News, tips, advice, support for Windows, Office, PCs & more
Home icon Home icon Home icon Email icon RSS icon

We're community supported and proud of it!

  • How you might install Win 11 on older PCs lacking TPM 2.0

    Home Forums AskWoody blog How you might install Win 11 on older PCs lacking TPM 2.0

    Viewing 33 reply threads
    • Author
      Posts
      • #2388052
        Brian Livingston
        AskWoody MVP

        PUBLIC DEFENDER By Brian Livingston Microsoft officially announced last week that it will offer Windows 11 in a phased release between October 5, 2021
        [See the full post at: How you might install Win 11 on older PCs lacking TPM 2.0]

        2 users thanked author for this post.
      • #2388057
        alQamar
        AskWoody_MVP

        Hi Brian thanks for your Initiative to help saving the environment.

        Windows 11 can be installed on any computer

        (licensing required)

        How to:

         

        You need an USB pen drive

        – Use the official Download Assistant and save the install files of Windows 10 to the USB pendrive.

        – Mount a Windows 11 ISO via Explorer

        – Place the Windows 11 sources\install.wim or install.esd to sources folder on the pen drive

        Despite it’s technical possible.

        I highly recommend to have

        8 GB of RAM. The 4GB requirement is utterly nonsense and not practical especially with a x64 OS.

        – An SSD or nvme as OS drive

        In UEFI

        – TPM 2.0 or ftpm enabled and sha1 disabled and sha256 or newer enabled

        – Vt-d /VT-x enabled

        – CSM or legacy boot Mode disabled) if your GPU supports it. Check before with gpu-z to see if the GPU has a UEFI GOP check.

        If you drive C is still not GPT convert it via the mbr2gpt. Make sure not to have more than 4 Partitions on the drive and no extended Partitions. Generally do not partition the c drive manually. It’s at cost of Performance anyway.

        Do not use mbr2gpt if any of the previous requirements on gpu or Partitions are not met.

         

        In Windows

        Enable Core isolation in Windows Security Center

        Remove all older drivers that would prevent it via Device Manager

        They are shown on enabling it. Windows 11 Device Manager can sort devices by driver names now which makes it very easy to identify blocking drivers. Often these are leftovers and not even used drivers.

        1 user thanked author for this post.
        • #2388058
          Olivier Gebuhrer
          AskWoody Plus

          This was suposed to be a guideline for installing windows 11 without  TPM but you say :

          – TPM 2.0 or ftpm enabled and sha1 disabled and sha256 or newer enabled Is it not a contradiction ?Please explain to a poor french customer .

          3 users thanked author for this post.
          • #2388127
            erbkaiser
            AskWoody Plus

            fTPM is firmware TPM, where there is no dedicated TPM chip but instead the CPU emulates one.

            Many if not all fTPMs have at least two banks, one for SHA1 keys and one for SHA256  keys. If SHA1 and is enabled and SHA256 not, it is not a TPM 2.0.

            If SHA1 and SHA256 are enabled at the same time, Windows11 may write the SHA256 hash with the SHA1 bank and fail.

            So for optimal compatibility SHA1 needs to be turned OFF in the UEFI for any system with an fTPM.

            1 user thanked author for this post.
            • #2388203
              rc primak
              AskWoody_MVP

              My Skylake based Intel NUC was like this, with fTPM. Win 11 Health Check did not allow it to be upgraded. This is not the main reason. It was the identity of the chipset itself as Skylake. It still remains to be seen if Win 11 will offer updates and full features even if it can be shoehorned onto older chipsets like this one.

              -- rc primak

              1 user thanked author for this post.
              • #2388220
                alQamar
                AskWoody_MVP

                Seems you misunderstood my intention of the my OP.

                I repeat you can install it under the given circumstances. Don’t give much on this compat test. It is marketing.

      • #2388082
        erbkaiser
        AskWoody Plus

        I would advice against installing Windows 11 on a computer without TPM 2 (or other requirements) as Microsoft has stated that these computers will not be able to update to the release version. This will leave these PCs in the sad state of running a beta build where the only option is to go back to Windows 10, which is only possible without a full reinstall if the previous version of Windows still exists on the hard drive. The longer the time from the Win11 beta install, the more likely this folder will be cleaned up for space.

         

         

        3 users thanked author for this post.
      • #2388089
        Paul
        AskWoody Plus

        Based on my experience with one of my laptops, I would make one addition to Brian Livingston’s very informative article “How you might install Win 11 on older PCs lacking TPM 2.0”. He says:

        Some PCs that are only three years old don’t have TPM 2.0 — or it’s disabled, according to a Tom’s Hardware analysis — so a few things demand our attention at this point:
        • How might you install Win11 on a PC without TPM 2.0?
        • Is TPM 2.0 something you do or do not want?
        • Is Win11 a version you need to install immediately, or can you wait?

        I would add one more bullet point before the three above, namely:
        • How to check whether your TPM 2.0 is turned off in BIOS and, if so, how to turn it on.

        1 user thanked author for this post.
      • #2388130
        anonymous
        Guest

        Microsoft’s tool for Windows 11 tells me that my computer’s core I7 processor implements TPM2.0, but at 5 years is too old and isn’t supported. I haven’t heard mention of a processor being too old, while the computer meets all the other requirements for TPM, Ram, free hard drive space, etc.

        • #2388209
          rc primak
          AskWoody_MVP

          There are other requirements, like the ability to support the virtualization used for Android Apps support, and more mundane things associated with added security.

          That said, I expect MS will relent and allow some 7th-gen Intel based systems to upgrade without hassles. Wait for the new PC Health Tool and see how it rates your PC before rushing out to replace it.

           

          -- rc primak

      • #2388165
        alQamar
        AskWoody_MVP

        Microsoft’s tool for Windows 11 tells me that my computer’s core I7 processor implements TPM2.0, but at 5 years is too old and isn’t supported. I haven’t heard mention of a processor being too old, while the computer meets all the other requirements for TPM, Ram, free hard drive space, etc.

        Anything older than Gen 8 and Ryzen 2000 is not supported, which just means you cannot contact support, but which does not mean you can still run it. If you do not need to contact MS support and most of us should not – and the quality is not great for home users anyway – except from licensing there is no problem to follow this instruction and be happy saving the planet from electronic waste and even more #overconsumption.

        Analogy: Win 7 / Win 8.0 is out of support which does not mean it does not run (and either does not mean it is a good idea to run it.

        fTPM is firmware TPM, where there is no dedicated TPM chip but instead the CPU emulates one.

        Many if not all fTPMs have at least two banks, one for SHA1 keys and one for SHA256  keys. If SHA1 and is enabled and SHA256 not, it is not a TPM 2.0.

        If SHA1 and SHA256 are enabled at the same time, Windows11 may write the SHA256 hash with the SHA1 bank and fail.

        So for optimal compatibility SHA1 needs to be turned OFF in the UEFI for any system with an fTPM.

        On many systems SHA1 and SHA256 is enabled simulaneously. It has no relation with the TPM 2.0 but just the certificate hash security. The higher the better 10th gen Intel introduced even higher ones than SHA256.

        I would advice against installing Windows 11 on a computer without TPM 2 (or other requirements) as Microsoft has stated that these computers will not be able to update to the release version. This will leave these PCs in the sad state of running a beta build where the only option is to go back to Windows 10, which is only possible without a full reinstall if the previous version of Windows still exists on the hard drive. The longer the time from the Win11 beta install, the more likely this folder will be cleaned up for space.

         

         

        You refer to the beta build my instruction is meant for the release build of Windows 11 coming on 5th of October. You will not have to uninstall anything. The next feature update will be likely an enablement package again and if there is a new full upgrade repeat the procedure.

        2 users thanked author for this post.
      • #2388164
        Carl036
        AskWoody Plus

        I have a home-built PC with an AMD processor. From the Microsoft hardware compatibility page post, it sounds like only Intel processors (and only select ones at that) will be deemed compatible. Is there any hope for a licensed version of Windows 11 on AMD processors? Or is Microsoft deciding to support only its partner Intel?

        • #2388210
          rc primak
          AskWoody_MVP

          Not true. AMD has a lot of compatible processors.

          -- rc primak

      • #2388171
        chasrome
        AskWoody Plus

        Sounds like Windows 8 all over again, eh?

        1 user thanked author for this post.
      • #2388176
        bbearren
        AskWoody MVP

        I don’t do clean installs, so this isn’t about a clean install.

        I have upgraded Windows 10 to Windows 11 (Beta, the hardware-restricted beta) on both sides of my dual boot with my TPM 1.2 disabled in BIOS (untouchable by the OS) and Secure Boot disabled.

        I’ve since reverted both back to Windows 10 simply by restoring their Image For Windows drive images, because I don’t want to run the Beta.  I’ll wait until the RTM, and give it another go and a more thorough test drive.

        But upgrading is almost unbelievably simple; all you need is a Windows 10 ISO and a Windows 11 ISO.  Logged in as a member of the Administrators group, right-click and mount each ISO, one at a time.  In the mounted Windows 10 ISO, open the “sources” folder and delete the file, “install.esd”.  In the mounted Windows ll ISO open the “sources” folder and copy the “install.esd” file.  Paste that file in the Windows 10 mounted ISO “sources” folder, then unmount the Windows 11 ISO, you don’t need it anymore.

        Now, in the mounted and modified Windows 10 ISO, right-click “setup.exe” and select “Run as administrator”, click Yes in the UAC, sit back and wait.  In about half an hour, you will be booted into Windows 11.  Works for my, YMMV.

        Create a fresh drive image before making system changes/Windows updates, in case you need to start over!
        "When you're troubleshooting, start with the simple and proceed to the complex."—M.O. Johns
        "Experience is what you get when you're looking for something else."—Sir Thomas Robert Deware

        4 users thanked author for this post.
      • #2388181
        aaron451
        AskWoody Plus

        Hi Brian,

        Wondering where this statement is coming from “TrueCrypt Foundation, which provides whole-volume encryption software”. TrueCrypt and the foundation are long gone. VeraCrypt is all that’s left.

        1 user thanked author for this post.
      • #2388196
        Alex5723
        AskWoody Plus

        I have a home-built PC with an AMD processor. From the Microsoft hardware compatibility page post, it sounds like only Intel processors (and only select ones at that) will be deemed compatible. Is there any hope for a licensed version of Windows 11 on AMD processors? Or is Microsoft deciding to support only its partner Intel?

        Select AMD processor are supported by Windows 11

        1 user thanked author for this post.
      • #2388204
        alQamar
        AskWoody_MVP

        I don’t do clean installs, so this isn’t about a clean install.

        I have upgraded Windows 10 to Windows 11 (Beta, the hardware-restricted beta) on both sides of my dual boot with my TPM 1.2 disabled in BIOS (untouchable by the OS) and Secure Boot disabled.

        I’ve since reverted both back to Windows 10 simply by restoring their Image For Windows drive images, because I don’t want to run the Beta.  I’ll wait until the RTM, and give it another go and a more thorough test drive.

        But upgrading is almost unbelievably simple; all you need is a Windows 10 ISO and a Windows 11 ISO.  Logged in as a member of the Administrators group, right-click and mount each ISO, one at a time.  In the mounted Windows 10 ISO, open the “sources” folder and delete the file, “install.esd”.  In the mounted Windows ll ISO open the “sources” folder and copy the “install.esd” file.  Paste that file in the Windows 10 mounted ISO “sources” folder, then unmount the Windows 11 ISO, you don’t need it anymore.

        Now, in the mounted and modified Windows 10 ISO, right-click “setup.exe” and select “Run as administrator”, click Yes in the UAC, sit back and wait.  In about half an hour, you will be booted into Windows 11.  Works for my, YMMV.

        What I said in my OP. 😉

        1 user thanked author for this post.
        • #2388235
          bbearren
          AskWoody MVP

          What I said in my OP

          Not quite.  I didn’t say:

          You need an USB pen drive

          – TPM 2.0 or ftpm enabled and sha1 disabled and sha256 or newer enabled

          – Vt-d /VT-x enabled

          Enable Core isolation in Windows Security Center

          Remove all older drivers that would prevent it via Device Manager

          I said:

          I have upgraded Windows 10 to Windows 11 (Beta, the hardware-restricted beta) on both sides of my dual boot with my TPM 1.2 disabled in BIOS (untouchable by the OS) and Secure Boot disabled.

          A pen drive is not needed for an inplace/upgrade.  It works quite well with a mounted ISO.  The other hardware requirements are not needed for an inplace/upgrade.

          Create a fresh drive image before making system changes/Windows updates, in case you need to start over!
          "When you're troubleshooting, start with the simple and proceed to the complex."—M.O. Johns
          "Experience is what you get when you're looking for something else."—Sir Thomas Robert Deware

      • #2388205
        MHCLV941
        AskWoody Plus

        In this week’s newsletter, both you and Susan Bradley make reference to “Microsoft’s updated PC Health Check app”.   It does not (yet?) exist.

        As of 6 September 2021 at 1143 US PDT, Upgrade to the New Windows 11 OS | Microsoft (the page which supposedly has this new app) says:

        Check for compatibility

        Use the PC Health Check app to see if your current PC meets the requirements to run Windows 11. If so, you can get a free upgrade when it rolls out

        COMING SOON

        How the heck can Microsoft be 30 days from the release of a new version of Windows and still not be able to tell me whether my machines will meet all its arbitrary diktats for hardware?

        1 user thanked author for this post.
        • #2388212
          rc primak
          AskWoody_MVP

          Those not buying new computers will not be offered Windows 11 upgrades for a lot longer. Probably late-2021 or early-2022 for eligible systems.

          -- rc primak

      • #2388208
        alQamar
        AskWoody_MVP

        This was suposed to be a guideline for installing windows 11 without  TPM but you say :

        – TPM 2.0 or ftpm enabled and sha1 disabled and sha256 or newer enabled Is it not a contradiction ?Please explain to a poor french customer .

        I say it can be installed on any hardware. For security reasons I just made clear that I support the ideas / concept of UEFI / GPT / TPM 2.0 or fTPM and Core Isolation and many other protection layers like Windows Hello, Bitlocker – all using TPM 2.0.

        You do not have to do all of this but it makes attacks much harder. I have now even uninstalled Malwarebytes as there is nothing compromising my system since + using Edge and proper security settings.

        1 user thanked author for this post.
      • #2388213
        rc primak
        AskWoody_MVP

        Thanks, Brian for another great round-up of a serious Windows issue.  This article reminds me of the old Windows Secrets days, with quality writing, easy to understand, and insights seldom seen elsewhere. This article will help lots of us who are wondering what’s happening with the Windows 11 upgrade.

        -- rc primak

      • #2388218
        Alex5723
        AskWoody Plus

        In this week’s newsletter, both you and Brian Livingston make reference to “Microsoft’s updated PC Health Check app”.   It does not (yet?) exist.

        It does for insider/beta testers.

        • #2388224
          alQamar
          AskWoody_MVP

          “How the heck can Microsoft be 30 days from the release of a new version of Windows and still not be able to tell me whether my machines will meet all its arbitrary diktats for hardware?”

          If you understand the idea of this thread, this app does not matter. If this app qualifies your hardware or not it only tells you if you can claim Microsoft support or not.

          As long as you do not need to open a support case with “Microsoft”.

          All this is completely optional in this regard if you do not need their official support.
          as Insider we have been said that the release version of W11 ISOs should not have ANY HW checks at all. but that is yet to confirm, so wait for the 5th of Oct. or even December to be super safe.

          I would not even wonder if the support – external contractors to Microsoft  – some I have seen still using Windows Server 2008 R2 in 2020 to connect to your computer, do not check said requirements again once you have Windows 11 installed.

          Remember my prediction. We do not have to eat this as hot as it is served.
          Again and I repeat I recommend to comply with their requirements plus having more RAM than 4 GB, but not because it would not work or cannot be installed but because of security and usability.

          There will be no “no-go” in the licensing terms to forbid the use of this OS, if licensed, just because technical recommendations are not met.

          There is not a single line in the licensing terms describing the HW requirements and binding this to the legal use of the OS.

          See: https://www.microsoft.com/licensing/terms/productoffering/WindowsDesktopOperatingSystem/MCA#UseRights

          https://www.microsoft.com/licensing/terms/product/ForallSoftware/MCA

      • #2388223
        MHCLV941
        AskWoody Plus

        In this week’s newsletter, both you and Brian Livingston make reference to “Microsoft’s updated PC Health Check app”.   It does not (yet?) exist.

        It does for insider/beta testers.

        So what?  This newsletter is not limited to “insiders/beta testers”.  I would wager the vast majority of folks who read this newsletter are neither.

        Neither is the web page that contains this link.  It is, at least by all appearances, the main PUBLC webpage for Windows 11.  There are FAQs near the bottom of the page including one that supposedly addresses compatibility.

        • #2388225
          alQamar
          AskWoody_MVP

          be more specific supported compatibility. Not the technical one.

          • #2388230
            MHCLV941
            AskWoody Plus

            be more specific supported compatibility. Not the technical one.

            A difference without a distinction unless you’re inclined to run a brand new unsupported operating system.  If I want to run an unsupported OS, I’ll stick with Windows 10.

      • #2388226
        Alex5723
        AskWoody Plus

        Neither is the web page that contains this link.  It is, at least by all appearances, the main PUBLC webpage for Windows 11.  There are FAQs near the bottom of the page including one that supposedly addresses compatibility.

        The page with the link is intended for insider users.

        • #2388232
          MHCLV941
          AskWoody Plus

          Neither is the web page that contains this link.  It is, at least by all appearances, the main PUBLC webpage for Windows 11.  There are FAQs near the bottom of the page including one that supposedly addresses compatibility.

          The page with the link is intended for insider users.

          Well, I am not an “insider” and I have no problem opening the page.   So Microsoft can’t even get that right?

          • #2388266
            EP
            AskWoody_MVP

            then this does NOT apply to you

            the updated MS PC Health Check app might be available to the general public (aka. non-insiders) come October 5th so you have to wait

            anyways, I’ve already gotten the secret MS download links to download that updated PC Health Check tool and will test it out on some of my Win10 PCs

      • #2388228
        MHCLV941
        AskWoody Plus

        If you understand the idea of this thread, this app does not matter if this app qualifies your hardware or not.

        If YOU understood my comment, you would not totally miss the point, which is that two very respected writers for this newsletter both reference something that still is not available to most readers.   Regardless of whether you think there is a viable way to get around the hardware requirements to install Windows 11, it is questionable at best whether Microsoft would support such an installation.  Indeed, recent reports from the “insider/beta tester” community suggest strongly that it will not.

        • #2388233
          alQamar
          AskWoody_MVP

          “it is questionable at best whether Microsoft would support such an installation. “

          It is not supported, I think I have made this very clear several times.
          Also made clear that you might not need this class of support they offer. It is everyone’s choice if they want a modern and secure OS and support or the former and no support.
          As you nailed it:

          “unless you’re inclined to run a brand new unsupported operating system.”

          So what’s the point to discuss about support?

          And my point is: why not?

          Why trashing good computers meeting the users current requirements of today and beyond 2025, when Windows 10 is out of support, too?

      • #2388231
        alQamar
        AskWoody_MVP

        Those not buying new computers will not be offered Windows 11 upgrades for a lot longer. Probably late-2021 or early-2022 for eligible systems.

        Microsoft has made very clear that zero computers that comply with their requirements will receive an automatic upgrade via Windows Update (for Business). I would need to take some time to find this on twitter.
        But: You can still use the ISO.

        If we take the bold one, it is confirming only systems meeting the HW requirements will see an automated upgrade as with previous SAC releases.

        source: https://www.microsoft.com/en-us/windows/windows-11

        What if my PC doesn’t meet the minimum hardware specifications? Can I stay on Windows 10?

        Yes! Windows 10 continues to be a great version of Windows. We have committed to supporting Windows 10 through October 14, 2025.

         

        How will I know when the upgrade is available for my Windows 10 PC?
        How much does it cost to upgrade from Windows 10 to Windows 11?

        It’s free. But only Windows 10 PCs that are running the most current version of Windows 10 and meet the minimum hardware specifications will be able to upgrade. You can check to see if you have the latest updates for Windows 10 in Settings/Windows Update.
        How long will the free upgrade offer last?

        The free upgrade offer does not have a specific end date for eligible systems. However, Microsoft reserves the right to eventually end support for the free offer. This end date will be no sooner than one year from general availability.
        • #2388377
          b
          AskWoody MVP

          Microsoft has made very clear that zero computers that comply with their requirements will receive an automatic upgrade via Windows Update (for Business).

          Did you mean “that DO NOT comply”?

          Windows 10 Pro version 21H2 build 19044.1263 + Microsoft 365 (group ASAP)

      • #2388234
        Alex5723
        AskWoody Plus

        Neither is the web page that contains this link.  It is, at least by all appearances, the main PUBLC webpage for Windows 11.  There are FAQs near the bottom of the page including one that supposedly addresses compatibility.

        The page with the link is intended for insider users.

        Well, I am not an “insider” and I have no problem opening the page.   So Microsoft can’t even get that right?

        This topic is directed to insiders/beta testers as the public can’t get legally Windows 11 ISO.

        Becoming insider is 1 click away in settings.

        1 user thanked author for this post.
      • #2388236
        alQamar
        AskWoody_MVP

        tldr: the author of the article intended to show ways how to install Windows 11 on unsupported hardware. So it is not supported

        nothing more or less I aided his (Brian Livingstones) work to provide a simple and effective way to reach the exact same with much less effort, backed up by bbearren in a more detailed post, while my how-to also encourage users to TRY using the new tech, but also give them a way if they cannot same as bbearren described.

        Imho there is little room for a debate on “supported or not” as the whole article is about doing something unsupported.

      • #2388237
        alQamar
        AskWoody_MVP

        @Alex becoming Insider is in fact very easy but has requirements like full telemetry and Microsoft account (imho both have big benefits).

        If someone wants to join Insider I welcome them.

        Precaution: For Windows 11 please use the BETA Insider channel only, no longer the Dev. If Windows 11 is released, the same game applies on unsupported hardware as described to stay on this OS without reinstalling.
        The Dev is not Windows 11 anymore, even it looks like it, it is now unrelated to a release.

      • #2388243
        Cybertooth
        AskWoody Plus

        The following text quoted in Brian’s post caught my eye:

        It is not that having things like TPM 2.0 support, HVCI [hypervisor code integrity in Win10], and improved firmware protections in place and enabled on your Windows machines isn’t better than not having them.

        It’s that none of those things themselves really reduce your risk vs. common threats all that much.

        Block macros from the Internet and associate WSH [Windows Script Host] scripting files that would normally be executed when clicked on with Notepad instead, and [you’ve] already reduced your risk far more than by having any or all of those things in place.

        I have a pair of questions focusing on the text that I have highlighted in the quote:

        1. How would a user determine if these two security measures have been, or need to be, implemented on his/her system?
        2. How would one go about implementing these two security measures?

        Thank you.

         

      • #2388254
        MHCLV941
        AskWoody Plus

        This topic is directed to insiders/beta testers as the public can’t get legally Windows 11 ISO. Becoming insider is 1 click away in settings.

        Well, pardon the heck out of me, but the mythical app that supposedly can tell one if currently owned hardware meets Windows 11 requirements is on a web page that is available to the general public.

        If this somehow offends you, get over it.

        • #2388267
          EP
          AskWoody_MVP

          you TOO should also get over it as well and move on, MHCLV941
          end of story

      • #2388259
        alQamar
        AskWoody_MVP
        1. How would a user determine if these two security measures have been, or need to be, implemented on his/her system?
        2. How would one go about implementing these two security measures?

          In many cases WSH can be blocked by applocker or sorts altogether. The need for it is dramatically reduced as most Windows / Server Products do not rely on it rather PowerShell 5.1. sconfig was one using it, is now based on PowerShell in Windows Server 2022. slmgr is another one using WSH, but can be replaced by better methods just like ADBA and / or VAMT in many cases

        It is a good practice to disable it. However attackers today do not use WSH much, rather macros in Office and or PowerShell as well. Because they know the countermeasures.

        1 user thanked author for this post.
      • #2388260
        alQamar
        AskWoody_MVP

        What I said in my OP

        Not quite.  I didn’t say:

        You need an USB pen drive

        – TPM 2.0 or ftpm enabled and sha1 disabled and sha256 or newer enabled

        – Vt-d /VT-x enabled

        Enable Core isolation in Windows Security Center

        Remove all older drivers that would prevent it via Device Manager

        I said:

        I have upgraded Windows 10 to Windows 11 (Beta, the hardware-restricted beta) on both sides of my dual boot with my TPM 1.2 disabled in BIOS (untouchable by the OS) and Secure Boot disabled.

        A pen drive is not needed for an inplace/upgrade.  It works quite well with a mounted ISO.  The other hardware requirements are not needed for an inplace/upgrade.

        alright my OP has a weakness I wanted to express that TPM and sorts is not required at all but it is recommended to use TPM and GPT etc, outlining a bit how to get there and when to change it or not (if possible).

        On the pen drive, you are right it is not needed in this case. Cannot correct it anymore.

        Your quote is not in the correct context as the GPT / UEFI / TPM VT-x stuff is my personal recommendation. In the list before it matches your better explanation.

        “I highly recommend to have”

        • list
        • of
        • things
      • #2388261
        MHCLV941
        AskWoody Plus
        1. How would a user determine if these two security measures have been, or need to be, implemented on his/her system?
        2. How would one go about implementing these two security measures?

          In many cases WSH can be blocked by applocker or sorts altogether. The need for it is dramatically reduced as most Windows / Server Products do not rely on it rather PowerShell 5.1. sconfig was one using it, is now based on PowerShell in Windows Server 2022. slmgr is another one using WSH, but can be replaced by better methods just like ADBA and / or VAMT in many cases

        It is a good practice to disable it. However attackers today do not use WSH much, rather macros in Office and or PowerShell as well. Because they know the countermeasures.

        The dilemma of defense: it must work all day, every day against all possible attacks, even ones that are not used much anymore.  An attacker needs to succeed only once using any attach method, regardless of whether it’s brand new or on display in the Smithsonian.

        1 user thanked author for this post.
      • #2388316
        Alex5723
        AskWoody Plus

        the release version of W11 ISOs should not have ANY HW checks at all

        The release version will have ALL HW checks. Not only that but insider users running Windows 11 on unsupported HW will be forced to re-install Windows 10 using ISO after Windows 11 final released.

        1 user thanked author for this post.
        • #2388343
          bbearren
          AskWoody MVP

          The release version will have ALL HW checks.

          Perhaps in the ISO, but not in the install.esd file.  And as I said earlier, a Windows 10 containing a Windows 11 install.esd is all that is necessary to do an inplace/upgrade to Windows 11.

          Not only that but insider users running Windows 11 on unsupported HW will be forced to re-install Windows 10 using ISO after Windows 11 final released.

          With recent drive images, one is not forced to do anything, especially re-install.  I’ve upgraded to Windows 11 twice just to take a look, and then came right back to where I left off in Windows ten in minutes.

          I don’t play by Microsoft’s rule book, I use my own.

          Create a fresh drive image before making system changes/Windows updates, in case you need to start over!
          "When you're troubleshooting, start with the simple and proceed to the complex."—M.O. Johns
          "Experience is what you get when you're looking for something else."—Sir Thomas Robert Deware

          1 user thanked author for this post.
      • #2388323
        Alex5723
        AskWoody Plus

        This topic is directed to insiders/beta testers as the public can’t get legally Windows 11 ISO. Becoming insider is 1 click away in settings.

        Well, pardon the heck out of me, but the mythical app that supposedly can tell one if currently owned hardware meets Windows 11 requirements is on a web page that is available to the general public.

        If this somehow offends you, get over it.

        The page is available the app isn’t.
        There are other apps available to the public like ; WhyNotW11, Win11RCT..

      • #2388374
        anonymous
        Guest

        Windows 11?!

        I still find no compelling reason to move to Windows 10 other than being forced to.

        From the looks of things, Windows 11 seems to be holding true to the “every other version of Microsoft software stinks” rule, so skipping it will probably make sense.

        I would suspect Windows 10 users should not move off that platform till Windows 12 has been out for roughly 5 years.

        1 user thanked author for this post.
      • #2388421
        carpintero
        AskWoody Lounger

        Generally do not partition the c drive manually. It’s at cost of Performance anyway.

        1) “Manually” in distinction to what other means?

        2)Please elucidate regarding practical performance cost.

      • #2388523
        Alex5723
        AskWoody Plus

        Perhaps in the ISO, but not in the install.esd file.  And as I said earlier, a Windows 10 containing a Windows 11 install.esd is all that is necessary to do an inplace/upgrade to Windows 11.

        Publish this on Microsoft’s blog for all 1 Billion Windows 7/10 users to read.

        With recent drive images, one is not forced to do anything, especially re-install.

        It doesn’t matter if its re-install, image restore… They are forces back to Windows 10.
        See PKCano’s post Windows on ARM installation in an M1 MacMini VM

        ….while Microsoft waffled on the decision whether to permit it at all or not. Well, the “or not” came about three days ago with the choice to participate in the Insider Program obliterated by the last update to my Win11 Insider Preview, KB5006050 Build 22000.176. It left only the mandate to reinstall Win10
        under Windows Update and Security in the Settings App…

        • #2388555
          bbearren
          AskWoody MVP

          Perhaps in the ISO, but not in the install.esd file.  And as I said earlier, a Windows 10 containing a Windows 11 install.esd is all that is necessary to do an inplace/upgrade to Windows 11.

          Publish this on Microsoft’s blog for all 1 Billion Windows 7/10 users to read.

          I posted it here already.  And there are over a billion Windows 10 installations alone.  I haven’t tried it with a Windows 7 ISO.

          It doesn’t matter if its re-install, image restore… They are forces back to Windows 10.

          Too early to tell.  I’ll wait until the RTM October 5, and give it a test drive then.  I’m not really concerned about what Microsoft says, it’s what they can enforce via software that matters, and there are always workarounds for software.

          I’ve been running Windows in installations unsupported by Microsoft for a couple of decades, and it still works (with improved efficiency and stability).  As long as there is a registry, it will continue to work.

          Create a fresh drive image before making system changes/Windows updates, in case you need to start over!
          "When you're troubleshooting, start with the simple and proceed to the complex."—M.O. Johns
          "Experience is what you get when you're looking for something else."—Sir Thomas Robert Deware

        • #2388557
          PKCano
          Manager

          My comments you quoted pertain to legitimate enrollment in, and installation according to the rules, for the Insider Program in a VM on an Intel based machine that does not meet MS requirements for Win11.

          It DOES NOT pertain to manipulating the install or the rules.

          You have taken the quote completely out of context.

      • #2388591
        Alex5723
        AskWoody Plus

        My comments you quoted pertain to legitimate enrollment in, and installation according to the rules, for the Insider Program in a VM on an Intel based machine that does not meet MS requirements for Win11.

        It DOES NOT pertain to manipulating the install or the rules.

        You have taken the quote completely out of context.

        As an example I also referred to the Windows 11 Insider Program and Microsoft’s “nudge” to re-install Windows 10 .

    Viewing 33 reply threads

    Please follow the -Lounge Rules- no personal attacks, no swearing, no politics or religion.

    Reply To: How you might install Win 11 on older PCs lacking TPM 2.0

    You can use BBCodes to format your content.
    Your account can't use Advanced BBCodes, they will be stripped before saving.