If you’re like most PC users, your current computer can’t run Windows 11. Microsoft has put a line in the hardware sand to ensure that only modern machines with certain specs that boost security can run Windows 11.
Well, sort of. The company offers a workaround, which I’ll talk about in a moment. The question is whether you should take advantage of this flaw to upgrade PCs (whether yours or your users’) to Windows 11.
First of all, if you want to know if a computer can run Windows 11, you box use the PC Health Check app, Microsoft’s diagnostic tool. But if your PC doesn’t support Windows 11, Microsoft’s app doesn’t quite explain why. Instead, I recommend using the Windows 11 Requirements Checker from ByteJams.com or WhyNotWin11, available on Github. Both tools provide granular details on why a machine is not running Windows 11. On my personal laptop at home, for example, the CPU cannot support hardware for applied code integrity by the hypervisor, and Windows 11 doesn’t like the graphical display either.
But do you have meet all of Microsoft’s requirements for having an acceptable experience with Windows 11? What if a machine isn’t that old but something protects it from Windows 11?
Windows 11 Hardware Lock Bypass
As it has often done over the years, Microsoft has left some wiggle room in Windows 11’s hardware mandate, indicating that you can use the following registry key to bypass hardware blocking:
Registration key: HKEY_LOCAL_MACHINESYSTEMSetupMoSetup
Last name: AllowUpgradesWithUnsupportedTPMOrCPU
Type: REG_DWORD
Assess: 1
This technique comes with a caveat from Microsoft that if you install Windows 11 on a PC that does not meet the minimum hardware requirements, “your PC will no longer be supported and will not have the right to receive updates. Damage to your PC due to lack of compatibility is not covered by the manufacturer’s warranty.
Note, however, that Microsoft has not yet applied its threats so that these users do not receive updates. Personally, I think it’s more of a performance warning: if there’s some sort of performance issue with some unsupported processors, I guess Microsoft won’t work to fix the problem.
For personal computer systems – especially savvy end users who like to try new things and have good backups, and especially who have extra computers to fall back on – I have fewer worries about using the workaround that Microsoft itself has provided. Obviously he closes his eyes and understands that we may want to play.
But do you really want to use this workaround in business?
For some businesses, I’d say you don’t need some of those material mandates. The truth is that Microsoft added these security mandates more for its enterprise customers than for individuals or small businesses. Many of Windows 11’s key security features are only supported if you have the appropriate license and Windows Enterprise, for example, Credential Guard, of which Microsoft writes:
“Windows 11 uses hardware-based and virtualization-based security capabilities to help protect systems against credential theft attack techniques such as pass-the-hash or pass-the-ticket. It also helps prevent malware from accessing system secrets, even if the process is running with administrator privileges. Going forward, Credential Guard will be enabled by default for organizations using the Enterprise edition of Windows 11.”
For this reason, you need hardware virtualization support and TPM 2.0 chips to run Windows 11. But unless you buy Windows 11 Enterprise, you won’t be supported to deploy Credential Guard.
Staying on Windows 10 is a better option for many
That said, it may be premature to move your users to Windows 11 at this point anyway. Even companies that buy computers now that box running Windows 11 may be better than running Windows 10 for many years to come.
For many of us who have a computer at home as well as a computer we use at work, having a different operating system on the two machines can be confusing. The two things that trip me up between Windows 11 and Windows 10 are the centered Start menu and the taskbar. With the Windows 10 menu being on the left side of the screen and the Windows 11 widgets now being on the left, I find myself clicking on the widget menu when I want to shut down the Windows 11 computer. And the taskbar Modified from Windows 11 means I still stumble a bit to find cut, paste and other tools.
If your computer is managed by Windows Update and is eligible for Windows 11, it should already be offered to your system. If you choose not to install Windows 11, you may be offered it later. Remember that you can use registry keys or Group Policy as well as Intune to keep machines on Windows 10 rather than upgrading to Windows 11. Business devices managed by Intune or WSUS will not be offered Windows 11; an administrator must specifically approve the Windows 11 upgrade.
Lately I’ve been helping people buy new computers, often somewhat older laptops that are good value for money. These PCs support running Windows 11, but for now I’m setting up registry keys to keep the systems running on Windows 10. I plan to help them migrate up to 11 when the time comes.
As for my own company, since many of my users still have Windows 10 at home, I choose to keep company computers running Windows 10 for the time being. I find it easier for users to have similar computers at home and at work. Over time we will migrate to more and more machines running Windows 11, and then I will decide if I will use the workaround technique to put older systems on Windows 11.
Copyright © 2022 IDG Communications, Inc.
Comments are closed.