Need help setting registry entry in cmd during Wndows 8.1 install

Discussion in 'Windows 8' started by EliteGhost, May 7, 2014.

  1. EliteGhost

    EliteGhost MDL Novice

    Feb 8, 2012
    8
    0
    0
    Hi I am trying to add this registry key below to prevent Windows 8.1 from disabling secure erase on my ssd. But I don't know how to add it during install.

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\EnhancedStorageDevices]
    "TCGSecurityActivationDisabled"=dword:00000001
     
  2. EliteGhost

    EliteGhost MDL Novice

    Feb 8, 2012
    8
    0
    0
    Alright so I think I figured it out, is the below correct?

    REG ADD HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\EnhancedStorageDevices /t REG_DWORD /v TCGSecurityActivationDisabled /d 00000001 /f
     
  3. LiteOS

    LiteOS MDL Expert

    Mar 7, 2014
    1,432
    547
    60
    mount the image before the installation and use regedit to hive
    search hive a reg for more info
     
  4. murphy78

    murphy78 MDL DISM Enthusiast

    Nov 18, 2012
    6,674
    10,073
    210
    #4 murphy78, May 7, 2014
    Last edited by a moderator: Apr 20, 2017
    I don't see why that wouldn't work, but if it doesn't: Try...
    Code:
    REG ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\EnhancedStorageDevices" /v TCGSecurityActivationDisabled /D 1 /T REG_DWORD /F
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  5. EliteGhost

    EliteGhost MDL Novice

    Feb 8, 2012
    8
    0
    0
    #5 EliteGhost, May 7, 2014
    Last edited by a moderator: Apr 20, 2017
    (OP)
    Edit: Never mind my command didn't work, I will try your command next. Also maybe I have to add
    <DisableEncryptedDiskProvisioning>true</DisableEncryptedDiskProvisioning> to an AutoUnattend.xml to disable that security feature.
     
  6. EliteGhost

    EliteGhost MDL Novice

    Feb 8, 2012
    8
    0
    0
    Well I guess that registry key doesn't work since it disabled the security mode still. So do I just use Windows System Image Manager to create a AutoUnattend.xml with only DisableEncryptedDiskProvisioning changed?
     
  7. JanCerny

    JanCerny MDL Member

    Sep 13, 2012
    201
    132
    10
    #7 JanCerny, May 9, 2014
    Last edited by a moderator: Apr 20, 2017
  8. EliteGhost

    EliteGhost MDL Novice

    Feb 8, 2012
    8
    0
    0
    #8 EliteGhost, May 9, 2014
    Last edited by a moderator: Apr 20, 2017
    (OP)
    Thanks JanCerny, does that go in a Unattend.xml file? Also I created a Unattend.xml file with just DisableEncryptedDiskProvisioning changed to true. So all I do is add the below to the root of the usb with the windows files?

    Code:
    <?xml version="1.0" encoding="utf-8"?>
    <unattend xmlns="urn:schemas-microsoft-com:unattend">
        <settings pass="windowsPE">
            <component name="Microsoft-Windows-Setup" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="link removed because of my post count" xmlns:xsi="link removed because of my post count">
                <DiskConfiguration>
                    <DisableEncryptedDiskProvisioning>true</DisableEncryptedDiskProvisioning>
                </DiskConfiguration>
            </component>
        </settings>
        <cpi:offlineImage cpi:source="wim:c:/users/alex/downloads/en_windows_8.1_professional_vl_with_update_x64_dvd_4065194/sources/install.wim#Windows 8.1 Pro" xmlns:cpi="urn:schemas-microsoft-com:cpi" />
    </unattend>
    
     
  9. Y314K

    Y314K MDL Junior Member

    May 25, 2014
    51
    13
    0
    #9 Y314K, Jun 9, 2014
    Last edited by a moderator: Apr 20, 2017
    So EliteGhost... Where you able to get past the auto eDrive SDD crippling problem ? This has stopped me from trying out Win 8.1. I am not sure why this isn't a bigger deal since it's very likely a bunch of folks are getting their SDD's crippled automatically. I am guessing this does not affect HDD's ???

    I wonder why disabling the eDrive is not as easy as checking a box in WinReducer 8.1. Should be part of that prog.

    Any new info would be appreciated.
     
  10. EliteGhost

    EliteGhost MDL Novice

    Feb 8, 2012
    8
    0
    0
    Nope did not work, so far it looks like you need to create a your own image with DisableEncryptedDiskProvisioning set to true and TCGSecurityActivationDisabled set to 1 in order to disable eDrive.
     
  11. Y314K

    Y314K MDL Junior Member

    May 25, 2014
    51
    13
    0
    #11 Y314K, Jun 25, 2014
    Last edited by a moderator: Apr 20, 2017
    Did you create said image ? Where you able to verify that just those two settings stopped eDrive from crippling SDD's ? It should but I wonder how one would test this option...

    I requested both the DisableEncryptedDiskProvisioning (TRUE) + TCGSecurityActivationDisabled (1) options be added to WinReducer v8.1 for easier modding... They are now part of the options on WinReducer 8.1 v1.11. But didn't realize that WinReducer 8.1 will only work in Windows 8.1... Will have to create a VM setup to be able to try to edit any ISO... Will take me a while... o_O

    Murphy78, love your Windows 8.1 AIO-24in1 releases... Not sure how compatible WinReducer 8.1 is with your All-In-One's... Haven't found confirmation of it... Is there any chance you can add the DisableEncryptedDiskProvisioning (TRUE) + TCGSecurityActivationDisabled (1) options/value to your AIO installer for the different versions of Win 8.1 ??? Or is this something that can only be done thru pre ISO creation or can it be injected or modified thru a small update/patch like you did with the 24in1 Apr2014 v3 & the SuperAIO-v5 patch :confused:
     
  12. murphy78

    murphy78 MDL DISM Enthusiast

    Nov 18, 2012
    6,674
    10,073
    210
    I think what you are describing is using an autounattend.xml file. Basically you just toss the xml in the root directory of the install. Unfortunately the superaio doesn't have the xml support in the install script. All of my other releases do use the normal setup program, so they should work. You should probably delete the ei.cfg if you use one though.
    As for the actual xml to use, I'm sorry; I'm not very advanced with the xml stuff. I can read through the xml fine to see what it's doing, but creating one from scratch is a bit beyond me.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  13. Y314K

    Y314K MDL Junior Member

    May 25, 2014
    51
    13
    0
    Creating one from scratch is Greek to me. :biggrin:

    Will check over at WinReducer to see if the autounattended.xml method is what their program uses or a pre-ISO regedit. Maybe choosing just those two options to mod in a ISO will give us a clean autounattended.xml that would need minor modding or no modding a all (copy & paste). As far as I know the WinReducer feature is untested. But it seems to be simple enough to turn both of those options to 1 or false. Prefer the USB stick install method so that should make any tweaks needed easier to implement. Maybe EliteGhost will get it install & up & running before me...:plane:
     
  14. Y314K

    Y314K MDL Junior Member

    May 25, 2014
    51
    13
    0
    Added DisableEncryptedDiskProvisioning request over at WinReducer since this 3 options need to be implemented at first install for them to really make a difference. Hopefully it gets added soon.

    Can someone that already has Win 8.1 running grab an ISO & the latest WinReducer 8.1 & run ONLY DisableEncryptedDiskProvisioning + TCGSecurityActivationDisabled save the ISO & check it to see if there was an autounattend.xml or some other XML created to implement both new settings & posted back. Still not sure how WinReducer implements the new settings.

    Guess one way to check it would be to install the above edited ISO on a VM & check the registry settings after installation.

    This is probably a dumb ? but if one installs an unedited Windows 8.1 on a VM on a SSD. The SSD should be completely protected from the eDrive & bitloccker crap, Right ???
     
  15. orbidia

    orbidia MDL Junior Member

    Feb 22, 2010
    79
    30
    0

    Answer:

    I used WinReducer to set the two settings. WinReducer puts an AutoUnattend.xml file in the root of the ISO with these lines inside:

    <TCGSecurityActivationDisabled>1</TCGSecurityActivationDisabled>

    <DiskConfiguration>
    <DisableEncryptedDiskProvisioning>true</DisableEncryptedDiskProvisioning>
    </DiskConfiguration>

    When loading Windows into a VM, "TCGSecurityActivationDisabled"=dword:00000001 is in the correct place in the registry as given above.

    Searching the registry for DisableEncryptedDiskProvisioning yields nothing. So this isn't a setting in the registry.
    Also, "PreventDeviceEncryption" is also not in the registry after first bootup.
     
  16. Y314K

    Y314K MDL Junior Member

    May 25, 2014
    51
    13
    0
    #17 Y314K, Jun 29, 2014
    Last edited: Jun 29, 2014
    Thanks a lot for doing the leg work... Is that everything that is on the AutoUnattend.xml or is that just the relevant stuff? Also, which version of W8.1 ISO did u used? Pro WMC, Murphy78's AIO or ???

    I wonder if turning on the <DisableEncryptedDiskProvisioning> gets rid of the need to set <PreventDeviceEncryption> as true. But since both my not be part of the registry. I wonder how that can be tested. Or it might not be in the registry because it's being run on a VM... And there is nothing to Provision or Encrypt. Not sure how Windows on a VM handles those things... Anybody got any ideas ?

    Murphy78 mentioned having to delete the ei.cfg. I guess that was from his AIO. Did the ISO u used had an ei.cfg ? & did WinReducer got rid of it ?

    The <PreventDeviceEncryption> option will be included on WinReducer v1.12... So that should give us that proper code that goes in the AutoUnattend.xml. Man is WinterStorm2050 fast with his updates or what!!! He also mentioned that removing BitLocker all together has never giving him any problems.

    Would post links to the info but I don't have the option to do that yet. Thanks again Orbidia.. Keep posting if you keep playing with the options...
     
  17. fritzzz

    fritzzz MDL Novice

    May 2, 2015
    1
    0
    0
    I just had to unprovision my SSD because Windows 8.1 silently enables the Device encryption during install. After PSID-reverting it, I also had to disable the silent Device encryption during Windows 8.1 install.

    During Install press Shift+F10 to load the command prompt. Then just add the registry key mentioned earlier:

    "reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\EnhancedStorageDevices /v TCGSecurityActivationDisabled /t REG_DWORD /d 1 /f"

    you can use "reg query HKLM\SOFTWARE\Policies\Microsoft\Windows\EnhancedStorageDevices" to check if the key was added correctly.
    (note: this key was not already present on the install image)

    This worked fine for me. I am running an unencrypted SSD now.