A Windows System Admin's Blog

Covering Server Administration, Endpoint Management, Scripting and Network Management

Bypass Windows 11 TPM Setup Checks

Quick one – I’m doing some testing in my home lab environment with Windows 11 and this box doesn’t have a TPM (so it’s not enabled in Hyper-V). Booting up the Windows 11 iso and trying to install will tell you that it’s unsupported. To get around that, load the setup as normal and once you reach the language and time screen press Shift+F10 to bring up the command prompt.  Type regedit and hit enter to launch Reg Edit for the pre-install environment.  Navigate to the HKEY_LOCAL_MACHINE\SYSTEM\Setup registry hive and create a new Key called LabConfig.  Now under LabConfig create two DWROD (32-bit) values, one BypassTPMCheck and the other BypassSecureBootCheck and set both of these to a value of 1.  If you don’t have enough RAM allocated you can also add a DWORD of BypassRAMCheck and value of 1.

Once you’re done close up Regedit and the Command Prompt and you can start the setup process and install as normal.

As a side – once you hit the connect to a network screen, press Shift+F10 and enter the following command to bypass the Microsoft Account requirement.

oobe\bypassnro

Hope that helps.

Leave a Reply

More Posts

Fixing SQL Reporting Services The URL has already been reserved error during Configuration

I was recently helping out a colleague with an SQL Server Reporting Services (SSRS) installation. When it came time to configuring that instance of SSRS and making it listen on port 80 for that particular site we got The URL has already been reserved warning message, navigating to the Reporting Services URLs gives us a HTTP […]

How to allow an Active Directory Certificate Authority to generate Certificates with a Subject Alternative Name attribute

Starting with Google Chrome 58, Chrome no longer trusts certificates without the Subject Alternative Name attribute, so this makes it a little troublesome for those with internal CAs where you rely on them for Software Development. We noticed last week that some end users couldn’t hit an internal application over HTTPS, but was fine in […]

Using WireGuard on Windows with no local administrator rights

I’ve recently been helping a non-profit uplift their security – we’ve put in a UniFi Gateway along with cleaning up their 365 tenancy and endpoint management. As part of this, we’ve implemented a WireGuard VPN back to their NAS as well as remove local admin rights from end users. Unfortunately, WireGuard by default requires local […]