- How to Become a Chief Information Officer: CIO Cheat Sheet
- 3 handy upgrades in MacOS 15.1 - especially if AI isn't your thing (like me)
- Your Android device is vulnerable to attack and Google's fix is imminent
- Microsoft's Copilot AI is coming to your Office apps - whether you like it or not
- How to track US election results on your iPhone, iPad or Apple Watch
Microsoft cracks down on Windows 11 upgrades for 'incompatible' PCs, but there's a workaround
When Microsoft released Windows 11 in 2021, it also rolled out strict hardware compatibility requirements for the new operating system. If you tried to upgrade a Windows 10 PC, a compatibility appraiser built into the new Setup program checked your hardware first. If your CPU wasn’t on the list of supported models, or if your PC lacked a Trusted Platform Module (TPM) that supports the version 2.0 standard, that upgrade failed.
Also: Microsoft to start charging for Windows 10 updates next year. Here’s how much
Among Windows enthusiasts, that compatibility check was more of a challenge than a roadblock, and they quickly discovered two ways to bypass the hardware requirements and allow a Windows 11 upgrade on almost any hardware capable of running Windows 10. (I’ve documented both of those methods in a post that has become one of the most popular articles I’ve ever published at ZDNET: How to upgrade your ‘incompatible’ Windows 10 PC to Windows 11: Two options.)
Microsoft officially documents one of those techniques, primarily for the benefit of corporate customers. Using this technique allows you to perform a Windows 11 upgrade on a system with an incompatible CPU by making a small modification to the registry. The resulting installation is unsupported, but it works. There’s one additional, crucial requirement, however. The PC to be upgraded must also have a TPM enabled. An older TPM 1.2 is fine. No TPM? Sorry, no upgrade.
Also: Why Windows 11 requires a TPM – and how to get around that
The second technique uses a crude but effective hack, replacing the compatibility appraiser module (Appraiserres.dll) with a zero-byte file of the same name. The popular Rufus utility performs this modification automatically with the click of a checkbox, and it works even on PCs that lack a TPM and are incapable of enabling Secure Boot. As an enormous number of readers have reported, the technique has been effective on even ancient PCs.
Until this week, that is. At the same time Microsoft rolled out Windows 11, version 24H2 on October 1, it also appears to have tweaked some additional settings that broke the second upgrade option. I heard from a reader yesterday who reported that the installer he created using Rufus failed, with the following error message:
I was able to reproduce this issue on a virtual machine that I had created specifically for testing this scenario. That VM has no TPM and was created using a Legacy BIOS instead of UEFI, so it also fails the Windows 11 requirement to support Secure Boot.
But in the ongoing cat-and-mouse game between Microsoft and the community of devoted Windows hackers, this was only a speed bump. After a user reported the issue on GitHub yesterday, Rufus developer Pete Batard quickly supplied a workaround.
Also: Every new Microsoft Copilot feature and AI upgrade coming soon to your Windows PC
For in-place upgrades, he wrote, you need to run a series of commands from an elevated command prompt to make additional registry changes before running Setup.exe. (As Batard notes, these modifications were originally posted by the developers of the Win 11 Boot And Upgrade FiX KiT.)
reg.exe delete “HKLMSOFTWAREMicrosoftWindows NTCurrentVersionAppCompatFlagsCompatMarkers” /f 2>NUL
reg.exe delete “HKLMSOFTWAREMicrosoftWindows NTCurrentVersionAppCompatFlagsShared” /f 2>NUL
reg.exe delete “HKLMSOFTWAREMicrosoftWindows NTCurrentVersionAppCompatFlagsTargetVersionUpgradeExperienceIndicators” /f 2>NUL
reg.exe add “HKLMSOFTWAREMicrosoftWindows NTCurrentVersionAppCompatFlagsHwReqChk” /f /v HwReqChkVars /t REG_MULTI_SZ /s , /d “SQ_SecureBootCapable=TRUE,SQ_SecureBootEnabled=TRUE,SQ_TpmVersion=2,SQ_RamMB=8192,”
reg.exe add “HKLMSYSTEMSetupMoSetup” /f /v AllowUpgradesWithUnsupportedTPMOrCPU /t REG_DWORD /d 1
(I recommend that you copy those commands directly from the GitHub comment to ensure that they execute without issue.)
After I ran those commands on my test system, the upgrade proceeded without incident.
According to the discussion in that GitHub issue, the next version of Rufus will contain these tweaks in a batch script that users will need to run manually to bypass the new restrictions for in-place upgrades.
It doesn’t appear that there have been any changes to the documented method that Microsoft has published. On PCs that have a TPM and are configured with UEFI and Secure Boot, the upgrade should be straightforward, regardless of whether the CPU is supported. And as far as I can tell there’s no compatibility check on upgrades for systems that are already running Windows 11, so those installations should be fine.
Also: Where’s your BitLocker recovery key? How to save a copy before the next Windows meltdown
But the additional compatibility checks on older hardware that lacks a TPM or is configured to use Legacy BIOS rather than UEFI will pose a significant usability barrier, especially for users who lack a technical background with Windows deployment.
I’m continuing to test these scenarios. If you’ve run into any issues with your upgrade, please send me an email with details, including the make and model of your PC and screenshots of any error messages. I’ve set up a special inbox just for this feedback: Win11Upgrade [at] realworldwindows.com.