TPM and SecureBoot bypass in NTLite Settings

garlin

Moderator
Staff member
Native support for TPM and SecureBoot bypass is available in NTLite v2.3.0.8394.
Registry keys for LabConfig (original 3) & MoSetup will be created.

Untitled1.png

Reapply tasks across editions / Configure - Settings. Select "Windows Setup", skipping the other boot images. Apply and done.

Untitled2.png

edit: if using setup.exe to install and still getting blocked by TPM requirement, apply the settings to the Host (C:\Windows) as well
 
Last edited by a moderator:
NTLite doesn't have a StorageCheck bypass, apply this reg tweak if your drive is below 64 GB.

[HKEY_LOCAL_MACHINE\SYSTEM\Setup\LabConfig]
"BypassStorageCheck"=dword:00000001
 
Thanks.
Uploaded a small update to include a separate option for storage and RAM, it's not actually part of the initial TPM requirement.
 
Not sure what you mean about "without USB stick". The bypass goes inside wherever the Setup runs from.
On clean install from USB, inside the boot image. On upgrade to existing W10 system, it must added to the local registry.

But yes, it's that simple now. Two clicks.
 
So if i understood right nuhi, all the following bypasses are now integrated in NTlite and i can do a full unattended install of Win11 without using a USB-Stick during installation anymore?

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\Setup\LabConfig]
"BypassTPMCheck"=dword:00000001
"BypassSecureBootCheck"=dword:00000001
"BypassRAMCheck"=dword:00000001
"BypassStorageCheck"=dword:00000001
"BypassCPUCheck"=dword:00000001

If yes, i will extend my NTLite license for another year. I´m only waiting for that.
Yes, all of those are set if you enable TPM and Storage setup requirement disabling.
Read the description of those, basically enable boot.wim processing for Settings as well.

Also it should enable setup.exe method as well now, not just usb stick if that's what you aimed at.
 
I want to integrate my selfmade registry file for Bypass directly into boot.wim and install.wim with NTLite. Boot.wim is devided in two parts (Windows PE and Windows Setup). Can i integrate my regfile into both of them (one after the other) or shall i integrate it into one of them only? And will it work automaticly like that during installation of Win11?
 
Last edited:
I want to integrate my selfmade registry file for Bypass directly into boot.wim and install.wim with NTLite. Boot.wim is devided in two parts (Windows PE and Windows Setup). Can i integrate my regfile into both of them (one after the other) or shall i integrate it into one of them only? And will it work automaticly like that during installation of Win11?
To add actions to other editions, simple choose so on the Apply page - Reapply tasks, then under Integrate - Registry, tick other editions.
Then the tool will do it in sequence, you don't have to think about it, and everything is saved on a single file for future repeat.

You can also use the NTLite built-in settings, then propagate Settings tasks.

If you configure boot.wim only, it is for start of setup, yes I believe it's all that matters in this setup requirement case, but to be on the safe side it's best to disable it on Install.wim and propagate to boot.wim editions, together with other settings.
 
1. I integrated my bypass reg file into the isolated install.wim with NTLite.
2. Now i want to integrate my reg file the same way into the boot.wim but don´t know if i have to integrate it into the Windows PE and the Windows Setup part of it or only in one of them?

For my understanding Windows Setup should be enough because it´s the default one and should have the boot flag.
Windows PE instead should only be for recovery and repairing actions and therefore might not need the bypass reg file.
But i ask because i´m not shure about that.

EDIT:

My guess was right. I tested it with only Windows Setup integration and there were no more objections / restrictions. NTLite works like a charm. :)
 
Last edited:
Outside of boot.wim (Setup), the other place for bypass is preparing W10 systems for live upgrade. This will be W11 installed by WU, or local upgrade task. In that uncommon case, the reg edit gets loaded to the live W10.
 
Last edited:
Right but i personally never make upgrades or use WU because of updates for updates. Since WinXP i only install new final versions every one or two years. Depend on how stable they are. For my security i always make offline installations and backups of that before i go online for the first time. The rest is secured by a Fritz!Box Router and Internet Security Suite. Like that i never had any problems and if that will happen one day, i simply install my clean backup and continue. MS is to inconsistent for my taste. That´s also the reason why my last W10 was 19H2.1909. After that it was all downhill. Now i like more the new W11 with a good treatment and brainwash from NTLite of course. ;)
 
There are organizations that do live upgrades because they don't want to erase user files. Huge time savings for them.
We still have those people showing up with NTLite questions. But I hear you.
 
I´m only a private person and prefer a maximum peace of mind. Companie´s are a completely different story. If i would have one, i would of course think different too.
 
Good morning.
I don't know if I did some procedure wrong, I disabled "TPM and SecureBoot" and "TPM and SecureBoot - Host", and trying the ISO on virtual machine the warning messages, "This PC does not meet the minimum system requirements for installing this version of Windows."
Any ideas?
Thanks

Screenshot-003.png


Screenshot-005.png
 
Sorry, I haven't effected this procedure, in which section should I act?
Thank you very much
 
I had that too and mostly when you use not your presets.
What helped me - uncheck the first item as shown in the picture and select it again, save and it will be OK.
You do the same for BOOT.wim and install.wim - it helped me well, I didn't check exactly what it does, it's a waste of time for crap.
 
did you click the configure settings in the reapply tasks across editions ?
under the apply tab before you create the image.

Apply > Reapply tasks across editions > Configure Settings

click the lit boxes
 
"This PC does not meet the minimum system requirements for installing this version of Windows."

The problem is simple. Your VM doesn't have enough RAM assigned.
Check the BypassRAM setting above BypassTPM.
 
Once you have selected the two "Setup requirement"
Reapply tasks across edition> Configure - Setting
is that correct?
Thank you

Screenshot-001.png


Screenshot-002.png
 
1. Yes
2. BypassTPM - Host does nothing for a clean USB install. It's for in-place Host upgrade.
 
Back
Top