OK, now you are changing your story: you claimed that it came with a license from the OEM.
However, while you are correct about the license violation, it still isn't theft. Theft requires intent, and there is no evidence of it. Furthermore, this is a civil matter about violation of contract, not a criminal matter.
Had the business owner been given an opportunity to remedy the problem by removing (or buying a license for) the offending software that was inadvertantly passed on to another user, there wouldn't be an issue. He would probably even still be a Microsoft customer.
However, you do bring up an interesting problem: how many people or businesses could meet those requirements? Would your company survive a BSA audit, with no non-compliant items? If you have site licenses, it certainly makes it easier (but that's financially prohibitive for many small businesses). Are you absolutely sure that no one has installed unlicensed software on any of your PC's, or that the unused ones in the storeroom don't still have old copies of software on them?
Of all the clients that I've worked for, only one had stringent configuration and access controls on their PC's that prevented the installation of any software. The user was restricted from writing files anywhere except in their "home" directory (in Documents and Settings\Username). It was fine in theory, but caused a lot of problems with applications that didn't adhere to that rule.
Before your mentioned this, I was thinking that something along these lines is the answer for the small business that wants to keep their software licensing situation legal and under control.
I run my personal Win2000 and WinXP PC's within the least-privileged mode (for security reasons). But I have the Admin passwords for running Windows Update and installing software (I own these PC's.). It's a common misconception that computer users need to run with Administrator (root) privilege.
With Win2000 and XP, there are built-in methods in the OS to assist the business owner's efforts to keep the users within the desired privilege bounds. Unfortunately, the techniques are not common knowledge. There is definitely a need for a simple book/manual on how to set up Windows2000/XP PC's for maximum security and minimum user privilege. Medium and large companies have IT people who possess the know-how to make this happen. But small businesses often don't have dedicated IT people, or they have poorly-trained IT person(s).
The theory was fine practice when we ran our computing on mainframes and minis and we recognized concepts such as the system disk, operating system directories and a separation between data and software. Data Processing 101, it all used to be, taught at junior college level, before Gore2000's (ex?) employer decided to rewrite the rules and take us backwards into the future. I still shudder at the thought that all these programs (by Gore2000's company and others) I install or deinstall and run and the web browsers I run, write to the system disk, write to the operating system directories, to the operating system configuration files, mix my personal trash with critical operating system files and so on. It looks to me like the idiot hackers raised on EUNUCHS took over operating system design and the mess they've created is the new "standard". I wonder what they teach in Data Processing 101 nowadays!