Never do a bare metal install of Windows 11 (24h2 warning)

Forums › Microsoft Windows › Never do a bare metal install of Windows 11 (24h2 warning)

1 | 2 | 3

177 posts

Master Geek
+1 received by user: 47

ID Verified

Trusted

#3444381 15-Dec-2025 21:22

what do you guys think of

Windows 11 IoT Enterprise LTSC

Exclusive for Geekzone Members!
Dynamic IP & Bring Your Own Device Hyperfibre & Fibre plans & NO Contracts with Hyperline.co.nz powered by ASN 9790 Network

Chrous areas only HYPERLINE.co.nz

Ragnor

8279 posts

Uber Geek
+1 received by user: 585

Trusted

#3444436 16-Dec-2025 00:15

Pretty insane they didn't make old explorer vs new explorer just a simple feature switch (via settings/registry)

kingdragonfly

11984 posts

Uber Geek
+1 received by user: 12867

Subscriber

#3444444 16-Dec-2025 07:12

aj6828:
what do you guys think of

Windows 11 IoT Enterprise LTSC

My understanding of these is limited, as I've never actually seen one.

It's a fully functional Windows 11 version, without any consumer services, like no OneDrive.

This is the "Internet of things" version. and is supposed to get only the most stable updates, because a kiosk or something similar is using it. Think Airport display of arrivals/departures.

"Enterprise" means your company supposed to buy; not for comsumers.

That being said I've seen some for sale on the open market overseas. I am not going to discuss it any further, lest I stray into "illegal".

kingdragonfly

11984 posts

Uber Geek
+1 received by user: 12867

Subscriber

#3444454 16-Dec-2025 07:58

tweake:
so any problems with doing a clean win11 install with no internet and therefore no one drive account. one drive is still there but it doesn't do much.

Before you do this: do not update your bios. You may update your bios after the upgrade

I know that sounds weirds, but modern motherboards have a list of legitimate certificates.

And try to use the oldest media you can; avoid downloading the latest from Microsoft.

As they say "it'll all be sorted in the wash", as Microsoft will patch it with the latest updates.

An ancient Windows 11 DVD is perfect, but anything older than October is fine as you'll likely pre-date all Microsoft attempts to keep you from using local accounts.

Ask ChatGPT how to use Rufus and image burner to convert DVD into bootable USB drive.

Rufus, seeing a Windows ISO will ask you, among other things, if you want a local account (PC not tied to windows account).

I'll let ChatGPT explain, as it's a long one

ChatGPT

The firmware is no longer a passive component during install. Updating your BIOS/UEFI today often also updates Secure Boot components, including the dbx (revocation list).

Microsoft actively pushes revocations for bootloaders and signing certificates that were used by older Windows 11 installation media. Once those certificates are revoked at the firmware level, old installers that previously worked will simply refuse to boot or will fail during early setup with invisible errors.

This is irreversible without firmware downgrades that many vendors block. If you rely on a known-good Windows 11 ISO to preserve local-account workflows or predictable OOBE behavior, updating the BIOS can permanently break that path even though the OS itself hasn’t changed.

This ties directly into Microsoft’s strategy around Windows 11 OOBE. Microsoft is deliberately closing gaps that allowed clean installs without a Microsoft account, and they do this both server-side and client-side. Old installers embed older OOBE binaries and policies that still allow offline or local-only flows. Newer installers enforce online connectivity more aggressively and hard-require MSA sign-in for Home and increasingly for Pro. When Microsoft revokes certificates for older installers, they are effectively forcing you onto newer media that removes those options.

Several widely used techniques no longer work on current media. The classic OOBE\BYPASSNRO command invoked via Shift+F10 has been removed or ignored in recent builds. Skipping network setup by unplugging Ethernet or using fake Wi-Fi credentials is patched in newer OOBE versions. Registry edits during OOBE to re-enable local accounts are increasingly blocked or overwritten. Even SKU switching tricks during setup are less reliable as setup logic is consolidated and validated online.

The practical takeaway is that firmware updates are now part of Microsoft’s control surface. If you value the ability to clean-install Windows 11 with a local account, predictable offline behavior, or older OOBE logic, you should treat BIOS updates with caution. Updating firmware doesn’t just give you CPU microcode and bug fixes; it can silently revoke your ability to boot older, more permissive Windows installers and force you into Microsoft’s current account-tied installation path.

SpartanVXL

1498 posts

Uber Geek
+1 received by user: 666

#3444471 16-Dec-2025 08:57

aj6828:

what do you guys think of

Windows 11 IoT Enterprise LTSC

Don’t use LTSC if you’re a gamer. DX features often come in windows releases which are delayed in LTSC. Last example of this was DX12 agility sdk, bunch of people found out that their LTSC builds wouldn’t get it for some time.

networkn

Networkn
32862 posts

Uber Geek
+1 received by user: 15453

ID Verified

Trusted

Lifetime subscriber

#3444486 16-Dec-2025 09:43

I dunno, I feel like if you want things a way the manafacturer doesn't want you to (clearly) then you should consider if it's the OS for you.

In my experience, you only short change yourself trying to make core functions work differently in windows. Either embrace the change and move on with your life, or pick another operating system.

Obviously, if you enjoy tinkering and this is what you consider fun, then have at it, but railing against an organisation who isn't the slightest bit interested in supporting fringe cases seems... counter productive, being polite.

Geekzone support

Support Geekzone with one-off or recurring donations Donate via PressPatron.

kingdragonfly

11984 posts

Uber Geek
+1 received by user: 12867

Subscriber

#3444524 16-Dec-2025 11:49

Honestly I though this thread would only be read by people doing Google searches.

I should have made my intent clear.

I'm are not “hardening Windows 10”.

I'm programming Windows 11’s initial conditions.

Uses only Setup-migrated controls
Aligns with Microsoft’s own enterprise model
Avoids brittle hacks
Gives you the maximum leverage that survives an upgrade

My unstated goal for WIndows 11

Local account–first OOBE
No OneDrive
No Copilot
Recall disabled by policy
No consumer junk
No cloud search
Cortana gone
Windows Update functional
Supported enterprise posture

I do won't permanently lock Explorer, stop Microsoft from evolving UI, nor break servicing

I think what Microsoft is doing now is illegal, in particular with OneDrive integration, and the EU should bring an anti-trust suit very similar to the Internet Explorer bundling lawsuit.

But Microsoft is more interested in milking customers, than providing a good product.

When I retire I will divorce Microsoft and move out. Until then I'm forced to inhabit their house.

Most of this is by setting registry settings that are respected on brief "Windows 10 PC, that is read and respected in the Windows 11 Update, and puts you on the "upgrade track"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System]
"NoConnectedUser"=dword:3

[HKLM\SOFTWARE\Policies\Microsoft\Windows\System]
"EnableMPRestart"=dword:0

[HKLM\SOFTWARE\Policies\Microsoft\Windows\CloudContent]
"DisableWindowsConsumerFeatures"=dword:1

[HKLM\SOFTWARE\Policies\Microsoft\Windows\OneDrive]
"DisableFileSyncNGSC"=dword:1

[HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsCopilot]
"TurnOffWindowsCopilot"=dword:1

[HKLM\SOFTWARE\Policies\Microsoft\Windows\Explorer]
"DisableCopilot"=dword:1

[HKLM\SOFTWARE\Policies\Microsoft\Windows\AI]
"AllowRecall"=dword:0

[HKLM\SOFTWARE\Policies\Microsoft\Windows\Windows Search]
"DisableWebSearch"=dword:1
"AllowCloudSearch"=dword:0
"AllowCortana"=dword:0

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Search]
"BingSearchEnabled"=dword:0

[HKLM\SOFTWARE\Policies\Microsoft\Windows\GameDVR]
"AllowGameDVR"=dword:0

[HKLM\SOFTWARE\Policies\Microsoft\Windows\Explorer]
"DisableSearchBoxSuggestions"=dword:1

CMD

%SystemRoot%\System32\OneDriveSetup.exe /uninstall

gehenna

8667 posts

Uber Geek
+1 received by user: 3883

Moderator

Trusted

Lifetime subscriber

#3444525 16-Dec-2025 11:52

That's one perspective.

ascroft

437 posts

Ultimate Geek
+1 received by user: 177

#3444532 16-Dec-2025 12:39

Reading this thread makes me think Windows is for tinkerers and/or hobbyists…

Best to stick with a more mainstream OS like Linux or MacOS if you need to do real work! 😬

"Artificial Intelligence" - aka Machine Learning 2.0

gzt

18679 posts

Uber Geek
+1 received by user: 7809

Lifetime subscriber

#3444559 16-Dec-2025 13:54

chatgpt: Several widely used techniques no longer work on current media. The classic OOBE\BYPASSNRO command invoked via Shift+F10 has been removed or ignored in recent builds. Skipping network setup by unplugging Ethernet or using fake Wi-Fi credentials is patched in newer OOBE versions. Registry edits during OOBE to re-enable local accounts are increasingly blocked or overwritten.

This information has been around for some time now. I used the documented bypassnro keystrokes and registry for a no Internet setup long after the advice above became common. I have not tried recently. At the time I wondered if other people were actually doing it properly. The various AI will sometimes spout nonsense based on both latest documentation and user forums that are just wrong in practice.

KiwiSurfer

1722 posts

Uber Geek
+1 received by user: 993

ID Verified

Lifetime subscriber

#3444563 16-Dec-2025 14:10

ascroft:

Reading this thread makes me think Windows is for tinkerers and/or hobbyists…

Best to stick with a more mainstream OS like Linux or MacOS if you need to do real work! 😬

FWIW I use Windows on three machines (work laptop, personal laptop, personal PC) and it just works for the most part. Note I am a ex-Linux/MacOS desktop user (although I still use Linux/BSD on my home server/VPS/etc) so am familiar with how things are on the other side of the fence.

Disabling OneDrive (which I do on my personal devices as I use other services) is literally a couple of clicks and it's easily done. No need for AI slop instructions etc.

Lenovo

Shop now for Lenovo laptops and other devices (affiliate link).

networkn

Networkn
32862 posts

Uber Geek
+1 received by user: 15453

ID Verified

Trusted

Lifetime subscriber

#3444576 16-Dec-2025 14:37

kingdragonfly:

I do won't permanently lock Explorer, stop Microsoft from evolving UI, nor break servicing

The unintended consequences of messing with these sorts of changes, is you could well find yourself having strange problems you later find are related to a service disabled, a setting changed etc.

Microsoft has lots of it's functionality (for good and not so good reasons depending on your perspective) reliant on functionality provided by seemingly unrelated services. An example I found very frustrating recently was we had a script which turned off all the 'intrusive' services for customers who were sensitive to thier privacy.

After MUCH headache trying to solve a problem with functionality around intune which they needed, we found intune requires one of the 'consumer' looking services enabled, for Intune to function properly as the location stuff is where they put some of the inTune policy tie in's.

It wasn't a problem until MS changed that functionality, but it bit us quite hard.

This may or may not be a problem for you, but I'd still argue if you are that focused on control, there are other solutions for you. Microsoft has made clear it's intentions in my opinion, and it's a like it or lump it situation.

kingdragonfly

11984 posts

Uber Geek
+1 received by user: 12867

Subscriber

#3444593 16-Dec-2025 15:40

If you do nothing else, I'd strongly suggest disabling Recall in case pulls a quick one

[HKLM\SOFTWARE\Policies\Microsoft\Windows\AI]
"AllowRecall"=dword:0

This guy is a little paranoid, and sometimes over-react; hey, it's like looking in a mirror

Microsoft Recall: The Ultimate Privacy NIGHTMARE of 2025

gzt

18679 posts

Uber Geek
+1 received by user: 7809

Lifetime subscriber

#3445610 19-Dec-2025 13:40

Apparently Microsoft is turning on p2p delivery optimization by default + it has a memory leak. Representative article:

https://www.neowin.net/news/user-finds-how-a-key-windows-11-feature-could-be-quietly-eating-lots-of-ram-on-your-pc/

My interpretation - Microsoft want to save a lot of money on bandwidth charges for providing update services

networkn

Networkn
32862 posts

Uber Geek
+1 received by user: 15453

ID Verified

Trusted

Lifetime subscriber

#3445616 19-Dec-2025 14:09

I feel like it's something to be applauded. We need less waste.

This bug will fixed and overall it's a good thing IMO

1 | 2 | 3