How to Avoid Automatically Activating Windows when Connected to the Internet

Recently I bought a new productivity tool, and I wanted to thoroughly evaluate the new machine. However, after the first boot of Windows 11, it requires mandatory internet connection for activation. Even though using the OOBE method (press Shift+F10 or FN+Shift+F10 shortcut keys, enter oobe\bypassnro in the command prompt that appears, then press Enter, the system will automatically restart, and after the restart, there will be an option “I don’t have an Internet connection” on the network connection interface, click on this option to skip the network connection), it can skip the network connection step, but still cannot connect to the internet after entering the system, which prevents me from enjoying the new machine.

I couldn’t find any effective methods online to connect to the internet without activating Windows. So, I decided to do some research on my own to see if I could solve this problem.

The problem can be summarized as “how to avoid automatic activation of Windows when connected to the internet,” so that I can enjoy the seven-day return policy.

China’s domestic e-commerce platforms offer a seven-day return policy without reason, but once Windows is activated and manufacturer’s own software is activated on a laptop (i.e., activated/modified/uninstalled machine) and there are no quality issues, it does not support the seven-day return policy. If the machine is not connected to the internet, it is very troublesome to inspect it, as it requires using a mobile device or wirelessly transferring files without internet access.

1 Windows Activation Principle

When the machine connects to the network, a certain program in Windows will provide the BIOS key and hardware information of the machine, as well as the operating system version to Microsoft’s server for validation. If the validation is successful, Windows will be activated, and this hardware and key information will be saved on Microsoft’s server.

In the case of the same version of Windows, the activated machine cannot become deactivated unless the Windows activation verification program is tampered with. That is, reinstalling the same version of Windows on the system and connecting to the internet will still automatically activate (as long as the hardware information remains unchanged).

The criterion for merchants to determine whether a machine is activated is whether there is an activation record on Microsoft’s server and Brand manufacturer server. As long as there is an activation record, the machine is considered activated.

1.1 Windows Activation Server Access Process

When Windows is connected to the internet, a program on Windows initiates an activation request. Assuming the activation server’s domain name is xxx.xxx,

1. First, it looks up xxx.xxx in the hosts file. If found, it returns this IP. If not found, it accesses the DNS server for domain name resolution.
2. If the IP is successfully resolved, the activation program accesses this IP for activation. Otherwise, the activation program stops activation.

2 Solution Approach

The main idea is to prevent communication with Microsoft servers and manufacturer server when connected to the internet.

Methods to prevent communication with Microsoft servers:

• Modify Windows settings (through registry or other configurations) to prevent Windows from performing activation validation. For example, disabling Windows updates, shutting down software protection services, but these methods are not guaranteed to be effective.
• Crack the activation program to prevent Windows from communicating with the Microsoft activation server. Possible methods include using KMS for activation.
• Do not use the original system. First, back up the original system, then reinstall a different version of the system and activate it using KMS (it may not need activation either). Of course, you can also install a Linux operating system.
• Activation is done through domain name when connecting to Microsoft’s activation server. Therefore, as long as the resolution of this domain name is blocked, Windows activation can be prevented.

The first method is particularly difficult. The second method may damage the original operating system and requires backing up the system first. The third method is more cumbersome, requiring backing up the system and installing a new system.

The fourth method is relatively simple, just block domain name resolution. So, I chose this method, and I will explain this method below.

Methods to prevent communication with manufacturer server: Uninstall various software provided by the manufacturer or prohibit manufacturer software from connecting to the Internet.

3 Obtaining the Domain Name of Microsoft Activation Server

Method to obtain the Microsoft activation service domain name: Connect the machine to the network (without internet connection), and capture the domain name resolution requests when the machine is connected to the network, analyzing all the domain names in the DNS domain name resolution requests.

Here, I set up a Wi-Fi hotspot on my old laptop that couldn’t connect to the internet and captured packets on the old laptop, then connected the new laptop to this Wi-Fi.

After analysis, the following domain name requests were obtained:

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28

_ldap._tcp.dc._msdcs.mshome.net 
wpad.mshome.net
config.edge.skype.com
mshome.net
cu1prodehnswssenglogs.servicebus.windows.net
www.msftconnecttest.com
fs.microsoft.com
dns.msftncsi.com
islnhxoktsami.mshome.net
watson.events.data.microsoft.com
fd.api.iris.microsoft.com
settings-win.data.microsoft.com
slscr.update.microsoft.com
ctldl.windowsupdate.com
rls-proxy-01.chinaeast2.cloudapp.chinacloudapi.cn
self.events.data.microsoft.com
officeclient.microsoft.com
ecs.office.com
edge.microsoft.com
ipv6.msftncsi.com
mrodevicemgr.officeapps.live.com
login.live.com
client.wns.windows.com
activation-v2.sls.microsoft.com
nw-umwatson.events.data.microsoft.com
g.live.com
wdcpalt.microsoft.com
oneclient.sfx.ms

After testing, it was found that C:\Windows\System32\slui.exe will access the windows activation server activation-v2.sls.microsoft.com

To prevent Windows activation, I chose to block all these domain name resolutions.

4 Solution for Blocking Domain Name Resolution

Block the resolution of the above domain names to prevent Windows from activating automatically.

• Connect the new computer to another computer’s Wi-Fi hotspot for internet access. Install YogaDNS on the computer providing the hotspot and block these domain names.
• Set the DNS address of the new computer to a DNS server that can block domain names (for example, use SimpleDnsCrypt to set up a local domain name caching server).
• Install YogaDNS on the new computer, block the above domain names, and then set the DNS address to a DNS server that can block domain names or an unreachable IP address (such as 127.0.0.1) as a backup to ensure that even if YogaDNS fails, automatic activation of Windows can still be prevented.
• In the hosts file, resolve the above domain names to 0.0.0.0.

The fourth method has not been practiced, so I’m not sure if it’s feasible.

Here I will introduce the third method: installing YogaDNS on the new computer to block domain names.

YogaDNS works by intercepting domain name requests on the system, then proxying DNS requests itself, ignoring the system’s DNS server settings.

The operating system here is Win11 Home China 22H.

4.1 Steps

1. Uninstall various software provided by the manufacturer(Including various services hidden as drivers, such as Lenovo’s System Interface Foundation Service) and prohibiting driver services from networking

2. Download and install YogaDNS, and configure it to start automatically with the system.

Download from

https://www.yogadns.com/download/YogaDNSSetup.exe.

3. Save the following content as yogadns-config.xml file

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58

<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<YogaDnsProfile file_format="1" product_id="1" product_min_version="127000">
	<Settings ignore_rule_if_interface_down="1" blockTcpPort53="1" clearDnsCache="1" ttlMin="0" ttlMax="2147483647" captivePortalDetection="0" interceptOthers="0">
		<DnsChecker testTarget="iana.org" testsPerTime="15" importUrls="https://yogadns.com/resolvers/resolvers.md
https://raw.githubusercontent.com/DNSCrypt/dnscrypt-resolvers/master/v3/public-resolvers.md
https://raw.githubusercontent.com/DNSCrypt/dnscrypt-resolvers/master/v3/relays.md
" />
	</Settings>
	<Rule name="block dns" enabled="1" dnssec_local_validation="0" dnssec_reject_unsigned="0" block_return_zero_ip="0" hostnames="_ldap._tcp.dc._msdcs.mshome.net 
wpad.mshome.net
config.edge.skype.com
mshome.net
cu1prodehnswssenglogs.servicebus.windows.net
www.msftconnecttest.com
fs.microsoft.com
dns.msftncsi.com
islnhxoktsami.mshome.net
watson.events.data.microsoft.com
fd.api.iris.microsoft.com
settings-win.data.microsoft.com
slscr.update.microsoft.com
ctldl.windowsupdate.com
rls-proxy-01.chinaeast2.cloudapp.chinacloudapi.cn
self.events.data.microsoft.com
officeclient.microsoft.com
ecs.office.com
edge.microsoft.com
*.microsoft.com
*.windowsupdate.com
*.office.com
*.mshome.net
ipv6.msftncsi.com
mrodevicemgr.officeapps.live.com
login.live.com
client.wns.windows.com
*.windows.com
*.live.com
*.live.net
*.msedge.net
*.windows.net
*.sfx.ms
*.msn.com
*.msn.cn
*.office365.com
*.skype.com
*.msftncsi.com
*.azureedge.net
*.azurefd.net
*.msocdn.com
*.bing.net
*.bing.com
*.microsoft.net" action="block" action_id="0" interface_id="" interface_id_type="id" interface_name="" />
	<Rule name="Default" enabled="1" dnssec_local_validation="0" dnssec_reject_unsigned="0" hostnames="*" action="process_server" action_id="1001" interface_id="" interface_id_type="id" interface_name="" />
	<DnsPool id="1002" name="New Pool" type="redundancy" redundancy_test_host="iana.org" redundancy_recheck_delay="60">
		<DnsServer id="1001" />
	</DnsPool>
	<DnsServer id="1001" name="aliyun" protocol="doh" af="2" ip="223.5.5.5" doh_host_name="dns.alidns.com" doh_path="/dns-query" doh_hashes="98E3:D5E5:36AF:2958:CD2F:7F14:F704:EF4A:276D:25E3:3CD6:5F2E:65F5:E4F2:727C:1330" />
</YogaDnsProfile>

4. Start YogaDNS, in the Configuration Wizard interface, select “Import from a YogaDNS configuration file” and import the yogadns-config.xml file above.

Then, you can connect to the Internet freely without Windows activating automatically.

5 Automatic Network Disconnection

After blocking domain name resolution as described above, there may be an issue of automatic disconnection after connecting to the wireless network, and you may see system events like the following in the event viewer:

WLAN AutoConfig detected limited connectivity, trying to recover automatically.

Recovery type: 4 Error code: 0x0 Trigger reason: 5 IP series: 0

To solve this issue, save the following content as WcmSvc-disableBadStateTracking.reg, then double-click the file to take effect (this will disable abnormal state monitoring for wireless networks).

1
2
3
4

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WcmSvc]
"EnableBadStateTracking"=dword:00000000

6 Uninstall various software provided by the manufacturer

The manufacturer’s own software (such as XX Manager, my-xx, etc.) will also be automatically activated (submitting hardware information to their server for after-sales activation), so it is necessary to uninstall these software.

Even if you don’t uninstall these software, use a firewall to block networking.

7 Other Tips

7.1 Obtain the Key Saved in the BIOS of the Local Machine

If KMS activation is used and you want to revert to the original genuine activation, you need to know the key.

Method 1: Using Command to Obtain, execute the following in PowerShell:

1

(Get-WmiObject -query 'select * from SoftwareLicensingService').OA3xOriginalProductKey

Method 2: Using Registry, press Windows+R shortcut keys, type regedit, and navigate to [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ClipSVC]. The LastBiosKey value in this path is the key.

8 Reference

Microsoft releases list of domain names accessed by Windows Windows 10 spies on your use of System Settings