Windows Serial Number
 

Does anyone know if corporations/universities install Windows on multiple computers with the same serial number? or is each computer given a unique Windows serial number?

I ask because v5 tries to detect copying the entire prime95 directory to a new machine. Unfortunately, detecting hardware changes in a portable way is near impossible. A (non-unique) hardware ID is generated from the CPUID information. The v5 protocol also allows for a Windows-specific hardware ID and the Windows Serial number is the easiest, hopefully unique, piece of information I can get my hands on.

Good question. I know that making images of Windows systems you need to change the SSID for those machines to exist on the same network without conflict. When you say "serial #" what exactly are you talking about, the SSID, the product key?

Is this detection just to warn the user they might be doing duplicated work or for some other purpose?

With the NFSNET project, we looked at the MAC address and the HD serial number to help uniquely identify hosts.

I'm looking at registry entry HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ProductId

Making sure each machine has a unique ID is helpful for a variety of reasons. Better reporting of your computers, making sure you don't copy everything to another computer thus duplicating work, etc.

It won't be fatal to have to computers share the same UID. However, if one changes the preferred work assignment it will affect the work the other gets. If one starts reporting bad results, both could be forced to do TF or ECM.

I briefly looked at some HDD code but it didn't look portable, doesn't work with network drives, and I don't know if it works with SCSI and SATA.

I looked some at Windows WMI but I don't think that runs on all flavors of Windows.

I worry about the MAC addr changing with new network cards or the addition of a wireless adapter.

This isn't an easy problem... Fortunately, a perfect solution is not required.

It really depends. Most coporations either buy a bulk of key ID's and use them or they have some aggrement where a key is not needed to install and microsoft just keeps count on how many computers windows was installed on.

I am not sure if you were asking this. Your question is a bit unclear.

check for a changed windows name you know in system then generate a new hardware also add a feature were you can have the option to have the name for prime95 be the system name in windows

If you can use the machine SID, and compare against the computer name, may be your best bet.

When we clone machines, we change the machine SID and the computer name. Computer names can change in the future, but rarely the SID after deployment.

Might be useful: [url]http://www.sysinternals.com/Utilities/NewSid.html[/url]

Client MACHINE identification etc
 

There are problems to your approach. One is that the Microsoft product key is NOT used by people running clients on LINUX!

The product ID field may not always be unique although the registry SID probably is. This is because of the way large OEMs like Dell deal with their windows licensing.

One place to start might be the network MAC address (although some machines are floppy sneakernet across the office from the machine obtaining the work), and may not have an onboard NIC.

Also what happens if I take out the NIC for upgrade say to Gigabit, or to repair a faulty one - different MAC! Or consider my laptop: depending on the day/time I may insert either 3com Megahertz 100 Mbit PCMCIA card (for wired lan) or 3com Wireless 802.11b/g PCMCIA card for wireless lan. At other times neither may be inserted. Therefore on the same processor, the MAC will appear to change or not be present.

Also, IP address is clearly a non-starter as these can change and many people are on dynamic addresses rather than static.

Hard drive (Windows volume) size is unsuitable too because of swaps to upgrade, repair, or repartition (eg shrink Windows to accomodate dualbooting linux).

Remember the hoo-hah over Intel putting a (not guaranteed) unique "serial ID" into the Pentium 3 chip?

Well for similar reasons people might not want such details transmitted from their machine.

Similarly it could be strongly argued that to collect and build a database of people's Windows product keys could be open to abuses including piracy of Microsoft software (I doubt they would be happy about such "harvesting").

Although we trust you George, the fact that you transmit most information IN PLAIN TEXT UNENCRYPTED means that this is not a good course to take.

Possibly the first time a client runs, generate a random number (large enough to be statistically unique or hashed with the date/time/epoch).

In Windows, write this number to a registry key on the machine's OS.

Upon running, read the registry key and you know a given machine.

I think you still need to allow for the possibility (probability) that people will start a test on one machine and complete on another (eg buy a new PC), move from home to work etc.

Therefore I think you need to develop a means to support logging of the SERIES of unique machines used during a given test.

If the result is found to be wrong at double check you will then have an audit trail of which machines (plural) might have been responsible for the error.

I think you may need to consider further.... What you are interested in is that work was done on a PARTICULAR CPU/MOTHERBOARD/MEMORY combination (which may have been "checked" as known good).

Other components should not affect reliability of results produced on the machine (although new PSU might).

So the problem is not just wanting to know that someone moved the exponent/workfile from machine A to machine B, but knowing whether machine A is now machine A but with different RAM sticks, or overclocked etc.

You can identify the MODEL and STEPPING of PROCESSOR to see if that changed.
You can measure the operating speed of the processor (and compare with rated speed). This will show whether the machine is MORE overclocked than when it passed self-test. You can use Serial presence detect (SPD) to identify what capacity and latency the RAM is to see if the sticks were swapped. You will also need to identify the motherboard chipset or model number (from bios string).

Only THEN can you have some idea that exponent went from machine A to machine A with extra RAM that is untested for priming use.

You may also record nominal cpu temperature because if the fan failed or the cooling system got swapped for a less efficient that might be enough to cause errors by a machine that previously passed self-test. Unfortunately going down this route the same could be due to which room the PC is kept in (hot/cold), not to mention moving house between states and seasonal climate variation.

When you detect any such changes to the configuration, perhaps you intend to run a (shortened version of?) self-test, to re-certify the machine as known good.

An alternative mechanism is to place menu options to allow people to manage exponent booking in/out themselves. (needs to be EASY) ie to say I'm moving this exponent to machine B for a while. This could offer opportunity for user to enter a comment when they swap memory sticks etc, and such could be logged and viewed if the result was shown to be wrong when double checked. You could have a sub-key which you increment every time there is such a change.

eg MACADDRESS(S?) concatenated with drive size concatenated with the RAM specs concatenated with the number of times the user has TOLD you about a change to their config.

Another option is to introduce Microsoft-style PRODUCT ACTIVATION - but then everyone would hate you!

eg you can't assume that a client will have internet connectivity when it starts a test (the exponent could have been downloaded by another machine). In any case you OUGHT to distinguish between which machine/userid the work is given out to and which machine(s) actually do the math. I assume that's what you're trying to achieve here.

I suggest that you create your own unique ID for each machine rather than rely on someone else's.

Provided you don't assume uniqueness the MAC address (or lack of) could be a good place to start. Every time it changes, log this into a file associated with the exponent being tested.

BUT don't go transmitting my sites MAC addresses across the internet in plain text - at minimum they should be scrambled eg using a simple XOR scheme, ideally strong encryption. The reason is this is confidential information. Someone in possession of mac addresses here could use such information to "spoof" the source address and impersonate a valid machine. Many companies use restriction of selected mac addresses on their lan switch, or to limit access to a wireless access point. Although used in conjunction with other measures (like WEP encryption), clearly to divulge such information would increase the risk of a breach in security.

As part of this I think V5 should also gather detailed cpu info.
eg currently it cannot distinguish Celeron/Celeron D, Pentium Northwood from Smithfield etc. or that hyperthreading is enabled or not.

The NEW V5 server probably ought to gather cpu model and stepping, number of virtual cpus on machine etc. It should also offer reporting of results broken down to this granularity eg ..... work was done on Pentium D machines.

Reports should also be able to show the audit trail of which machines took part in a given test.

Finally I think although all these features are nice, you should offer the user an option NOT to transmit such machine information.

Don't use Microsoft keys for Gimps
 

Another thought occurred to me.

You ask if the same keys are used to install Windows on several machines.

Well, for operating systems pre-XP, there was not product activation.

Therefore it was common practice for machines to be installed (eg from cloned hard drive) with the same Product ID etc.

That was EVEN if the company has a unique license and certificate of authenticity covering each machine, the in-registry details may be identical and not reflect this.

Additionally there is WIDESPREAD piracy of Microsoft OS before XP.

In some cases this is done by companies who install additional copies without ensuring they have licenses covering them, or domestic use, the same disk set is used to upgrade all machines in the house.

In some cases the original disks are not possessed at all simply borrowed or pirated.

In some countries eg China or Africa it is often considered socially acceptable and "nobody" BUYS software (because it's too expensive).

Therefore in no way should you consider Product Key unique (although product ID generated when installing from it may have some variability but not enough to make all product IDs globally unique).

If you do collect Product IDs from Windows for comparison, this would be problematic.

Anyone not SURE of the legitimacy of their installed Windows OS might suspect that you might pass such list to Microsoft (or be legally compelled to do so). Computer dealers (eg when repairing machines) are under STRONG pressure from Microsoft to report suspected offenders, and similar could happen (or be suspected MIGHT happen) of GIMPS.

Therefore any attempt to use windows licensing details would probably disincentivise a proportion of current GIMPS participants and discourage some new ones from taking part. We should avoid this approach.

P.S. For statistical purposes I do think it is worth recording the OS version (and service packs) or linux distro/version on which the machine is running. This should include 64-bitness or not, and be available for statistical reporting.

is serial diffrent than cd key

i know at work we use the same cd key for all the machines but we have "licences" for the entire room

we just use the same key becuase thats what the image has

[QUOTE=Peter Nelson]Well for similar reasons people might not want such details transmitted from their machine.[/QUOTE]

One step ahead of you there. I've downloaded md5 code and only send the 128-bit signature.