Windows 11 – autounattend.xml – BypassTPMCheck – BypassSecureBootCheck

Usually Windows 11 needs to find a TPM to successfully install. If you want to install Windows 11 for example in a VM in a virtualized environment then you are auto of luck; except the virtualized environment like VMware vSphere 6.7 and newer provides a vTPM.

Fortunately there is a Registry Key, which gets checked during WinPE boot. As soon as WinPE hits the key it skips TPM check.

Here are the relevant registry keys:







Manual Windows 11 Installation Workaround

If you are doing a manual installation then you can hit [Shift]+[F10] to get a command prompt as soon as you get the message “This PC can’t run Windows 11. This PC doesn’t meet the minimum system requirements to instell this version of Windows”.

In the command prompt type regedit and hit enter to start the Registry Editor.
Now you can enter the above Registry Values manually.

Close Registry Editor and type exit to leave the command prompt.
Close the remaining dialog and setup will start again.

Automated Windows 11 Installation using Autounattend.xml

I am not explaining how an automated installation looks like using an Autounattend.xml file. There are plenty of blogpost on the internet. I usually automate Windows Base Image Installation on virtualized environments like VMware vSphere using Hashicorp’s Packer. If you are not familiar with Packer, I can strongly recommend to get familiar with it.

To get the Bypass Registry Keys into WinPE during boot using a Autounattend.xml you can use the RunSynchronousCommand.

Here is an excerpt of the relevant part:

<?xml version="1.0" encoding="utf-8"?>
<unattend xmlns="urn:schemas-microsoft-com:unattend">
    <settings pass="windowsPE">
        <component name="Microsoft-Windows-Setup" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="" xmlns:xsi="">            
                <RunSynchronousCommand wcm:action="add">
                    <Path>cmd /c reg add "HKLM\SYSTEM\Setup\LabConfig" /v "BypassTPMCheck" /t REG_DWORD /d 1</Path>
                <RunSynchronousCommand wcm:action="add">
                    <Path>cmd /c reg add "HKLM\SYSTEM\Setup\LabConfig" /v "BypassSecureBootCheck" /t REG_DWORD /d 1</Path>
                <RunSynchronousCommand wcm:action="add">
                    <Path>cmd /c reg add "HKLM\SYSTEM\Setup\LabConfig" /v "BypassRAMCheck" /t REG_DWORD /d 1</Path>

As mentioned at the top, if you are going to run Windows 11 on VMware vSphere then you can configure a vTPM and you don’t need to bypass the TPM check because the vTPM emulates a TPM 2.0 device.
Here are the instructions by VMware to configure vTPM.