Hi I am trying to add this registry key below to prevent Windows 8.1 from disabling secure erase on my ssd. But I don't know how to add it during install. [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\EnhancedStorageDevices] "TCGSecurityActivationDisabled"=dword:00000001
Alright so I think I figured it out, is the below correct? REG ADD HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\EnhancedStorageDevices /t REG_DWORD /v TCGSecurityActivationDisabled /d 00000001 /f
I don't see why that wouldn't work, but if it doesn't: Try... Code: REG ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\EnhancedStorageDevices" /v TCGSecurityActivationDisabled /D 1 /T REG_DWORD /F
Edit: Never mind my command didn't work, I will try your command next. Also maybe I have to add <DisableEncryptedDiskProvisioning>true</DisableEncryptedDiskProvisioning> to an AutoUnattend.xml to disable that security feature.
Well I guess that registry key doesn't work since it disabled the security mode still. So do I just use Windows System Image Manager to create a AutoUnattend.xml with only DisableEncryptedDiskProvisioning changed?
Thanks JanCerny, does that go in a Unattend.xml file? Also I created a Unattend.xml file with just DisableEncryptedDiskProvisioning changed to true. So all I do is add the below to the root of the usb with the windows files? Code: <?xml version="1.0" encoding="utf-8"?> <unattend xmlns="urn:schemas-microsoft-com:unattend"> <settings pass="windowsPE"> <component name="Microsoft-Windows-Setup" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="link removed because of my post count" xmlns:xsi="link removed because of my post count"> <DiskConfiguration> <DisableEncryptedDiskProvisioning>true</DisableEncryptedDiskProvisioning> </DiskConfiguration> </component> </settings> <cpi:offlineImage cpi:source="wim:c:/users/alex/downloads/en_windows_8.1_professional_vl_with_update_x64_dvd_4065194/sources/install.wim#Windows 8.1 Pro" xmlns:cpi="urn:schemas-microsoft-com:cpi" /> </unattend>
So EliteGhost... Where you able to get past the auto eDrive SDD crippling problem ? This has stopped me from trying out Win 8.1. I am not sure why this isn't a bigger deal since it's very likely a bunch of folks are getting their SDD's crippled automatically. I am guessing this does not affect HDD's ??? I wonder why disabling the eDrive is not as easy as checking a box in WinReducer 8.1. Should be part of that prog. Any new info would be appreciated.
Nope did not work, so far it looks like you need to create a your own image with DisableEncryptedDiskProvisioning set to true and TCGSecurityActivationDisabled set to 1 in order to disable eDrive.
Did you create said image ? Where you able to verify that just those two settings stopped eDrive from crippling SDD's ? It should but I wonder how one would test this option... I requested both the DisableEncryptedDiskProvisioning (TRUE) + TCGSecurityActivationDisabled (1) options be added to WinReducer v8.1 for easier modding... They are now part of the options on WinReducer 8.1 v1.11. But didn't realize that WinReducer 8.1 will only work in Windows 8.1... Will have to create a VM setup to be able to try to edit any ISO... Will take me a while... Murphy78, love your Windows 8.1 AIO-24in1 releases... Not sure how compatible WinReducer 8.1 is with your All-In-One's... Haven't found confirmation of it... Is there any chance you can add the DisableEncryptedDiskProvisioning (TRUE) + TCGSecurityActivationDisabled (1) options/value to your AIO installer for the different versions of Win 8.1 ??? Or is this something that can only be done thru pre ISO creation or can it be injected or modified thru a small update/patch like you did with the 24in1 Apr2014 v3 & the SuperAIO-v5 patch
I think what you are describing is using an autounattend.xml file. Basically you just toss the xml in the root directory of the install. Unfortunately the superaio doesn't have the xml support in the install script. All of my other releases do use the normal setup program, so they should work. You should probably delete the ei.cfg if you use one though. As for the actual xml to use, I'm sorry; I'm not very advanced with the xml stuff. I can read through the xml fine to see what it's doing, but creating one from scratch is a bit beyond me.
Creating one from scratch is Greek to me. Will check over at WinReducer to see if the autounattended.xml method is what their program uses or a pre-ISO regedit. Maybe choosing just those two options to mod in a ISO will give us a clean autounattended.xml that would need minor modding or no modding a all (copy & paste). As far as I know the WinReducer feature is untested. But it seems to be simple enough to turn both of those options to 1 or false. Prefer the USB stick install method so that should make any tweaks needed easier to implement. Maybe EliteGhost will get it install & up & running before me...
Added DisableEncryptedDiskProvisioning request over at WinReducer since this 3 options need to be implemented at first install for them to really make a difference. Hopefully it gets added soon. Can someone that already has Win 8.1 running grab an ISO & the latest WinReducer 8.1 & run ONLY DisableEncryptedDiskProvisioning + TCGSecurityActivationDisabled save the ISO & check it to see if there was an autounattend.xml or some other XML created to implement both new settings & posted back. Still not sure how WinReducer implements the new settings. Guess one way to check it would be to install the above edited ISO on a VM & check the registry settings after installation. This is probably a dumb ? but if one installs an unedited Windows 8.1 on a VM on a SSD. The SSD should be completely protected from the eDrive & bitloccker crap, Right ???
Answer: I used WinReducer to set the two settings. WinReducer puts an AutoUnattend.xml file in the root of the ISO with these lines inside: <TCGSecurityActivationDisabled>1</TCGSecurityActivationDisabled> <DiskConfiguration> <DisableEncryptedDiskProvisioning>true</DisableEncryptedDiskProvisioning> </DiskConfiguration> When loading Windows into a VM, "TCGSecurityActivationDisabled"=dword:00000001 is in the correct place in the registry as given above. Searching the registry for DisableEncryptedDiskProvisioning yields nothing. So this isn't a setting in the registry. Also, "PreventDeviceEncryption" is also not in the registry after first bootup.
Thanks a lot for doing the leg work... Is that everything that is on the AutoUnattend.xml or is that just the relevant stuff? Also, which version of W8.1 ISO did u used? Pro WMC, Murphy78's AIO or ??? I wonder if turning on the <DisableEncryptedDiskProvisioning> gets rid of the need to set <PreventDeviceEncryption> as true. But since both my not be part of the registry. I wonder how that can be tested. Or it might not be in the registry because it's being run on a VM... And there is nothing to Provision or Encrypt. Not sure how Windows on a VM handles those things... Anybody got any ideas ? Murphy78 mentioned having to delete the ei.cfg. I guess that was from his AIO. Did the ISO u used had an ei.cfg ? & did WinReducer got rid of it ? The <PreventDeviceEncryption> option will be included on WinReducer v1.12... So that should give us that proper code that goes in the AutoUnattend.xml. Man is WinterStorm2050 fast with his updates or what!!! He also mentioned that removing BitLocker all together has never giving him any problems. Would post links to the info but I don't have the option to do that yet. Thanks again Orbidia.. Keep posting if you keep playing with the options...
I just had to unprovision my SSD because Windows 8.1 silently enables the Device encryption during install. After PSID-reverting it, I also had to disable the silent Device encryption during Windows 8.1 install. During Install press Shift+F10 to load the command prompt. Then just add the registry key mentioned earlier: "reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\EnhancedStorageDevices /v TCGSecurityActivationDisabled /t REG_DWORD /d 1 /f" you can use "reg query HKLM\SOFTWARE\Policies\Microsoft\Windows\EnhancedStorageDevices" to check if the key was added correctly. (note: this key was not already present on the install image) This worked fine for me. I am running an unencrypted SSD now.