Windows 11 Setup TPM Bypass - the many ways

Discussion in 'Windows 11' started by BAU, Sep 2, 2021.

  1. BAU

    BAU MDL Expert

    Feb 10, 2009
    1,106
    2,726
    60
    #1 BAU, Sep 2, 2021
    Last edited: Oct 4, 2021
    Create bypass.bat or unzip attached in/to the usb stick you've made with windows 11 or the extracted ISO folder
    Code:
    ::
    del /f /q "%~dp0sources\appraiserres.dll"
    reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\WinPE" || (start "11" "%~dp0setup.exe" &exit)
    for %%X in (RAM SecureBoot Storage TPM) do reg add HKLM\SYSTEM\Setup\LabConfig /v Bypass%%XCheck /d 1 /t reg_dword /f
    start "11" "%~dp0sources\setup.exe"
    ::
    
    - Start setup from under windows for upgrades via bypass.bat
    - Start setup from boot via Shift+F10 at the first windows 11 setup screen, then enter C:\bypass
    (where C is the letter for the setup media, just try next until it starts i.e. D:\bypass E:\bypass)

    Notes:
    if you're gonna create a DVD instead of a bootable USB, delete sources\appraiserres.dll before burning

    edit: or just create the iso / usb / live install via Universal MediaCreationTool.bat
    if you need to modify an already made usb / extracted iso files, here's the standalone script:
    Skip_TPM_Check_on_Media_Boot.cmd
    Code:
    
    @title Skip TPM Check on Media Boot & color 1e & echo on & (set media=%1)
    ::#  run from the root of the USB drive or ISO files to add reg overrides in sources\boot.wim via winpeshl.ini
    
    @pushd "%~dp0" & if defined media pushd %media% & if not exist sources\boot.wim popd
    @if not exist sources\boot.wim echo; SOURCES\BOOT.WIM NOT FOUND! & timeout /t 5 & exit/b
    @fltmc>nul || (set _="%~f0" %* & powershell -nop -c start -verb runas cmd \"/d/x/rcall $env:_\"  & exit/b)
    @dism /cleanup-wim & mkdir C:\ESD\AveYo>nul & set ini=C:\ESD\AveYo\Windows\System32\winpeshl.ini & (set By=By)
    @dism /mount-wim /wimfile:sources\boot.wim /index:2 /mountdir:C:\ESD\AveYo & (set DO=commit) & if exist %ini% (set DO=discard)
     >%ini% echo;[LaunchApps]
    >>%ini% echo;cmd, "/c reg add HKLM\SYSTEM\Setup\LabConfig /v %By%passTPMCheck /d 1 /t reg_dword /f"
    >>%ini% echo;cmd, "/c reg add HKLM\SYSTEM\Setup\LabConfig /v %By%passSecureBootCheck /d 1 /t reg_dword /f"
    >>%ini% echo;cmd, "/c reg add HKLM\SYSTEM\Setup\LabConfig /v %By%passStorageCheck /d 1 /t reg_dword /f"
    >>%ini% echo;cmd, "/c reg add HKLM\SYSTEM\Setup\LabConfig /v %By%passRAMCheck /d 1 /t reg_dword /f"
    >>%ini% echo;%%SYSTEMDRIVE%%\setup.exe
    @dism /unmount-wim /mountdir:C:\ESD\AveYo /%DO% & rd /s /q C:\ESD\AveYo & del /f /q sources\appraiserres.dll>nul
    
    
    If you need to bypass running setup.exe under windows / getting insider builds via windows update (after offlineinsiderenroll or something), here's the standalone toggle script (can also be directly pasted into powershell:
    Skip_TPM_Check_on_Dynamic_Update_v1.cmd
    Code:
    
    @(set "0=%~f0"^)#) & powershell -nop -c iex([io.file]::ReadAllText($env:0)) & exit/b
    #:: double-click to run or just copy-paste into powershell - it's a standalone hybrid script
    #:: v1 of the toggle script works perfectly fine for most people with a non-botched windows installation
    #:: uses a fast, fileless wmi subscription to watch for the Virtual Disk Service Loader process running during setup,
    #:: then launches a cmd erase of appraiserres.dll - that's all there is to it, no rocket science, just a great implementation
    #:: you probably don't need to have it installed at all times - just when doing feature updates or manual setup within windows
    #:: hence the on off toggle just by running the script again
    
    $_Paste_in_Powershell = {
      $N = 'Skip TPM Check on Dynamic Update';  $off = $false
      $0 = sp 'HKLM:\SYSTEM\Setup\MoSetup' 'AllowUpgradesWithUnsupportedTPMOrCPU' 1 -type dword -force -ea 0
      $0 = ri 'HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vdsldr.exe' -force -ea 0
      $0 = sc.exe config Winmgmt start= demand; sp HKLM:\SOFTWARE\Microsoft\Wbem 'Enable Costly Providers' 0 -type dword -force -ea 0
      $B = gwmi -Class __FilterToConsumerBinding -Namespace 'root\subscription' -Filter "Filter = ""__eventfilter.name='$N'""" -ea 0
      $C = gwmi -Class CommandLineEventConsumer -Namespace 'root\subscription' -Filter "Name='$N'" -ea 0
      $F = gwmi -Class __EventFilter -NameSpace 'root\subscription' -Filter "Name='$N'" -ea 0
      if ($B) { $B | rwmi; $off = $true } ; if ($C) { $C | rwmi; $off = $true } ; if ($F) { $F | rwmi; $off = $true }
      if ($off) { write-host -fore 0xf -back 0xd "`n $N [REMOVED] run again to install "; timeout /t 5; return }
      $P = "$([environment]::SystemDirectory)\cmd.exe"; $T = "$P /q $N (c) AveYo, 2021 /d /rerase appraiserres.dll /f /s /q"
      $D = "$($P[0]):\`$WINDOWS.~BT"; $Q = "SELECT SessionID from Win32_ProcessStartTrace WHERE ProcessName='vdsldr.exe'"
      $F = swmi -Class __EventFilter -NameSpace 'root\subscription' -args @{
        Name = $N; EventNameSpace = 'root\cimv2'; QueryLanguage = 'WQL'; Query = $Q} -PutType 2 -ea 0
      $C = swmi -Class CommandLineEventConsumer -Namespace 'root\subscription' -args @{
        Name = $N; WorkingDirectory = $D; ExecutablePath = $P; CommandLineTemplate = $T; Priority = 128} -PutType 2 -ea 0
      $B = swmi -Class __FilterToConsumerBinding -Namespace 'root\subscription' -args @{Filter=$F;Consumer=$C} -PutType 2 -ea 0
      write-host -fore 0xf -back 0x2 "`n $N [INSTALLED] run again to remove "; timeout /t 5
    } ; start -verb runas powershell -args "-nop -c & {`n`n$($_Paste_in_Powershell-replace'"','\"')}"
    $_Press_Enter
    #::
    
    WMI-based version above works great with most PC's, but as always there are outliers, so here's an alternative IFEO-based v2 which should be more compatible (it removes v1 to prevent redundancy)

    Skip_TPM_Check_on_Dynamic_Update_v2.cmd
    Code:
    
    @(set "0=%~f0"^)#) & powershell -nop -c iex([io.file]::ReadAllText($env:0)) & exit/b
    #:: double-click to run or just copy-paste into powershell - it's a standalone hybrid script
    #:: v2 of the toggle script comes to the aid of outliers for whom v1 did not work due to various reasons (broken/blocked/slow wmi)
    #:: uses IFEO instead to attach to the same Virtual Disk Service Loader process running during setup, then launches a cmd erase
    #:: of appraiserres.dll - but it must also do some ping-pong renaming of the exe in system32\11 - great implementation nonetheless
    #:: (for simplicity did not use powershell invoking CreateProcess and DebugActiveProcessStop to overcome IFEO constrains)
    #:: in v2 the cmd window will briefly flash while running diskmgmt - so it is not "better" per-se. just more compatible / reactive
    #:: you probably don't need to have it installed at all times - just when doing feature updates or manual setup within windows
    #:: hence the on off toggle just by running the script again
    
    $_Paste_in_Powershell = {
      $N = 'Skip TPM Check on Dynamic Update'
      $0 = sp 'HKLM:\SYSTEM\Setup\MoSetup' 'AllowUpgradesWithUnsupportedTPMOrCPU' 1 -type dword -force -ea 0
      $B = gwmi -Class __FilterToConsumerBinding -Namespace 'root\subscription' -Filter "Filter = ""__eventfilter.name='$N'""" -ea 0
      $C = gwmi -Class CommandLineEventConsumer -Namespace 'root\subscription' -Filter "Name='$N'" -ea 0
      $F = gwmi -Class __EventFilter -NameSpace 'root\subscription' -Filter "Name='$N'" -ea 0
      if ($B) { $B | rwmi } ; if ($C) { $C | rwmi } ; if ($F) { $F | rwmi }
      $C = "cmd /q $N (c) AveYo, 2021 /d/x/r>nul (erase /f/s/q %systemdrive%\`$windows.~bt\appraiserres.dll"
      $C+= '&md 11&cd 11&ren vd.exe vdsldr.exe&robocopy "../" "./" "vdsldr.exe"&ren vdsldr.exe vd.exe&start vd -Embedding)&rem;'
      $K = 'HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vdsldr.exe'
      if (test-path $K) {ri $K -force -ea 0; write-host -fore 0xf -back 0xd "`n $N [REMOVED] run again to install "; timeout /t 5}
      else {$0=ni $K; sp $K Debugger $C -force; write-host -fore 0xf -back 0x2 "`n $N [INSTALLED] run again to remove ";timeout /t 5}
    } ; start -verb runas powershell -args "-nop -c & {`n`n$($_Paste_in_Powershell-replace'"','\"')}"
    $_Press_Enter
    #::
    
     

    Attached Files:

    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  2. Enthousiast

    Enthousiast MDL Tester

    Oct 30, 2009
    37,388
    63,982
    450
    #2 Enthousiast, Sep 2, 2021
    Last edited: Sep 2, 2021
    Just thinking about how people who can't even swap an install.wim from one iso to another would be capable of doing this:thinking:;)

    And it was not about my tool post is sticky and the only one allowed (i never asked for stickyness nor got asked if i wanted it to be sticky, being the first comprehensive tool released probably made it sticky).

    win11 requires TPM 2.0, is this a deal breaker?
    was around since june, could have been a thread to discuss in?

    And about that thread only posting the zipped appraiserres.dll, this one was first afaik:
    https://forums.mydigitallife.net/th...odename-sun-valley.83555/page-23#post-1665788
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  3. BAU

    BAU MDL Expert

    Feb 10, 2009
    1,106
    2,726
    60
    Don't mind me, I'm just curbing your enthusiasm of sticking a fist into our mere mortals mouths :D
    Going ham on that original poster for not using "the tool(s)" maybe was warranted, maybe was not - after all, yours also bundle the dll, and there have been voices complaining about not being user-friendly, hence the topic as a poor attempt to simplify the solution.
    But you also went ham on Imperfect Human, without even acknowledging that it was a 3rd scenario of "clean-install-on-different-drive-under-windows" (root\setup vs. root\sources\setup) that might be of use to someone. You're on a roll, after the RTM vs murphy thing :p
    Like it or not, you do so much work around here that people perceive you as basically staff (why aren't you, yet?!)
    So valiantly trying to prove anyone wrong - even if warranted - can be felt as micro-aggression (like how you probably think of me as an arrogant son-of-a-gun - yeah, we're alike)
    Let's face it, it's a fight with windmills to get people these days to use search and take advantage of aggregated information. 9 out of 10, people are gonna create a new thread, and not exactly due to malice, stupidity or laziness, but out of excitement!
    I'm so excited to run Windows 11 on my potatoes that I had to post how I did it :D
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  4. Enthousiast

    Enthousiast MDL Tester

    Oct 30, 2009
    37,388
    63,982
    450
    #4 Enthousiast, Sep 2, 2021
    Last edited: Sep 2, 2021
    That didn't even work, check the gif i published in that thread, and not even explained well by that contributor, please start a convo with him, make sure you provide a working email address, else you will be reported;)

    And you won't ever see me posting my variant or tool unprovoked in other peoples threads, i even discourage people doing that.

    Nah, yes i think you are an arrogant example of a highly skilled coder but i was used to that when learning from Murphy78 in the era that only people with coding skills were taken seriously;)

    This thread is at least not a fork nor a tool, this is what i consider a workaround.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  5. BAU

    BAU MDL Expert

    Feb 10, 2009
    1,106
    2,726
    60
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  6. Enthousiast

    Enthousiast MDL Tester

    Oct 30, 2009
    37,388
    63,982
    450
    Very disappointing lame attempt to humor:rolleyes:
    Like he had a clue what he was doing.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  7. Reznov

    Reznov MDL Member

    May 17, 2012
    163
    385
    10
    #7 Reznov, Sep 3, 2021
    Last edited: Sep 3, 2021
    I have tried this bypass method on a 5th gen i5 Laptop without TPM and it worked flawlessly.
    Thank you very much indeed @BAU !

    Screenshot 2021-09-03 035934.png
     
  8. zucrin

    zucrin MDL Senior Member

    Feb 2, 2011
    297
    270
    10
    Did you forget some keys ?
    Lol didn't read ;) u add this keys
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  9. BAU

    BAU MDL Expert

    Feb 10, 2009
    1,106
    2,726
    60
    no, the for .. line actually sets all 4 bypasses
    but you did miss one ;)
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  10. zucrin

    zucrin MDL Senior Member

    Feb 2, 2011
    297
    270
    10
    Just wake up .. miss them
    But I have some thought
    Why not create custom setup.exe file instead
    that run under windows environment and add this keys
    And replace the original setup.exe file
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  11. RobrPatty

    RobrPatty MDL Addicted

    Jul 23, 2009
    760
    267
    30
    Installed on 2 machines, worked flawlessly. Thx BAU
     
  12. BAU

    BAU MDL Expert

    Feb 10, 2009
    1,106
    2,726
    60
    that's even more horrible than editing boot.wim
    there are security implications with using 3rd party binaries, and actually reduced convenience fighting antivirus
    plain text scripts are far more secure and convenient when it comes to sensitive stuff like the os image and post-install tweaks
    but I'm sure there's already something featuring it or in the process of adding such feature - winntsetup and similar projects here on mdl
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  13. GaGiLu

    GaGiLu MDL Junior Member

    May 4, 2017
    76
    15
    0
    Created a Win 11 iso with your MCT wrapper, and tried this solution, but it say my machine is not able to install windows 11, the same happen with the fix kit from the sticked thread.
     
  14. BAU

    BAU MDL Expert

    Feb 10, 2009
    1,106
    2,726
    60
    What are your specs? At the bare minimum a 64-bit CPU is needed, there's no way around that since Windows 11 only comes as x64
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  15. Ray Willis

    Ray Willis MDL Novice

    Apr 15, 2015
    36
    3
    0
    "snippets"
    How to use this tool to bypass Windows 11 DVD ISO boot check for TMP ?. Thanks for advice
     
  16. mdl052020

    mdl052020 MDL Member

    May 31, 2020
    1,144
    983
    60
    how you Managed your "DeviceID" & "ProductID" ===> ProductPolicy or Reg
    or its just hidden ?

    For me i do run powershell script shared to me via some Russian Anon Group Admin on his discord channel.

    Result :
    a.png

    Remains Stable till date ;)
    SQMCLIENT Never Came Back in my Scenario after even 100's of Reboots where DeviceID is saved via using his powershell script .
    If i use my own productpolicy or reg tweak then it always came back after a single reboot.
    Note: DeviceID is related to hwid Act using your Physical Address of Network Interface Card.
     
  17. BAU

    BAU MDL Expert

    Feb 10, 2009
    1,106
    2,726
    60
    what tool? was just a guide, where all the heavy lifting was done by hand
    for having it automatically bypassed, just create the iso / usb with MediaCreationTool.bat, it incorporates standalone scripts for that - now added to the top post as well

    I bet that's just painted over manually ;)
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  18. mdl052020

    mdl052020 MDL Member

    May 31, 2020
    1,144
    983
    60
    Hmm ;)
     
  19. suzook

    suzook MDL Novice

    Oct 2, 2021
    8
    2
    0
    currently have a dual boot mac. I have win10 insider preview working. ANYWAY for me to get win 11 using this method, but as an update? I dont want to setup everything again.
     
  20. Pasta88

    Pasta88 MDL Expert

    Jun 17, 2009
    1,186
    34
    60
    Yes, I would like to know this info as well. Also, is there a way to get updates using this method plz?

    TIA