Replies

bbearren wrote:

alQamar wrote:

What I said in my OP

Not quite.  I didn’t say:

alQamar wrote:

You need an USB pen drive

– TPM 2.0 or ftpm enabled and sha1 disabled and sha256 or newer enabled

– Vt-d /VT-x enabled

Enable Core isolation in Windows Security Center

Remove all older drivers that would prevent it via Device Manager

I said:

bbearren wrote:

I have upgraded Windows 10 to Windows 11 (Beta, the hardware-restricted beta) on both sides of my dual boot with my TPM 1.2 disabled in BIOS (untouchable by the OS) and Secure Boot disabled.

A pen drive is not needed for an inplace/upgrade.  It works quite well with a mounted ISO.  The other hardware requirements are not needed for an inplace/upgrade.

alright my OP has a weakness I wanted to express that TPM and sorts is not required at all but it is recommended to use TPM and GPT etc, outlining a bit how to get there and when to change it or not (if possible).

On the pen drive, you are right it is not needed in this case. Cannot correct it anymore.

Your quote is not in the correct context as the GPT / UEFI / TPM VT-x stuff is my personal recommendation. In the list before it matches your better explanation.

“I highly recommend to have”

• list
• of
• things

1. How would a user determine if these two security measures have been, or need to be, implemented on his/her system?
2. How would one go about implementing these two security measures?

   In many cases WSH can be blocked by applocker or sorts altogether. The need for it is dramatically reduced as most Windows / Server Products do not rely on it rather PowerShell 5.1. sconfig was one using it, is now based on PowerShell in Windows Server 2022. slmgr is another one using WSH, but can be replaced by better methods just like ADBA and / or VAMT in many cases

It is a good practice to disable it. However attackers today do not use WSH much, rather macros in Office and or PowerShell as well. Because they know the countermeasures.

1 user thanked author for this post.

Cybertooth

@Alex becoming Insider is in fact very easy but has requirements like full telemetry and Microsoft account (imho both have big benefits).

If someone wants to join Insider I welcome them.

Precaution: For Windows 11 please use the BETA Insider channel only, no longer the Dev. If Windows 11 is released, the same game applies on unsupported hardware as described to stay on this OS without reinstalling.
The Dev is not Windows 11 anymore, even it looks like it, it is now unrelated to a release.

tldr: the author of the article intended to show ways how to install Windows 11 on unsupported hardware. So it is not supported

nothing more or less I aided his (Brian Livingstones) work to provide a simple and effective way to reach the exact same with much less effort, backed up by bbearren in a more detailed post, while my how-to also encourage users to TRY using the new tech, but also give them a way if they cannot same as bbearren described.

Imho there is little room for a debate on “supported or not” as the whole article is about doing something unsupported.

“it is questionable at best whether Microsoft would support such an installation. “

It is not supported, I think I have made this very clear several times.
Also made clear that you might not need this class of support they offer. It is everyone’s choice if they want a modern and secure OS and support or the former and no support.
As you nailed it:

“unless you’re inclined to run a brand new unsupported operating system.”

So what’s the point to discuss about support?

And my point is: why not?

Why trashing good computers meeting the users current requirements of today and beyond 2025, when Windows 10 is out of support, too?

rc primak wrote:

Those not buying new computers will not be offered Windows 11 upgrades for a lot longer. Probably late-2021 or early-2022 for eligible systems.

Microsoft has made very clear that zero computers that comply with their requirements will receive an automatic upgrade via Windows Update (for Business). I would need to take some time to find this on twitter.
But: You can still use the ISO.

If we take the bold one, it is confirming only systems meeting the HW requirements will see an automated upgrade as with previous SAC releases.

source: https://www.microsoft.com/en-us/windows/windows-11

What if my PC doesn’t meet the minimum hardware specifications? Can I stay on Windows 10?

Yes! Windows 10 continues to be a great version of Windows. We have committed to supporting Windows 10 through October 14, 2025.

 

How will I know when the upgrade is available for my Windows 10 PC?

How much does it cost to upgrade from Windows 10 to Windows 11?

It’s free. But only Windows 10 PCs that are running the most current version of Windows 10 and meet the minimum hardware specifications will be able to upgrade. You can check to see if you have the latest updates for Windows 10 in Settings/Windows Update.

How long will the free upgrade offer last?

The free upgrade offer does not have a specific end date for eligible systems. However, Microsoft reserves the right to eventually end support for the free offer. This end date will be no sooner than one year from general availability.

be more specific supported compatibility. Not the technical one.

“How the heck can Microsoft be 30 days from the release of a new version of Windows and still not be able to tell me whether my machines will meet all its arbitrary diktats for hardware?”

If you understand the idea of this thread, this app does not matter. If this app qualifies your hardware or not it only tells you if you can claim Microsoft support or not.

As long as you do not need to open a support case with “Microsoft”.

All this is completely optional in this regard if you do not need their official support.
as Insider we have been said that the release version of W11 ISOs should not have ANY HW checks at all. but that is yet to confirm, so wait for the 5th of Oct. or even December to be super safe.

I would not even wonder if the support – external contractors to Microsoft  – some I have seen still using Windows Server 2008 R2 in 2020 to connect to your computer, do not check said requirements again once you have Windows 11 installed.

Remember my prediction. We do not have to eat this as hot as it is served.
Again and I repeat I recommend to comply with their requirements plus having more RAM than 4 GB, but not because it would not work or cannot be installed but because of security and usability.

There will be no “no-go” in the licensing terms to forbid the use of this OS, if licensed, just because technical recommendations are not met.

There is not a single line in the licensing terms describing the HW requirements and binding this to the legal use of the OS.

See: https://www.microsoft.com/licensing/terms/productoffering/WindowsDesktopOperatingSystem/MCA#UseRights

https://www.microsoft.com/licensing/terms/product/ForallSoftware/MCA

Seems you misunderstood my intention of the my OP.

I repeat you can install it under the given circumstances. Don’t give much on this compat test. It is marketing.

Olivier Gebuhrer wrote:

This was suposed to be a guideline for installing windows 11 without  TPM but you say :

– TPM 2.0 or ftpm enabled and sha1 disabled and sha256 or newer enabled Is it not a contradiction ?Please explain to a poor french customer .

I say it can be installed on any hardware. For security reasons I just made clear that I support the ideas / concept of UEFI / GPT / TPM 2.0 or fTPM and Core Isolation and many other protection layers like Windows Hello, Bitlocker – all using TPM 2.0.

You do not have to do all of this but it makes attacks much harder. I have now even uninstalled Malwarebytes as there is nothing compromising my system since + using Edge and proper security settings.

1 user thanked author for this post.

rc primak

bbearren wrote:

I don’t do clean installs, so this isn’t about a clean install.

I have upgraded Windows 10 to Windows 11 (Beta, the hardware-restricted beta) on both sides of my dual boot with my TPM 1.2 disabled in BIOS (untouchable by the OS) and Secure Boot disabled.

I’ve since reverted both back to Windows 10 simply by restoring their Image For Windows drive images, because I don’t want to run the Beta.  I’ll wait until the RTM, and give it another go and a more thorough test drive.

But upgrading is almost unbelievably simple; all you need is a Windows 10 ISO and a Windows 11 ISO.  Logged in as a member of the Administrators group, right-click and mount each ISO, one at a time.  In the mounted Windows 10 ISO, open the “sources” folder and delete the file, “install.esd”.  In the mounted Windows ll ISO open the “sources” folder and copy the “install.esd” file.  Paste that file in the Windows 10 mounted ISO “sources” folder, then unmount the Windows 11 ISO, you don’t need it anymore.

Now, in the mounted and modified Windows 10 ISO, right-click “setup.exe” and select “Run as administrator”, click Yes in the UAC, sit back and wait.  In about half an hour, you will be booted into Windows 11.  Works for my, YMMV.

What I said in my OP.

1 user thanked author for this post.

rc primak

anonymous wrote:

Microsoft’s tool for Windows 11 tells me that my computer’s core I7 processor implements TPM2.0, but at 5 years is too old and isn’t supported. I haven’t heard mention of a processor being too old, while the computer meets all the other requirements for TPM, Ram, free hard drive space, etc.

Anything older than Gen 8 and Ryzen 2000 is not supported, which just means you cannot contact support, but which does not mean you can still run it. If you do not need to contact MS support and most of us should not – and the quality is not great for home users anyway – except from licensing there is no problem to follow this instruction and be happy saving the planet from electronic waste and even more #overconsumption.

Analogy: Win 7 / Win 8.0 is out of support which does not mean it does not run (and either does not mean it is a good idea to run it.

erbkaiser wrote:

fTPM is firmware TPM, where there is no dedicated TPM chip but instead the CPU emulates one.

Many if not all fTPMs have at least two banks, one for SHA1 keys and one for SHA256  keys. If SHA1 and is enabled and SHA256 not, it is not a TPM 2.0.

If SHA1 and SHA256 are enabled at the same time, Windows11 may write the SHA256 hash with the SHA1 bank and fail.

So for optimal compatibility SHA1 needs to be turned OFF in the UEFI for any system with an fTPM.

On many systems SHA1 and SHA256 is enabled simulaneously. It has no relation with the TPM 2.0 but just the certificate hash security. The higher the better 10th gen Intel introduced even higher ones than SHA256.

erbkaiser wrote:

I would advice against installing Windows 11 on a computer without TPM 2 (or other requirements) as Microsoft has stated that these computers will not be able to update to the release version. This will leave these PCs in the sad state of running a beta build where the only option is to go back to Windows 10, which is only possible without a full reinstall if the previous version of Windows still exists on the hard drive. The longer the time from the Win11 beta install, the more likely this folder will be cleaned up for space.

 

 

You refer to the beta build my instruction is meant for the release build of Windows 11 coming on 5th of October. You will not have to uninstall anything. The next feature update will be likely an enablement package again and if there is a new full upgrade repeat the procedure.

2 users thanked author for this post.

wavy, rc primak

Hi Brian thanks for your Initiative to help saving the environment.

Windows 11 can be installed on any computer

(licensing required)

How to:

 

You need an USB pen drive

– Use the official Download Assistant and save the install files of Windows 10 to the USB pendrive.

– Mount a Windows 11 ISO via Explorer

– Place the Windows 11 sources\install.wim or install.esd to sources folder on the pen drive

Despite it’s technical possible.

I highly recommend to have

8 GB of RAM. The 4GB requirement is utterly nonsense and not practical especially with a x64 OS.

– An SSD or nvme as OS drive

In UEFI

– TPM 2.0 or ftpm enabled and sha1 disabled and sha256 or newer enabled

– Vt-d /VT-x enabled

– CSM or legacy boot Mode disabled) if your GPU supports it. Check before with gpu-z to see if the GPU has a UEFI GOP check.

If you drive C is still not GPT convert it via the mbr2gpt. Make sure not to have more than 4 Partitions on the drive and no extended Partitions. Generally do not partition the c drive manually. It’s at cost of Performance anyway.

Do not use mbr2gpt if any of the previous requirements on gpu or Partitions are not met.

 

In Windows

Enable Core isolation in Windows Security Center

Remove all older drivers that would prevent it via Device Manager

They are shown on enabling it. Windows 11 Device Manager can sort devices by driver names now which makes it very easy to identify blocking drivers. Often these are leftovers and not even used drivers.

1 user thanked author for this post.

AlexEiffel

Cannot tell never tinkered with this.

The correct way to do this is using Sc delete or PowerShell Remove-Service (PowerShell 7)

you should not delete only registry entries.

1 user thanked author for this post.

Microfix