Rufus isn’t magic: How it modifies Windows 11 media

I keep seeing messages on social media about using Rufus to work around various things in the Windows 11 installation process that people don’t like. But no one ever actually explains what these are doing behind the scenes. Fortunately, since Rufus is open source, we can just look at the source code on GitHub to figure it out.

The available “tweaks” can be found in a simple dialog box:

The source code for these options can be found here. Let’s do some interpretation:

  • Remove requirement for Secure Boot and TPM 2.0
  • Remove requirement for 4GB+ RAM and 64GB+ disk

This one is interesting because it does two different things: It sets the HKLMSystemSetupLabConfig registry entries via unattend.xml RunSynchronousCommand entries, “BypassTPMCheck”, “BypassSecureBootCheck”, “BypassRAMCheck.” It also tries to set those directly in the registry of the offline OS. But those likely don’t do any good as those entries were only valid with the original Windows 11 Insider builds.

It also does something a little more hack-ish: It removes the Sourcesappraiserres.dll file from the media and replaces it with an empty file. That likely causes the appraiser to completely fail, so in effect it bypasses all checks.

There doesn’t appear to be any way to get one (e.g. Secure Boot and TPM 2.0) without the other (4GB+ RAM, 64GB+ disk). Check either box, the same things happen.

  • Remove requirement for an online Microsoft account

This option sets the “BypassNRO” value to 1 in the HKLMSOFTWAREMicrosoftWindowsCurrentVersionOOBE registry key via an unattend.xml RunSynchronousCommand entry.

  • Disable data collection (Skip privacy questions)

This is another simple modification: It sets the ProtectYourPC setting in the unattend.xml file to 3. The Microsoft documentation for this setting is awful. Initially, this setting controlled the Windows Update behavior, but it appears that it no longer does that (at least for Windows 10 and above). Now, it appears that the value of 3 just sets the default privacy settings to “off” and doesn’t prompt the user to specify those. (Since it isn’t documented, the exact behavior could be different, and potentially could change.)

Personally, I’ve never been a fan of Rufus, since you can achieve the same things through other means (mostly — I certainly wouldn’t recommend breaking the appraiser logic on purpose just to get Setup to install the OS; if you want to do that, just don’t use Setup and apply the WIM directly). But to each their own.

Source link

Share this post via

Leave a Reply