>
>The volume serial number can be changed easily right within windows. Better to get the physical serial number of the harddisk instead.
All these techniques can be by-passed. It comes down to a question of (1) what do you want to protect (the value of it), (2) how long you want to protect it (effort to break), and (3) from who you are trying to protect it. There are many, many options that can be used depending on the answers to these security requirements.
Personally we use a unique key generated from the hardware which requires a registration key from our company. The user can get as many of these from us as he wants just as long as he can convince us it's a genuine request. And when our software updates itself it passes these hardware+registration keys to our server so we know which ones are being used, how often, from what IP address, etc.
In the End, we will remember not the words of our enemies, but the silence of our friends - Martin Luther King, Jr.