Windows 7 reinstallations - how to check
Results 1 to 7 of 7

Thread: Windows 7 reinstallations - how to check

  1. #1
    Member bradlesliect's Avatar
    Join Date
    Apr 2006
    Location
    CT - SA
    Posts
    74

    Cool Windows 7 reinstallations - how to check

    Hi,

    I have a feeling that a client reinstalled windows 7 on his box but I cant prove it. Is there any way I can see if its been reinstalled? What's makes me suspicious is that I am very sure I installed and activated Windows 7 Business 32bit....he says he's having a problem activating his windows. When I checked his box he is running windows 7 Ultimate 64bit, which I dont even have.

    Is there a way I can check if he has reinstalled windows himself? ....obviously he didnt expect an activation problem


    Thanks for Help
    .....I rather not say....

  2. #2
    Senior Member nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,190
    Brad old chap, it is time to stand up and be counted?

    I have a feeling that a client reinstalled windows 7 on his box
    .....

    In which case they most certainly did!

    but I cant prove it.
    Even I might have difficulty there...........a full format will overwrite the HDD, so it is beyond the remit of us mere mortals to investigate further. Anyway why should you have to "prove it".................

    Is there any way I can see if its been reinstalled?
    One word..........NO!, you see, it hasn't been "reinstalled", it has been replaced?

    What's makes me suspicious is that I am very sure I installed and activated Windows 7 Business 32bit
    Check your work logs and billing records? You do keep those don't you?

    he says he's having a problem activating his windows.
    That's the proof! Windows only requires activation on a full reinstall, or new installation. Otherwise the product code will do.

    When I checked his box he is running windows 7 Ultimate 64bit, which I dont even have.
    So you knew the answer before making this post? Why don't you just get some bawlz and tell him to FO&D?

    If you did not supply the system with a working operating system then this is a new job..........so quote the little bugger for it and tell him it is cash in advance. otherwise you will get ripped off.

    If you did supply it with an operating system, then your records should show this?

    If you have any bloody idea about what you are doing, the box has an MS sticker on it?...........that will say what OS it was licensed for. OK, not for corporate licences, but you don't even have to authenticate them

    If it doesn't have a 64bit Windows 7 sticker on it, then he is SOL

    If it does, (and I know it doesn't) then that is between him and MS, or the POS who installed a pirated version of ultimate on it.......his Business version product code won't activate ultimate

    Actually you disappoint me Brad, his children did it......and you couldn't work that out?

    Business 32 = Boring
    Ultimate 64 = Games

    ??????????????????

  3. #3
    Member bradlesliect's Avatar
    Join Date
    Apr 2006
    Location
    CT - SA
    Posts
    74
    Gees Nihil ...go easy on the compliments there...

    Your sarcasm and critique will be taken from where it comes ....UNDER MY ARMPIT!

    - Do I know what I am doing, I would like to think so - obviously you see it differently.
    - I used the client's existing disc at the time of installation and I don't recall seeing 64bit
    - The famous "sticker on side of box" comment ...ahh..yes...that never gets boring. Well lets see, the client's previous box was STOLEN and this was a replacement, so at time of installation I used cd-key I had on record from previous audits!
    - Reinstall, clean install, upgrade - I know with previous windows ver when you did a repair/reinstall, you would be prompted to install in same or overwrite existing directory or it would install to dir WINDOWS000 and so too your user profiles would have suffix of 000 but not having used w7 much I am not familiar about what happens when you do repair, clean install, upgrade or if it renames in dirs or profiles.

    Thanks for your comments. Greatly appreciated.

    When next you make comments, please don't make assumptions - you may just embarrass yourself as well as the person REQUESTING HELP!

    oh...and take two valiums or change your meds.

    Thanks for help but I still need answer to my question.
    .....I rather not say....

  4. #4
    Antionline's Security Dude instronics's Avatar
    Join Date
    Dec 2002
    Posts
    901
    Uhm, ok i got a stupid question here, but when you install a new windows OS.... cant you see the date and time in installation logs? Or maybe try to see a date when a file has been created or changed or something? Just anything to give you the information you require?

    Also doesn't windows create an initial restore point? What date was that made?

    When you install the drivers, like for the motherboard, usb, sound, network etc... is there no installation date in those logs anywhere?

    Really sorry if i am barking up the wrong tree here, but i cant imagine it being so hard to find out if a system has been reinstalled or not. I don't have a windows box to try to see it for myself, but i am just guessing here. Sorry if i am not helping with the guess, but it would seem a logical approach.

    Cheers.
    Ubuntu-: Means in African : "Im too dumb to use Slackware"

  5. #5
    Senior Member nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,190
    Thanks for help but I still need answer to my question.
    The answer is NO!......you have a clean installation scenario, so nothing remains of the previous history. The thing could have been booting Linux or OS-X and you wouldn't know.

    I suspect you are thinking of a "repair install" with 2000/XP? That would perform as you describe.

    Since Vista, a full format & installation will overwrite the HDD with 0 0r 1 characters, so you effectively wipe history. This is actually the first time MS have done this since DOS, when you had the option to overwrite the HDD with a preset pattern, if you wanted to. A full format in Vista and 7 just goes ahead and does it.

    instronics is right...........you should see when it was done..........but the countdown to activation warning each time you boot up will tell you that.


    so at time of installation I used cd-key I had on record from previous audits!
    So your audit records will show what version of Windows 7 was installed?

    Various possibilities here?

    1. They made an error with the product key entry, when attempting activation. But why would the customer need to activate Windows?........you would have done that?

    2. Some sort of MS problem............try telephoning them and getting an activation code that way.

    Obviously you need a valid product code to get Windows to install in the first place.............were you given the correct DVD to begin with?

    Oh! and I almost forgot..............if you installed an OEM version rather than a retail boxed one.........what you are trying to do is illegal. Just read the small print in the EULA Strictly speaking, when your customer's computer was stolen, so was his OS licence.

    This will vary with the law in individual countries, but the gist is that the retail licence allows you to use the OS on any one computer at a time, whereas the cheaper OEM licence is tied to one specific computer. I have no idea how WGA has been implemented for Windows 7, but this might be an issue?

    I really haven't examined the contents of a Win 7 DVD, but I suspect that it has several versions and relies on the product code to decide which one to activate.

    If you are certain that you installed and activated 32 bit business edition, then someone has certainly messed with it afterwards.

    As instronics suggests, just take a look at the logs, or work back from the days left to activation pop-up.

    Out of curiosity.............was the stolen computer 32 bit and the replacement 64 bit?

    The famous "sticker on side of box" comment ...ahh..yes...that never gets boring. Well lets see, the client's previous box was STOLEN and this was a replacement
    It is a very good place to start as it happens. After all you only need to get one character wrong for the activation to fail?.....and you must know the correct code to get the OS to load in the first place?.......

    I still think that the telephone MS route is the next step, although I am at a loss to explain why the customer would be prompted for an activation code when you set the machine up???

    EDIT:

    I forgot to ask, but what does the client think should be the OS?..............7-32bit business, or 64 bit ultimate?

    As for:

    oh...and take two valiums or change your meds.
    Might I recommend sensible pills and a basic business 101 course? YOU SURE AS HELL DON'T KNOW HOW TO RUN ONE..............

    YOUR RECORDS SHOULD CONTAIN NAME MODEL SERIAL NUMBER OS VERSION ETC.

    You should not need to "prove" anything, as your invoices should detail the system returned, "in good working order".............if it gets paid then that is legal acceptance?

    Even for rock spiders?
    Last edited by nihil; February 10th, 2011 at 08:11 PM.

  6. #6
    i read most of this thread and didnt catch this but if you remember around what date you installed it (as instronics said) and go to the command prompt and use the systeminfo command it'll show the Original Install Date: ...quickest way to check imo.

    StreetsCrack.com Join The Best Music Social Network Online. Music downloads, promotions, forums, profile, games etc...

  7. #7
    Senior Member nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,190
    Hmmmm,

    Has anyone wondered why computer forensics play such an insignificant role in court cases? And I don't consider standard data recovery to be "forensics" as such.

    1. Even if you have a good idea of what has happened you cannot prove who was sitting at the computer at the time.

    2. Even though "deleted isn't"; overwritten certainly is. Even the biggest data recovery outfits won't offer to recover overwritten data.

    3. If you know what you are doing, it is pretty easy to spoof the evidence or use an anti-forensics tool that would make it inadmissible in court.

    In this case we have a clean install of a Windows OS, so anything that was there previously has been overwritten.

    All the tech has to go on is what's there now, his records, and logic.

    In this case we have an installation scenario, so there are no user accounts set-up, or any other indication of who did it. All you have is the date and time, which might be useful if you have an alibi?

    Now,

    1. If I load a Windows Business DVD and give it the product code it will install. Just as a Windows Ultimate will. Swap the product codes and it won't even install.

    2. At the installation stage, the checking is pretty rudimentary, so any plausible code for that version will work.

    3. You may have problems when you try to activate the product though, as you are now up against WGA I can't say that I have come across anything with Windows 7, but WGA has certainly been known to screw up in the past.

    4. I cannot think of a situation where you would install Windows for a customer and not activate it. Generally you will be asked to load additional software for them, and you should let Windows update bring it to the latest patch?

    So, simple logic says that the customer must have done it...........although they may well deny it

    I am curious as to what the actual "activation problem" is..........what was the message, and was it an internet attempt or a phone-in? There might be a clue there?

    Personally, I like Belarc Advisor. It is good at detailing current software and basic hardware, and whether you have all the latest patches for Windows. You can use it to keep track of customers' systems.

    I really don't care what a user decides to do, or who else they might go to, just so long as they don't expect me to guarantee it!

    It isn't "my network" until I have authority to lock it down............it is their network, and I will just fix the problems that creates
    Last edited by nihil; February 12th, 2011 at 06:12 PM.

Similar Threads

  1. Windows Error Messages
    By cheyenne1212 in forum Miscellaneous Security Discussions
    Replies: 7
    Last Post: February 1st, 2012, 02:51 PM
  2. Windows and lack of Email and Media clients
    By gore in forum Operating Systems
    Replies: 13
    Last Post: May 29th, 2009, 06:11 PM
  3. Copying updates
    By Cider in forum Operating Systems
    Replies: 10
    Last Post: March 21st, 2006, 09:30 PM
  4. Whats a good stable OS?
    By s3nate in forum Operating Systems
    Replies: 25
    Last Post: July 20th, 2004, 11:32 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •