How to rearm windows 7 instance

Resetting the rearm count in Windows 7 (source: IT Funk)

After installing Windows 7, and before activation, the operating system will run in an Initial Grace Period license status for 30 days. When this grace period expires, users can rearm Windows 7 for an additional 30 days, and do this up to 3 times, effectively allowing the OS to run legally for 120 days without a genuine product key.

When a user uses up all three rearms available rearms, the only option left is to enter a genuine product key to activate Windows 7, or leave the operating system in a crippled, non-genuine state. Users will then be subjected to certain annoyances such as black desktop background, repetitive notification messages stating that this copy of Windows is illegal or counterfeited, and a reminder to register the software at login.

Through a Windows Product Activation (WPA) vulnerability that Microsoft introduced in Windows 7, it is possible to reset the remaining rearm count back to 4. There is no limit to the number of times that the rearm count can be reset, meaning that a user could theoretically run an unlicensed copy of Windows 7 forever, without the need for proper activation, and without applying any activation hacks.

This WPA vulnerability is related to a WPA registry key which contains the ‘Last Rearm Time’. When the WPA registry key is deleted, the whole licensing status of Windows 7 is re-initiated to the Initial Grace Period as if Windows 7 has just been installed. The deletion of the WPA registry key is achieved via the following command:

reg load HKLM\MY_SYSTEM “%~dp0Windows\System32\config\system”
reg delete HKLM\MY_SYSTEM\WPA /f
reg unload HKLM\MY_SYSTEM

Given the importance of this WPA registry key, Microsoft has locked it (and its sub-keys) from been modified or deleted in a normal user session. The only way to run this command is within the WinRE (Windows Recovery Environment) or WinPE (Windows Preinstallation Environment).

In our managed environment, this method of rearming Windows is ultra handy in our SOE creation, in that we do not have to keep starting from scratch when we run out of rearms. This ‘hard’ rearm reset gives us one less thing to worry about if we need to tweak anything in our images.

  1. To perform this ‘hard’ reset; create a batch script file with the following commands:

    reg load HKLM\MY_SYSTEM "%~dp0Windows\System32\config\system"
    reg delete HKLM\MY_SYSTEM\WPA /f
    reg unload HKLM\MY_SYSTEM

    Save the file as delwpa.bat on drive C:\ at the root folder level. For example, C:\delwpa.bat. Note that some users may require to run the text editor such as Notepad as administrator to save to C:\ root directory.
    Restart the computer.

  2. Press F8 right after the BIOS screen to get to the “Advanced Boot Options”.
  3. Select Repair Your Computer.
  4. Select your keyboard input method, and click Next.
  5. Enter user name and password login credentials, and click OK.
  6. In the “System Recovery Options”, open Command Prompt.
  7. Type C: to go to the main drive, and the execute the delwpa.bat file by typing its name: delwpa.bat

    Note: On some computers such as virtual machine or computer with recovery partition, the main drive may have another drive letter, e.g. D:

  8. The console should display messages saying that the commands were executed successfully. Close the console window and reboot the machine.
  9. After system start-up, log into Windows. Your system will display message such as “This product is not genuine”. Just ignore it.
  10. To check the activation status, open an elevated command prompt window as administrator, and run the following command:slmgr /dlvThe dialog box with the following details should appear:

    License Status: Initial Grace Period
    Time remaining: 30 days
    Remaining windows rearm count: 3

  11. Tip: As an alternative, it’s possible boot from a Windows 7 Repair Disc or a Windows 7 installation disc to go to WinPE environment. This method will bypass the need to enter login credentials. Pressing F8 will bring user to WinRE console.