6.1.2 Machine locking | Software protection, licensing and copy protection with PC Guard Software Copy Protection System

Remote protection: machine locking settings

Locking parameters (LOCKS)

There are two software (HD ID, OS ID) and five hardware (HD ID (HW), CD/DVD, NET ID, CPU ID and BIOS ID) locking parameters.

Lock ID	Description
HD ID (SW)	Volume serial number of system hard drive (OS drive).
OS ID (SW)	Operating system ID.
HD ID (HW)	Hard drive hardware ID.
CD ID (HW)	CD/DVD hardware ID.
NET ID (HW)	Network adapter hardware ID (MAC address) (see notes below)
CPU ID (HW)	Processor ID.
BIOS ID (HW)	Motherboard bios manufacturing date/revision.

Locks from remote machine can be reviewed by decoding MID codes in activation panel.

Mandatory locks

Each lock can be marked as mandatory.

For example, if NET ID is not marked as mandatory (default) and if Ethernet network adapter is not present on remote machine, protection code will just set NET ID to 0, obtain other locks and generate site/mid codes for remote computer.

If NET ID is marked as mandatory, protected application will require presence of at least single Ethernet network interface (internal or external) on remote computer. In this case locking to MAC address of network interface (NET ID) will be made mandatory for protected application.

If lock is marked as mandatory and if protection code is not able to obtain such lock on remote computer error message "Unable to obtain lock!" (Lock_Unavailable message in language editor) will be displayed to end user.

This error message will also include error code so that missing mandatory lock can be identified accordingly to the following table:

Lock ID	Error code
HD ID	1
BIOS ID	2
OS ID	3
NET ID	4
CPU ID	5
HD HW ID	6
CD HW ID	7

IMPORTANT: Application will display error message on each run until it is able to obtain mandatory lock. Activation dialog will not be displayed and user will not be able to activate application until protection code is able to obtain mandatory lock.

Flexible machine locking

By default, change in any of selected locking parameters will result in license reset. Application will erase current license, change site/mid codes and request new activation code.

Use flexible machine locking feature to customize default locking policy and to make it more flexible.

Select "Flexible locking" option to enable this feature.

If 'Changeable' flag is not selected, protection code will not allow changes for appropriate locking parameter. This is default behavior. If selected, protection code will allow changes for locking parameter.

If multiple hardware (hw) locking parameters are marked as changeable, protection code will not reset license as long as total number of changes is lower than defined maximum number of allowed hardware changes.

Maximum number of allowed hardware changes should be lower or same as total number of 'changeable' hardware locking parameters.

Changes tracking is not cumulative. For example, lock can change from original value and then change back to original (no change will be detected) or some different value (change will still be detected as change in single lock). Protection code will count total number of different locks and compare it to selected number of allowed hardware changes.

Don't randomize Site/MID codes for first installation option.

By default, Site/MID codes are always randomized for additional security. In this way, protected application will generate different Site/MID codes even on identical machines or in VM environment.

Select this option if you want to ease default locking policy for your clients. If this option is enabled, Site/MID code will not be additionally randomized on first install. If software locking parameters (HD ID and OS ID) are disabled, protected application will generate same Site/MID codes after HD format or same OS reinstallation.

NOTE: Site/MID codes will still be randomized after evaluation extension, license removal, license transfer or license extension.

IMPORTANT: If software locking parameters are disabled, end user will be able to reactivate previously removed, transferred or expired license on same computer after hd format or OS reinstall by using original activation code used for first installation!

Check locally administered MAC address (NET ID)

This option is valid in case NET ID (MAC address locking) is enabled. (Default: OFF)

If selected and in case detected MAC address is locally administered, protection code will try to determine original MAC address of network adapter. In case of failure, such adapter will not be used for locking.

Additionally, if NET ID is marked as mandatory protection code will not use network adapter with locally administered MAC address in case it is not able to determine original MAC address.

Machine locking notes

- Machine locking is available for REMOTE protection method only.

- Site code / Machine ID (MID) codes from remote computer are based on locking parameters:

- Use Machine ID decoding feature (in activation panel) to get each locking parameter value from remote computer. In this way you can easily compare old and new locking parameters and thus prevent false requests for new activation codes.

- Protection code will scan all cd, dvd, hd devices and network cards on each run.

- Changing the sequence of cd/dvd/hd drives or primary network adapter will not affect license status. Only in case appropriate device is disabled, removed from system or replaced with another device, protection code will reset license and ask for new activation code.

NET ID notes

- Virtual network adapters are detected and not used for locking.

- Only physical wired or wireless adapters including external USB adapters are used for locking.

- Internal physical Ethernet and SDIO (usually found in tablets) network adapters have priority over external USB network adapters. Only in case no internal network adapters are found protection code will use external USB network adapters for NET ID.

- Use "Check locally administered MAC address (NET ID)" option to handle network adapters locally administered MAC addresses.

- Protection code will scan the list of all available and enabled network adapters starting from the first adapter on the list until it finds the one suitable for locking. Once found, network adapter mac address is detected and used for generation of site/mid codes. Other network adapters are ignored at this point.

- After activation, protection code will scan all network adapters for above mac address on each run. In this way protection code will be able to detect network adapter used for locking even in case adapters list has been changed.

- If adapter is disabled or removed, application will not be able to find adapter with appropriate mac address and will mark this lock as changed. Depending on locking policy this may result in license reset.

Changing machine locking policy for new update

If new update is protected with same project settings but with changed machine locking policy (different locks) here is what will happen on remote computers:

If previous update is not activated on remote computer new update will generate new (different) pair of Site/MID codes.

If previous update is activated on remote computer and some locking parameters are only turned OFF in new update, new update will not reset license (Site/MID code will not change).

If previous update is activated on remote computer and some locking parameters are turned ON in new update, new update will display error message, reset license and ask for new activation code.