardless of that definition, as per XP, you can
take it that you should never transfer an OEM licence from one PC to another.
But with a full product licence, is changing from one PC to another considered
a significant hardware change. Unlike a major upgrade where you would change
multiple components, moving the licence to a completely different PC would
definitely be considered a major change. I read from all of the noise on various
sites that Vista will let you do this once.

I suppose the reasoning behind it would be that most people upgrade a PC several
times throughout it’s lifetime and would maybe move PC’s after several years.
What Microsoft are allowing for is that when you consider the lifetime of the
OS, by the time you have performed several upgrades of your old PC and then
moved to your new one, and then perform several upgrades of that new PC, the
OS in use would most likely have been replaced by a newer version, which would
therefore require a complete new licence anyway.

What they are trying to stop is the cloning of a product ID onto multiple
machines. Remember, it is the product ID AND the Installation ID that are used
to generate the unique ID (key) which is assigned to the computer. There are
circumstances by which the same product ID can be used on multiple machines
each with a different Installation ID (because of the difference in hardware),
that results in a unique registration ID. It is this that they are trying to
prevent. The Product ID can only be used on two machines, (or one machine with
a significant change of hardware).
This won’t effect Joe User who upgrades his machine periodically. It will prevent
you from installing on your new machine that you purchase every year. (If you
can afford to buy a new machine every year, then you can afford to buy a new
licence every year. I don’t see what the problem is there. And if you are purchasing
a PC that often, you’d probably be better off getting one with an OEM licence
which is much cheaper anyway.