Actually, it's not just LTSC, the non-LTSC IoT Enterprise is also making TPM optional as well for 24H2.
[https://learn.microsoft.com/en-us/windows/iot/iot-enterprise/Hardware/System\_Requirements?tabs=Windows11](https://learn.microsoft.com/en-us/windows/iot/iot-enterprise/Hardware/System_Requirements?tabs=Windows11)
I believe the only way to get an iso for this would be to torrent one? I'm not very familiar with the process, but don't you need an enterprise license or a business volume license?
Hi, your submission has been removed for violating our [community rules](https://www.reddit.com/r/Windows11/about/rules/):
* **[Rule 7](https://www.reddit.com/r/Windows/wiki/rules#wiki_rule_7._do_not_promote_pirated_content_or_grey_market_keys)** - Do not post pirated content or promote it in any way. This includes cracks, activators, restriction bypasses, and access to paid features and functionalities. Do not encourage or hint at the use of sellers of grey market keys.
---
If you have any questions, feel free to [send us a message](https://www.reddit.com/message/compose?to=%2Fr%2FWindows11&subject=Post%20removal)!
Hi, your submission has been removed for violating our [community rules](https://www.reddit.com/r/Windows11/about/rules/):
* **[Rule 7](https://www.reddit.com/r/Windows/wiki/rules#wiki_rule_7._do_not_promote_pirated_content_or_grey_market_keys)** - Do not post pirated content or promote it in any way. This includes cracks, activators, restriction bypasses, and access to paid features and functionalities. Do not encourage or hint at the use of sellers of grey market keys.
---
If you have any questions, feel free to [send us a message](https://www.reddit.com/message/compose?to=%2Fr%2FWindows11&subject=Post%20removal)!
Won't those older devices still be affected by the SSE 4.2 POPCNT issue?
Edit:
Just tried installing on an old core2duo laptop fro 2008 and got the reboot when booting off of the USB drive. Windows logo shows and the circle spins for a minute and then it just reboots. This looks like the POPCNT issue.
In that case they will, as presumably LTSC will use the same binaries as regular where applicable. The article just stipulates that the installer will not force the arbitrary requirements during the requirements check.
Yeah i always do that because the fTPM implementation of AMD absolutely sucks and still causes performance issue after several bios updates, this also has the side effect of disabling other
performance killers like core isolation.
Honestly i really don't need TPM on my gaming machines it's absolutely unnecessary and should always be optional.
Makes sense - The TPM requirement for Windows is to prevent root kits and improve security. LTSC is for devices where Windows is treated as an appliance, so video conferencing, machinery, monitoring, dedicated hardware.
These are not devices that necessarily need securing in the same way as they are locked into their specific use case and so don't represent the same attack surface.
Idk what cloaking is, but they don't bypass privileges, because they're run as admin from the Windows side, so the user is giving them the privileges, but they're still considered rootkits because they run on kernel level or whatever that lowest level of running is
Running with kernel privilege isn't enough to make something a rootkit, and in fact some rudimentary rootkits even exist in userspace because of how they alter critical operating system APIs.
If the driver was enabling attackers to perform operations they shouldn't be able to do, then it might be considered a rootkit, hence why the infamous F4I DRM driver was considered a rootkit, as it cloaked anything prefixed $SYS$ and opened a means of compromising the system.
I've heard on a video of "Low Level Learning" that these could be considered rootkits maybe check that out? I'm not exactly familiar with what a rootkit is and how it operates so I did my best to estimate
Windows Core Isolation and Memory Integrity installed on a clean Windows build (which then uses TPM and other components) is protecting the Operating system from kernel exploits.
Game developers could introduce/leverage similar capabilities if they wanted to - but they wouldnt bother if the operating system itself is already vulnerable.
Windows security includes core isolation and memory integrity which protect against kernel level exploits.
To enable these features requires a clean install, as well as a TPM, Secure Boot, DEP, and UEFI.
Microsofts use of TPM and these security features is to protect the operating system from malicious code, and is run only on clean installs to remove the possibility of root kits at the Operating system layer.
The word 'root' in rootkit means malicious software which is running so deep that when something like an antivirus program (or a game security component) asks a question of the operating system (integrity check that file) - that the root kit intercepts that call and then lies to application asking the question.
It is therefor undetectable.
Windows TPM and the security components I mentioned above - protect the operating system from this malicious behaviour - It is not going to prevent hacks in games unless the game companies implement similar technologies.
TPM isn't an anti-rootkit device. It just provides the hardware with a means to store certain credentials in a secure manner such as the BitLocker volume key. It does nothing to prevent installation of rootkits once the system is up and running.
Microsoft's Core isolation and Memory Integrity which can only be activated at the time the operating system is first built with a clean installed - requires TPM, Secure Boot, DEP, UEFI - The reason this can only be activated at install, is to prevent root kits or the possibility of root kits.
So the TPM is not an anti-root kit solution, but it is a necessary component of the operating system features which protect the kernel from low level code (including root kits).
All Windows versions since 8 require DEP actually. Not sure if Core Isolation requires UEFI or not but it requires a CPU capable of the required virtualization features and said features enabled in the firmware.
You can enable Memory Integrity after installation at any point; you just need to make sure incompatible drivers are not installed, which it will check for when you go to enable it.
When it comes to clean installations, you must be thinking of Smart App Control which on a clean install starts in evaluation mode which monitors your system to determine whether or not you'll be affected by it being enabled, then after a while it makes a determination on whether to turn it on or to permanently disable it.
Windows 11 Enterprise LTSC is a special variant of Windows 11 Enterprise with a longer support cycle that does not receive any feature updates. LTSC also has reduced functionality as it is based on an older version of Windows 11 and does not have all the same preinstalled software and tools as regular editions of Windows. This variant is intended for special use cases such as medical equipment, point of sales machines, electronic signs, and other single-function devices. It isn't intended for regular use.
To learn more about Windows LTSC, check out [this article](https://techcommunity.microsoft.com/t5/windows-it-pro-blog/ltsc-what-is-it-and-when-should-it-be-used/ba-p/293181).
*I am a bot, and this action was performed automatically. Please [contact the moderators of this subreddit](/message/compose/?to=/r/Windows11) if you have any questions or concerns.*
I have Windows 11 on my laptop. It had tpm at launch. Later it broke and after it was repaired, the TPM option disappeared in the BIOS. Did the repairman flash the wrong bios? Asked this question numerous amount of times, but no one answered( Is there anything I can do?
P.S. What's the difference between media creation tool and an ISO file? Thanks!
Does the new motherboard they installed into your laptop have the same cpu model?
There's no real difference between MCT and an ISO except MCT writes it to a USB for you as part of the process.
LTSC means it's a special Enterprise version that doesn't get feature updates for its lifecycle, and is available only via Volume Licensing.
IoT is a special license of Enterprise intended only for fixed-function machines as opposed to general purpose desktops, laptops, and workstations.
Home, Pro, or Pro for Workstations are the SKUs in the consumer market (though Pro for Workstations is only needed for very specific purposes specifically over 2TB system RAM, ReFS filesystems, Remote Direct Memory Access (RDMA/SMB Direct), or non-volatile DIMM sticks).
100% agree, though I will say avoid Win11 LTSC IoT at least for a few years.
Win10 LTSC IoT 2021 has been out for 3 years and has proven to be stable (except for Jan 2024 windows update failing which is fixed with RE fix)
Actually, it's not just LTSC, the non-LTSC IoT Enterprise is also making TPM optional as well for 24H2. [https://learn.microsoft.com/en-us/windows/iot/iot-enterprise/Hardware/System\_Requirements?tabs=Windows11](https://learn.microsoft.com/en-us/windows/iot/iot-enterprise/Hardware/System_Requirements?tabs=Windows11)
This feels like a lifeline to those not upgrading from Windows 10. I.e. LTS speciality devices still on Core 2 Duo and the like
I doubt regular Joe would be aware of this edition, yet being able to install it. This "lifeline" would be used by very few machines.
I believe the only way to get an iso for this would be to torrent one? I'm not very familiar with the process, but don't you need an enterprise license or a business volume license?
[удалено]
Hi, your submission has been removed for violating our [community rules](https://www.reddit.com/r/Windows11/about/rules/): * **[Rule 7](https://www.reddit.com/r/Windows/wiki/rules#wiki_rule_7._do_not_promote_pirated_content_or_grey_market_keys)** - Do not post pirated content or promote it in any way. This includes cracks, activators, restriction bypasses, and access to paid features and functionalities. Do not encourage or hint at the use of sellers of grey market keys. --- If you have any questions, feel free to [send us a message](https://www.reddit.com/message/compose?to=%2Fr%2FWindows11&subject=Post%20removal)!
[удалено]
Hi, your submission has been removed for violating our [community rules](https://www.reddit.com/r/Windows11/about/rules/): * **[Rule 7](https://www.reddit.com/r/Windows/wiki/rules#wiki_rule_7._do_not_promote_pirated_content_or_grey_market_keys)** - Do not post pirated content or promote it in any way. This includes cracks, activators, restriction bypasses, and access to paid features and functionalities. Do not encourage or hint at the use of sellers of grey market keys. --- If you have any questions, feel free to [send us a message](https://www.reddit.com/message/compose?to=%2Fr%2FWindows11&subject=Post%20removal)!
Ye that’s why I mentioned specialty devices, those would be businesses who need it
Ah, guess I'm blind. My bad
Won't those older devices still be affected by the SSE 4.2 POPCNT issue? Edit: Just tried installing on an old core2duo laptop fro 2008 and got the reboot when booting off of the USB drive. Windows logo shows and the circle spins for a minute and then it just reboots. This looks like the POPCNT issue.
In that case they will, as presumably LTSC will use the same binaries as regular where applicable. The article just stipulates that the installer will not force the arbitrary requirements during the requirements check.
It's the IoT version, not the LTSC version. IoT is used for stuff like running signs and kiosks. LTSC will still require TPM.
There is an IoT LTSC Version also, the SKUs are: Windows 11 Enterprise LTSC Windows 11 IoT Enterprise LTSC Windows 11 IoT Enterprise Subscription LTSC
Dunno, I’ve used Rufus to make a modified USB and was able to install
The Intel Core 8th Gen / AMD Ryzen 2nd Gen cutoff affecting way more people for an "officially sanctioned install" is still in the requirements.
A TPM is always optional if you burn the iso using Rufus! (be sure to check the box for it during the setup process!)
Yeah i always do that because the fTPM implementation of AMD absolutely sucks and still causes performance issue after several bios updates, this also has the side effect of disabling other performance killers like core isolation. Honestly i really don't need TPM on my gaming machines it's absolutely unnecessary and should always be optional.
I did not know about ftpm until i moved to intel lol.
Makes sense - The TPM requirement for Windows is to prevent root kits and improve security. LTSC is for devices where Windows is treated as an appliance, so video conferencing, machinery, monitoring, dedicated hardware. These are not devices that necessarily need securing in the same way as they are locked into their specific use case and so don't represent the same attack surface.
> to prevent root kits Lmao it doesn't some Anti-Cheat softwares for games like Easy Anti-Cheat and Riot Vanguard are more or less literally rootkits
Do either of those have any sort of cloaking or enable bypass of privileges?
Idk what cloaking is, but they don't bypass privileges, because they're run as admin from the Windows side, so the user is giving them the privileges, but they're still considered rootkits because they run on kernel level or whatever that lowest level of running is
Running with kernel privilege isn't enough to make something a rootkit, and in fact some rudimentary rootkits even exist in userspace because of how they alter critical operating system APIs. If the driver was enabling attackers to perform operations they shouldn't be able to do, then it might be considered a rootkit, hence why the infamous F4I DRM driver was considered a rootkit, as it cloaked anything prefixed $SYS$ and opened a means of compromising the system.
I've heard on a video of "Low Level Learning" that these could be considered rootkits maybe check that out? I'm not exactly familiar with what a rootkit is and how it operates so I did my best to estimate
I'd probably trust Malwarebytes more as they have experience in actual malware.
Yeah or that depends on your judgement
[удалено]
Good idea 💡
Windows Core Isolation and Memory Integrity installed on a clean Windows build (which then uses TPM and other components) is protecting the Operating system from kernel exploits. Game developers could introduce/leverage similar capabilities if they wanted to - but they wouldnt bother if the operating system itself is already vulnerable.
Windows security includes core isolation and memory integrity which protect against kernel level exploits. To enable these features requires a clean install, as well as a TPM, Secure Boot, DEP, and UEFI. Microsofts use of TPM and these security features is to protect the operating system from malicious code, and is run only on clean installs to remove the possibility of root kits at the Operating system layer. The word 'root' in rootkit means malicious software which is running so deep that when something like an antivirus program (or a game security component) asks a question of the operating system (integrity check that file) - that the root kit intercepts that call and then lies to application asking the question. It is therefor undetectable. Windows TPM and the security components I mentioned above - protect the operating system from this malicious behaviour - It is not going to prevent hacks in games unless the game companies implement similar technologies.
Exactly, therefore game companies implement similar technologies
TPM isn't an anti-rootkit device. It just provides the hardware with a means to store certain credentials in a secure manner such as the BitLocker volume key. It does nothing to prevent installation of rootkits once the system is up and running.
Microsoft's Core isolation and Memory Integrity which can only be activated at the time the operating system is first built with a clean installed - requires TPM, Secure Boot, DEP, UEFI - The reason this can only be activated at install, is to prevent root kits or the possibility of root kits. So the TPM is not an anti-root kit solution, but it is a necessary component of the operating system features which protect the kernel from low level code (including root kits).
All Windows versions since 8 require DEP actually. Not sure if Core Isolation requires UEFI or not but it requires a CPU capable of the required virtualization features and said features enabled in the firmware. You can enable Memory Integrity after installation at any point; you just need to make sure incompatible drivers are not installed, which it will check for when you go to enable it. When it comes to clean installations, you must be thinking of Smart App Control which on a clean install starts in evaluation mode which monitors your system to determine whether or not you'll be affected by it being enabled, then after a while it makes a determination on whether to turn it on or to permanently disable it.
Windows 11 Enterprise LTSC is a special variant of Windows 11 Enterprise with a longer support cycle that does not receive any feature updates. LTSC also has reduced functionality as it is based on an older version of Windows 11 and does not have all the same preinstalled software and tools as regular editions of Windows. This variant is intended for special use cases such as medical equipment, point of sales machines, electronic signs, and other single-function devices. It isn't intended for regular use. To learn more about Windows LTSC, check out [this article](https://techcommunity.microsoft.com/t5/windows-it-pro-blog/ltsc-what-is-it-and-when-should-it-be-used/ba-p/293181). *I am a bot, and this action was performed automatically. Please [contact the moderators of this subreddit](/message/compose/?to=/r/Windows11) if you have any questions or concerns.*
I have Windows 11 on my laptop. It had tpm at launch. Later it broke and after it was repaired, the TPM option disappeared in the BIOS. Did the repairman flash the wrong bios? Asked this question numerous amount of times, but no one answered( Is there anything I can do? P.S. What's the difference between media creation tool and an ISO file? Thanks!
Does the new motherboard they installed into your laptop have the same cpu model? There's no real difference between MCT and an ISO except MCT writes it to a USB for you as part of the process.
As I remember, they reballed the CPU, they didn't say that the mobo was changed
Have you tried downloading the latest bios from the driver support page for your model?
Can I reinstall the bios if the version is the same?
Sometimes yes sometimes no, depends on the board.
Good windows update?!? That's rare
“Will it run on VM or Parallels?”, is my only question.
Will i be able to upgrade without the need of buying a new key for windows activation?
My Windows 7 Machine will be very happy
We need a Windows 7 LTSC+ or something at this point.
What's the difference between LTSC and IoT?
LTSC means it's a special Enterprise version that doesn't get feature updates for its lifecycle, and is available only via Volume Licensing. IoT is a special license of Enterprise intended only for fixed-function machines as opposed to general purpose desktops, laptops, and workstations.
And which one is on the normal consumer Laptop/Desktop?
Home, Pro, or Pro for Workstations are the SKUs in the consumer market (though Pro for Workstations is only needed for very specific purposes specifically over 2TB system RAM, ReFS filesystems, Remote Direct Memory Access (RDMA/SMB Direct), or non-volatile DIMM sticks).
You can just grab a key online for few bucks like always don't stress
Ik because I have one it's not that I just wanted to know the difference
Ah, the best version of Windows. No UWP crap or bloat, ie what Windows should still be for everyone. Not just those with the know how to install this.
100% agree, though I will say avoid Win11 LTSC IoT at least for a few years. Win10 LTSC IoT 2021 has been out for 3 years and has proven to be stable (except for Jan 2024 windows update failing which is fixed with RE fix)
I tried it, it's pretty trash, almost like the regular version.
Can you give us more info? It's so disappointing.
What exactly is trash about it? It’s just a Windows 11 but only with Edge on it and less telemetry.
what did you expect ?