Bypass Windows 11 Upgrade Assistant / PC Health Check / TPM and CPU Settings. Ignore PC Health Check results.

README.md

Bypass Windows 11 Upgrade Assistant / Setup Hardware Checks (TPM, CPU, RAM)

This PowerShell script allows you to bypass TPM 2.0, unsupported CPU, and memory checks enforced by the Windows 11 Upgrade Assistant and setup.exe from Windows installation media. It eliminates common upgrade blocks such as:

• This PC doesn't currently meet Windows 11 system requirements.
• TPM 2.0 must be supported and enabled on this PC.
• The processor isn't currently supported for Windows 11.

What It Does

This script:

• Deletes legacy upgrade failure registry keys that may block future attempts.
• Simulates hardware compatibility by setting known override values (e.g., TPM, RAM, Secure Boot).
• Enables Microsoft's official upgrade bypass by setting AllowUpgradesWithUnsupportedTPMOrCPU to 1.
• Enables Upgrade Assistant to proceed by setting UpgradeEligibility to 1 under the current user.

Registry Keys Modified or Removed

Purpose	Registry Path	Action / Value
Clear upgrade failure flags	HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CompatMarkers	Deleted (if exists)
	HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Shared	Deleted (if exists)
	HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\TargetVersionUpgradeExperienceIndicators	Deleted (if exists)
Simulate compatibility	HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\HwReqChk	HwReqChkVars = MultiString (TPM, RAM, etc.)
Bypass TPM/CPU check	HKLM\SYSTEM\Setup\MoSetup	AllowUpgradesWithUnsupportedTPMOrCPU = 1
Enable Upgrade Assistant flow	HKCU\Software\Microsoft\PCHC	UpgradeEligibility = 1

How to Use

Option 1: Save and Execute Locally

1. Save the script as: Windows11-Enable-Upgrade.ps1

2. Open PowerShell as Administrator.

3. Run the script:

.\Windows11-Enable-Upgrade.ps1

Option 2: Run Directly from the Web

1. Click the "Raw" button at the top right of the script to view it as plain text.

2. Copy the full Raw URL from your browser’s address bar.

3. In Administrator PowerShell, run:

irm "<paste raw url here>" | iex

✅ This lets you execute the script immediately without saving it to disk.

---

Disclaimer

This script is provided as-is with no warranties. Use only in test environments, labs, or situations where your device policy allows. Bypassing Windows hardware requirements may result in reduced support, compatibility issues, or failed future updates. Proceed at your own risk.

Windows11-Enable-Upgrade.ps1

<#
.SYNOPSIS
Bypasses Windows 11 hardware requirements for in-place upgrades.

.DESCRIPTION
This script modifies specific registry values to override system compatibility checks performed during
Windows 11 upgrades. It removes legacy upgrade failure entries, simulates compatible hardware state,
enables Microsoft's documented bypass policy for unsupported TPM or CPU configurations, and sets the
UpgradeEligibility flag required by the Windows 11 Upgrade Assistant.

This is intended for lab, evaluation, or controlled environments where hardware policy allows.

.NOTES
Author: asheroto
Source: https://gist.github.com/asheroto/5087d2a38b311b0c92be2a4f23f92d3e
Required: Run as Administrator

.LICENSE
Use at your own risk. No warranty expressed or implied.
#>

function Write-Section {
<#
.SYNOPSIS
Displays a section header with borders using Write-Host and optional color.

.DESCRIPTION
Prints multi-line text surrounded by a hash border for readability.
Supports output coloring via the Color parameter.

.PARAMETER Text
The text to display. Can include multiple lines.

.PARAMETER Color
(Optional) The color to use for the text and border. Defaults to White.

.EXAMPLE
Write-Section -Text "Starting Process"

.EXAMPLE
Write-Section -Text "Line 1`nLine 2" -Color Green
#>
    param (
        [Parameter(Mandatory)]
        [string]$Text,

        [string]$Color = "White"
    )

    $lines = $Text -split "`n"
    $maxLength = ($lines | Measure-Object -Property Length -Maximum).Maximum
    $border = "#" * ($maxLength + 4)

    Write-Host ""
    Write-Host $border -ForegroundColor $Color
    foreach ($line in $lines) {
        Write-Host ("# " + $line.PadRight($maxLength) + " #") -ForegroundColor $Color
    }
    Write-Host $border -ForegroundColor $Color
    Write-Host ""
}

function Set-RegistryValueForced {
    <#
.SYNOPSIS
Adds or updates a registry value with error handling.

.DESCRIPTION
Creates the specified registry key if it does not exist and sets the provided value.
Supports String, DWord, QWord, Binary, and MultiString types.
Outputs an error message if the operation fails.

.PARAMETER Path
The full registry path (e.g., HKLM:\Software\Example).

.PARAMETER Name
The name of the registry value to create or update.

.PARAMETER Type
The type of the registry value (String, DWord, QWord, Binary, MultiString).

.PARAMETER Value
The value to set. For MultiString, provide an array of strings.

.EXAMPLE
Set-RegistryValueForced -Path "HKLM:\Software\Test" -Name "TestValue" -Type String -Value "OK"

.EXAMPLE
Set-RegistryValueForced -Path "HKLM:\Software\Test" -Name "Flags" -Type DWord -Value 1
#>

    param (
        [string]$Path,
        [string]$Name,
        [string]$Type,
        [object]$Value
    )

    try {
        # Ensure the key exists
        if (-not (Test-Path -Path $Path)) {
            New-Item -Path $Path -Force | Out-Null
        }

        # Set the registry value
        Set-ItemProperty -Path $Path -Name $Name -Value $Value -Type $Type -Force
    } catch {
        Write-Output "Failed to set $Name in ${Path}: $($_.Exception.Message)"
    }
}

# Step 1: Clear old upgrade failure records
Write-Host "Step 1: Clearing old upgrade failure records..." -ForegroundColor Yellow
Remove-Item -Path "HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CompatMarkers" -Recurse -Force -ErrorAction SilentlyContinue
Remove-Item -Path "HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Shared" -Recurse -Force -ErrorAction SilentlyContinue
Remove-Item -Path "HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\TargetVersionUpgradeExperienceIndicators" -Recurse -Force -ErrorAction SilentlyContinue
Write-Host "Cleanup complete." -ForegroundColor Green

# Step 2: Simulating hardware compatibility
Write-Host "Step 2: Simulating hardware compatibility..." -ForegroundColor Yellow
Set-RegistryValueForced -Path "HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\HwReqChk" -Name "HwReqChkVars" -Type MultiString -Value @(
    "SQ_SecureBootCapable=TRUE",
    "SQ_SecureBootEnabled=TRUE",
    "SQ_TpmVersion=2",
    "SQ_RamMB=8192"
)
Write-Host "Hardware compatibility values applied." -ForegroundColor Green

# Step 3: Allow upgrades on unsupported TPM or CPU
Write-Host "Step 3: Allowing upgrades on unsupported TPM or CPU..." -ForegroundColor Yellow
Set-RegistryValueForced -Path "HKLM:\SYSTEM\Setup\MoSetup" -Name "AllowUpgradesWithUnsupportedTPMOrCPU" -Type DWord -Value 1
Write-Host "Upgrade policy for unsupported hardware enabled." -ForegroundColor Green

# Step 4: Set Upgrade Eligibility flag in HKCU
Write-Host "Step 4: Setting upgrade eligibility flag..." -ForegroundColor Yellow
Set-RegistryValueForced -Path "HKCU:\Software\Microsoft\PCHC" -Name "UpgradeEligibility" -Type DWord -Value 1
Write-Host "Eligibility flag set." -ForegroundColor Green

# Done
Write-Section -Text "All operations completed successfully!`nYou can now upgrade using the Windows 11 Upgrade Assistant or setup.exe from installation media.`nNo restart required." -Color Cyan

@asheroto

One potential gotcha is that the "HKCU" path below is contextual:
Enable Upgrade Assistant flow
HKCU\Software\Microsoft\PCHC
UpgradeEligibility = 1

If logged into a standard user, and elevating a whole powershell session against and admin account and running the script, the HKCU "UpgradeEligibility = 1" will be set on the admin account HKCU and not the standard account that's eventually running setup.exe (upgrade assistant) -- even with the UAC admin elevation to run it.

I had to run the script in an admin powershell session, then user powershell session (most things failed because permissions, but not the HKCU entry), and then reboot and try upgrade assistant -- then the standard user in-place upgrading worked when UAC elevated.

It's probably because of UAC and how context and admin tokens work -- it seems like it's referencing the HKCU of the standard user when elevated by UAC to run setup.exe of upgrade assistant.
https://learn.microsoft.com/en-us/windows/security/application-security/application-control/user-account-control/how-it-works

Not sure how how old is "too old" for this script to work, but it worked fine to in-place upgrade a Dell Optiplex that failed because of a 7th gen intel Chip. Additionally, the TPM was firmware updated from v1.2->v2.0 using Dell updates, secureboot was enabled, TPM enabled, and UEFI enabled without legacy ROMs.

Thanks for the script and compilation -- There's too much misinformation and chaos on this process out there on the internets.

@blinkblinktwo

I didn't think of that. I suppose that issue would occur, but that is, unfortunately, the key that the software checks. I used Process Monitor to confirm. The options I see are to do what you did, or log off as a standard users and log in as an admin.

@asheroto

@blinkblinktwo

I didn't think of that. I suppose that issue would occur, but that is, unfortunately, the key that the software checks. I used Process Monitor to confirm. The options I see are to do what you did, or log off as a standard users and log in as an admin.

Oh, no problem.
Figured it could be mentioned in case someone else had an issue.

In the end, I just wacked it with a "hammer" and put the user-value on ALL local accounts. This way, the bypass script can just be run once as an admin, and then the following "setup.exe/upgrade assistant" execution context doesn't matter.

In testing, this "hammer" below seems to do the trick for handling user-type keys -- and handles both logged in/out local accounts.
Thanks, again.

Some ideas: could also add an admin elevation check at the top of the script, and a pause at the bottom to read console messages before closing the window.

# Admin rights check & auto-elevation
if (-not ([Security.Principal.WindowsPrincipal] [Security.Principal.WindowsIdentity]::GetCurrent()).IsInRole([Security.Principal.WindowsBuiltInRole] "Administrator")) {
    Write-Host "Restarting script as Administrator..."
    Start-Process -FilePath "powershell.exe" -ArgumentList "-ExecutionPolicy Bypass -NoProfile -File `"$PSCommandPath`"" -Verb RunAs
    exit
}


# Pause after script execution to read console messages.
Write-Host "`nScript complete. Press Enter to close..."
[void][System.Console]::ReadLine()

Could parameterize the user-reg block below, and have a usage like:
Set-RegistryValueAllUsers -SubKey "Software\Microsoft\PCHC" -Name "UpgradeEligibility" -Type DWord -Value 1

function Set-RegistryValueAllUsers {
    [CmdletBinding()]
    param (
        [Parameter(Mandatory=$true)]
        [string]$SubKey,   # e.g. "Software\Microsoft\PCHC"

        [Parameter(Mandatory=$true)]
        [string]$Name,     # e.g. "UpgradeEligibility"

        [Parameter(Mandatory=$true)]
        [ValidateSet("String","ExpandString","Binary","DWord","QWord","MultiString")]
        [string]$Type,     # e.g. "DWord"

        [Parameter(Mandatory=$true)]
        [object]$Value     # e.g. 1
    )

...
...

Setting the value for all user reg hives:

# Path to desired user-type registry key
$regSubKey = "Software\Microsoft\PCHC"
$regName   = "UpgradeEligibility"
$regType   = "DWORD"
$regValue  = 1


# Get all Windows "NTUSER.DAT" local user profiles registry hives (skip system account)
$profiles = Get-CimInstance Win32_UserProfile | Where-Object {
    ($_.Special -eq $false) -and (Test-Path $_.LocalPath)
}


foreach ($profile in $profiles) {
    $sid  = $profile.SID
    $path = "$($profile.LocalPath)\NTUSER.DAT"


    if ($profile.Loaded) {
        # User reg hive is already mounted (user is logged in -- write value to path HKEY_USERS, no unmount!)
        $fullKeyPath = "Registry::HKEY_USERS\$sid\$regSubKey"

        if (-not (Test-Path $fullKeyPath)) {
            New-Item -Path $fullKeyPath -Force | Out-Null
        }

        New-ItemProperty -Path $fullKeyPath `
                         -Name $regName `
                         -PropertyType $regType `
                         -Value $regValue -Force | Out-Null

        Write-Host "Set for logged-IN user $($profile.LocalPath)"
    }


    else {
        # User reg hive is NOT loaded (load manually in HKEY_USERS, write value, then unmount!)
        Write-Host "Loading hive for logged-out user $($profile.LocalPath)"

        reg load "HKU\$sid" $path | Out-Null
        try {
            $fullKeyPath = "Registry::HKEY_USERS\$sid\$regSubKey"

            if (-not (Test-Path $fullKeyPath)) {
                New-Item -Path $fullKeyPath -Force | Out-Null
            }

            New-ItemProperty -Path $fullKeyPath `
                             -Name $regName `
                             -PropertyType $regType `
                             -Value $regValue -Force | Out-Null

            Write-Host "Set for logged-OUT user $($profile.LocalPath)"
        }


        finally {
            reg unload "HKU\$sid" | Out-Null
        }
    
    }

}

That's an interesting idea, but the problem is that we cannot load an NTUSER.dat file into registry if the user is currently logged in. On computers that have multiple accounts, this could pose a problem. It's also a bit drastic, or as you said, hammer approach. We only need 1 admin user to run it, so we don't need to force values for all accounts.

Since most folks will either have admin rights at home, or if at a workplace the IT staff will run an upgrade from an admin account or through an RMM, I don't know if there's a viable - and also safe - solution. You can't run an upgrade from a standard users' account anyway, unless you "Run as Other User", but that's usually reserved for small things. 😊

@asheroto

Greetings,

Ah, that use case should already be modeled -- The code works for multiple active users (GUI and console session), and multiple offline users.

The if-else will check if the user is active, then switch path to "HKEY_USERS$sid" where the hive is already open for the active user(s).
If not an active user, it loads the user's NTUSER.dat hive in "HKU$sid", does the stuff, then unloads the hive.

I repurposed this for some others to use, and needed to fool-proof it -- A handful production machines need a crutch before replacement.
Just a thought, as people running it might not understand the context problem, and tossed the admin-check at the top of the code.

Thanks again -- take care.
delta

I ran into black screen right after login on my laptop a few months back. I could move the mouse but nothing else loaded. Safe mode worked fine and that is how I started fixing it. I uninstalled the graphics driver from Device Manager and rebooted which allowed Windows to reinstall the default driver. That cleared the problem instantly and then I updated the driver from the manufacturer’s site. Another tip if it still happens is using Task Manager to restart Windows Explorer because many times the shell just fails to load. After locking down the drivers I also checked activation since missing updates can cause weird issues. I bought a license through Microsoftprokey and since then my updates run without interruptions. If your PC keeps showing black screens after login it is usually display driver or corrupted system file related.

@blinkblinktwo gotcha, sorry I didn't see that before. I'll work on implementing when I get a chance.

Your script worked Perfectly to prep and then Just downloaded and ran Create installation media for Windows 11 found > https://support.microsoft.com/en-us/windows/create-installation-media-for-windows-99a58364-8c02-206f-aa6f-40c3b507420d <<< Just used this in hopes it may not get cleaned out because of filers. >>> to create the USB stick needed for win 11 install. After flash sick created ne reboot required and just run the setup.exe from the flash stick and accepted any warnings about not going to supported but installed Win 11 and all seems windows 11 works well from there.

Some games still may not work because needing either TPM 2.0 or Secure boot, but not my problem as I do not have time for games anyway.

@blinkblinktwo gotcha, sorry I didn't see that before. I'll work on implementing when I get a chance.

No worries.
If it helps for reference, I just added a new function in the original script, and then modified step #4 with parameters to call it.

Thanks again, take care.

function Set-RegistryValueAllUsers {
    [CmdletBinding()]
    param (
        [Parameter(Mandatory=$true)]
        [string]$SubKey,   # e.g. "Software\Microsoft\PCHC"

        [Parameter(Mandatory=$true)]
        [string]$Name,     # e.g. "UpgradeEligibility"

        [Parameter(Mandatory=$true)]
        [ValidateSet("String","ExpandString","Binary","DWord","QWord","MultiString")]
        [string]$Type,     # e.g. "DWord"

        [Parameter(Mandatory=$true)]
        [object]$Value     # e.g. 1
    )

    # Path to desired user-type registry key
    $regSubKey = "Software\Microsoft\PCHC"
    $regName   = "UpgradeEligibility"
    $regType   = "DWORD"
    $regValue  = 1


    # Get all Windows "NTUSER.DAT" local user profiles registry hives (skip system account)
    $profiles = Get-CimInstance Win32_UserProfile | Where-Object {
        ($_.Special -eq $false) -and (Test-Path $_.LocalPath)
    }


    foreach ($profile in $profiles) {
        $sid  = $profile.SID
        $path = "$($profile.LocalPath)\NTUSER.DAT"


        if ($profile.Loaded) {
            # User reg hive is already mounted (user is logged in -- write value to path HKEY_USERS, no unmount!)
            $fullKeyPath = "Registry::HKEY_USERS\$sid\$regSubKey"

            if (-not (Test-Path $fullKeyPath)) {
                New-Item -Path $fullKeyPath -Force | Out-Null
            }

            New-ItemProperty -Path $fullKeyPath `
                             -Name $regName `
                             -PropertyType $regType `
                             -Value $regValue -Force | Out-Null

            Write-Host "Set for logged-IN user $($profile.LocalPath)"
        }


        else {
            # User reg hive is NOT loaded (load manually in HKEY_USERS, write value, then unmount!)
            Write-Host "Loading hive for logged-out user $($profile.LocalPath)"

            reg load "HKU\$sid" $path | Out-Null
            try {
                $fullKeyPath = "Registry::HKEY_USERS\$sid\$regSubKey"

                if (-not (Test-Path $fullKeyPath)) {
                    New-Item -Path $fullKeyPath -Force | Out-Null
                }

                New-ItemProperty -Path $fullKeyPath `
                                 -Name $regName `
                                 -PropertyType $regType `
                                 -Value $regValue -Force | Out-Null

                Write-Host "Set for logged-OUT user $($profile.LocalPath)"
            }


            finally {
                reg unload "HKU\$sid" | Out-Null
            }
    
        }

    }

}

# Step 4: Set Upgrade Eligibility flag in HKCU/HKEY_USER for ALL logged in and out local users.
Write-Host "Step 4: Setting upgrade eligibility flag..." -ForegroundColor Yellow
Set-RegistryValueAllUsers -SubKey "Software\Microsoft\PCHC" -Name "UpgradeEligibility" -Type DWord -Value 1
Write-Host "Eligibility flag set on ALL users." -ForegroundColor Green