TPM and SecureBoot bypass in Settings (v2.3.0.8394)

garlin

Moderator
Staff member
Native support for TPM and SecureBoot bypass is available in NTLite v2.3.0.8394.
Registry keys for LabConfig (original 3) & MoSetup will be created.

Untitled1.png

Reapply tasks across editions / Configure - Settings. Select "Windows Setup", skipping the other boot images. Apply and done.

Untitled2.png

edit: if using setup.exe to install and still getting blocked by TPM requirement, apply the settings to the Host (C:\Windows) as well
 
Last edited by a moderator:

garlin

Moderator
Staff member
NTLite doesn't have a StorageCheck bypass, apply this reg tweak if your drive is below 64 GB.

[HKEY_LOCAL_MACHINE\SYSTEM\Setup\LabConfig]
"BypassStorageCheck"=dword:00000001
 

nuhi

NTLite developer
Staff member
Thanks.
Uploaded a small update to include a separate option for storage and RAM, it's not actually part of the initial TPM requirement.
 

garlin

Moderator
Staff member
Not sure what you mean about "without USB stick". The bypass goes inside wherever the Setup runs from.
On clean install from USB, inside the boot image. On upgrade to existing W10 system, it must added to the local registry.

But yes, it's that simple now. Two clicks.
 

nuhi

NTLite developer
Staff member
So if i understood right nuhi, all the following bypasses are now integrated in NTlite and i can do a full unattended install of Win11 without using a USB-Stick during installation anymore?

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\Setup\LabConfig]
"BypassTPMCheck"=dword:00000001
"BypassSecureBootCheck"=dword:00000001
"BypassRAMCheck"=dword:00000001
"BypassStorageCheck"=dword:00000001
"BypassCPUCheck"=dword:00000001

If yes, i will extend my NTLite license for another year. I´m only waiting for that.
Yes, all of those are set if you enable TPM and Storage setup requirement disabling.
Read the description of those, basically enable boot.wim processing for Settings as well.

Also it should enable setup.exe method as well now, not just usb stick if that's what you aimed at.
 

WinLite

Member
I want to integrate my selfmade registry file for Bypass directly into boot.wim and install.wim with NTLite. Boot.wim is devided in two parts (Windows PE and Windows Setup). Can i integrate my regfile into both of them (one after the other) or shall i integrate it into one of them only? And will it work automaticly like that during installation of Win11?
 
Last edited:

nuhi

NTLite developer
Staff member
I want to integrate my selfmade registry file for Bypass directly into boot.wim and install.wim with NTLite. Boot.wim is devided in two parts (Windows PE and Windows Setup). Can i integrate my regfile into both of them (one after the other) or shall i integrate it into one of them only? And will it work automaticly like that during installation of Win11?
To add actions to other editions, simple choose so on the Apply page - Reapply tasks, then under Integrate - Registry, tick other editions.
Then the tool will do it in sequence, you don't have to think about it, and everything is saved on a single file for future repeat.

You can also use the NTLite built-in settings, then propagate Settings tasks.

If you configure boot.wim only, it is for start of setup, yes I believe it's all that matters in this setup requirement case, but to be on the safe side it's best to disable it on Install.wim and propagate to boot.wim editions, together with other settings.
 

WinLite

Member
1. I integrated my bypass reg file into the isolated install.wim with NTLite.
2. Now i want to integrate my reg file the same way into the boot.wim but don´t know if i have to integrate it into the Windows PE and the Windows Setup part of it or only in one of them?

For my understanding Windows Setup should be enough because it´s the default one and should have the boot flag.
Windows PE instead should only be for recovery and repairing actions and therefore might not need the bypass reg file.
But i ask because i´m not shure about that.

EDIT:

My guess was right. I tested it with only Windows Setup integration and there were no more objections / restrictions. NTLite works like a charm. :)
 
Last edited:

garlin

Moderator
Staff member
Outside of boot.wim (Setup), the other place for bypass is preparing W10 systems for live upgrade. This will be W11 installed by WU, or local upgrade task. In that uncommon case, the reg edit gets loaded to the live W10.
 
Last edited:

WinLite

Member
Right but i personally never make upgrades or use WU because of updates for updates. Since WinXP i only install new final versions every one or two years. Depend on how stable they are. For my security i always make offline installations and backups of that before i go online for the first time. The rest is secured by a Fritz!Box Router and Internet Security Suite. Like that i never had any problems and if that will happen one day, i simply install my clean backup and continue. MS is to inconsistent for my taste. That´s also the reason why my last W10 was 19H2.1909. After that it was all downhill. Now i like more the new W11 with a good treatment and brainwash from NTLite of course. ;)
 

garlin

Moderator
Staff member
There are organizations that do live upgrades because they don't want to erase user files. Huge time savings for them.
We still have those people showing up with NTLite questions. But I hear you.
 

WinLite

Member
I´m only a private person and prefer a maximum peace of mind. Companie´s are a completely different story. If i would have one, i would of course think different too.
 
Top