After 11 years, 1HD.BIZ domain is now for sale.
For inquiries, check out the About page.
Contact me by mail.

Deals expire left & right - Be sure to grab one on time!
Buy from my links, I get a commission. We both win. You dig?
Shopping King of Real Tangible Deals! Shop Smarter, Cheaper, Better

Sunday, January 23, 2022

Windows10, Windows11 - Create a bootable USB drive that works with Secure Boot enabled

The problem:

If you use a popular USB Flash drive program such as Rufus, it will usually create an NTFS-formatted boot drive, because the main installation file of Windows 10/11 is more than 4GB, and therefore cannot exist on a FAT32 partition. The problem with an NTFS-formatted flash drive is that you'd have to disable Secure Boot in the computer's UEFI BIOS in order to boot from it. The problem with that is Windows 11 requires Secure Boot to be Enabled, so the installer may tell you that you're not meeting the requirements and abort the installation.

The solution:

To create a proper USB flash drive that can both hold your files and boot on a Secure Boot-enabled computer, follow these steps:

1. Connect a USB flash drive. Note that all data on it will be erased. You obviously also need the source - A Windows 11 ISO or ESD file, for example. To conveniently extract files from the source media, use something like 7-Zip.

2. Open the Disk Management app. You can find it by searching for "partitions" and clicking the top result. You can also simply type diskmgmt.msc to open the Disk Management GUI.

3. Create a 1GB partition and format it as FAT32.
    Create a 2nd partition (which will occupy the remaining space) and format it as NTFS.

If you're computer-savvy and prefer to do this from the command line, open CMD with admin rights and type:
sc stop ShellHWDetection
Diskpart
list disk
sel disk # [Careful - Be sure to select the intended USB flash drive from list above!!]
clean
rescan
create par primary size=1024
select par 1
format quick fs=FAT32 label=BOOT_F32
create par primary
select par 2
active
format quick fs=NTFS label=STP_NTFS
exit
sc start ShellHWDetection

4. On the FAT32 partition, copy all the files and folders from source media, EXCEPT the "sources" folder. Then create an empty "sources" folder and copy ONLY the boot.wim file into it from source media.
 

5. On the NTFS partition, copy ALL the files and folders from source media, including those you copied before.

That's it. You now have a bootable USB flash drive with a Windows 10/11 installation that can boot on a computer that has Secure Boot enabled.