Win11BypassISO


Superfly

Well-known member
Member
VIP
Local time
4:41 PM
Posts
446
OS
Windows
Just posting this here - as I tagged a thread when I came up with the idea - to keep the dev separate from the discussion regarding MS' impositions.

This is work in progress ATM including refactoring etc - also new Insider releases may even have more stumbling blocks but we will soldier on - I dislike MS authoritarianism.


Code:
Add Win 11 bypass registry "hacks" to Win 11 ISO
Win11BypassISO v1.0 bypasses hardware compatibility checks and internet requirement
Allows Local account creation on Home

Update: Version 1.1
Updated registry entries particular to Pro to allow no internet requirement (which is required with Insider ISO)

Update: Version 1.2
Refactoring - output is still verbose until exception handling implemented.

Update: Version 1.3
Added ESD compatibility
Note re-converting Wim back to ESD is resource intensive using Dism - so excluded in the script - use a 3rd party app like WimLib instead.

Update: Version 1.4
Added multiple image bypass injection

Note: Check the Sign-in options for local account creation (it will be the same as in older Win 11 versions)

Download here: Release Win11BypassISO · Superfly-Inc/My-Scripts
 
Last edited:

My Computer

System One

  • OS
    Windows

Superfly

Well-known member
Member
VIP
Thread Starter
Local time
4:41 PM
Posts
446
OS
Windows
Struggling with this

Code:
function Wim2ESD ($WimFile, $Images )
{
    $EsdFile = $WimFile -replace "wim", "esd"

    #Remove-WindowsImage -ImagePath $EsdFile -Index $Image

        for ($x = 1; $x -le $Images; $x++)
        {
            Dism /Export-Image /SourceImageFile:$WimFile /SourceIndex:$x /DestinationImageFile:$EsdFile /Compress:recovery
        }

    Remove-Item $WimFile -Force
}

My system just hangs - Note: Had to use Dism as PS does not support the ESD compression.

This works fine decompressing all the images

Code:
function ESD2Wim ($EsdFile, $Images )
{
        for ($x = 1; $x -le $Images; $x++)
        {

        Export-WindowsImage -SourceImagePath $EsdFile -SourceIndex $x -DestinationImagePath ($EsdFile -replace "esd", "wim") -CompressionType Max
        }

    Remove-Item $EsdFile -Force
}
 

My Computer

System One

  • OS
    Windows

Superfly

Well-known member
Member
VIP
Thread Starter
Local time
4:41 PM
Posts
446
OS
Windows
Struggling with this

Code:
function Wim2ESD ($WimFile, $Images )
{
    $EsdFile = $WimFile -replace "wim", "esd"

    #Remove-WindowsImage -ImagePath $EsdFile -Index $Image

        for ($x = 1; $x -le $Images; $x++)
        {
            Dism /Export-Image /SourceImageFile:$WimFile /SourceIndex:$x /DestinationImageFile:$EsdFile /Compress:recovery
        }

    Remove-Item $WimFile -Force
}

My system just hangs - Note: Had to use Dism as PS does not support the ESD compression.

This works fine decompressing all the images

Code:
function ESD2Wim ($EsdFile, $Images )
{
        for ($x = 1; $x -le $Images; $x++)
        {

        Export-WindowsImage -SourceImagePath $EsdFile -SourceIndex $x -DestinationImagePath ($EsdFile -replace "esd", "wim") -CompressionType Max
        }

    Remove-Item $EsdFile -Force
}
Well... I just gave up on it - Wimlib is far better than Dism in converting wim's to esd. So I commented out the junk in v1.3.
 

My Computer

System One

  • OS
    Windows

Superfly

Well-known member
Member
VIP
Thread Starter
Local time
4:41 PM
Posts
446
OS
Windows
Something interesting I noticed in Powershell..

Seems MS are moving away from the dot notation (as in C#) to a more pure PS notation.

I had to change this:

Code:
$SystemHive.IsReadOnly = $false

which resulted in an error ...

to this:
Code:
Set-ItemProperty -Path $SystemHive -Name IsReadOnly -Value $false

.. in v1.4
 

My Computer

System One

  • OS
    Windows

Superfly

Well-known member
Member
VIP
Thread Starter
Local time
4:41 PM
Posts
446
OS
Windows
I noticed we can't upgrade with removing the appraiserres.dll. anymore with 22621.

We need TPM 2.1 or higher to to use AllowUpgradesWithUnsupportedTPMOrCPU - with TPM enabled in Bios, all's well.

So no way to upgrade without TPM?
 

My Computer

System One

  • OS
    Windows

cereberus

Well-known member
Pro User
VIP
Local time
3:41 PM
Posts
2,048
OS
Windows 10 Pro + others in VHDs
I noticed we can't upgrade with removing the appraiserres.dll. anymore with 22621.

We need TPM 2.1 or higher to to use AllowUpgradesWithUnsupportedTPMOrCPU - with TPM enabled in Bios, all's well.

So no way to upgrade without TPM?
The long winded route (Manchester to Liverpool via New York, Sydney, Tokyo and Berlin) will probably work if you have Pro.
I am pretty sure Hyper-V will emulate TPM 2.1.


1) Clone OS to a vhdx file

2) mount vhdx in a Hyper-V vm with TPM emulation and secure boot set

3) upgrade vhdx in Hyper-V

4) shutdown Hyper-v

5) Mount vhdx as a drive

6) Image backup vhdx drive contents to external usb (Macrium Reflect or similar)

7) Boot from Rescue usb (or similar)

8) Restore image to Host OS.

Long winded - yep but worked on my non TPM laptop to upgrade but not done it recently - so I cannot totally guarantee it if Hyper-V still only emulates 2.0.
 

My Computer

System One

  • OS
    Windows 10 Pro + others in VHDs
    Computer type
    Laptop
    Manufacturer/Model
    ASUS Vivobook 14
    CPU
    I7
    Motherboard
    Yep, Laptop has one.
    Memory
    16 GB
    Graphics Card(s)
    Integrated Intel Iris XE
    Sound Card
    Realtek built in
    Monitor(s) Displays
    N/A
    Screen Resolution
    1920x1080
    Hard Drives
    1 TB Optane NVME SSD, 1 TB NVME SSD
    PSU
    Yep, got one
    Case
    Yep, got one
    Cooling
    Stella Artois
    Keyboard
    Built in
    Mouse
    Bluetooth , wired
    Internet Speed
    72 Mb/s :-(
    Browser
    Edge mostly
    Antivirus
    Defender
    Other Info
    TPM 2.0

Superfly

Well-known member
Member
VIP
Thread Starter
Local time
4:41 PM
Posts
446
OS
Windows
The long winded route (Manchester to Liverpool via New York, Sydney, Tokyo and Berlin) will probably work if you have Pro.
I am pretty sure Hyper-V will emulate TPM 2.1.


1) Clone OS to a vhdx file

2) mount vhdx in a Hyper-V vm with TPM emulation and secure boot set

3) upgrade vhdx in Hyper-V

4) shutdown Hyper-v

5) Mount vhdx as a drive

6) Image backup vhdx drive contents to external usb (Macrium Reflect or similar)

7) Boot from Rescue usb (or similar)

8) Restore image to Host OS.

Long winded - yep but worked on my non TPM laptop to upgrade but not done it recently - so I cannot totally guarantee it if Hyper-V still only emulates 2.0.
LOL.. Trust you to latch on to that - you know I meant 1.2... anyway I'm short of breath already... LOL
 

My Computer

System One

  • OS
    Windows

Superfly

Well-known member
Member
VIP
Thread Starter
Local time
4:41 PM
Posts
446
OS
Windows
This update is to do upgrades using the bypass iso.

Update: Version 1.6
  • Added appraiserres.dll backup and dummy appraiserres.dll replacement
 

My Computer

System One

  • OS
    Windows

jimbo45

Well-known member
Power User
VIP
Local time
2:41 PM
Posts
1,669
Location
Hafnarfjörður IS
OS
Windows XP,7,10,11 Linux Arch Linux
One possible way is to do it in a VM and then convert to a Real machine.
I noticed we can't upgrade with removing the appraiserres.dll. anymore with 22621.

We need TPM 2.1 or higher to to use AllowUpgradesWithUnsupportedTPMOrCPU - with TPM enabled in Bios, all's well.

So no way to upgrade without TPM?
Hi there
One possible way - a bit convoluted but usually works :

1) create (or use) a VM with an "Emulated" TPM.

2) Update

3) run macrium or whatever to image / clone the disk - if using a VM it's better to run macrium image

4) restore to a physical partition (only the "NTFS" Windows data partition -- not efi or whatever)

5) run bcdboot to update the windows bootloader to the efi partition on the boot disk (physical disk).

6) boot and update the odd bits you'll need like "Video device driver" as ist boot will probably just give you Ms "Basic" Video driver.

Note if you have any W10 images over then missing drivers can often be updated via update from windows\system32\Driverstor from the W10 system.

To get the bootloader to the correct efi file it's usually the 100mb hidden partition on the boot disk - in diskpart assign it as letter S, and say your restored windows image is in partition W then cd :\w:\windows\system32, bcdboot w:\windows /s S: /f UEFI should fix the bootloader. Best to use the command line from say a windows install iso though.

Cheers
jimbo
 

My Computer

System One

  • OS
    Windows XP,7,10,11 Linux Arch Linux
    Computer type
    PC/Desktop
    CPU
    2 X Intel i7

Superfly

Well-known member
Member
VIP
Thread Starter
Local time
4:41 PM
Posts
446
OS
Windows
One possible way is to do it in a VM and then convert to a Real machine.

Hi there
One possible way - a bit convoluted but usually works :

1) create (or use) a VM with an "Emulated" TPM.

2) Update

3) run macrium or whatever to image / clone the disk - if using a VM it's better to run macrium image

4) restore to a physical partition (only the "NTFS" Windows data partition -- not efi or whatever)

5) run bcdboot to update the windows bootloader to the efi partition on the boot disk (physical disk).

6) boot and update the odd bits you'll need like "Video device driver" as ist boot will probably just give you Ms "Basic" Video driver.

Note if you have any W10 images over then missing drivers can often be updated via update from windows\system32\Driverstor from the W10 system.

To get the bootloader to the correct efi file it's usually the 100mb hidden partition on the boot disk - in diskpart assign it as letter S, and say your restored windows image is in partition W then cd :\w:\windows\system32, bcdboot w:\windows /s S: /f UEFI should fix the bootloader. Best to use the command line from say a windows install iso though.

Cheers
jimbo
Yep, thanx Jims but I'm looking for seamless install/upgrades - as it was in the good old days.. LOL.
 

My Computer

System One

  • OS
    Windows

SIW2

Active member
Member
VIP
Local time
3:41 PM
Posts
269
I haven't been following this, do the old reg entries not work anymore ?

reg add "HKLM\SYSTEM\Setup\LabConfig" /f /v "BypassTPMCheck" /t REG_DWORD /d 1
reg add "HKLM\SYSTEM\Setup\LabConfig" /f /v "BypassSecureBootCheck" /t REG_DWORD /d 1
reg add "HKLM\SYSTEM\Setup\LabConfig" /f /v "BypassRAMCheck" /t REG_DWORD /d 1
reg add "HKLM\SYSTEM\Setup\LabConfig" /f /v "BypassStorageCheck" /t REG_DWORD /d 1
reg add "HKLM\SYSTEM\Setup\LabConfig" /f /v "BypassCPUCheck" /t REG_DWORD /d 1

this might be a different thing:

AllowUpgradesWithUnsupportedTPMOrCPU

WithUnsupportedTPM is different from BypassTPMCheck
 

My Computer

Superfly

Well-known member
Member
VIP
Thread Starter
Local time
4:41 PM
Posts
446
OS
Windows
I haven't been following this, do the old reg entries not work anymore ?

reg add "HKLM\SYSTEM\Setup\LabConfig" /f /v "BypassTPMCheck" /t REG_DWORD /d 1
reg add "HKLM\SYSTEM\Setup\LabConfig" /f /v "BypassSecureBootCheck" /t REG_DWORD /d 1
reg add "HKLM\SYSTEM\Setup\LabConfig" /f /v "BypassRAMCheck" /t REG_DWORD /d 1
reg add "HKLM\SYSTEM\Setup\LabConfig" /f /v "BypassStorageCheck" /t REG_DWORD /d 1
reg add "HKLM\SYSTEM\Setup\LabConfig" /f /v "BypassCPUCheck" /t REG_DWORD /d 1

this might be a different thing:

AllowUpgradesWithUnsupportedTPMOrCPU

WithUnsupportedTPM is different from BypassTPMCheck
Yep that's what gets injected into the Wims' registries via these functions.

Powershell:
Function Update-WimRegistry {

New-PSDrive -PSProvider Registry -Name HKU -Root HKEY_USERS | Out-Null

Reg.exe Load "HKU\Bypass" (Join-Path $Mount -ChildPath "\Windows\System32\config\SOFTWARE")

$registryPath = "HKU:\Bypass\Microsoft\Windows\CurrentVersion\OOBE"

if (-not (Get-Item $registryPath -ErrorAction SilentlyContinue).Property  -contains "BypassNRO")
{
    New-ItemProperty -Path $registryPath -Name "BypassNRO" -Value ”1” -PropertyType DWord
}

if (-not (Test-Path $registryPath\FirstBoot))
{
    New-Item -Path $registryPath -Name "FirstBoot"

    New-ItemProperty -Path $registryPath\FirstBoot -Name "FirstLogonUI" -Value ”1”  -PropertyType DWord
}

$OOBECompleteTimestamp = "e5,07,09,00,04,00,17,00,16,00,05,00,30,00,c8,01"

[byte[]] $HexBin = $OOBECompleteTimestamp.Split(',') | % { "0x$_"}

if (-not (Get-Item -Path $registryPath\OOBECompletedForOOBEHealth -ErrorAction SilentlyContinue).Property -contains "AnyoneReadOOBECompleted")
{
    New-ItemProperty -Path $registryPath\OOBECompletedForOOBEHealth -Name "AnyoneReadOOBECompleted" -Value ”1”  -PropertyType DWord

    New-ItemProperty -Path $registryPath\OOBECompletedForOOBEHealth -Name "OOBECompleteTimestamp" -Value $HexBin  -PropertyType Binary
}

Reg.exe Load "HKU\BypassUpgrade" (Join-Path $Mount -ChildPath "\Windows\System32\config\SYSTEM")

$registryPath = "HKU:\BypassUpgrade\Setup"

if (-not (Test-Path $registryPath\MoSetup))
{
    New-Item -Path $registryPath -Name "MoSetup"
}

if (-not (Get-Item -Path $registryPath\MoSetup -ErrorAction SilentlyContinue).Property -contains "AllowUpgradesWithUnsupportedTPMOrCPU")
{
    New-ItemProperty -Path $registryPath\MoSetup -Name "AllowUpgradesWithUnsupportedTPMOrCPU" -Value ”1”  -PropertyType DWord
}

Start-Sleep -Seconds 5

[GC]::Collect()

Remove-PSDrive -Name HKU | Out-Null

Reg.exe Unload "HKU\Bypass"

Reg.exe Unload "HKU\BypassUpgrade"

}

Function Update-BootRegistry {

$SystemHive = Join-Path $Mount -ChildPath "\Windows\System32\config\SYSTEM"

Set-ItemProperty -Path $SystemHive -Name IsReadOnly -Value $false

New-PSDrive -PSProvider Registry -Name HKU -Root HKEY_USERS | Out-Null

Reg.exe Load "HKU\BypassSetup" $SystemHive | Out-Null

$registryPath = "HKU:\BypassSetup\Setup"

if ((Get-Item $registryPath\LabConfig -ErrorAction SilentlyContinue) -eq $null)
{
    New-Item -Path $registryPath -Name "LabConfig"

    New-ItemProperty -Path $registryPath\LabConfig -Name "BypassTPMCheck" -Value ”1”  -PropertyType DWord

    New-ItemProperty -Path $registryPath\LabConfig -Name "BypassRAMCheck" -Value ”1”  -PropertyType DWord

    New-ItemProperty -Path $registryPath\LabConfig -Name "BypassSecureBootCheck" -Value ”1” -PropertyType DWord

    New-ItemProperty -Path $registryPath\LabConfig -Name "BypassCPUCheck" -Value ”1”  -PropertyType DWord
}

AllowUpgradesWithUnsupportedTPMOrCPU

... only works with existing TPM 1.2 and above... so not a complete solution - thus the appraiserress.dll dance

BTW I checked the appraiserress.dll binary code - seems all it does is compatibility checks - so changing it should not cause any issues unless Window Update complains - in which case restoring the backed up version may help in such an instance - we shall see.
 

My Computer

System One

  • OS
    Windows

jimbo45

Well-known member
Power User
VIP
Local time
2:41 PM
Posts
1,669
Location
Hafnarfjörður IS
OS
Windows XP,7,10,11 Linux Arch Linux
Yep that's what gets injected into the Wims' registries via these functions.

Powershell:
Function Update-WimRegistry {

New-PSDrive -PSProvider Registry -Name HKU -Root HKEY_USERS | Out-Null

Reg.exe Load "HKU\Bypass" (Join-Path $Mount -ChildPath "\Windows\System32\config\SOFTWARE")

$registryPath = "HKU:\Bypass\Microsoft\Windows\CurrentVersion\OOBE"

if (-not (Get-Item $registryPath -ErrorAction SilentlyContinue).Property  -contains "BypassNRO")
{
    New-ItemProperty -Path $registryPath -Name "BypassNRO" -Value ”1” -PropertyType DWord
}

if (-not (Test-Path $registryPath\FirstBoot))
{
    New-Item -Path $registryPath -Name "FirstBoot"

    New-ItemProperty -Path $registryPath\FirstBoot -Name "FirstLogonUI" -Value ”1”  -PropertyType DWord
}

$OOBECompleteTimestamp = "e5,07,09,00,04,00,17,00,16,00,05,00,30,00,c8,01"

[byte[]] $HexBin = $OOBECompleteTimestamp.Split(',') | % { "0x$_"}

if (-not (Get-Item -Path $registryPath\OOBECompletedForOOBEHealth -ErrorAction SilentlyContinue).Property -contains "AnyoneReadOOBECompleted")
{
    New-ItemProperty -Path $registryPath\OOBECompletedForOOBEHealth -Name "AnyoneReadOOBECompleted" -Value ”1”  -PropertyType DWord

    New-ItemProperty -Path $registryPath\OOBECompletedForOOBEHealth -Name "OOBECompleteTimestamp" -Value $HexBin  -PropertyType Binary
}

Reg.exe Load "HKU\BypassUpgrade" (Join-Path $Mount -ChildPath "\Windows\System32\config\SYSTEM")

$registryPath = "HKU:\BypassUpgrade\Setup"

if (-not (Test-Path $registryPath\MoSetup))
{
    New-Item -Path $registryPath -Name "MoSetup"
}

if (-not (Get-Item -Path $registryPath\MoSetup -ErrorAction SilentlyContinue).Property -contains "AllowUpgradesWithUnsupportedTPMOrCPU")
{
    New-ItemProperty -Path $registryPath\MoSetup -Name "AllowUpgradesWithUnsupportedTPMOrCPU" -Value ”1”  -PropertyType DWord
}

Start-Sleep -Seconds 5

[GC]::Collect()

Remove-PSDrive -Name HKU | Out-Null

Reg.exe Unload "HKU\Bypass"

Reg.exe Unload "HKU\BypassUpgrade"

}

Function Update-BootRegistry {

$SystemHive = Join-Path $Mount -ChildPath "\Windows\System32\config\SYSTEM"

Set-ItemProperty -Path $SystemHive -Name IsReadOnly -Value $false

New-PSDrive -PSProvider Registry -Name HKU -Root HKEY_USERS | Out-Null

Reg.exe Load "HKU\BypassSetup" $SystemHive | Out-Null

$registryPath = "HKU:\BypassSetup\Setup"

if ((Get-Item $registryPath\LabConfig -ErrorAction SilentlyContinue) -eq $null)
{
    New-Item -Path $registryPath -Name "LabConfig"

    New-ItemProperty -Path $registryPath\LabConfig -Name "BypassTPMCheck" -Value ”1”  -PropertyType DWord

    New-ItemProperty -Path $registryPath\LabConfig -Name "BypassRAMCheck" -Value ”1”  -PropertyType DWord

    New-ItemProperty -Path $registryPath\LabConfig -Name "BypassSecureBootCheck" -Value ”1” -PropertyType DWord

    New-ItemProperty -Path $registryPath\LabConfig -Name "BypassCPUCheck" -Value ”1”  -PropertyType DWord
}

AllowUpgradesWithUnsupportedTPMOrCPU

... only works with existing TPM 1.2 and above... so not a complete solution - thus the appraiserress.dll dance

BTW I checked the appraiserress.dll binary code - seems all it does is compatibility checks - so changing it should not cause any issues unless Window Update complains - in which case restoring the backed up version may help in such an instance - we shall see.

Query -- If you want to do a NEW install rather than an upgrade --there's no "Registry" to edit - so presumably you'd have to create a custom install.wim / esd / boot image to bypass the checks. Not sure how feasable or easy that would be. Of course if it CAN be done then you have all the advantages of being able to install via dism /ApplyImage.

Cheers
jimbo
 

My Computer

System One

  • OS
    Windows XP,7,10,11 Linux Arch Linux
    Computer type
    PC/Desktop
    CPU
    2 X Intel i7

Superfly

Well-known member
Member
VIP
Thread Starter
Local time
4:41 PM
Posts
446
OS
Windows
Query -- If you want to do a NEW install rather than an upgrade --there's no "Registry" to edit - so presumably you'd have to create a custom install.wim / esd / boot image to bypass the checks. Not sure how feasable or easy that would be. Of course if it CAN be done then you have all the advantages of being able to install via dism /ApplyImage.

Cheers
jimbo
You can access Boot.wim's registry via a command prompt->regedit during Setup via Shift+F10 or something - I heard it was not that reliable so not an option I would recommend.
 

My Computer

System One

  • OS
    Windows

SIW2

Active member
Member
VIP
Local time
3:41 PM
Posts
269
As far as I know, you dont need any regedits if you use apply method. I didnt need to.
 

My Computer

Top Bottom