Langa Letter: Lockout WorkaroundsLanga Letter: Lockout Workarounds
With a little preparatory work, Fred Langa says, you can avoid nasty surprises from Microsoft's Windows Product Activation.
January 29, 2002
By now, you probably know that if you use any form of XP software--Windows XP, Office XP, Word 2002, Excel 2002, FrontPage 2002, etc.--you can't avoid Windows Product Activation. WPA, a form of mandatory product registration, requires you to communicate with Microsoft by Web or phone to receive a unique 50-digit product identifier; it locks your software to the specific hardware setup on which it's installed.
We've already covered WPA in some depth, but there's one additional important item left to cover: what to do if WPA's worst-case scenario comes true for you and you find yourself totally locked out of your PC. In the last few columns, we've discussed how this can happen. (See The Giant Paperweight, Windows XP's 'Product Activation: A Privacy Risk?", and 1,000 Posts Later: WPA Update.) Now it's time to discuss remedies and workarounds. But because our WPA coverage has been spread out over time, let's take a minute to clarify several items and make sure we're on the same page. First, let's separate WPA from XP itself. XP software isn't inherently bad; the XP operating system in particular can work quite well, given sufficient horsepower and assuming you know what you're getting into. Windows XP combines the best of Windows NT/Win2K (improved stability, better security, easier management, fewer legacy limitations) with the best of Win9x/ME (familiarity, ease of setup and use, wider compatibility, etc.) For a snapshot of some of the operating system's highs and lows, see The 10 Best And Worst Things About XP. Second, WPA does not appear to be a serious risk to your security or privacy. As I reported in this space as far back as August, "despite what you may hear in the more alarmist corners of the Web, the WPA phone-home process does not, in itself, appear to be a major issue in terms of active snooping." Nothing has changed since then; no major security or privacy concerns have emerged with WPA. That's the good news. Greed Is The Issue
The bad news is that WPA remains an annoyance to those of us who frequently change our hardware and software. It's yet another step down the path of losing control over our own PCs. And--this is what steams me the most about WPA--it exists solely because of Microsoft's greed. You see, software locking is normally used only on low-volume niche software, where a software piracy loss of even a small percentage of sales is a serious blow to the vendor. For example, some big-ticket CAD programs--the kind used by professional architects and civil engineers--use various forms of software locking because the market for such software is relatively small. But Microsoft is marketing general-purpose operating systems and office applications to hundreds of millions of potential customers. Markets don't get any bigger than that. Niche-style software locking is the wrong way to prevent mass-market piracy. It's simply the wrong tool for the job. I'm not excusing piracy--it's wrong. But Microsoft actually created its own piracy problem by setting the prices on its software at artificially inflated levels. Windows XP is the most expensive mass-market operating system there is! Microsoft could instantly reduce the attraction of piracy simply by lowering its prices or by offering steep rebates to those who register. Microsoft would make up in volume what it would lose in single-copy sales revenue. Lower prices would also make Microsoft seem to be the Good Guys--on the side of users--instead of being seen as an obscenely rich company trying to get even richer. But, rather than removing the unconscionably high pricing that's the root cause of piracy, Microsoft tried to control piracy by slapping on a mostly pointless and user-hostile form of copy protection, in WPA. I do mean pointless. WPA does nothing to impede crackers and large-scale, professional pirates. It's only an obstacle for average users, who are mostly honest. And I do mean user-hostile. If WPA is triggered for any reason--any reason at all--and you are unable or unwilling to complete the activation process by the end of the grace period, then you'll at least be unable to use your software. And in the worst case (with the Windows XP operating system) it's possible that you can end up totally locked out of your PC. All XP software contains the WPA subsystem--even "preactivated" original equipment manufacturer-installed or site-licensed versions--so everyone using XP should be prepared to recover from an unexpected WPA lockout. Because lockouts in the Windows XP operating system are potentially the worst, we'll focus our attention there. Windows XP Lockout Workarounds
XP's native file system is NTFS, but a minority of XP systems uses FAT-based partitions or drives. If you're in this minority population, you can access your files from DOS even if XP itself won't boot: Just start your PC from a floppy with the DOS system files on it, and you'll then be able to copy/clone/back up your files as needed. (If you need help with DOS, or with creating a DOS floppy, see http://content.techweb.com/winmag/columns/explorer/2000/21.htm.) But most XP systems use NTFS, and, normally, an NTFS partition or drive cannot be accessed from DOS. In fact, the entire NTFS drive or partition normally isn't even visible from DOS: The data effectively vanishes. Several readers--"Hugh" was the first--pointed out that freeware tools, such as NTFSDOS, can let you access the contents of an NTFS partition or drive from DOS or from older versions of Windows, including Win98. For example, if WPA won't let you boot XP, you can boot from a DOS floppy, then use NTFSDOS to copy your NTFS files to another floppy or to a non-NTFS partition. However--and this is a big gotcha--tools such as NTFSDOS may not help you if you've used some NTFS advanced features, such as file or folder encryption or compression. You still might be able to get back your data if you have access to a second PC running Windows NT/2K/XP, or if you can swap in a second hard drive instead of the one with the locked partition (i.e., use another drive as master and set the locked drive as slave). You then can use the second PC or drive to access the NTFS files on the locked partition. You won't be able to boot the locked copy of Windows XP, but the files themselves should be accessible. This approach should let you gain access to compressed files on the NTFS volume. But you may still find that your encrypted files in the locked volume are inaccessible, unless you've previously set yourself or someone else as a "designated recovery agent" for your system's local security certificate. (See XP's "Help And Support" system under "encryption" for information on XP's local security certificates and data recovery.) Of course, even having DOS recovery tools, or having copies of your security keys, will do you no good at all if you can't get at them. As you work out your plan to recover from a potential WPA-lockout, store whatever recovery tools and files you need on floppies or on another system, so you'll have access to them if a lockout occurs. Hope For The Best; Plan For The Worst
If you're paying attention to your system and working carefully, WPA should never unexpectedly lock you out of your system in the first place. But it's always wise to plan for the worst and to have a way to work around a surprise WPA lockout. That's why I've downloaded a copy of NTFSDOS--and I suggest you do, too. You can't avoid WPA (none of the techniques I've described let you do that), but at least you can prevent yourself from being blocked from your own data! Does the existence of workarounds for lockouts make WPA any more palatable for you? Do you know of other tools that can help dig data out of NTFS disks and partitions, with and without compression and encryption? What are your final thoughts on WPA? Join in the discussion! Related reading at InformationWeek.com
The Battle Of The Browsers, Redux: Netscape's new antitrust suit against Microsoft reopens a years-old battle over whose software will underpin the Web. Data's Last Hope: Think your data is lost forever? Not so fast. ActionFront's fast and low-cost data-recovery service can come to the rescue. Disaster-Recovery Experts Speak Out: Did you miss our online roundtable discussion, with several storage and data-continuity gurus sharing their wisdom? Never fear. We've archived the early November discussion forum, moderated by InformationWeek senior editor Martin J. Garvey, which addressed ROI, establishing hot site criteria, and protecting medical records. While you're at it, tell us what roundtable topics you'd be most interested in seeing!
About the Author(s)
You May Also Like
3 Real-World Challenges Facing Cybersecurity Organizations
Ultimate Guide to Building a Data Governance Program
Choice Hotels Goes 'Lights Out' with Remote Power Management and Server Access from Raritan
Best Practices for Modern Data Management in Banking: Compliance & Capital Without Compromise
Cyberthreats Racing Ahead of Your Defenses? Secure Networking Can Put a Stop to That