All / Intune / Powershell / Windows

Install Windows 11 without TPM

jannikreinhard

With Windows 11, microsoft take the decision that a TPM 2.0 (Trusted Platform Module) is mandatory to run windows 11. Due to this prerequisite, Windows 11 cannot be installed or upgraded on many computers. In this blog, we’ll look at what a TPM is, how to check if you have a TPM 2.0, and how to install Windows anyway.

What is a TPM?

A TPM is a security module which is typically located on the motherboard. A TPM stores user data, biometric data for e.g. windows hello or other cryptographic keys. The TPM can also act as a processor for creating hardware-based hashes. It is almost impossible for attackers to access the data in the TPM.

How can I check if a have an TPM 2.0

  • open a cmd and enter tpm.msc
  • If you do not have TPM then the window looks like this:

To get more information about the TPM open a powershell window as administrator and type get-tpm

To find out the TPM version run the following command in an administrative cmd:

wmic /namespace:\\root\cimv2\security\microsofttpm path win32_tpm get /value

You will see the version at SpecVersion=”

How to Install Windows 11 without an TPM 2.0

Disclamer: You have to consider that by disabling the TPM check you may not have support for important security features and it is not guaranteed that windows will work properly. The TPM is used for features such as Device Health Attestation, SecureBIO, System Guard and Windows Hello.

  • Create an boot stick (On Mac I use e.g. etcher)
  • Plug in the bootstick and start the installation
  • Select the language and click start installation
  • Press Shift + F10 to open a CMD and
  • Type regedit
  • Navigate to:
Computer\HKEY_LOCAL_MACHINE\SYSTEM\Setup
  • Right-click on the Setup key and select New > Key
  • Name the key LabConfig
  • Right-click and New -> DWORD (32-bit) Value
  • Name the value BypassTPMCheck
  • Double-click on the value
  • Set the value data to 1
  • Click OK
  • Create two more DWORD value
    • Name: BypassRAMCheck
      • Value: 1
    • Name: BypassSecureBootCheck
      • Value: 1
  • Close the Registry and the CMD Windows
  • Press the back button on your Windows 11 setup screen on the left upper corner
  • Install Windows 11

As mentioned before, this is a way to install Windows 11 even if you don’t have a TPM, but be aware that you’re giving up some important security features. Hope I could help you with this blog post.

Stay healthy, Cheers
Jannik