VMware question

I’m thinking of installing VMware Player to play around with malware, and I have a couple questions.

First, when I install the OS, when I get to the part where it asks for the Win7 product key, what should I do?
Type it in or just use Windows for 30 days and reinstall?
Is there a problem using the same Prod. key twice on the same machine?

Second, once the OS is installed, should I also install a System Image software to make it easier to
jump back to a time before I am infected?

Any tips or warnings would be appreciated.


I know there are those that just never register because they’re planning on having to just ■■■■ the VM away when/if it gets detected. If you want to install any Windows updates though, you’re going to need to register it. If you’re going to be testing malware and want a more accurate real-world test, you’ve probably going to want to install the updates. Otherwise, you might be hit by an exploit that most users are likely already invulnerable to.

I’m not sure how picky the Windows 7 activation is, but installing the OS is going to change some of the hardware from your existing install to VMWare equivalents. I’m unsure if Win 7 will consider this a new machine or not. With Win XP, I’ve used the same key on my VM as my host machine with no problems.

Yes, it’s always a good idea to make a backup of your VM unless you want to continually create a new one. I have my VM’s backed up, as well as Comodo Time Machine installed on my XP VM. So far, I haven’t needed to use my backups because rolling back to a clean state with CTM has been sufficient.

Just skip the serial during setup; and never enter it, Update it as latest you can then make an snapshot of the machine, then continue from there…

Snapshots aren’t available in VMware. On contrary, they’re available in Virtualbox.
CTM works on VMware. “Could” work in Virtualbox (not secure).
In theory, Windows EULA consider the virtual environment a completely different Windows installation and, indeed, requires a second license. Anyway, I really doubt Microsoft will block “two” installations-only of Windows. Although, it’s illegal.

Really? I completely thought the image below was of VMWare with Managing Snapshots for vmware?..

I do understand that Vmware workstation includes Snapshots but not the player…

[attachment deleted by admin]

Yes, you need to pay for Workstation. The free Player doesn’t have snapshot capabilities.

Well, maybe I’m wrong. I’ve tried the free registered version of VMware server (Server Management Software - vCenter | VMware) and I never found snapshoting on it. Only WMWare professional has it. The player not.

See if this helps.

VMWare Server User Guide - Page 193

Suspending a virtual machine allows you to save the current state so that you can continue work later from the same state. Taking a snapshot allows you to preserve the state of a virtual machine so that you can return to the same state repeatedly. To perform suspend or snapshot operations, you must have the required permissions.


VMWare player also allows you to suspend the machine, but the snapshot is over-written when you resume the machine. So it’s less than useful as a rollback tool.

Right, I wasn’t thinking when I mentioned using an Imaging software.
I’ll probably use CTM to roll back.

As for using the same key twice, I’m just paranoid that Microsoft will block my “host” OS
thinking that the “guest” OS is a new installation. If you know what I mean.
Does that make sense?

So at this point, I guess I’ll use Jacobs and Techs method and use CTM to make snapshots.

EDIT: I’m sorry I didn’t mention that I will use VWware Player.

I would honestly just skip the serial; you can still do updates (even update to SP1)…
and every 30 days or so just use CTM to go back to the same day you had the fresh install

:slight_smile: No Worries

If you have any questions just ask –

Jacob, won’t the Windows activation discover the date rollback that occurs in this case? I mean, the time passed from the file installation and the actual date of today?

Use windows 7 in the virtual machine for up to 29 days (Don`t select automatically activate when online during install).

Go to the registry via regedit and find the key “HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsNT\CurrentVersion\SoftwareProtectionPlatform” ->right click on it and see if SkipRearm is set to 0.
If not set it to 0

At the end of the 30 days from an elevated cmd prompt type in “slmgr-rearm” and press enter. This will give you another 30 days and can be done 3 times (so thats up to 120 days with updates). Perfectly legal as far as im aware!

If you forget how many times you`ve re-armed, enter from an elevated cmd prompt “slmgr.vbs -dlv” and it should show you the amount left at the bottom.

I wish anybody could answer this too.

As I’ve already stated, I’ve done this with Win XP and haven’t had any problems.

Thanks. But for safety, I would like to see in a Windows 7 installation :slight_smile:

Windows 7 Install;
I never had any problems if something do arise (like they say it’s invalid just say you reformatted your PC due to Malware Infection and then they’ll put the serial back on the whitelist. it takes about 15 minutes to go through this…)

BUT If you use CTM you are least likely to have an issue as described above; because it will reset the date back so you would still have 30 Some odd days

Thanks Jacob.

??? What do you mean?