Dynamic Windows 11 Setup TPM Bypass

Discussion in 'Windows 11' started by AveYo, Sep 2, 2021.

  1. AveYo

    AveYo MDL Expert

    Feb 10, 2009
    1,836
    5,757
    60
    #141 AveYo, Mar 15, 2022
    Last edited: Mar 15, 2022
    (OP)
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  2. abbodi1406

    abbodi1406 MDL KB0000001

    Feb 19, 2011
    18,610
    100,025
    340
    Stop blasting catroot2 :rolleyes:
     
  3. Dark Vador

    Dark Vador X Æ A-12

    Feb 2, 2011
    4,828
    7,137
    150
    There is a second solution for this :D
    Code:
    Format c:
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  4. AveYo

    AveYo MDL Expert

    Feb 10, 2009
    1,836
    5,757
    60
    #144 AveYo, Mar 15, 2022
    Last edited: Mar 15, 2022
    (OP)
    [edit] just remembered why I keep on doing it despite your valiant efforts to discourage me ;)
    and probably why MS recommended it in the past as a valuable troubleshooting step:


    If those catroot2 databases get corrupted, CryptSvc cannot start and then WU is KO.
    And there's a higher than 0 chance of corruption when brute-forcing services off while WU is in limbo, or user restarts the PC for example.
    Sure, it got better with delayed transactions instead of direct writes in modern versions, but 1809 and older are still garbage (specially 1703 - I use it a lot since it's the most broken 10 version haHA).
    So why take a chance? I'd say it's the responsible thing to do with not much if any downsides (unless you know of such scenario). CryptSvc will just read CatRoot again into those catroot2 databases.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  5. abbodi1406

    abbodi1406 MDL KB0000001

    Feb 19, 2011
    18,610
    100,025
    340
    I would not count much on CryptSvc to rebuild catroot2 database :cool:

    signtool.exe can do it though
     
  6. AveYo

    AveYo MDL Expert

    Feb 10, 2009
    1,836
    5,757
    60
    You know what I mean. CryptSvc no longer spams this every second:
    So technically it is CryptSvc that does it (initialization) and then some other WU service populating it.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  7. abbodi1406

    abbodi1406 MDL KB0000001

    Feb 19, 2011
    18,610
    100,025
    340
    Fun story:
    i was playing with Windows 11 upgrade (+ _Skip_TPM_Check_on_Dynamic_Update_v7) and i got hard block because it detected WSUSSetup.exe file on my storage partition, saying i have to uninstall WSUS first
     
  8. AveYo

    AveYo MDL Expert

    Feb 10, 2009
    1,836
    5,757
    60
    Yes! /Product Server is not a carte-blanche - but it's the most successful overall for Dev update via WU atm. I've encountered some other quirks with registry keys on hybrid os.
    I personally hate that I have to hijack setuphost. If windowsupdatebox was not sandboxed I could have played around with options and generate the compatibility report on server, but run setup normally.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  9. abbodi1406

    abbodi1406 MDL KB0000001

    Feb 19, 2011
    18,610
    100,025
    340
    I actually ment the level of intelligence to block upgrade merely based on a file name, not detecting if WSUS is really installed
     
  10. AveYo

    AveYo MDL Expert

    Feb 10, 2009
    1,836
    5,757
    60
    Well that has always been the case. Global names that can be on any path. Hard-coded installer detection. SDBs. IFEO. So.. low expectations ;)
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  11. SkyNet6

    SkyNet6 MDL Novice

    Jul 18, 2021
    17
    2
    0
    It did not work on an AIO. The setup.exe file date never changed.
     
  12. RobertX

    RobertX MDL Senior Member

    Dec 6, 2014
    331
    38
    10
    #153 RobertX, Apr 27, 2022
    Last edited: Apr 28, 2022
    Is it recommended to use Mediacreationtool.bat all the time?

    And I just read the text file and compared the contents against the description at the start of this thread.

    One thing I've noticed is that the readme.md file accompanied with the bundle mentions that the .bat file allows the creation of a local account, one option that was excluded in the release of Windows11, but the original post in this thread does not mention that. Did the updated version of the media creation tool exclude that option as well?

    Apologies for asking those questions, but I need to know.

    EDIT: And another thing: do I need Windows 10 to operate the Mediacreationtool?

    When downloading 11, I tried using Windows Powershell 3.0; I also tried to enable BITS Server, but it's already enabled, and I tried to enable Powershell scripts, but there aren't any.

    All attempts have failed when using Windows 7 x64.
     
  13. SkyNet6

    SkyNet6 MDL Novice

    Jul 18, 2021
    17
    2
    0
    I’m trying to set a persistent registry entry for Bypass TPM, SecureBootCheck and RAM check within a Windows 11 AIO that I have made myself from the Microsoft Official ISO.s. I’m aware to the registry hack but would like to have the LabConfig changes to always be there. Is this possible and if so how?

    thanks
     
  14. Errepublika

    Errepublika MDL Senior Member

    Aug 18, 2021
    453
    317
    10
    #156 Errepublika, Apr 28, 2022
    Last edited: Apr 28, 2022
    I think what you are looking for is this:
    Win 11 Boot And Upgrade FiX KiT | My Digital Life Forums
     
  15. SkyNet6

    SkyNet6 MDL Novice

    Jul 18, 2021
    17
    2
    0
    When I run Rufus it only gives me the option of Standard Windows 11 installation. Trying to fun this on the Consumer and Business Client download.
     
  16. RobertX

    RobertX MDL Senior Member

    Dec 6, 2014
    331
    38
    10
    Not even a "thank you?" Just kidding.

    Sorry to hear that it doesn't solve the problem. Apologies.

    I'll try something else.