Worldwide*
Quick Links|Microsoft.com Home
Microsoft*
Search Microsoft.com for:
OEM Partner Center 
|Your Profile|Site Map|Contact Us
Search OEM

Advanced Search
(Change Location)
Resolving WGA Validation Issues When Updating Customer PCs
Windows Genuine Advantage (WGA) allows end users to differentiate between genuine and non-genuine Windows software through an online validation process. Because system builders need to install updates and patches prior to validation and activation of Windows, Microsoft has created the System Builder Bypass Tool to bypass this validation requirement.
 

How Does Windows Genuine Advantage Work? WGA validation is required for users downloading most Windows-related content from the Microsoft Download Center or using Windows Update services. It works as follows:

  • Creates a match between your PC's hardware profile and your 25-character product key (located on the Certificate of Authenticity).
  • Stores and checks this information against future activation and validation attempts.

System Builder Issues When Updating Customer PCs During the preinstallation process, system builders need to update their customers’ PCs with the latest patches and releases of Windows software. As a result of the WGA program, however, system builders have encountered issues when attempting to download these updates and patches, because validation has been required before they can use the Windows Update site.

How to Bypass WGA Activation and Validation Requirement The System Builder Bypass Tool allows system builders to download and install critical updates on new PCs without being required to activate or validate Windows.

Additional Ways to Obtain Critical Updates and Service Packs As mentioned previously, under normal circumstances WGA requires a Windows client to be activated in order to obtain Windows updates using either Windows Update or Microsoft Update services. This does not mean critical updates and service packs are not available to system builders. These update types are available through:

  • Windows Update Agent (Automatic Update) or
  • Microsoft Download Center

Software Required for Operating System Updates This chart shows the software files that are needed to update specific operating systems.

Supported Operating System Required Software Files
  • Windows Vista (all editions)
  • Windows Server 2008 (all editions)
  • Windows XP (all editions)
  • Windows Server 2003 (all editions)
  • OPK (OEM Preinstallation Kit for OPK methods)
  • Windows Server 2003
    (for WSUS methods)*
  • Windows Update Agent
    (Automatic Updates used in WSUS methods)
* Recommended hardware and software requirements for Windows Server Update Services (WSUS)

Updating Windows with the OEM Preinstallation Kit (OPK) There are several different methods for updating Windows platforms. Each is beneficial but will vary depending on your build process. These methods include:

  • Using the OPK
  • Using Windows Server Update Services
  • Using batch files
Activating Windows Installation Automatically During Setup

  1. In Unattend.txt file located in the configuration set folder of the distribution share, set the Product Key entry in the [UserData] section equal to the Product Key on the COA sticker for each Windows installation.

  2. In the [Unattended] section set the value of AutoActivate equal to Yes.

  3. Install Windows using an unattended Setup.

    Example
    [UserData]
    FullName = "Your User Name"
    OrgName = "Your Company Name"
    ComputerName = *
    Product Key= TTGHK-3RC33-BT9DR-3BVYV-BTQ98
    [Unattended]
    AutoActivate = Yes

    Remember to use the Product Key that is on the Certificate Of Authenticity that you affix to the computer. This is the same COA the end user would use. The Product Key in this example is a generic published public Product Key from:

    http://www.microsoft.com/technet/prodtechnol/winxppro/deploy/wpadepl.mspx

    Note: The destination computer must have physical access to the Internet. If the Internet connection is through a firewall, you may need to configure the relevant proxy settings in the Unattended.txt file.

    A. Specify your proxy settings in the [Proxy] section of Unattend.txt.
    B. In the [Unattended] section, set ActivateProxy equal to Proxy.

  4. When you run Sysprep on this destination computer, you must include the -activated command-line option.

    Important: Setting AutoActivate = Yes does not guarantee that this installation of Windows is successfully activated. For example, the activation attempt will fail if the computer cannot successfully connect to the Internet.

    To preserve a successful activation of the installation, you must run Sysprep with the -activated command-line option.

    Example
    sysprep -activated –reseal
Batch File Method

This method is the easiest method to implement but it is not automated. This method requires that you manually execute the batch file on each machine you wish to update.

  1. Download all relevant updates from http://v4.windowsupdate.microsoft.com/catalog or http://www.microsoft.com/technet/security/current.aspx

  2. Create a batch file with the updates corresponding to the operating system you wish to update.

    Example
    ;Windows XP SP2 updates
    dotnetfx.exe /q:a /c:"install /q"
    MP10Setup.exe /Q
    WindowsXP-KB834707-x86-enu.exe /quiet /passive /norestart /o
    WindowsXP-KB867282-x86-ENU.exe /quiet /passive /norestart /o
    WindowsXP-KB873333-x86-ENU.exe /quiet /passive /norestart /o
    WindowsXP-KB873339-x86-ENU.exe /quiet /passive /norestart /o
    WindowsXP-KB885250-x86-ENU.exe /quiet /passive /norestart /o
    WindowsXP-KB885835-x86-ENU.exe /quiet /passive /norestart /o
    WindowsXP-KB885836-x86-ENU.exe /quiet /passive /norestart /o
    WindowsXP-KB887472-x86-enu.exe /quiet /passive /norestart /o
    WindowsXP-KB888113-x86-ENU.exe /quiet /passive /norestart /o
    WindowsXP-KB888302-x86-ENU.exe /quiet /passive /norestart /o
    WindowsXP-KB890047-x86-ENU.exe /quiet /passive /norestart /o
    WindowsXP-KB890175-x86-ENU.exe /quiet /passive /norestart /o
    WindowsXP-KB891781-x86-ENU.exe /quiet /passive /norestart /o
    WindowsXP-KB886185-x86-enu.exe /quiet /passive /norestart /o
    WindowsXP-KB887742-x86-ENU.exe /quiet /passive /norestart /o
    NDP1.1sp1-KB867460-X86.exe /Q
    NDP1.1sp1-KB886903-X86.exe /Q
    NDP1.1-KB886904-X86.exe /Q
    Windows-KB890830-V1.2-ENU.exe /Q

    Note: This example does not include all of the updates available for Windows XP SP2.

  3. Update each Windows Installation by executing the batch file from a source media like CD-ROM, distribution share, USB flash disk, or an external USB drive that contains your updates.

Winbom.ini Method

This method uses the OPK Tools with a distribution share. It automates the updates to each computer it’s deployed.

  1. Download all relevant updates from http://v4.windowsupdate.microsoft.com/catalog
    - Or -
    http://www.microsoft.com/technet/security/current.aspx

  2. In Winbom.ini located in the configuration set folder of the distribution share, create a section called [OEMRunOnce]. Create a folder called updates from within the OPKTools folder.
    Note: Make sure you have the proper security credentials to access the updates folder.

  3. Copy each update to the updates folder.

  4. Create an entry for each update with the following format:
    Syntax: display_text,command_line

    Windows XP SP2 Example:

    [OemRunOnce] "dotnetfx","""\\OPKMGR\OPKTools\updates\dotnetfx.exe"" /q:a /c:""install /q"""
    "Adoby","""\\OPKMGR\OPKTools\updates\AdbeRdr70_distrib_enu\setup.exe"" /S /v/qn"
    "Media Player 10","""\\OPKMGR\OPKTools\updates\MP10Setup.exe"" /Q"
    "KB834707","""\\OPKMGR\OPKTools\updates\WindowsXP-KB834707-x86-enu.exe"" /quiet /passive /norestart /o"
    "KB867282","""\\OPKMGR\OPKTools\updates\WindowsXP-KB867282-x86-ENU.exe"" /quiet /passive /norestart /o"
    "KB873333","""\\OPKMGR\OPKTools\updates\WindowsXP-KB873333-x86-ENU.exe"" /quiet /passive /norestart /o"
    "KB873339","""\\OPKMGR\OPKTools\updates\WindowsXP-KB873339-x86-ENU.exe"" /quiet /passive /norestart /o"
    "KB885250","""\\OPKMGR\OPKTools\updates\WindowsXP-KB885250-x86-ENU.exe"" /quiet /passive /norestart /o"
    "KB885835","""\\OPKMGR\OPKTools\updates\WindowsXP-KB885835-x86-ENU.exe"" /quiet /passive /norestart /o"
    "KB885836","""\\OPKMGR\OPKTools\updates\WindowsXP-KB885836-x86-ENU.exe"" /quiet /passive /norestart /o"
    "KB887472","""\\OPKMGR\OPKTools\updates\WindowsXP-KB887472-x86-enu.exe"" /quiet /passive /norestart /o"
    "KB888113","""\\OPKMGR\OPKTools\updates\WindowsXP-KB888113-x86-ENU.exe"" /quiet /passive /norestart /o"
    "KB888302","""\\OPKMGR\OPKTools\updates\WindowsXP-KB888302-x86-ENU.exe"" /quiet /passive /norestart /o"
    "KB890047","""\\OPKMGR\OPKTools\updates\WindowsXP-KB890047-x86-ENU.exe"" /quiet /passive /norestart /o"
    "KB890175","""\\OPKMGR\OPKTools\updates\WindowsXP-KB890175-x86-ENU.exe"" /quiet /passive /norestart /o"
    "KB891781","""\\OPKMGR\OPKTools\updates\WindowsXP-KB891781-x86-ENU.exe"" /quiet /passive /norestart /o"
    "KB886185","\\OPKMGR\OPKTools\updates\WindowsXP-KB886185-x86-enu.exe"" /quiet /passive /norestart /o"
    "KB887742","""\\OPKMGR\OPKTools\updates\WindowsXP-KB887742-x86-ENU.exe"" /quiet /passive /norestart /o"
    "KB867460","""\\OPKMGR\OPKTools\updates\NDP1.1sp1-KB867460-X86.exe"" /Q"
    "KB886903","""\\OPKMGR\OPKTools\updates\NDP1.1sp1-KB886903-X86.exe"" /Q"
    "KB886904","""\\OPKMGR\OPKTools\updates\NDP1.1-KB886904-X86.exe"" /Q"
    "KB890830","""\\OPKMGR\OPKTools\updates\Windows-KB890830-V1.2-ENU.exe"" /Q"
    "KB873374","""\\OPKMGR\OPKTools\updates\gdidettool.exe"" /Q"
    "KB890923","""\\OPKMGR\OPKTools\updates\WindowsXP-KB890923-x86-ENU.exe"" /quiet /passive /norestart /overwriteoem"
    "KB893066","""\\OPKMGR\OPKTools\updates\WindowsXP-KB893066-x86-ENU.exe"" /quiet /passive /norestart /overwriteoem"
    "KB893086","""\\OPKMGR\OPKTools\updates\WindowsXP-KB893086-x86-ENU.exe"" /quiet /passive /norestart /overwriteoem"
    "KB890859","""\\OPKMGR\OPKTools\updates\WindowsXP-KB890859-x86-ENU.exe"" /quiet /passive /norestart /overwriteoem"
    "KB890830","""\\OPKMGR\OPKTools\updates\Windows-KB890830-V1.4-ENU.exe"" /Q"
    "KB886906","""\\OPKMGR\OPKTools\updates\XPSP2\NDP1.0sp3-KB886906-X86-Enu.exe"" /Q /I"

    Note: This example does not include all of the updates available for Windows XP SP2.

  5. Install Windows using an unattended Setup.

Slipstream Method

This method integrates updates into a distribution share.

  1. On the computer where the distribution share(s) exist, create folder on C:\ called WinXPSP2.

  2. Copy the entire contents of the Windows XP SP2 version you wish to slipstream to C:\WinXPSP2.

  3. Execute and integrate each update into the distribution bits with the following syntax:
    Update /integrate:c:\WinXPSP2

    For Example:
    WindowsXP-KB891781-x86-ENU.exe /integrate:c:\WinXPSP2

  4. Repeat the process for each update.

  5. After you've completed all updates, run Setup Manager.

  6. Click Tools and select Manage Products.

  7. If you have an existing Professional (32-bit) Service Pack 2 Product, select it and click Remove Product.

  8. Click Add Product.

  9. Browse to the C:\WinXPSP2 folder and click OK.

    For another example on how to slipstream updates see Preinstallation Hotfixes.

Windows Server Update Services (WSUS) Method

WSUS is a patch and update component of Windows Server and offers an effective update management infrastructure. Best of all, WSUS is free. WSUS has both a server and client component. This method uses a localized server running either Windows 2000 Service Pack 4 (SP4) and later or Windows Server 2003 which contains the WSUS server component. On the client computers, Windows Update Agent is configured to look for updates from the WSUS server. WSUS supports updating Windows XP Professional, Windows 2000, Windows Server 2003, Microsoft Office XP, Office 2003, Microsoft SQL Server 2000, Microsoft SQL Server 2000 Desktop Engine (MSDE) 2000, and Microsoft Exchange Server 2003.

Note: This method is not supported.

  1. Download WSUS from: http://www.microsoft.com/windowsserversystem/updateservices/downloads/WSUS.mspx

  2. Install WSUS on a server accessible to the systems you are wanting to installed updates to. For instructions on how to install, configure, and setup visit:http://www.microsoft.com/technet/prodtechnol/windowsserver2003/library/
    WSUS/WSUSDeploymentGuideTC/ace052df-74e7-4d6a-b5d4-f7911bb06b40.mspx

  3. Copy and paste the following text into Notepad:

    SET KEY="HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate"
    REG ADD %KEY% /v "WUServer" /t REG_SZ /d "http://mux-server" /f
    REG ADD %KEY% /v "WUStatusServer" /t REG_SZ /d "http://mux-server" /f
    REG ADD %KEY% /v "TargetGroupEnabled" /t REG_DWORD /d "0" /f
    SET KEY="HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU"
    REG ADD %KEY% /v "AUOptions" /t REG_DWORD /d "3" /f
    REG ADD %KEY% /v "AutoInstallMinorUpdates" /t REG_DWORD /d "1" /f
    REG ADD %KEY% /v "NoAutoRebootWithLoggedOnUsers" /t REG_DWORD /d "1" /f
    REG ADD %KEY% /v "NoAutoUpdate" /t REG_DWORD /d "0" /f
    REG ADD %KEY% /v "UseWUServer" /t REG_DWORD /d "1" /f
    Net Stop "wuauserv"
    net start "wuauserv"
    WUAUCLT.EXE /resetauthorization /detectnow

  4. Replace http://mux-server in the example above with the name of your WSUS server.
    The registry values in the text will work to obtain the updates from the WSUS server. If you want to fine tune the values, you can get a detail explanation of each registry value by visiting: http://www.microsoft.com/technet/prodtechnol/windowsserver2003/library/
    WSUS/WSUSDeploymentGuideTC/ace052df-74e7-4d6a-b5d4-f7911bb06b40.mspx

  5. Save this file as UpdateAU.bat.

  6. Copy and paste the following text into Notepad:
    SET KEY="HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate"
    REG DELETE %KEY% /f
    Net Stop "wuauserv"
    net start "wuauserv"

  7. Save this file as DefaultAU.bat.

  8. Install Windows on the computer you wish to update.

  9. Insert the media that contains the batch files.

  10. Execute UpdateAU.bat.

    Note:At this point within a few seconds, the Windows Update Agent is going to download all available updates from your WSUS server.

    For Example

    You’ll be notified of new updates available to be installed.

    For Example

  11. Click the Automatic Updates icon and click on install updates.

    Automatic Updates will show a window with the progress of the installation.

  12. Once completed, you will be prompted with a window asking you to restart the computer.

  13. Click on Restart.

  14. Once the system returns to the Windows desktop, let it sit for a bit. There might be more updates available. Once you have done a few of these, you'll know when it's complete.

  15. When the Windows Update Agent is complete, and there are no more updates, you need to reset the system back to a default state. This is accomplished by executing DefaultAU.bat.

WSUS Method with OPK

This method uses a localized server running either Windows 2000 Service Pack 4 (SP4) and later or Windows Server 2003 which contains the WSUS server component. Using the OPK, upon completion of the Windows install, while in factory mode, the client’s Windows Update Agent will look for updates from the WSUS server. Once the system is resealed, and the End User completes Windows Welcome, the Windows Update Agent will be returned to defaults.

Note: This is not a supported method.

  1. On your distribution share, using explorer and locate the configuration set you want to deploy the updates.

  2. Under the $OEM$ create a folder called $1 if it doesn’t exist.

  3. Under the $1 folder create another folder called WSUSUpdate.

    When complete you should have a path that looks like this:

    C:\OPKTools\cfgsets\[configuration set]\$OEM$\$1\WSUSUpdate

  4. Copy and paste the following text into Notepad:

    SET KEY="HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate"
    REG ADD %KEY% /v "WUServer" /t REG_SZ /d "http://mux-server" /f
    REG ADD %KEY% /v "WUStatusServer" /t REG_SZ /d "http://mux-server" /f
    REG ADD %KEY% /v "TargetGroupEnabled" /t REG_DWORD /d "0" /f
    SET KEY="HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU"
    REG ADD %KEY% /v "AUOptions" /t REG_DWORD /d "3" /f
    REG ADD %KEY% /v "AutoInstallMinorUpdates" /t REG_DWORD /d "1" /f
    REG ADD %KEY% /v "NoAutoRebootWithLoggedOnUsers" /t REG_DWORD /d "1" /f
    REG ADD %KEY% /v "NoAutoUpdate" /t REG_DWORD /d "0" /f
    REG ADD %KEY% /v "UseWUServer" /t REG_DWORD /d "1" /f
    Net Stop "wuauserv"
    net start "wuauserv"
    WUAUCLT.EXE /resetauthorization /detectnow

  5. Replace "http://mux-server" in the example above with the name of your WSUS server.

    The registry values in the text will work to obtain the updates from the WSUS server. If you want to fine tune the values, you can get a detail explanation of each registry value by visiting: http://www.microsoft.com/technet/prodtechnol/windowsserver2003/library/WSUS/
    WSUSDeploymentGuideTC/ace052df-74e7-4d6a-b5d4-f7911bb06b40.mspx

  6. Save this file as UpdateAU.bat in the WSUSUpdate folder.

  7. Copy and paste the following text into Notepad:

    SET KEY="HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate"
    REG DELETE %KEY% /f
    Net Stop "wuauserv"
    net start "wuauserv"

  8. Save this file as DefaultAU.bat in the WSUSUpdate folder.

  9. In Winbom.ini located in the configuration set folder of the distribution share, create a section called [OEMRunOnce].

  10. Create the following entry as shown:

    [OemRunOnce]
    "AU to WSUS","""%SystemDrive%\WSUSUpdate\UpdateAU.bat"" "

  11. Copy and paste the following text into Notepad:

    [GuiRunOnce]
    Command0 = "%SystemDrive%\WSUSUpdate\DefaultAU.bat"
    Command1 = "rd %SystemDrive%\WSUSUpdate /s /q"

  12. Save this file as Sysprep.inf to your configuration set folder.

    For Example
    C:\OPKTools\cfgsets\[configuration set]

    Note: During factory mode, the Windows Update Agent will download the updates from the WSUS server. Keep in mind, if the NIC is not installed, Windows Update Agent will not be able to communicate with the WSUS to obtain the updates. Also, in factory mode, you’ll probably have to restart the computer several times if restarts are needed to complete updates. After a few installations, you’ll figure out when all updates are installed.

As you can see, there are many ways to update your Windows installations. Each method is beneficial but will vary depending on your build process.

Additional Resources



©2009 Microsoft Corporation. All rights reserved. Terms of Use |Trademarks |Privacy Statement
Sign in to Windows Live ID