Windows 11: Registry Keys, SMB Protocol, and SystemInfo
Windows 11 was released on October 5, 2021. It has several new installation requirements including, most notably, Secure Boot and a Trusted Platform Module. These features can provide a more secure computing environment, but if you need to virtualize a Windows 11 environment, you will need virtualization software that supports this.
Although I would normally install a new Windows OS in ESX, I installed Windows 11 using VMware Workstation which has support for Secure Boot and a TPM. Windows 11 installed without an issue, and after booting, the most notable change was the GUI which is not terrible. However, it was the items that did not change that caught my eye. These items have been known to change with newer versions of Windows. VERT uses some of these indicators to accurately detect the versions of Windows. With these indicators not being updated, VERT will need to find additional methods to accurately detect the operating system.
Registry Keys
There was only one registry in HKLM that contained the string “Windows 11.” Microsoft usually updates the registry key HKLMSoftwareMicrosoftWindows NTCurrentVersion with the version of Windows. However, with Windows 11, you can see that the following keys have been updated: CurrentBuild, CurrentBuildNumber, and UBR. The CurrentBuild (22000) and UBR (194) form the build version for Windows 11 (https://docs.microsoft.com/en-us/windows/release-health/windows11-release-information). However, the ProductName value still calls this operating system “Windows 10.”
The SMB Protocol
The SMB protocol on Windows 11 advertises that the environment is running Windows 10. This could fool people into believing that this operating system is Windows 10 with the build version of 22000. However, Windows 10 does not currently have a build with a version of 22000 (https://docs.microsoft.com/en-us/windows/release-health/release-information, https://docs.microsoft.com/en-us/windows-server/get-started/windows-server-release-info).
SystemInfo
Systeminfo provides the correct operating system name, but it looks like the OS version is using 10 and not 11.
Windows 11 seems to have remnants of Windows 10 left behind in the registry and SMB. This does not seem like a mistake because Windows 11 feels more like a feature update for Windows 10. The only difference with this update is that Windows 11 forces users to use secure boot and to have a compatible TPM. Any system that does not support these requirements will be left to use Windows 10 or an alternative operating system.
The post ” Windows 11: Registry Keys, SMB Protocol, and SystemInfo” appeared first on TripWire
Source:TripWire – Andrew Swoboda