How to disable Microsofts new Anti-Piracy Program Update

Posted by Martin in Security  Tags: ,

27

Apr



It seems that the method that I previously posted is not working really well. If you rename the files windows will try and install the update again. Therefor one has to find another way to disable this, what we do is disable the execute bit on wgalogon.dll. That way, winlogon can’t call it as a notification package at boot, and since WgaLogon is responsible for running and maintaining WgaTray.exe, no more tray popups either. (source)

  • In explorer, go to Tools > Folder Options. Then, go to View > Advanced Settings and uncheck “Use simple file sharing”. Hit OK. Now, let’s change the permissions for WgaLogon:
  • In the Address bar, type (without quotes) “%WinDir%\system32″ and hit enter.

  • Scroll down to WgaLogon.dll, right click on it, pick Properties. Go to Security.
  • Hit the Advanced button, uncheck the Inherit box at the bottom, hit the Copy button, then hit OK. Now we have a local copy of the ACL which we can modify.
  • Go through each listed user/group and remove the “Read & Execute” permission for that file, leaving the “Read” permission as-is.
  • Hit OK to apply the permission changes and close the file properties dialog. Restart the machine. You can now turn “Use simple file sharing” back on, if you want.

  • Like such posts? Get updates via RSS NEWS FEED. Love Ghacks? Find out how you can help!

    Spread The Article: Digg del.icio.us StumbleUpon Reddit Facebook Slashdot TwitThis YahooMyWeb Fark Mixx NewsVine

    35 Users Commented In This Post

    Subscribe To This Post Comment Rss Or TrackBack URL
    Lobo Schmidt says, April 27th, 2006   

    Still couldn’t find the “WgaLogon.dll”. I must be under some virus or something like that.

    Maybe it’s time to format my system again. I’ve been experimenting some strange situations.

    Anyway, thanks for posting this up. I’ll try it again latter.

    arturogoga » Windows y su programa antipirateria. Como desactivarlo! says, April 27th, 2006   

    [...] Lo que se debe hacer, según ghacks, es desactivar la parte ejecutable de wgalogon.dll. De esta manera, winlogon no podrá utilizarlo como un paquete de notificación al inicio, y debido a que wgaLogon es responsable de correr el wgatray.exe (el que avisa cuando estamos utilizando windows), no habrán más avisos mientras trabajamos, tampoco. [...]

    Martin says, April 27th, 2006   

    Lobo you only have that file if you download the latest patch as far as i know..

    Lobo Schmidt says, April 28th, 2006   

    Oh, now I understood, thanks Martin.

    But now comes this doubth (sorry about the spell):

    How can I install the lastest version of Internet Explorer (not that I want to use it more than my Opera or my Firefox) and bypass it’s windows certificate test?

    Martin says, April 28th, 2006   

    This tool has nothing to do with the checks that are made when you download patches. At least that´s what I think.

    I think it is an independent tool thats sole purpose is to verify the key of the windows installation.

    yee wei says, May 1st, 2006   

    hello,im from malaysia.Im almost done to disable Microsofts new Anti-Piracy
    .but what do u mean by “leaving the “Readâ€? permission as-is.” ???

    Bill Gates says, May 2nd, 2006   

    thank God for Mac

    Jones says, May 2nd, 2006   

    its only a start..MS is goona kill your family next

    Anne says, May 2nd, 2006   

    …and rape your dog

    Ragnar Danneskjold says, May 3rd, 2006   

    This worked great! Thanks so much.

    Colin says, May 5th, 2006   

    Brilliant! Very clear for an old fart like me to follow and it worked! i’ll be back!

    pililatus says, May 5th, 2006   

    Gracias son unos genios

    Emann says, May 5th, 2006   

    Thank you oh great one…. we are not worthy…

    Kujo says, May 5th, 2006   

    Worked like a charm! Thanks.

    Dorey says, May 7th, 2006   

    Awesome it worked!if I can do it, anyone can

    keren says, May 7th, 2006   

    hello,
    thankyou thankyou thankyou it works great!!!!!
    it annoyed me soo much and now it’s gone!!!!!!!

    silviu says, May 9th, 2006   

    only works for ntfs there is no security tab for fat32

    slackware says, May 10th, 2006   

    thank god for linux

    spider says, May 11th, 2006   

    Tried almost everything, looking for hacks all night. So far this one only worked. Thnxs.

    RM says, May 23rd, 2006   

    I found number ways to disable that pesky Update from MS but your method
    worked (crossing fingers) and hopefully will continue to:). I was a iditot
    and should have known when MS has a Eula for a Download to Read it or hire
    a lawyer hehe. Thx alot. Was terrifed I would mess up and system would not
    boot. Regards. RM.

    Cici says, May 24th, 2006   

    hi, but when i right click and get into the ‘properties’of Wgalogon.dll,
    there is no ’security’, so i don’t know what to do now, only saw ‘General’,
    ‘version’, and ‘Digital signature’. pls help me. it is rather annoying,
    because everytime i try to shut down my PC, the WGA.exe always keep running
    and can’t be stopped. thnx a lot!

    Martin says, May 24th, 2006   

    did you do exactly as the article told you to do ?

    Tom says, May 27th, 2006   

    Fantastic! Works like a dream…Thank you so much!!!!Now just turn

    of automatic update! SLICK!

    Bruce says, May 29th, 2006   

    THANKS!

    On my LEGIT DELL OEM copy of XP at work, this newest update was forcing my system
    to connect to the internet on every boot up, I guess for some kind of authentication
    process.

    Since I have several automated PC’s, that re-boot automaticly, the “PROXY
    AUTHENTICATION” (we need to have a valid user id and password to connect to the
    internet, I cannot automate this process) would sit there until I pressed the
    OK button.

    Since these PC’s are application servers, running 24/7 and I schedule daily
    re-boots on some of them, this new authentication was very annoying.

    The above posted process seemed to work very nicely for me!

    Thanks!

    Eugene says, June 14th, 2006   

    Thanks. It works great.

    aresdamian says, August 2nd, 2006   

    thanks, This worked great! Thanks so much.

    BAF says, August 6th, 2006   

    Bruce: if they are 24/7 servers, why do you reboot them?

    Slayer0420 says, August 15th, 2006   

    Spybot search and destroy detects it as a startup item (system.ini) .
    You can just remove the check to disable it @ start up.
    Deleteing it doesn’t work it just comes back .

    GPig says, August 17th, 2006   

    just download Autoruns from sysinternals … http://www.sysinternals.com/Utilities/autoruns.html
    run it and go to the WinLogin tab and clear the tick box next to ‘Wgalogon’ - it couldn’t be easier.

    walter says, August 30th, 2006   

    Thanks a lot!! it works only with NTFS filesystem. Not with FAT32 since there´s no security tab.
    (funciona solo en NTFS, no con FAT32 ya que no hay solapa de seguridad)

    JD says, September 2nd, 2006   

    I don’t have “Use simple file sharingâ€? as a folder option under view. Any thoughts?

    Bebe says, September 17th, 2006   

    When I open Explorer and I go to Tools… there is no “Folder Options” only “Internet Options”. If I go there and go to the “Advanced” tab, there is no “Use simple file sharing” box to uncheck. Any ideas why and what one can do in this situation?

    BB says, September 18th, 2006   

    Thanks, worked well. Can I turn Updates back on?

    Martin says, September 18th, 2006   

    Bebe yes, Explorer is not Internet Explorer. Open a Folder, there you find the Tools menu and everything else.

    Dee says, October 18th, 2006   

    so with having some permissions off would anything be different? other then the anit-priacy program turned off?.. like any secruity issues that was disabled because of this ?

    it works btw.
    thanks

    Leave Your Comments Below
    Hello, please leave your thought below

    Please Note: Each comment will be manually approved by an admin. There is no guarantee that a comment will be posted. Please do not submit the comment multiple times.