Dynamic Windows 11 Setup TPM Bypass

Discussion in 'Windows 11' started by AveYo, Sep 2, 2021.

  1. AveYo

    AveYo MDL Expert

    Feb 10, 2009
    1,837
    5,564
    60
    And?
    How is that concerning this specific topic?
    You took the time to attach an unrelated Rufus screenshot - twice - but without mentioning what have you done and why do you think something is wrong.
    I should not have to speculate, but here I go:
    - Did you use a script from here?
    - Which one?
    - Quick_11_iso_esd_wim_TPM_toggle.cmd?
    - Then the media no longer has TPM or RAM checks forced, and Rufus detects that fact (probably)
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  2. SkyNet6

    SkyNet6 MDL Novice

    Jul 18, 2021
    16
    2
    0
    If you took the time to look at what I was referring to, comment by RobertX on 4-28-22 you would know what I was referring too. You don't have to be so Rudd!!!
     
  3. AveYo

    AveYo MDL Expert

    Feb 10, 2009
    1,837
    5,564
    60
    So I'm "Rudd" for asking for clarifications? Do I have a crystal ball or should I be scanning the whole thread every time to find a comment by someone else that you're referring to in your head, without quoting?
    Why did YOU not take the time to write something I can objectively respond to? Sorry, I'm just gonna ignore you further, my dealing-with-getting-offended-by-default-plate is booked until next year. See you then.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  4. PointZero

    PointZero MDL Member

    Oct 5, 2011
    1,420
    3,794
    60
    He's complimenting you. Phil Rudd is a great drummer! :p
     
  5. SkyNet6

    SkyNet6 MDL Novice

    Jul 18, 2021
    16
    2
    0
     
  6. Dark Dinosaur

    Dark Dinosaur X Æ A-12

    Feb 2, 2011
    2,182
    2,617
    90
    So far I saw 5 methods to bypass.
    it become Too much mess :busted:


    1- Original method.
    for %%X in (RAM SecureBoot Storage TPM Disk CPU) do reg add HKLM\SYSTEM\Setup\LabConfig /v Bypass%%XCheck /d 1 /t reg_dword /f

    2- sources\appraiserres.dll
    Remove this file Also help bypass TPM check.
    or use old one that don't have TPM check.

    3- Server TPM bypass
    Via Win_11_Boot_And_Upgrade_FiX_KiT_v2.2
    via Quick_11_iso_esd_wim_TPM_toggle
    Via Lite Unf**k Windows Setup v1.4

    4-AllowUpgradesWithUnsupportedTPMOrCPU Key.
    for PC with Unsopported CPU / TPM
    for upgrades only.

    5-winsetup.dll Patch.
    Remove Module_Init_HWRequirements reference
    Remove Module_Init_GatherDiskInfo reference
    Via No_11_Setup_Checks_on_Boot
    Via Aveyo MCT
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  7. MDeaks

    MDeaks MDL Junior Member

    Aug 25, 2017
    82
    41
    0

    Thanks Dark Dinosaur,
    I have "copied/done the same listing" for my own references - very nice !
    >> only other one on my list = RUFUS......

    **Note- I tested all -EXCEPT #2 on your list.
    ** reading a few "posts" even @ other blogs/websites - that options have had various 'issues'
    *** - so as a windows "novice" and not being into "codes" etc, didn't want take too big risks..
     
  8. Enthousiast

    Enthousiast MDL Tester

    Oct 30, 2009
    42,861
    78,905
    450
    That actually was the first real bypass for upgrade scenarios (from june 2021), got more and more useless with MSFT changing the upgrade process.

    Now replacing/removing/renaming is not working very well anymore, no risks attached except it not working when it doesn't work ( :thinking::D).

    The UFWS method still works fine though.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  9. Enthousiast

    Enthousiast MDL Tester

    Oct 30, 2009
    42,861
    78,905
    450
    That was actually the second bypass method and, as some here have shown, not working 100% anymore.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  10. Dark Dinosaur

    Dark Dinosaur X Æ A-12

    Feb 2, 2011
    2,182
    2,617
    90
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  11. Enthousiast

    Enthousiast MDL Tester

    Oct 30, 2009
    42,861
    78,905
    450
    :rolleyes:
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  12. ohenry

    ohenry MDL Senior Member

    Aug 10, 2009
    281
    127
    10
    I could use a little clarification here, please. As I understand it, method 2 (involving replacing appraiserres.dll with a zero length file) is the method used by Rufus. That is the only method that I have used, and it still seems to work with 22621.1. Note that this is for a clean install, no idea about upgrades. I have not seen any reports of this failing to work for a clean install, am I missing something?

    And what exactly is "UFWS"?
     
  13. Enthousiast

    Enthousiast MDL Tester

    Oct 30, 2009
    42,861
    78,905
    450
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  14. AveYo

    AveYo MDL Expert

    Feb 10, 2009
    1,837
    5,564
    60
    Zero-byte file still works for upgrades (nothing to do with clean install, if you used rufus then you've missed the behind-the-scene update of boot.wim index 2 registry with LabConfig reg overrides).
    And I've been insisting on either delete it or set it to 0-byte at a time when people were extracting past versions from 1709 iso's. Or worse, edit it with plain notepad, corrupting it.
    With a zero-byte file we essentially force setup to reuse the existing compatibility sdb from media corresponding to the build, and deny any dynamic update to it.

    I've also experimented with other forms of file deny without touching setup binaries, like adding a sources\Panther\Appraiser_Data.ini folder on media (stopped working in some dev).
    But requirements can change at any time (remotely), the running os maintains it's own compatibility sdb and can reject versions from the media.
    At the start of the year many of such experiments stopped working like Enthousiast pointed out.

    A more portable way without touching binaries is to include / call a script with the media like my auto.cmd that uses /Product Server on-the-fly,
    or UFWS that is preventing dynamic update by pre-copying temporary setup files and deleting the appraiserres.dll there.

    #1 is clean install only, known to fail in couple scenarios (but with time passing it got more coverage since many blacklists have been lifted)
    #2 is upgrades only and if it works, it's great as it does not hinder dynamic update
    #3 is the best overall, reliable and convenient, covers most scenarios, and it also works for upgrades (but borks dynamic update, and muh Windows Server Setup).
    several solutions to choose from (tho Quick_11_iso_esd_wim_TPM_toggle is criminally underrated)
    #4 is borderline useless (since you need TPM 1.2 and UEFI)
    #5 is clean install only and is 100% reliable, but it requires dll patching in boot.wim so it's kinda excessive
    I would not call having alternatives a mess. It is healthy.

    Not sparing any method to send some potatoes Windows 11's way ;)
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  15. Enthousiast

    Enthousiast MDL Tester

    Oct 30, 2009
    42,861
    78,905
    450
    #256 Enthousiast, Jun 20, 2022
    Last edited: Jun 20, 2022
    This is what i use in Win 11 Boot And Upgrade FiX KiT

    You refer to UFWS that it deletes stuff? That was the earlier method before the
    Code:
      %_wimlib% info "Work\sources\%WIMFILE%" %%i --image-property WINDOWS/INSTALLATIONTYPE=Server
    method was found to be working.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  16. AveYo

    AveYo MDL Expert

    Feb 10, 2009
    1,837
    5,564
    60
    @Enthousiast when I say #3 being the best overall I'm referring to all Client -> Server methods listed by @Dark Dinosaur, not just my version ;)
    Win_11_Boot_And_Upgrade_FiX_KiT, Quick_11_iso_esd_wim_TPM_toggle, Lite Unf**k Windows Setup are all original works that do the job reliably,
    and there's nothing wrong with sticking with one over the others.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  17. Enthousiast

    Enthousiast MDL Tester

    Oct 30, 2009
    42,861
    78,905
    450
    @AveYo it was just to clarify that the UFWS method i refer to is not the one you refer to when mentioning UFWS.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  18. AveYo

    AveYo MDL Expert

    Feb 10, 2009
    1,837
    5,564
    60
    If I recall both original UFWS and the Lite UFWSe co-exist, not super-seed. And why not, since both should still work.
    Technically, you should have mentioned it's the Lite one, while I've made the distinction in #257 vs #255 :)
    Anyway, now wondering if "Validation OS" have requirements :oops:
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  19. Enthousiast

    Enthousiast MDL Tester

    Oct 30, 2009
    42,861
    78,905
    450
    Can't recall this method was called lite (i know something was called lite), this is the info i provided back then.

    I don't see it mentioned in the dedicated thread:)
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...