Rwolf wrote on 2026-01-22, 18:49:

I would like to recreate the sticker as a backup too.

Yes, I just double checked and the key reported is the key I used to install it, do SIV32X -KEYS then look at Menu->Windows->S/W Keys

wierd_w wrote on 2026-01-22, 18:53:

Extract it from the registry and write it down?

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ProductId

No, it's HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\DigitalProductId, further it's encoded

There are tools to pull it though..

Rwolf wrote on 2026-01-22, 18:49:

In reference to the license key generation program, is it possible to reverse the keygen process?

e.g. I have one PC with an valid pre-installed OEM license, but the sticker on the PC cover is partially damaged, so I cannot use this code if I need to reinstall the machine. I can copy the wpa files from the installation and reuse them, but I would like to recreate the sticker as a backup too.

Is this possible?

Try Produkey or magical jellybean. Both are legal and will spit out the Prod ID and the actual CD or OEM Key used..
Funny that magical is listed as a tool to use on the US federal VA website 😀

The way TRM works is that any COTS software can be submitted and evaluated.

The decision tab will tell you approval level.

why not stick with windows 2000 or ME? I remember software wouldnt play nice without direct memory access

XP SP3 VL has already been discussed here and I remembered another XP SP3 edition:
- Windows Embedded POSReady 2009.
And it looks like it doesn't require activation either (I think this is also illegal for personal use).
Windows Embedded POSReady 2009 - A Great OS for Retro Gaming

ott wrote on 2026-01-22, 23:32:

XP SP3 VL has already been discussed here and I remembered another XP SP3 edition: - Windows Embedded POSReady 2009. And it look […]
Show full quote

XP SP3 VL has already been discussed here and I remembered another XP SP3 edition:
- Windows Embedded POSReady 2009.
And it looks like it doesn't require activation either (I think this is also illegal for personal use).
Windows Embedded POSReady 2009 - A Great OS for Retro Gaming

forget windows invest in ReactOS!

Just thought I'd chime in here because I've actually activated Windows XP a couple of times recently (in 2026) and I've had success.

In case you haven't heard of this, go check out legacyupdate.net. Also there's another one windowsupdaterestored.com which I believe does the same thing.

I've been using these for a while now to get rescued e-waste XP machines fully patched and activated before giving them away or selling on eBay. You don't have to install all the Windows Updates if you don't want to. Just run the first couple steps of the process (it updates root certificates etc) and then the normal, online Windows activation works properly. No hackery, no piracy, no phone calls to Microsoft, nothing.

Now this is all assuming you have a legit product key / COA sticker on the case.

I have no affiliation with either of these websites, it's just a tool I've been using for this part of the hobby and it's been working for me.

Depending on how new your new old hardware is you can experience the awesomeness of Windows 8 on Linux and not worry about activation.
https://github.com/er-bharat/Win8DE

but this might be more your speed:
https://loss32.org/

nezwick wrote on 2026-01-23, 00:19:

Just run the first couple steps of the process (it updates root certificates etc) and then the normal, online Windows activation works properly. No hackery, no piracy, no phone calls to Microsoft, nothing.

Can we please recap this one?
There was already a post a little bit before advising to update root certificates -> Re: Windows XP as a test system: your strategies for (re-)activation
So to clear things up: With updated certificates it is actually possible to use the regular non-telephone online activation and that's working as of today and with Windows XP Retail. Correct?
That would be great news to at least some (or many?) of us adding another way staying legal as far as possible and without calling out to MS.
The only uncertain point is how safe it is to connect Win XP to the internet today. Opinions differ about that according what can be read here and there...

In the meanwhile I could break my [login -> "you need activation before login, click here" -> click -> "Windows is already activated" -> logoff -> login -> "you need ..." -> click -> "Windows is already ..."] activation loop and get my existing installation going again, including using some not so totally official means for activation. Took me half a day to sort things out...
Afterwards I also updated certificates as mentioned here in the thread but without actually trying online activation. I had to do so to be able to login at all. May be safe mode would have worked but that I can find out the next time 🤣.

BTW: To break the activation loop I had to boot Windows in safe mode, start regedit, go to HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WPAEvents and change the value of "OOBETimer" to zero. After the next normal boot it would finally display the correct activation screen with all options to do so. What a headache.

ChrisK wrote on 2026-01-23, 12:36:

The only uncertain point is how safe it is to connect Win XP to the internet today. Opinions differ about that according what can be read here and there...

If your computer is connected through a router (NAT) and has a local IP (192.168.* e.g.), there's nothing to worry about.

ott wrote on 2026-01-23, 13:41:

ChrisK wrote on 2026-01-23, 12:36:

The only uncertain point is how safe it is to connect Win XP to the internet today. Opinions differ about that according what can be read here and there...

If your computer is connected through a router (NAT) and has a local IP (192.168.* e.g.), there's nothing to worry about.

Uh, I don't mean to cause an off-topic discussion, but "nothing to worry about" is being a bit too optimistic, maybe. 😅
Because I think it provides the illusion of a false safety.
XP is old and not as resistant against attacks as Windows Vista/7 onwards.
It uses more kernal drivers, for example, which can crash the whole thing if there are bugs.

So I wouldn't leave it running unattended on the internet, if possible.
If it has to be connected all the time, I would at least observe it over some time.
To see if something strange happens, if there's any background activity.
Do use a logging software for network traffic etc.
And use things like a PiHole, to block IP addresses and ports used by data trackers etc.

Disabling TCP/IP v6 is another consideration, maybe.
Because XP has an older, separate v6 stack that has a separate NAT/firewall.
Configuration has to be via command line, I think.
Having different settings for TCP/IP v4 and v6 can lead to a "shadow network",
which works in parallel and it allows passing of traffic that's meant to be blocked.

But again, I don't mean to go things off-topic.
I just recommend to remain a tiny bit suspicious, so nothing bad will happen. 🙂

Edit: Or let me put it this way, the internet never had been a safe place.
We don't know what's out there. There might be days or weeks when old malware suddenly spreads again.
Or there might be ISPs that are safer/more restrictive than others.

Being a bit careful with XP is like wearing a helmet when riding a bicycle, maybe.
In most cases, the helmet isn't needed. But then there are days of high traffic or bad luck and there's some accident.
In such cases, the helmet might be good to have. 🙂

Typis fixed.

I stand with ott that if you're hidden with NAT you are safe unless you do something stupid like running some suspicious files, going to nasty websites with outdated browser etc. But telling that just connecting to internet alone is dangerous is pure FUD from antivirus software fans. I understand that some people under youtube comments or on reddit are repeating those false claims but this is a community of old OS users. I don't need anyone else to tell me what's going on because I have this old OS running for years. I had it back in the day when two of the most dangerous viruses hit unpatched XPs all over the world. I had it with global IP. Nothing happened. With NAT there's no entry, you are invisible to outside world unless your PC asks for something when you run a browser.

"false claims" 🙄

Ip6 is not behind NAT, as 'there is no reason to'. 64bit address space is 'very hard' to exhaust, and as such, the abstraction of NAT to get many devices behind a single IP address 'just isn't needed'.

As such, disabling it is quite wise.

Additionally, 'security through obscurity is no security at all' is simply a true maxim.

The actual reality is:

Most attackers have moved on, but zombie botnets and abandoned worms are still out there, just at a much lower background rate. If you are unlucky enough to have attracted the attention of a threat actor, and they have started monitoring your attack surface, the 'unlikilihood' of wildtype BlasterWorm or Stuxnet infectors becomes moot. They observe traffic from your network that indicates a vulnerable host, then craft an exploit for you that coopts that host, to get persistent access to your network via that vulnerable host, and then perform a lateral movement attack, say, agsinst your router, or against your NAS.

This is why vintage devices really should be inside their own quarantined subnet.

IPv6 is not installed by default on XP. Not much reason to install it for home user. No need for "their own quarantined subnet" in home use. This is a waste of time for no gain.

You're all safe unless you explicitly do something wrong:
- Use old unpatched version of XP.
- Use global IP.
- Use home network with infected PCs.
- Browse nasty websites with old browsers.
- Run some nasty executables, scripts.
- Give access to your network or PC to someone you can't trust.

Security is a big money business and the last thing you can expect from their experts is to say that you are safe. Their job is to make sure you are afraid of unknown danger. Media repeat it as they prefer bad news. Next your neighbour and his dog are repeating the same. People are spreading FUD all over the internet about security. It doesn't matter for them that commercial, production environments have different security needs than home user. It's a modern day sin to feel safe.

I don't think anyone will get pregnant just because I don't wear a condom after I wake up. You will hear "but what if this, if that" but in real life it's not happening.

But let's just pretend that I never had XP before and I start believing that connecting alone is dangerous. Still in home use for a XP PC that's only meant for games I would prefer to just make a backup as my only line of defense. In worst case scenario I would just need to use that backup to bring back my PC to the state without viruses. And only then I would consider using it without network or installing dozens of security programs, using advanced router settings. But not before as they preach.

There’s a programme that allows you to activate your win xp without a key and I’ve been able to use my machines just tho I have only been using them offline so I’m unable to tell you if it goes into a hissy fit when connected to the internet.
Program is xp activate 32.

Well, seeing that XP is so old and unsupported, there needs to be a program that simply removes the activation feature entirely, so that it "just works" all the time just like w2k and win9x.

Robbbert wrote on Yesterday, 20:43:

Well, seeing that XP is so old and unsupported, there needs to be a program that simply removes the activation feature entirely, so that it "just works" all the time just like w2k and win9x.

There are activaters that basically do that.
But removing "activation feature entirely" is a bit more tricky.
Because the code resides within winlogon file, which handles user log-on on boot-up.

That being said, the legal side depends on where someone lives.
In my country, for example, if the product was legally obtained or if it is an original,
but the manufacturer ceases to provide the activation process, then the user is allowed to help himself out.
This also includes by-passing hardware-dongles etc after when the manufacturer ended business etc.

Personally, I wouldn't worry too much about XP being lost eventually.
For that to happen it had too much impact on everything.
I also wouldn't rely on MS so much, anyway. That company wanted XP to be six feet under for years.
The community rather will provide help for this vintage OS, if needed.

From an ethical point of view, it's probably fine to use original software even without blessing from its manufacturer.
To be on safe side, the certificate (COA) and the ser. number should be part of the original medium (CD), as well, though.