We know about the rumors that Windows 7 SP1 is expected to arrive during mid-2010 and expected to be a collection of patches and updates rolled out till then. One major bug being reported by the users is that immediately after log on, they were presented with a Windows Activation window: “Windows is not genuine. Your computer might not be running a counterfeit copy of Windows. 0x80070005, and more….

windows-7-not-genuine

Some other symptoms of associated with this issue are –


1) The computer desktop background goes black, and you receive the following error message on the bottom right corner of the screen:

This copy of Windows is not genuine

2) You receive the following error message when you view the System Properties: (Control Panel –> System and Security –> System)

You must activate today. Activate Windows now

3) If you try to use slmgr.vbs /dlv to view the licensing status, you receive the following message:

Error: 0×80070005 Access denied: the requested action requires elevated privileges

Microsoft explained that its caused by lack of permissions in the registry key HKU\S-1-5-20. “The Network Service account must have full control and read permissions over that registry key. This situation may be the result of applying a Plug and Play Group Policy object (GPO). Computer Configuration –> Policies –> Windows Settings –> Security Settings –> System Services –> Plug and Play (Startup Mode: Automatic).”

Those affected by this issue can turn to one of two workarounds detailed by Microsoft, documented below-

Method A: Disable the Plug and Play Policy

1. Determine the source of the policy. To do this, follow these steps:

  • On client experiencing Activation error, run Resultant Set of Policy wizard by clicking Start, Run and entering rsop.msc as the command.
  • Visit following location: Computer Configuration –> Policies –> Windows Settings –> Security Settings –> System Services
  • If Plug & Play service is configured through a Group Policy setting, you see it here with settings other than Not Defined. Additionally, you can see which Group Policy is applying this setting.

2. Disable Group Policy settings and force Group Policy to be reapplied.

  • Edit Group Policy that’s identified in Step 1 and change setting to “Not Defined.” Or, follow the section below to add required permissions for Network Service account.
  • Force Group Policy setting to reapply: gpupdate /force (a restart of the client’s sometimes required)

Method B: Edit the permissions of the Group Policy

  1. Open Group Policy that’s identified in Method A, Step 1 above, and open corresponding Group Policy setting.
  2. Click Edit Security button, and then click Advanced button.
  3. In Advanced Security Settings for Plug & Play window click Add and then add SERVICE account. Then, click OK
  4. Select following permissions in Allow section and then click OK:Query template
    Query status
    Enumerate dependents
    Interrogate
    User-defined control
    Read permissions

Note: Previous rights’re the minimum required permissions.

  • Run gpupdate /force after you apply previous permissions to Group Policy setting.
  • Verify that appropriate permissions’re applied with following command:sc sdshow plugplay

    following’re the rights applied to Plug & Play service in SDDL:

    D:(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;SY)
    (A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)
    (A;;CCLCSWLOCRRC;;;IU)
    (A;;CCLCSWLOCRRC;;;SU)
    S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)

    (A;;CC LC SW LO CR RC ;;;SU is an Access Control Entry (ACE) that allows the following rights to “SU” (SDDL_SERVICE – Service logon user)

    A: Access Allowed
    CC: Create Child
    LC: List Children
    SW: Self Write
    LO: List Object
    CR: Control Access
    RC: Read Control
    SU: Service Logon User

    Note: If there’re no GPO’s in place, then another activity may’ve changed default registry permissions. To work around this issue, perform following steps:

    1. On computer that’s out of tolerance, start Registry Editor.
    2. Right-click registry key HKEY_USERS\S-1-5-20, and select Permissions…
    3. If NETWORK SERVICE isn’t present, click Add…
    4. In Enter object names to select type Network Service and then click Check Names and OK.
    5. Select NETWORK SERVICE and Grant Full Control and Read permissions.
    6. Restart computer.
    7. After restart, system may require activation. Complete the activation.
  • [via]KB2008385


    Also Read:
     
    Founder-Editor

    Raju is the founder-editor of Technology Personalized. A proud geek and an Internet freak, who is also a social networking enthusiast. You can follow him on Facebook and on Twitter. Mail Raju PP. Follow rajupp