Skip to content

Instantly share code, notes, and snippets.

@asheroto

asheroto/1-Windows-Setup-TPM-Bypass-Internet-Bypass.md

Last active July 1, 2024 03:30
Show Gist options
  • Save asheroto/c4a9fb4e5e5bdad10bcb831e3a3daee6 to your computer and use it in GitHub Desktop.
Save asheroto/c4a9fb4e5e5bdad10bcb831e3a3daee6 to your computer and use it in GitHub Desktop.
Download ZIP
Windows setup answer file working on Windows 11. Skips OOBE (EULA, networking) and pretty much everything else during normal setup.
Raw
1-Windows-Setup-TPM-Bypass-Internet-Bypass.md

Windows 10/11 Setup Answer File + TPM Bypass + CPU requirement + storage requirement + Internet requirement bypass + disable BitLocker automatic encryption

This is a Windows setup answer file working on Windows 10 and 11.

What it does:

  • Skips OOBE (EULA, networking) and pretty much everything else during normal setup
  • Sets Keyboard + Language to English (US)
  • Set timezone to Central Standard Time
  • Creates user "User" with password of "password"
  • Disables password expiration
  • Boots straight up to the login screen after setup is complete
  • Disables BitLocker from being automatically enabled

Change as needed.

To apply to your Windows image, put both of these files in the root of your ISO file, named:

  • autounattend.xml

Screenshot of ISO image here (I use PowerISO to edit ISO files)...

image

Raw
autounattend.xml
<?xml version="1.0" encoding="utf-8"?>
<unattend xmlns="urn:schemas-microsoft-com:unattend">
<settings pass="oobeSystem">
<component name="Microsoft-Windows-International-Core" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"
xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<InputLocale>0409:00000409</InputLocale>
<SystemLocale>en-US</SystemLocale>
<UILanguage>en-US</UILanguage>
<UILanguageFallback>en-US</UILanguageFallback>
<UserLocale>en-US</UserLocale>
</component>
<component name="Microsoft-Windows-Shell-Setup" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"
xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<TimeZone>Central Standard Time</TimeZone>
<OOBE>
<HideEULAPage>true</HideEULAPage>
<HideLocalAccountScreen>true</HideLocalAccountScreen>
<HideOnlineAccountScreens>true</HideOnlineAccountScreens>
<HideWirelessSetupInOOBE>true</HideWirelessSetupInOOBE>
<NetworkLocation>Home</NetworkLocation>
<ProtectYourPC>3</ProtectYourPC>
<SkipMachineOOBE>true</SkipMachineOOBE>
<SkipUserOOBE>true</SkipUserOOBE>
</OOBE>
<UserAccounts>
<AdministratorPassword>
<PlainText>true</PlainText>
<Value></Value>
</AdministratorPassword>
<LocalAccounts>
<LocalAccount wcm:action="add">
<Group>Administrators</Group>
<Name>User</Name>
<Password>
<PlainText>true</PlainText>
<Value>password</Value>
</Password>
</LocalAccount>
</LocalAccounts>
</UserAccounts>
<FirstLogonCommands>
<SynchronousCommand wcm:action="add">
<Order>1</Order>
<CommandLine>reg add "HKLM\SYSTEM\CurrentControlSet\Control\BitLocker" /v "PreventDeviceEncryption" /t REG_DWORD /d 1 /f</CommandLine>
<Description>Disable BitLocker automatic device encryption</Description>
</SynchronousCommand>
</FirstLogonCommands>
</component>
</settings>
<settings pass="specialize">
<component name="Microsoft-Windows-Deployment" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"
xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<RunSynchronous>
<RunSynchronousCommand wcm:action="add">
<Order>1</Order>
<Path>net accounts /maxpwage:unlimited</Path>
<WillReboot>Never</WillReboot>
</RunSynchronousCommand>
<RunSynchronousCommand wcm:action="add">
<Order>2</Order>
<Path>net user User /active:Yes</Path>
<WillReboot>Never</WillReboot>
</RunSynchronousCommand>
<RunSynchronousCommand wcm:action="add">
<Order>3</Order>
<Path>net user User /passwordreq:yes</Path>
<WillReboot>Never</WillReboot>
</RunSynchronousCommand>
</RunSynchronous>
</component>
<component name="Microsoft-Windows-Security-SPP-UX" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"
xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<SkipAutoActivation>true</SkipAutoActivation>
</component>
<component name="Microsoft-Windows-UnattendedJoin" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"
xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<Identification>
<JoinWorkgroup>WORKGROUP</JoinWorkgroup>
</Identification>
</component>
</settings>
<settings pass="windowsPE">
<component name="Microsoft-Windows-International-Core-WinPE" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"
xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<InputLocale>0409:00000409</InputLocale>
<SystemLocale>en-US</SystemLocale>
<UILanguage>en-US</UILanguage>
<UILanguageFallback>en-US</UILanguageFallback>
<UserLocale>en-US</UserLocale>
<SetupUILanguage>
<UILanguage>en-US</UILanguage>
</SetupUILanguage>
</component>
<component name="Microsoft-Windows-Setup" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"
xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<RunSynchronous>
<RunSynchronousCommand wcm:action="add">
<Order>1</Order>
<Path>reg add "HKLM\SYSTEM\Setup\LabConfig" /v "BypassTPMCheck" /t REG_DWORD /d 1 /f</Path>
<Description>Add BypassTPMCheck</Description>
</RunSynchronousCommand>
<RunSynchronousCommand wcm:action="add">
<Order>2</Order>
<Path>reg add "HKLM\SYSTEM\Setup\LabConfig" /v "BypassRAMCheck" /t REG_DWORD /d 1 /f</Path>
<Description>Add BypassRAMCheck</Description>
</RunSynchronousCommand>
<RunSynchronousCommand wcm:action="add">
<Order>3</Order>
<Path>reg add "HKLM\SYSTEM\Setup\LabConfig" /v "BypassSecureBootCheck" /t REG_DWORD /d 1 /f</Path>
<Description>Add BypassSecureBootCheck</Description>
</RunSynchronousCommand>
<RunSynchronousCommand wcm:action="add">
<Order>4</Order>
<Path>reg add "HKLM\SYSTEM\Setup\LabConfig" /v "BypassCPUCheck" /t REG_DWORD /d 1 /f</Path>
<Description>Add BypassCPUCheck</Description>
</RunSynchronousCommand>
<RunSynchronousCommand wcm:action="add">
<Order>5</Order>
<Path>reg add "HKLM\SYSTEM\Setup\LabConfig" /v "BypassStorageCheck" /t REG_DWORD /d 1 /f</Path>
<Description>Add BypassStorageCheck</Description>
</RunSynchronousCommand>
</RunSynchronous>
<Diagnostics>
<OptIn>false</OptIn>
</Diagnostics>
<DynamicUpdate>
<Enable>false</Enable>
<WillShowUI>OnError</WillShowUI>
</DynamicUpdate>
<UserData>
<AcceptEula>true</AcceptEula>
<ProductKey>
<Key></Key>
</ProductKey>
</UserData>
</component>
</settings>
</unattend>
@asheroto
Copy link
Author

asheroto commented Apr 4, 2024

@Owned67 thank you. I had actually updated this on my computer back in January but forgot to update it on the gist. It is now updated.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment