Windows – Safe way to verify that a Microsoft ISO has not been tampered with

hashingiso-imagewindows 10

I'd like to make sure an ISO (disc image) I have for a Microsoft Windows 10 OS is genuine. The way I usually do this with any file is by computing a hash of the file and comparing the result to the expected hash (typically provided by the software publisher).

The right resource would list the official ISO names along with that file's correct hash. For instance:

File: en-gb_windows_10_enterprise_2016_ltsb_n_x64_dvd_9058303.iso
SHA1: 0629BF04AA2A61E125EE6EDDF917DB471DCB8535

Something like this, but it would come directly from a Microsoft site. I do not wish to have to create a Microsoft account just to see the correct hash (eg. the hash is shown on the official download pages, but you need to have an account to get there). Any leads?

PS: By the way, if it helps anyone, I use the tiny MD5 & SHA Checksum Utility to compute hashes

Best Answer

Download ISOs and Hashes directly from Microsoft

To download Windows 10 ISOs using Windows 10, you will need to change your browser's user agent. Without this step, MS will force you to download the Media Creation Tool.

Change User Agent Using Mozilla Firefox Browser:

  • Type about:config in the address bar and press Enter.
  • Enter general.useragent.override into the search preference name box.
  • Select String and save with the + button.
  • Use the user agent of a non-Windows browser such as WebKit/Blink as the setting value.
  • More user agents can be found here: https://udger.com/resources/ua-list>
  • Instructions for other browsers can be found at HowToGeek
  • Restart Firefox by closing all windows for the changes to take effect.

Download ISO and View Hash

Verify Hash in Powershell (Windows 10)

  • Right-click Start Windows Start Icon and select Windows PowerShell.
  • Navigate to the folder with the iso image.
    cd ~/Downloads
  • Check the hash
    Get-FileHash Win10_2004_English_x64.iso | Format-List
Related Question