Install Windows 11 24H2 Without Losing Files: UEFI, Secure Boot, Drivers, Done

Rules of engagement (what we’re trying to guarantee)

“Install without losing files” is not a vibe. It’s a set of conditions you either meet or you don’t. Here’s what we’re guaranteeing—and what we’re not.

What “without losing files” realistically means

• Your user profile data stays intact: C:\Users\..., Documents/Desktop/Downloads, browser profiles, local app data.
• Your disk layout remains usable: EFI System Partition (ESP), Microsoft Reserved (MSR), Windows partition, and Recovery partition are present and sane.
• Your encryption state is controlled: BitLocker is either suspended or you have the key and can boot.
• Your storage controller is supported during setup: NVMe/RAID/VMD drivers are available if your firmware uses them.

What this does not promise

• Every application survives unchanged. Security software and legacy VPN clients are famous for breaking upgrades.
• Every driver stays stable. Windows will happily “upgrade” your GPU driver into a performance regression.
• Every firmware is well-behaved. Some laptops treat BIOS updates like art projects.

Also: a “keep files” install is not a backup. Backups are what you have before the plan goes wrong. The plan is what you do to avoid needing the backup.

Joke #1: Windows upgrades are like airline boarding: the process is standardized, the outcome depends on everyone following the rules.

Interesting facts and quick history

These aren’t trivia for trivia’s sake; they explain why Windows 11 installs behave the way they do.

1. UEFI replaced legacy BIOS over a decade ago, but “CSM/Legacy Boot” still exists because enterprises keep old images and old habits alive longer than they should.
2. GPT became the modern standard largely because of disk size and partition limits. MBR’s practical partitioning constraints were fine—until they weren’t.
3. Secure Boot launched in the Windows 8 era as a way to reduce bootkits and pre-OS malware. It’s annoying right up until it saves you.
4. TPM 2.0 requirements in Windows 11 were a blunt instrument to raise the baseline for credential protection and measured boot. It also forced a lot of hardware reality checks.
5. BitLocker recovery prompts often happen after firmware or boot changes because the TPM “seal” no longer matches measured boot state. That’s by design.
6. Intel RST/VMD storage modes (common on laptops) can hide NVMe drives from setup unless the right driver is loaded—especially when RAID/VMD is enabled in BIOS.
7. The “Windows.old” folder behavior is why some “install while keeping files” scenarios work: Windows moves the old OS aside instead of overwriting it immediately.
8. Windows Setup is conservative about ESP and recovery partitions and may refuse to proceed if it can’t create/resize what it needs. That’s one reason “there isn’t enough space” shows up even when C: has plenty.

Choose your path: in-place upgrade vs “install while keeping files”

Path A: In-place upgrade (recommended if Windows boots normally)

This is the cleanest “no drama” option: run setup from within Windows (ISO mounted or USB) and choose Keep personal files and apps. It preserves installed applications, most settings, domain join state, and device management enrollment.

Use this when: your current Windows is stable, your disk is healthy, and you can log in normally.

Avoid when: you already have file system corruption, repeated blue screens, or you can’t trust the current installation.

Path B: “Install” from USB, keep files (less ideal, but often works)

Boot from installation media, point it at the existing Windows partition, and you might get a “keep files” outcome via Windows.old. In practice, this is less predictable, more sensitive to partition layout and encryption, and more likely to lose apps.

Use this when: Windows won’t boot, but the disk and data are intact and you need a repair-ish reinstall.

Path C: Clean install + manual migration (the reliable nuclear option)

If you can’t trust the old OS and you want a known-good baseline, do a clean install and restore data from backup. This is the most reliable from an SRE perspective—because you can repeat it. It’s also the least “without losing files” unless you planned for it.

Preflight checks that prevent heartbreak

1) Decide what you can’t afford to lose

On real machines, the irreplaceable stuff is usually not “files.” It’s credentials, encryption keys, browser profiles, and the one proprietary app that requires an activation dance.

• If BitLocker is enabled, confirm you can retrieve the recovery key before you do anything else.
• If you’re on a work device, confirm you can re-enroll into MDM or the domain if needed.
• If you use WSL, export important distros. Upgrades typically keep them, but “typically” isn’t an SLA.

2) Confirm hardware requirements the boring way

Windows 11 wants UEFI, Secure Boot capability, and TPM 2.0. Don’t guess. Check.

3) Check disk health and free space

Upgrades need working space for WinSxS operations, rollback, and temporary install data. If you’re under ~30–40 GB free, you’re in the danger zone. Not because Microsoft said so, but because rollback and temporary staging behave like a hungry cache.

4) Pause the stuff that breaks installs

• Third-party antivirus/EDR: disable or uninstall if it’s known to interfere.
• Disk “optimizer” tools: no. Also no registry cleaners.
• Overclocking or undervolting: revert to stock during install. You can chase performance later.

Joke #2: Registry cleaners are like “diet water”: they mostly remove money from your wallet.

Drivers: storage first, graphics later

If Windows Setup can’t see your disk, nothing else matters. Storage drivers are your first-class citizen; GPU drivers can wait until after first boot.

Know your storage mode

On many laptops (especially Intel platforms), the BIOS exposes:

• AHCI (simple, often easiest for Setup)
• RAID (sometimes enabled by default, even without an actual RAID array)
• VMD (Intel Volume Management Device; can require Intel RST/VMD driver during setup)

Changing RAID/VMD to AHCI can make Setup easy—and can make the existing Windows unbootable if it doesn’t have the right drivers enabled. Treat BIOS storage changes like a schema migration: planned, staged, reversible.

Driver strategy that works

1. Before upgrade, download storage drivers (Intel RST/VMD or OEM pack) and put them on a USB stick.
2. During setup, if your disk doesn’t appear, use Load driver and point to that USB.
3. After install, install chipset and network drivers early; GPU drivers after you’re stable.

UEFI, GPT, TPM, Secure Boot: the adult supervision layer

Windows 11 24H2 wants a modern boot chain. The practical translation:

• Boot mode: UEFI
• Partition style: GPT (not MBR)
• Secure Boot: capable and typically enabled
• TPM: 2.0 present and enabled (PTT/fTPM counts)

UEFI vs Legacy: why you care

Legacy boot (CSM) is a compatibility layer. It’s also a magnet for weirdness: bootloader quirks, Secure Boot disabled, and installation media that boots one way today and another way tomorrow depending on BIOS selection.

GPT vs MBR: the conversion question

If you’re on MBR but otherwise healthy, MBR2GPT is often the cleanest path: convert in place, preserve data, switch firmware to UEFI, and proceed. But don’t do it blind—validate the disk layout and confirm you can recover if it goes sideways.

Secure Boot reality

Secure Boot is frequently blamed for failures it didn’t cause. More often, the real issue is bad boot entries, a too-small EFI partition, or a firmware that’s confused after multiple OS installs. Secure Boot just happens to be the light that turns on when the firmware notices something off.

One reliability quote that survives every postmortem: “Hope is not a strategy.” — General H. Norman Schwarzkopf (often repeated in ops circles)

Checklists / step-by-step plan

Plan A (best): in-place upgrade while keeping apps + files

1. Verify UEFI, GPT, TPM 2.0, Secure Boot capability.
2. Confirm BitLocker state; suspend if enabled.
3. Check disk health and free space; fix obvious issues.
4. Collect storage drivers (RST/VMD/OEM) onto a USB, just in case.
5. Mount Windows 11 24H2 ISO in Windows, run setup.exe.
6. Select Keep personal files and apps.
7. After first boot: check Device Manager, Windows Update, event logs; only then install optional vendor drivers.
8. Resume BitLocker protection.

Plan B: upgrade/repair when Windows won’t boot

1. Boot to Windows Recovery Environment (WinRE) or install USB.
2. If disk not visible: load storage driver.
3. Attempt startup repair; if needed repair boot entries.
4. If you must reinstall: install to the existing Windows partition without formatting; preserve Windows.old.
5. After boot: migrate data from Windows.old; reinstall apps.

Plan C: clean install with minimal pain

1. Back up user data and keys (BitLocker recovery, browser, SSH, etc.).
2. Clean install to a freshly formatted OS partition.
3. Install chipset + storage + network drivers.
4. Restore user data, re-enroll device management, reinstall apps.

Practical tasks with commands: what the output means and what you decide

These tasks assume you can open an elevated Command Prompt or PowerShell in Windows, or you’re in WinRE/Setup where Shift+F10 gives you a command prompt. Commands are shown in a bash-styled block per the output contract; treat them as literal Windows commands.

Task 1: Confirm UEFI vs Legacy boot (from Windows)

cr0x@server:~$ bcdedit /enum | findstr /i "path"
path                    \EFI\MICROSOFT\BOOT\BOOTMGFW.EFI

What it means: If you see \EFI\... you are booting in UEFI mode. If you see \Windows\system32\winload.exe, you’re likely in Legacy/CSM.

Decision: If you’re not in UEFI, plan a conversion (MBR2GPT + firmware switch) before expecting a clean Windows 11 experience.

Task 2: Confirm partition style (GPT vs MBR)

cr0x@server:~$ diskpart
Microsoft DiskPart version 10.0.22621.1

DISKPART> list disk

  Disk ###  Status         Size     Free     Dyn  Gpt
  --------  -------------  -------  -------  ---  ---
  Disk 0    Online          476 GB      0 B        *

What it means: The * under Gpt means Disk 0 is GPT.

Decision: If there’s no *, you’re on MBR. Consider MBR2GPT if you want UEFI/Secure Boot aligned with Windows 11.

Task 3: Check TPM version and readiness

cr0x@server:~$ powershell -NoProfile -Command "Get-Tpm | Format-List TpmPresent,TpmReady,ManagedAuthLevel,ManufacturerVersion"
TpmPresent : True
TpmReady   : True
ManagedAuthLevel : Full
ManufacturerVersion : 7.2.2.0

What it means: TPM exists and is ready. If TpmPresent is False, check BIOS for fTPM/PTT.

Decision: If not ready, fix firmware settings before upgrade. Don’t start the install hoping Setup will “figure it out.” It won’t.

Task 4: Check Secure Boot state

cr0x@server:~$ powershell -NoProfile -Command "Confirm-SecureBootUEFI"
True

What it means: Secure Boot is enabled. If this errors with “Cmdlet not supported,” you’re likely not booted via UEFI.

Decision: If Secure Boot is disabled but available, enable it after confirming you’re on UEFI/GPT and your boot chain is healthy.

Task 5: Check BitLocker status (and whether you must suspend)

cr0x@server:~$ manage-bde -status c:
BitLocker Drive Encryption: Configuration Tool version 10.0.22621
Volume C: [OSDisk]
    Conversion Status:    Fully Encrypted
    Protection Status:    Protection On
    Lock Status:          Unlocked
    Identification Field: Unknown

What it means: Protection is on. Firmware/boot changes can trigger recovery prompts.

Decision: Suspend protection before upgrade and resume afterward, unless policy forbids it (then ensure recovery keys are accessible).

Task 6: Suspend BitLocker for one reboot cycle

cr0x@server:~$ manage-bde -protectors -disable c:
Key protectors are now disabled.

What it means: TPM sealing won’t block the next boot because protectors are suspended.

Decision: Proceed with upgrade. After you confirm stable boot post-upgrade, re-enable.

Task 7: Verify OS health quickly (system file check)

cr0x@server:~$ sfc /scannow
Beginning system scan.  This process will take some time.
Windows Resource Protection found corrupt files and successfully repaired them.

What it means: Corruption existed and was repaired. If it cannot repair, you may need DISM restore health next.

Decision: If SFC can’t fix issues, do DISM before upgrading. Upgrades on a sick image tend to fail late and waste your time.

Task 8: Repair component store (DISM)

cr0x@server:~$ DISM /Online /Cleanup-Image /RestoreHealth
Deployment Image Servicing and Management tool
Version: 10.0.22621.1

[==========================100.0%==========================]
The restore operation completed successfully.

What it means: The component store is consistent again.

Decision: Re-run SFC once. If both are clean, your base is good for in-place upgrade.

Task 9: Check free space (and decide if you must clean up)

cr0x@server:~$ powershell -NoProfile -Command "Get-PSDrive -Name C | Select-Object Used,Free"
Used Free
---- ----
410GB 28GB

What it means: 28 GB free is borderline. It may work, but rollback and temp space can get tight.

Decision: Free space to at least ~40 GB if you can. If you can’t, expect weird failures and longer downtime.

Task 10: Identify if you’re on MBR and validate MBR2GPT readiness

cr0x@server:~$ mbr2gpt /validate /disk:0 /allowFullOS
MBR2GPT: Attempting to validate disk 0
MBR2GPT: Retrieving layout of disk
MBR2GPT: Validating layout, disk sector size is: 512 bytes
MBR2GPT: Validation completed successfully

What it means: Disk layout can be converted without wiping.

Decision: If validation fails, stop and inspect partitions. Common reasons: too many partitions, not enough space for the EFI system partition, or weird OEM layouts.

Task 11: Convert MBR to GPT (only after validation)

cr0x@server:~$ mbr2gpt /convert /disk:0 /allowFullOS
MBR2GPT: Attempting to convert disk 0
MBR2GPT: Creating the EFI system partition
MBR2GPT: Installing the new boot files
MBR2GPT: Conversion completed successfully

What it means: GPT conversion succeeded and boot files were placed on the new ESP.

Decision: Reboot into firmware settings and switch boot mode to UEFI (disable CSM). If you don’t flip firmware, you can strand the machine.

Task 12: Find why an upgrade failed (SetupDiag)

cr0x@server:~$ SetupDiag.exe /Output:C:\Temp\SetupDiagResults.log
SetupDiag version: 1.6.0.0
LogPath: C:\Temp\SetupDiagResults.log
Found 1 matching profile.
Profile: CompatBlock
Result: Blocked due to incompatible driver: oem12.inf

What it means: A driver compatibility block stopped the upgrade. This is common with older storage, VPN, or security drivers.

Decision: Remove or update the blocking driver before retrying. Don’t brute-force the upgrade; the block exists because the outcome is usually unstable.

Task 13: Inspect installed drivers and spot troublemakers

cr0x@server:~$ pnputil /enum-drivers | findstr /i "Published Name Original Name Provider Class"
Published Name : oem12.inf
Original Name  : badvpnfilter.inf
Provider Name  : Contoso Networking
Class Name     : NetService

What it means: You can map SetupDiag’s oem12.inf to the real component.

Decision: Uninstall the corresponding application/driver, or replace with an updated version tested for 24H2.

Task 14: Remove a problematic driver package (carefully)

cr0x@server:~$ pnputil /delete-driver oem12.inf /uninstall /force
Driver package deleted successfully.

What it means: The driver is removed from the driver store and uninstalled.

Decision: Reboot if required. Then rerun the upgrade. If the driver was for networking, have an offline driver installer ready.

Task 15: When Setup can’t see your disk (WinPE/Setup: load driver, confirm disk)

cr0x@server:~$ diskpart
DISKPART> list disk

  Disk ###  Status         Size     Free     Dyn  Gpt
  --------  -------------  -------  -------  ---  ---
  Disk 0    Online          953 GB      0 B        *

What it means: Disk is visible now. If it wasn’t before loading drivers, you just proved it’s a storage driver issue, not a dead SSD.

Decision: Proceed with installation. After first boot, install the matching storage driver package in Windows to avoid surprises.

Task 16: Fix boot records when the machine won’t boot after conversion/upgrade

cr0x@server:~$ bcdboot C:\Windows /f UEFI
Boot files successfully created.

What it means: Boot files were recreated on the EFI System Partition.

Decision: Reboot. If firmware still doesn’t boot Windows, check boot order and confirm the correct “Windows Boot Manager” entry exists.

Task 17: Check the EFI partition exists and has room (WinRE)

cr0x@server:~$ diskpart
DISKPART> list vol

  Volume ###  Ltr  Label        Fs     Type        Size     Status     Info
  ----------  ---  -----------  -----  ----------  -------  ---------  --------
  Volume 1         SYSTEM       FAT32  Partition    100 MB  Healthy    System
  Volume 2     C                NTFS   Partition    475 GB  Healthy    Boot

What it means: ESP exists (FAT32, “System”). 100 MB can be tight depending on vendor bloat in EFI.

Decision: If upgrades complain about system partition space, consider expanding ESP (advanced, risky) or cleaning unused EFI entries. If you don’t know what you’re doing, don’t freestyle partition surgery.

Fast diagnosis playbook

When an upgrade fails, you can spend hours wandering through logs—or you can triage like you mean it.

First: is this a visibility problem (disk/boot) or a compatibility problem (drivers/policies)?

1. Does Windows Setup see the target disk?
   • If no: suspect storage mode (VMD/RAID), missing driver, or failed SSD.
   • If yes: move on; your bottleneck is likely compatibility, space, or health.
2. Does the current Windows boot reliably?
   • If no: don’t in-place upgrade blindly. Fix boot/FS corruption first.

Second: check the three common upgrade killers

1. Free space: if you’re under ~30–40 GB, fix that first.
2. Disk/image health: run SFC + DISM; failing upgrades on corrupted images is a waste of calendar time.
3. Driver blocks: run SetupDiag; remove/update the blocking driver.

Third: check the boot chain prerequisites

1. UEFI boot mode confirmed
2. Disk is GPT
3. Secure Boot is supported (enabled if possible)
4. TPM is present and ready

Fourth: only then get fancy

• ESP size constraints
• Odd OEM recovery partitions
• Firmware bugs / BIOS updates
• Exotic filter drivers (DLP, VPN, legacy storage accelerators)

Common mistakes: symptom → root cause → fix

1) “This PC can’t run Windows 11” during setup

Symptom: Setup blocks on requirements even though the hardware “should” be fine.

Root cause: Booted installer in Legacy mode, TPM disabled, Secure Boot not available because CSM is on, or disk is MBR.

Fix: Boot installer explicitly as UEFI, enable TPM (PTT/fTPM) in BIOS, convert disk to GPT with MBR2GPT, then enable Secure Boot.

2) Disk not found / “We couldn’t find any drives”

Symptom: Windows Setup can’t see the NVMe/SSD.

Root cause: Intel VMD/RST mode enabled without the right driver, or a storage controller needing OEM driver.

Fix: Load storage driver during setup, or switch to AHCI only if you’re prepared to fix the existing OS boot driver configuration.

3) BitLocker recovery key prompt after upgrade

Symptom: On reboot, you’re asked for a 48-digit recovery key.

Root cause: TPM measured boot changed due to firmware changes, bootloader rebuild, Secure Boot toggles, or PCR profile changes.

Fix: Enter the key, boot, then suspend/resume BitLocker to re-seal. Before future upgrades: suspend protectors pre-change.

4) Upgrade rolls back at ~70–90%

Symptom: “Undoing changes” and you’re back on the old build.

Root cause: Driver compatibility block, filter driver issues, or failing device migration (often storage, networking, security agents).

Fix: Run SetupDiag, remove/update the flagged driver; unplug nonessential peripherals; retry.

5) “Windows can’t be installed on this disk” (partition style mismatch)

Symptom: Setup says GPT required or says it can’t install to a GPT disk.

Root cause: You booted the installer in the wrong mode (UEFI vs Legacy) relative to disk partition style.

Fix: Boot installer in UEFI for GPT disks. If you must keep Legacy (don’t), use MBR (again: don’t, if Windows 11 is the goal).

6) “We couldn’t update the system reserved partition”

Symptom: Upgrade fails with reserved/system partition space errors.

Root cause: ESP too small or stuffed with vendor EFI junk; recovery partition layout prevents resizing.

Fix: Clean up unused EFI entries, or carefully expand ESP using partition tools. If you aren’t comfortable: do a clean install with a sane partition layout.

7) Post-upgrade: Wi‑Fi missing or network unstable

Symptom: No network, unknown device, or intermittent drops.

Root cause: OEM wireless driver not present or replaced by a generic driver.

Fix: Install OEM chipset + Wi‑Fi drivers. Keep them offline on a USB before upgrade if it’s a laptop.

8) Post-upgrade: random freezes under load

Symptom: System “hangs” during gaming, compiling, or heavy IO.

Root cause: Old storage driver, firmware bug, or undervolt/overclock instability revealed by the new kernel/driver behavior.

Fix: Update BIOS and storage drivers, return to stock settings, then reintroduce tuning once stable.

Three corporate mini-stories from the trenches

Incident caused by a wrong assumption: “It’s just an in-place upgrade”

A mid-size company decided to move a fleet of laptops to a new Windows build. The plan was simple: in-place upgrade overnight, keep apps, keep files, keep everyone calm. The project lead assumed Secure Boot was already enabled because the devices were “modern.” They were modern. They were also configured with CSM enabled for an ancient imaging workflow nobody wanted to admit existed.

The upgrade job ran. Many devices took the update, rebooted, and landed in a recovery prompt. Not BitLocker recovery—boot recovery. Some systems couldn’t find a bootable OS because the install media had been booted in the wrong mode on a subset of devices, and the resulting boot entries weren’t consistent. A few machines did boot, but their security baseline drifted: UEFI variables and boot entries weren’t uniform. Great for security audits, if you enjoy drama.

The response wasn’t heroics. It was inventory. They pulled boot mode, partition style, and Secure Boot status into a report first. Then they set a rule: no upgrade unless UEFI+GPT was confirmed and Secure Boot was at least supported. For devices out of spec, they ran MBR2GPT during a controlled window, flipped firmware settings, validated boot, and only then upgraded.

The lesson wasn’t “don’t upgrade.” It was “don’t upgrade based on a belief system.” Configuration drift is real. The only winning move is to measure first and change second.

Optimization that backfired: saving time by skipping driver prep

Another org tried to be clever. They were upgrading a mix of desktops and high-end laptops. Someone argued that collecting OEM drivers was wasted effort: “Windows Update will handle it.” For most desktops, that was mostly true. For a chunk of laptops, it was false in the most time-expensive way possible.

Those laptops used a storage configuration that depended on a specific Intel storage stack. The upgrade worked on some machines, and failed spectacularly on others, depending on subtle BIOS versions and whether VMD was enabled. When setup couldn’t see the disk, helpdesk tickets spiked. Remote remediation was impossible because, shockingly, you can’t remote into a machine that’s stuck inside Windows Setup without a drive.

They ended up dispatching hands-on support with USB sticks containing the missing storage drivers. That’s the part nobody budgets for: the logistics cost of “we’ll figure it out later.” Later is always more expensive.

After that week, the driver plan became boring and mandatory: storage and network drivers staged locally before upgrade. They even standardized a per-model driver bundle. The time savings of skipping prep had been real—right up until it became negative.

Boring but correct practice that saved the day: suspend BitLocker, document recovery keys, then resume

A finance org ran upgrades under strict security controls. BitLocker had to stay on. TPM had to stay on. Nobody was allowed to “temporarily disable security” unless there was a documented procedure and evidence that controls were restored.

So they did the boring thing: before any upgrade, they verified recovery keys were escrowed and accessible, then suspended BitLocker protectors for the shortest practical window. After upgrade and first successful boot, they re-enabled protectors and recorded the state. They also treated BIOS updates as separate change windows, not something you sneak into the same reboot as an OS upgrade.

During the rollout, a subset of machines did prompt for recovery keys anyway—because firmware settings had drifted and one model had a BIOS update applied earlier. But because the keys were known-good and the process was rehearsed, users weren’t locked out for hours. They entered the key, booted, protectors were re-sealed, and the incident ended as a footnote, not a fire drill.

Security people loved it because it reduced risk. Operations loved it because it reduced downtime. Users loved it because nothing about their day changed. This is what “boring” looks like when it’s done right.

FAQ

1) Can I install Windows 11 24H2 without losing files if I boot from USB?

Sometimes. Booting from USB increases the chance you’ll lose apps and settings. If Windows still boots, run setup from inside Windows and choose “Keep personal files and apps.” That’s the reliable “keep everything” path.

2) Do I need to enable Secure Boot to install Windows 11?

You need Secure Boot capability, and in many environments it’s expected to be enabled. If you’re already on UEFI/GPT, enable Secure Boot unless you have a specific compatibility reason not to.

3) I’m on MBR. Can I convert to GPT without wiping?

Often yes, using mbr2gpt, assuming your partition layout is compatible. Validate first, convert second, then switch firmware to UEFI. If validation fails, don’t brute-force it—inspect the layout and fix the blockers.

4) Should I switch BIOS storage mode from RAID/VMD to AHCI?

Only with intent. Switching can make the existing Windows unbootable if AHCI drivers weren’t enabled. If Setup can’t see the disk, loading the right storage driver is usually safer than flipping BIOS modes midstream.

5) How much free space do I actually need?

If you want a low-stress upgrade, aim for 40 GB free on C:. You can succeed with less, but failures and rollbacks get more likely, and troubleshooting gets worse.

6) Will I lose my files if the upgrade rolls back?

Usually no; rollbacks are designed to restore the previous OS state. But “usually” isn’t “always.” If you’re doing this on a machine you care about, have a backup of the data you can’t replace.

7) What’s the fastest way to find why the upgrade failed?

Run SetupDiag and read the result profile. If it points to a driver (oemXX.inf), map it with pnputil, then update/remove it and retry.

8) I got a BitLocker recovery prompt after upgrade. Did I lose encryption?

No. It means the TPM measured boot state changed and BitLocker wants proof you’re authorized. Enter the recovery key, boot, and then re-seal by suspending/resuming protectors as appropriate.

9) Can I keep files if I do a clean install?

Not automatically. You can copy data off beforehand (external drive/cloud), then restore. Some people try to rely on Windows.old from a non-format install; it’s workable but not guaranteed and usually loses apps.

10) Should I update BIOS before installing Windows 11 24H2?

If you’re already stable and your BIOS is not ancient, don’t combine BIOS updates and OS upgrades in one change window. If you need a BIOS update for TPM/Secure Boot stability or storage visibility, do it first, reboot, confirm stability, then upgrade.

Next steps you should actually do

1. Inventory your boot chain: confirm UEFI + GPT + TPM ready + Secure Boot capability.
2. Control BitLocker: verify recovery key access, suspend for the upgrade window, resume afterward.
3. Stage drivers: storage driver and network driver on a USB stick. You want to be able to see the disk and get online even if Windows guesses wrong.
4. Run health checks: SFC + DISM. Fix corruption before you ask Setup to do gymnastics.
5. Upgrade from within Windows if at all possible: it’s the best path for keeping apps and user state intact.
6. After the upgrade: confirm Device Manager is clean, check that encryption is resumed, and only then do “nice-to-have” driver updates.

If you follow this order, Windows 11 24H2 becomes a routine change instead of an exciting one. In ops, “exciting” is not a compliment.