Windows 11, TPMs, and mass machine replacement

[MarkCup]

I'm being told that out of a total of 50+ Pcs we have here, I need to replace 35 of them because they're not compatible with Windows 11; the processors are not recent enough generation and/or they have no TPM.

Before I press the button on a £20k investment that I'd much rather not do right now...is there any way around this?

I've got people saying they know people that know people that have found a workaround...but beyond that the details become sketchy.

So CS, what's what? Is there a little known route through this that doesn't involve 35 brand new PCs?

Or have Microsoft really created an absolute f*** ton of waste electrical equipment with this change?

 

[Gavin.]

In short yes, you can enter a couple of registry keys that stop the windows 11 install checking for a TPM module. However the machines won’t receive updates via windows update.

 

[The Psychedelic Socialist]

I'm being told that out of a total of 50+ Pcs we have here, I need to replace 35 of them because they're not compatible with Windows 11; the processors are not recent enough generation and/or they have no TPM.

Before I press the button on a £20k investment that I'd much rather not do right now...is there any way around this?

I've got people saying they know people that know people that have found a workaround...but beyond that the details become sketchy.

So CS, what's what? Is there a little known route through this that doesn't involve 35 brand new PCs?

Or have Microsoft really created an absolute f*** ton of waste electrical equipment with this change?

Our group CTO (who knows his s**t) has simply told us that we're all getting new laptops before October. There was no suggestion of trying any of the workarounds.

My concern would be that anything you do to try and get W11 installed might fail randomly in the future, leaving a machine unpatched / unsupported and landing everyone in the s**t if it gets compromised.

 

[Krarl]

You can use WinBootMate to bypass the need for the security chip or edit appraiserres.dll if you're manually installing from an ISO

It does mean there's gonna be no auto-updates so it's more of a risk if you've got any females or boomers working for you. I'd just shell out for new hardware or stick with Win10

 

[Cookie]

From a security point of view, please pony up the money for updated hardware, don't intentionally leave your business open to cyberattacks 😂

Presumably you've had these PC's for a fair while (guessing at 10 years +?!) so you should probably be upgrading them anyway for the safe of your staff who have to use old slow s**t

 

[R3k1355]

Modding windows to bypass the TPM check but disabling updates in the process is beyond stupid for a business.

How exactly would the company explain themselves when they inevitably get hacked and end up losing customer data or access to their own systems?

 

[Daz...]

The fact they can’t run Windows 11 means they replacing, it can run on machines 8/9 years old with no workarounds so you’ve definitely had your money’s worth out of them.

 

[Sir_Dave]

If only you knew someone who specialised in financing IT @MarkCup

 

[fulhamfcboy]

As has been said previously, this is risky territory for a business. 7th gen CPU's are 7-8 years old, so the reality is those 35 PC's are already well sweated assets. No Cyber Policy is going to pay out should you need to claim (regardless of the reasoning behind said claim) and you really are exposing yourself to a world of pain.

 

[fulhamfcboy]

Its also worth noting, the TPM holds the encryption key for Bitlocker, so assuming you did bypass, disk encryption keys this would need to either be manually managed (PITA) or encryption disabled, again not something any sane business would choose to do IMHO.

 

[MarkCup]

Thanks all, exactly what I wanted to hear to argue my case.

The thought of leaving a machine on the network without protection just to see what happens is not a viable tactic. My MD has finally listened!