Previously if you pirated a copy and tried to update the site would say “sorry this key isn’t genuine” though there were ways around that with third party apps. So at the end of the NT4 days and Windows 2KPro I think some scene group got a hold of one of these keys and since MS can’t just reject it as millions of OEM machines like Dell or whomever it came from would need new keys you could just use it, go online and pull windows updates from the web site. So you as a company didn’t have to keep up with a shit ton of keys. Before the OEM keys were extracted from the bios of Dell and HP in the XP days Microsoft would give large corporations like Dell and Government a single key that basically had unlimited installs. I use it to this day for most passwords because it's long AF and hits all requirements for passwords and I seriously doubt any brute force or dictionary attack is using Windows license keys as a dictionary to look against.
there was Microsofts Corp Key for Win2K that got leaked and activated on all hardware.
But, I did get to keep like 200 Windows 2000 Pro and Windows NT 4.0 OEM licensees. Was about 3 years later that company went down for all the other shady shit. So we turned that over to BSA, they reviewed it, then got us in contact with Microsofts department for all that, I was able to work out a deal where we could purchase a bulk of licenses a month at a time to bring us all up to date. When I reached out to the company that sold them to us, it was long sold by 3 different owners and the most I got from them was their original invoice from whomever they bought the 50 license from and a letterhead saying "all we can provide is proof of 50 or so out of the 500 "sold" to company" My searched turned up that whomever spun up this call center was doing some shady ass shit, we only could physically account for about 50 actual bought Windows and 3 Windows Server licenses, the rest were just "quotes". My job was to locate all the licensing I could on 500+ machines for Windows NT 4.0, Office 2000 if we had it on any machine and all the server licesning. Some ex-employee left and called the BSA back in the late 90's early 2k's. When I was 17/18 worked at a callcenter with about 500 seats. Microsoft mostly just wants you to pull licensing from products which can have their actual licenses pulled, then they want an accounting of how many pc's are on network (AD joined), and then proof, or best proof of purchasing. Just got done with 3 companies we support doing said audits.