Installed Windows 11 with TPM Disabled? Expect an Ugly Watermark on the Desktop

[Vayra86]

See, there is no use making things go up to eleven.

 

[ThrashZone]

This has been around for a while and is one registry setting change to remove

Hi,
According to Brinks tutorial and reg file there is two entries not one.

Windows Registry Editor Version 5.00

[HKEY_CURRENT_USER\Control Panel\UnsupportedHardwareNotificationCache]
"SV1"=dword:00000000
"SV2"=dword:00000000

"Why do a backup of my HDD, it's working fine?"

It's not entirely the same, but it kind of has the same vibe, tbh.

Backup is hardly a comparison to gpt/ uefi only boot

 

[GotNoRice]

So, there is a trend developing that does explain why some people are seeing different results than others. So far, the only people who are seeing a watermark and who have confirmed their build number are all still running version 21H2 (specifically, build 22000.1574). That is an old version of Windows 11, compared to the current version (22H2, build 22621.1265). This would fully explain why I have not seen the watermark on any of my computers, since they are all running 22H2.

Updating to 22H2 should remove the watermark. If for some reason 22H2 is not being offered to you via Windows Update, you still have the option of doing an in-place upgrade using files from a 22H2 ISO.

What? This might be not possible to run any modern OS.

The Pentium 4 631 is indeed a very old CPU, and not one that I would recommend that anyone actually use. I use it purely for testing purposes just to see how old of a computer I can get Windows 11 to run on, if new versions continue to run, if it still gets updates, if there are any watermarks, etc. It does not meet ANY of the requirments that are specific to Windows 11, not even the core-count requirment, so if Windows is going to complain about requirements, I would think that it would be one of the first computers to experience this issue. In this case, it's currently running 22H2 just fine with no watermark.

 

[Wye]

Microsoft really is making some bad moves. It's like the 1990's all over again. Now they are force people to use Edge same as IE back in the days. Now they are trying to force people to upgrade there computers to TPM 2.0 which btw is nothing but a small little tiny microchip on a computer. I have windows 11 installed on many devices without TPM 2.0 and guess what they run faster then some of the newer PC's with TPM 2.0. Windows 11 Pro just the OS and I mean JUST the kernal is pretty darn good and fast. The slowest computer I had it on was a Core 2 Quad 3 Ghz and guess what it ran faster on that vs a Core i5 10th gen at 1.6 GHZ.

Microsoft needs to be sued again from the government on their practices again like in 1998 when they got sued and had to change it so the USER of there system have a choice of what they want to do with their OS. 3rd parties need to get another lawsuit against them and win. Every Company today I see we are back to the same old BS of trying to take away control from the USER.

You might want to check the facts before you go on a suing rampage. Not every clickbait you see on the Internet is real.

 

[oxidized]

I don't understand why someone would install a worse OS on their older PC.

 

[Solaris17]

TPM gets boogeymanned too much. It's not remotely in the same category as the IME and PSP. It's just a hardware key storage device. It doesn't run code or anything like that at all.

Seriously. The only thing I learned from this thread is that a ton of the vocal minority dont understand what they are even against. Threads like this are just echo chambers for people that yell at clouds.

The march of time continues. These changes bring up the security baseline for the global fleet of consumer PCs. We are past the age of blackice defender protecting you from geocities script kiddies.

You dont like microsoft because they charge you monthly for office now? good have at em. But UEFI/GPT/TPMs are NOT Microsoft inventions. For a tech forum the lack of fundamental security understanding is a point of contention that frustrates me working in the field.

Most threads end in with users that fall into two different camps

The documentation was full of big words and I didnt want to take 5min to understand it

and

Installing an operating system in the year 2023 isnt like it was in 1995 and I dont like my computer telling me im doing something dumb.

Anyway gonna go work on this docker image before my TPM gets zapped by the all spark and turns into megatron.

 

[ThrashZone]

You dont like microsoft because they charge you monthly for office now? good have at em. But UEFI/GPT/TPMs are NOT Microsoft inventions. For a tech forum the lack of fundamental security understanding is a point of contention that frustrates me working in the field.

Hi,
Well if not using those "basic security measures" were really needed not using them myself and many others should of be hit long ago and todate for that matter for not using them.

Irony to your statement is the buggerman hasn't so one must not drink to much of the security koolaid and just realize it's all bs for end users and mostly directed at enterprise or businesses where inplace hacking/ RATs is more a reality than home users ever will be.
Fearmongering is just that.

 

[Fynn]

This seems like vista all over again.
with the hardware not meeting the system requirements but still being able to install only with limited features. Remember what happened with aero?

 

[ThrashZone]

Hi,
Yeah just an attempt to make people buy new malware hardware because all those poor oem's are going broke from poor sells

 

[GotNoRice]

This seems like vista all over again.
with the hardware not meeting the system requirements but still being able to install only with limited features. Remember what happened with aero?

What features are limited when you bypass the system requirements on Windows 11?

 

[ThrashZone]

What features are limited when you bypass the system requirements on Windows 11?

Hi,
Windows goodbye oops my bad windows hello for one
Auto drive encryption
Windows ability to auto make as many system reserved partitions as it wants or needs to.

Rest is mainly bs ms account voodoo security layering seeing it wants a credit/ debit card for ms and their partners subscriptionware.

 

[R-T-B]

and just realize it's all bs for end users

That's the thing. It's really not. One works, sure, but the other has tangible benefits and works BETTER.

 

[ThrashZone]

That's the thing. It's really not. One works, sure, but the other has tangible benefits and works BETTER.

Hi,
I'm just trying to figure out why I've not been hit with all those nasty bios malware/ ransomware attacks/... in the last 15 years of being on legacy installs all this time and on 11 now ?
I've listen to the silly ass ms tour of uefi blah.... benefits and it's just pure false bs
And disk error checking yeah okay mbr evil
Onedrive auto uploads personal files this one is a just messed up

Bottom line ms opens hundreds maybe thousands of holes and thinks all these requirements will save people from yeah ms new features is laughable
Defender is just pathetic telemetry app now
Best protection is not using a ms account for login and get rid of holes asap.

 

[R-T-B]

I'm just trying to figure out why I've not been hit with all those nasty bios malware/ ransomware attacks/... in the last 15 years of being on legacy installs all this time and on 11 now ?

So you've never had malware. Never say never is all I can say.

 

[ThrashZone]

So you've never had malware. Never say never is all I can say.

Hi,
Hell no
In these immortal words

 

[Dr. Dro]

I feel Microsoft has been changing things for the sake of change, and that is never a good thing. Windows 10, as it is today, is a rather acceptable OS. Though, really, I personally think they could have kept the general design language used in Windows 7 and no one would have ever minded.

 

[R-T-B]

Hi,
Hell no
In these immortal words

Hey, you know I'm all for personal choice either way, so no skin off my nose. Just trying to get the rationale (or lack thereof, which is fine too).

FWIW you are clearly a power user and can handle it better than mom and pop these techs were developed for, so yeah.

 

[Mussels]

Hi,
Well if not using those "basic security measures" were really needed not using them myself and many others should of be hit long ago and todate for that matter for not using them.

Irony to your statement is the buggerman hasn't so one must not drink to much of the security koolaid and just realize it's all bs for end users and mostly directed at enterprise or businesses where inplace hacking/ RATs is more a reality than home users ever will be.
Fearmongering is just that.

I lived through the XP days on dial up, when just being online could have a network worm hit you and take out every .exe file on your PC and all network shared devices - and had it happen several times due to poor ISP security and the lack of built in antivirus and firewalls. How can you get those installed to a clean PC, when you cant get online?


These settings need to default to on and be harder to turn off because end users will happily disable all antivirus and protection because a website promised them they were the lucky winner

Blaster from the past: The worm that zapped XP 10 years ago | Computerworld
Heres one that just caused PC's to crash from checking windows update, despite being patched a month prior almost no one had the fix - until XP SP2, the OS didnt even have a firewall so all network traffic had the freedom to spread and trash everything. They also list the major worms that spread back then, trashing PC's month after month in a never ending stream of hell until SP2 rolled out the new firewall.

 

[DeathtoGnomes]

So you've never had malware. Never say never is all I can say.

I havent had any malware since win98....thats almost never.

 

[ThrashZone]

Hey, you know I'm all for personal choice either way, so no skin off my nose. Just trying to get the rationale (or lack thereof, which is fine too).

FWIW you are clearly a power user and can handle it better than mom and pop these techs were developed for, so yeah.

Hi,
Not really man xp was a mess no doubt but got four cheap licenses of mbam pro long ago and it's been smooth sailing on vista-7-8..-10 and now 11
I haven't changed my questionable behavior hell I still use win-7 lol where's that boogerman attack been I should of been hit the day after EOL right or how about 2 years after EOL

But you're right about mom and pop but seeing I've seen them hit regardless of disk and builtin defender nonsense security with ransomware I just question the importance of these "basic security" items gpt and uefi only boot/ secure boot above better security suites as a better way of thinking rather than preaching the new 11 requirements as end all corruption and data loss and attack sugar coatings because they aren't.

People will still do a lot of stupid things no matter what ms thinks or requires.

I feel Microsoft has been changing things for the sake of change, and that is never a good thing. Windows 10, as it is today, is a rather acceptable OS. Though, really, I personally think they could have kept the general design language used in Windows 7 and no one would have ever minded.

Yep but 7 wasn't all that cell phone friendly and that has been the main problem with ms every since they have high hopes of being relevant in the phone fight which they finally sold out to chrome but makes no difference people do not want windows phone os crapware.

 

[OneMoar]

Hi,
Not really man xp was a mess no doubt but got four cheap licenses of mbam pro long ago and it's been smooth sailing on vista-7-8..-10 and now 11
I haven't changed my questionable behavior hell I still use win-7 lol where's that boogerman attack been I should of been hit the day after EOL right or how about 2 years after EOL

But you're right about mom and pop but seeing I've seen them hit regardless of disk and builtin defender nonsense security with ransomware I just question the importance of these "basic security" items gpt and uefi only boot/ secure boot above better security suites as a better way of thinking rather than preaching the new 11 requirements as end all corruption and data loss and attack sugar coatings because they aren't.

People will still do a lot of stupid things no matter what ms thinks or requires.


Yep but 7 wasn't all that cell phone friendly and that has been the main problem with ms every since they have high hopes of being relevant in the phone fight which they finally sold out to chrome but makes no difference people do not want windows phone os crapware.

GPT has nothing todo with security and neither does UEFI
not sure where you are going about defender and ransomware but ... stop talking out your butt

UEFI replaced BIOS because PC-Compatiable Bios has some Serious limitations such as not supporting disks greater then 2TB. no native support for advanced format (basicly a requirement if you want your SSDs to not run like crap and die a early death) among a long long List of improvements which I will not detail here but pc-compatiable bios dates back to the early 80's

security suites are 100% dogshit solution the best solution is to handle it bottom up from the os level tightly intergrate things like chain of trust and os-kernel level intergrated heuristic threat dectection

windows defender is the BEST solution because its part of the os

people gave microsoft crap for years about the insecure nature of the windows platform and now that microsoft is actively improving it people want to go back to the xp era where just plugging a machine into the internet results in malware installation in a matter of hours fk off seriously ...

and while I might not like microsofts lack of transparency on why TPM is required, I would venture to guess there is many things you could use a more secure enclave for

 

[95Viper]

Stay on topic.
Stop the insults

 

[tpa-pr]

I find the development roadmap and strategies with Windows 10 and 11 really interesting because it seems Microsoft have been trying to fulfil the "Longhorn Dream", at least in a "Longhorn-Lite" kind of way:
- Interconnected experiences: Azure AD/Microsoft Account requirement, settings sync, My Phone app, OneDrive with File Protection etc.
- WinFS: ReFS (sort of, and it's not publicly widespread yet).
- Palladium/NGSCB: TPM requirement, Windows Defender improvements etc.

It seems that the "geeks bearing gifts" idea never died internally at Microsoft, it was just postponed because of the technology limitations (and shaky development around Longhorn) at the time.

Anyway, coming from the perspective of business IT I always welcome more security hardening at the OS level and that will obviously require more stringent hardware requirements. Unfortunately modern IT is exponentially more dangerous from a security perspective than it used to be; malicious actors are getting smarter, the tools they use are getting more complex (and yet easier to deploy) and the current generation of casual users don't understand technology and its dangers as well as my generation (which is a whole other topic of itself to discuss) so it falls on manufacturers and vendors to pick up the slack.

If people want to run 11 outside of the "supported" configuration (which Microsoft admittedly have bungled nearly every step of the way), a watermark is a small price to pay and probably hidden easily enough. Out of all the decisions being made around 11 this is a minor one and not really worth getting excited or upset about.

 

[Karti]

TPM is one of the things that shouldn't exist in the world of computers.

Others are IME, PSP, Intel's firmware locks...

What about AMD PSB? Locking physical hardware (CPU) to specific OEM motherboard
yea, good luck re-using that CPU or anything - enjoy more e-waste

And THIS is exactly why more people are finally quitting Windows for Linux..

I myself still love older Windows version... baa I can even go with Win10 without any issues
But Win11 is a joke - it is not a system, it is an online service forcing its user for some stupid requirements ;s

Wondering why Valve totally went away from MS Windows years ago and why they decided to fully utilize Linux based desktop system on SteamDeck instead of Windows...

Curious....

 

[Tomorrow]

What about AMD PSB? Locking physical hardware (CPU) to specific OEM motherboard
yea, good luck re-using that CPU or anything - enjoy more e-waste

PSB is is a pure enterprise feature. I remember Moore's Law is Dead youtube channel discussing this with a server person in one of their Broken Silicon podcasts.