[RndTbl] Windows activation on Linux VM host?

[Alberto Abrao]

On 2021-01-21 10:03 p.m., Trevor Cordes wrote:
> On 2021-01-21 Kevin McGregor wrote:
>> Oops! Brain tired. Should read "If the two Linux hosts have the same
>> CPUs (manufacturer and gen) you should have no problem".
> Yes, in this case the physical hardware would be identical.

Means nothing. There's still the GUID of the mainboard, which is very 
much different even when everything else is the same.

> However, there is conflict between Alberto's & Kevin's answers... has
> anyone actually tried it?

I do have experience with Windows and its activation perks... mostly for 
the consumer version, which incidentally is what you want.

> And for sure you weren't using a corporate Windows license key?  (And
> not a Server version either.)  I recall hearing something like Alberto
> said re: non-corporate Windows detecting it was in a VM and complaining.

I am less concerned about the "being on a VM" and more about "making 
sure you have a reliable anchor for it". It would not matter for a 
sitting duck, but you want to dance around with it. I am reasonably sure 
that you don't want to be typing lengthy codes on your phone when 
calling the Microsoft Activation Hotline. (Thank you for calling 
Microsoft! Which product would you like to activate? Please say Windows, 
Office, ... ugh).

Even then, we want to abide to Microsoft's terms.

And here 
(https://www.microsoft.com/en-us/Useterms/Retail/Windows/10/UseTerms_Retail_Windows_10_English.htm) 
we find:

*b.**Device.* In this agreement, “device” means a hardware system 
(whether physical or virtual) with an internal storage device capable of 
running the software. A hardware partition or blade is considered to be 
a device.

(iv) *Use in a virtualized environment*. This license allows you to 
install only one instance of the software for use on one device, whether 
that device is physical or virtual. If you want to use the software on 
more than one virtual device, you must obtain a separate license for 
each instance.

Keep in mind I am not a lawyer (really? lol). Now, as with everything 
Microsoft licensing, this is ambiguous enough to have you thread the 
grey area if you have a single licence for the dancing VM, as it states 
a device meaning a *hardware *system, physical or virtual. It does 
mention "one virtual device", and we can argue that we are talking about 
a single virtual environment , even though it sometimes travels between 
different hosts. Now, we are talking about consumer, retail versions 
here, so I may not be grasping at straws when I point this. That said, 
keep in mind that I am not a lawyer (you don't say? :D), so my opinion 
is worth...yeah. That said, stay with me.

Even assuming that would be perfectly legit, you still have the problem 
of keeping the activation when changing hardware. The virtual 
environment may be abstract enough that it does not detect enough of a 
change and just pretends nothing ever happened. Or it does smell a rat 
and asks for activation. Well, please see above if that happens. In this 
case, if our assumption is right, it would be OK for licensing, but not 
nice at all to administrate.


>
> I guess the big part of the question is, if Windows doesn't have a
> blanket anti-VM block in it, how much of the host hw id info really
> does "seep" into to guest...

As much as you let in, for KVM at least.


>
> The problem here that testing it might "waste" a paid Windows license.
> Even if we bought 2 licenses and activated twice, I'm not convinced the
> activation code won't get angry at going back and forth between the 2
> boxes.

It will not, because the code goes to Microsoft only once. When you pass 
the tables like I described on my previous email, it results in a hash 
that Windows is able to pass onto the activation servers.

- Hardware hash is passed to Microsoft activation servers.
- If there is no key tied to it, it reports "not activated". Boo. Gimme key!
- You have the key in. Let's say, Pro version.
- Key is now tied to the hash.
- You're activated!

So now you nuke it from orbit and start fresh. Same process happen 
again, but this time:

- Hardware hash is passed to Microsoft activation servers.
- Uncle Bill says: "oh, I remember you! You have a licence here, but 
let's talk first: what are you, really?"
- "I am a Pro, dude, but I have no l33t codes on me, sry"
- "Just as I remembered. Sweet! I remember your l33t codes from times 
gone by, no need to bore me again. Here, a cookie. Off you go."
- Activated!

And that alone is *enough*. With that, it quickly finds out if you're 
activated or not, and off it goes. No key, no rearm, nothing. You will 
*never* be prompted for a key if there is a valid licence tied to your 
hardware's hash, thus, by passing the SLIC bits to the VM, and that 
physical hardware having a good valid Windows 10 licence previously 
activated with Microsoft, it will just take care of itself. Done. You 
will never type a key for that hardware ever again, assuming you 1) 
never phone-activate the key on another device, thus revoking the 
authorization for the one to which it is tied (true for RETAIL versions, 
keep that in mind, as OEM licences are not able to be revoked in this 
manner, at least theoretically); and 2) use the same version of Windows 
(e.g. Windows 10 Pro key = Windows 10 Pro install. Home = Home. You get 
the idea).

That also means that both machines would have a Windows licence *tied to 
their hardware*, which could be used even after the VM setup is no 
longer warranted, either for another VM, or for a bare metal install 
should it ever be repurposed as a beefy workstation, for example.

Now, it remains to be seen if that's feasible using VirtualBox. As I 
said, one is able to do that with KVM.

> Man, do I hate Windows and non-FLOSS.  Maybe I need to see if my
> customer could instead forget Windows and make everything work in
> WINE...

As you mentioned WINE, I suggest you investigate that and see if he is 
happy. If that is not an option, let me know and we can research 
something that is sure to steer your client far away from uncle Bill's fury.

Kind regards,
Alberto Abrao

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://muug.ca/pipermail/roundtable/attachments/20210121/84da935c/attachment.htm>