>We have been using a system based on the hard disk's serial number to stop the program from working on non-authorized computers; in Windows 7, this system fails miserably. It took me a while to figure this out, but it seems that this is on purpose: the Windows function that is supposed to return the hard disk's serial number fails, due to privacy concerns.
>
>Is there any way around this? For example, I might request administrative permissions for the program - although right now, I don't know how. Also, this verification would have to be done every time the program starts, and it would be quite a hassle for the user to authorize the program every time it starts.
>
>We have also considered getting the volume number instead - the information shown with the "vol" command in a DOS window. Once again, I am afraid this might fail if the user doesn't have administrative rights.
>
>The possibility of writing a random value to some obscure Registry key also occurred to me, but once again, I am not sure what sort of access rights this requires.
>
>Or how is this situation normally handled?

If you're protecting a high-value product you could consider using dongles e.g. http://en.wikipedia.org/wiki/Software_protection_dongle

My understanding is Microsoft, starting with Windows XP, used a scheme where approximately 10 pieces of information about the computer were recorded at the time of product installation e.g.

- NetBIOS/TCPIP Host Name (first part of return value of SYS(0) in VFP)
- Ethernet adapter MAC address
- Datetime of creation of the Recycle Bin

The idea was if some or most of these data stayed the same, the software was allowed to continue to run. So, the user could change the network adapter, or replace a failed hard drive, and the system would continue to work. I don't know if the activation information gets updated in the case of hardware changes like that.

UPDATE: details of this at http://technet.microsoft.com/en-us/library/bb457054.aspx .

You might be able to leverage MS's protection scheme just by using the Product ID described in the link above.

If you'd like to use just one piece of information I'd look hard at using the host name. Yes, the user can change it, but with XP and later it tends to be a PITA. NetBIOS names must be unique on a LAN so it prevents multiple machines on the same LAN from using the software simultaneously. That feature can be useful if people try to circumvent your security by using VMs.

Speaking of which, VMs are going to be used increasingly in the future. They present some difficult problems for software copy protection, as all of the hardware is virtual. Theoretically, there's nothing stopping someone from installing your software on a VM, then distributing that VM. Anyone who can run that VM can then run your software.