Windows 11 build 21380

10.0.21380.1001.fs_dev6_flt.210511-1900
	Build of Windows 11
Version number	10.0
Build number	21380
Build revision	1001
Architecture	AMD64
Build lab	fs_dev6_flt
Compiled on	2021-05-11
Expiration date
Timebomb	2021-10-31 (+173 days)
SKUs
	Home (N, Single Language); SE (N); Pro (N, Single Language, China); Pro Education (N); Pro for Workstations (N); Education (N); Enterprise (N, Multi-session); IoT Enterprise
Product key
	Use a Windows 10/11 retail key
About dialog

Windows 11 build 21380 is the earliest available build of Windows 11, which was first shown running on an Acer Aspire Vero prototype on multiple occasions. The prototype was first demonstrated during the 2021 Hong Kong Computer and Communications Festival — many photographs from the event detailing various aspects of the user interface as well as version information were posted on BetaArchive by member DiaoSlime in August 2021.^[1] The same model was then also demonstrated in articles published by several technology publications, including UltrabookReview.com^[2] and Polish website dobreprogramy.^[3]

The build was later uploaded to BetaWorld on 8 June 2023,^[4] along with another three internal Firesteel builds 21370, 21376 and 21385. It was shared publicly two days later via the BetaWorld Blog.^[5]

This build is one out of many known builds to be compiled from a branch with the fs prefix. The prefix stands for Firesteel, the codename for an internal Microsoft self-hosting effort related to Windows 11 development.^[6] It is currently the earliest available build to introduce a sizeable number of user interface changes that would be later included in the final release, which include but are not limited to reworked versions of the Start menu and taskbar, the new Widgets feature, and functional improvements to window snapping. A leak source detection implementation is also present in the build, and can be controlled through the use of a Velocity staging key. It also notably replaces the older logo first introduced in Windows 8 with a new flat design (similar to the 2012 Microsoft logo); however, the old design still persists in certain areas presented within the build.

Unlike newer builds of Windows 11 from build 21996 onwards, it does not enforce the TPM 2.0 or UEFI requirements.

New features and changes[edit | edit source]

This build contains many new and updated features in relation to the user experience. Windows 11 branding has been introduced throughout the operating system. The out-of-box experience from Windows 10X makes a reappearance in this build with slight visual updates, and other user interface elements have been updated bearing a resemblance to the Windows 10X aesthetic. The new boot animation, previously added in prior builds that replaces the progress ring from Windows 8 still remains disabled by default, however. There is also a new theme-dependent sound scheme present, which also introduces a new startup sound to replace the sound first introduced in Windows Vista but disabled by default in Windows 8, 8.1, and 10.

The Aero visual style has been updated with new neumorphic controls and widgets. The new design makes large use of elements such as rounded corners, shadows, as well as blue accents. Window frames have also been updated to use rounded corners. Unlike build 21996, this build forces rounded corners even when Desktop Window Manager is running in software rendering mode or when GPU drivers are not present, meaning that rounded corners are always present.

The File Explorer icon has been changed in order to be consistent with the new Fluent icon set design previously introduced with Windows 10 build 21343.

Start menu and Taskbar[edit | edit source]

A new taskbar, similar to the one featured in build 21996, has been introduced. The Start button and app buttons are centered by default, rather than aligned to the left, although the old behavior can be re-enabled in Settings. The new taskbar also removes support for custom toolbars such as the Quick Launch panel. The ability to open the jump list for applications on the taskbar by dragging up on the icon is no longer present.

The options to change the location of the taskbar and show window/applications names in the taskbar have been removed. The setting to show the taskbar on all displays was also removed, although it can be toggled directly using a registry value:

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced]
"MMTaskbarEnabled"=dword:00000001

Similarly, the option to use smaller icons in the taskbar has been removed from Settings, although a new registry setting was introduced that also adds a new, larger than default mode for the taskbar:

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced]
; Small taskbar
"TaskbarSi"=dword:00000000

; Medium taskbar (default)
"TaskbarSi"=dword:00000001

; Large taskbar
"TaskbarSi"=dword:00000002

The News and interests functionality has also been removed from the new taskbar in favor of the newer Widgets feature (referred to as the Windows Dashboard in this build), a panel available from the taskbar that slides from the left and contains weather information and news provided by MSN. Support for third-party widgets would not be implemented until Copper build 25217. It can be brought back by reverting back to the Windows 10 shell.

Together with the new taskbar, the Start menu has been greatly revamped. Live tiles have been completely removed, with the intended replacement also being the new Widgets panel. The main page shows icons of pinned applications in the top half, with the full list of apps being available by clicking the "All Apps" button in the top right corner. The lower half shows recommended apps and files, which can also be expanded by clicking the "More" button on the right side. The bottom panel contains the power button on the right and the user name and picture on the left, which when clicked reveals links to user account settings, logoff and lock features.

Similarly to the multi-monitor taskbar, the new Start menu can also be disabled using a registry value, reverting back to the Windows 10 design:^[7]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced]
"Start_ShowClassicMode"=dword:00000001

Windows 10 shell[edit | edit source]

The new Windows 11 user interface can be disabled by merging the below registry entries and restarting the Explorer shell:

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell\Update\Packages]
"UndockingDisabled"=dword:00000001

Certain functionalities become absent when these changes take effect:

Quick Link menu (⊞ Win+X shortcut)
Start menu search functionality

Snap layouts[edit | edit source]

Hovering over the Maximize/Restore button in the window caption by default shows a new menu that allows the user to pick a snap layout, as well as being able to choose the current window's position in it. Furthermore, when multiple windows are snapped next to each other, the taskbar also shows a common window preview for all windows in the layout when hovering over the respective apps icons.

Snap layout menu

Leak protection[edit | edit source]

Leak protection methods in action. Note how the watermark, the hash (and its position), the size of the Show Desktop button, the date/time format and the winver legal notices are dynamically changed as DWORD value 0D83063EA3B87C75 is modified through the Registry Editor and after the system has been rebooted.

The watermark on the desktop and in Windows Setup includes the notice that advises Microsoft employees not to take screenshots of the build, as later seen in build 21990. A hexadecimal build hash is also present at the bottom left corner of the screen.

Additionally, leak-source detection code is implemented. Every string in the watermark and within the File Explorer application has whitespace, colon and dash characters predictably replaced by their Unicode full-width counterparts based on the value of WNF_SHEL_INTERNAL_EXPERIMENT and a constant number of bits used in a rotate-left instruction (always constant for each line, 0-4 are used, incrementing for each string). The same effect is also applied against the taskbar clock and the legal copyright/trademark protections string in the Version Reporter Applet dialog box (rotation value 0 is used here), and was additionally attempted against the OS version string in the about box (containing the build number). Due to human error, the pointer to the first string is passed in again (which would either be NULL, leading to a null dereference crash, or a freed buffer). The visibility of the current calendar day and the size of the Show Desktop button are adjusted depending on the value of the above-mentioned variable.

The LogonController.dll dynamic link library initially sets variable WNF_SHEL_INTERNAL_EXPERIMENT from DWORD value Attributes located in HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{2C57C51B-FD43-4E74-B077-551AE6228AD6}, and then saved to the registry again as binary value 0D83063EA3B87C75 in HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Notifications\Data (the last 4 bytes are the DWORD value); some of the bits are responsible for controlling other functionality as well.

Implementation details[edit | edit source]

This functionality is controlled by Velocity staging key 31496852, enabled by default in Firesteel builds 21376 onwards and internally referred to as XPTest. The leak warning string is hardcoded into the dynamic link library shell32.dll; this would remain untranslated in every other language.

The text is concatenated to a buffer where the test code signing watermark is written to. If test code signing is enabled in the current boot entry, two additional period and whitespace characters are concatenated to the buffer first, such that the watermark would read Test Mode. Do not take screen shots of this build.; this is additionally shown in the publicly available footage of build 21990.

The hash-ID is implemented in a different manner to older major versions of Windows:

The current user's SID is obtained, and its sub-authorities are XORed together.
The DWORD from WNF state value WNF_SHEL_INTERNAL_EXPERIMENT is obtained, and XORed by constant value 0x5475A568;
Let the previous two values be x and y; the hash is initialized to zero then obtained from 32 rounds of hash += hash + _addcarry_u32(0, x, x, &x); hash += hash + _addcarry_u32(0, y, y, &y).

The height of the hash also depends on the current value of the WNF_SHEL_INTERNAL_EXPERIMENT variable. When it is painted onto the desktop, the Y-position is derived from bits 11-12 of WNF_SHEL_INTERNAL_EXPERIMENT: y = bottom_of_watermark - height_of_single_watermark_line * ((WNF_SHEL_INTERNAL_EXPERIMENT >> 11) & 0b11);.

Due to the additional code mentioned above, a screenshot with hash-ID leaks the WNF_SHEL_INTERNAL_EXPERIMENT value, which could be used to derive the current user's SID from the hash (which would reveal the domain user inside Microsoft's corporate network).

Themes[edit | edit source]

Four Windows 11 themes (i.e. Captured Motion, Flow, Glow and Sunrise) from the final release of Windows 11 make their first appearance in this build. However, the default theme still uses the Hero wallpaper from the Windows 10 May 2019 Update as the default wallpaper, and would not be replaced with Bloom until the compilation of build 21385.

The dark variant of the default theme utilizes a placeholder work-in-progress version of the older Hero wallpaper from the original Windows 10 release with varying differences, such as the set used to construct the actual image being visible in its entirety and a different lighting setup, reminiscent of natural sunlight. This wallpaper variant originally first appeared in retail demo content for the initial Windows 10 release as part of an attract loop.

Out-of-box experience[edit | edit source]

The redesigned out-of-box experience which initially introduced in Windows 10X has been included. It is also the earliest available build to use the Windows 11 animation in the start of OOBE.

Touch[edit | edit source]

The build also introduces many changes regarding support for touch devices, the largest of which is the complete removal of the legacy Tablet Mode start menu. The advanced multi-touch gestures (initially supported for touchpads only) can now also be used with a touch screen as well. Smaller improvements to simplify the experience of the Windows desktop for tablet users such as a larger window resize hitbox have also been implemented, making windows far easier to manage. In addition, while being dragged, windows are encased in an acrylic border.

Settings[edit | edit source]

The new Fluent UI icon set has been implemented into the Settings app.

SE edition[edit | edit source]

This build renames the Cloud Edition SKU previously introduced in build 21354 to Windows 11 SE. The edition is intended for low-cost computers aimed at educational institutions to compete with ChromeOS. It can only be managed over Microsoft Intune for Education.

In this build, it removes customer-oriented features, such as Your Phone and Widgets, and disables the Microsoft Store. It is also required to log in using a Microsoft account during the OOBE. However, unlike Windows 10 S, there is no limitation that prevents running Win32 apps not downloaded from the Store.

Bugs and quirks[edit | edit source]

A majority of the issues presented in this build are the direct consequence of constant forward/reverse integration and merging from various branches, including changes sourced from shell branches belonging to the Windows Devices and eXperiences team (WDX). In addition, the original installation media was produced with bad metadata as the primary installation image was captured while undergoing a servicing operation that regenerates the WNF_SHEL_INTERNAL_EXPERIMENT seed, resulting in invalid access control lists and bad reparsing data persisting across thousands of files within the image and causing built-in applications (and by extension part of the Windows shell) to misbehave.

General[edit | edit source]

Several built-in applications such as Photos, Microsoft Store, Windows Defender and Windows Terminal, may fail to install and launch properly.
The State Repository Service tends to experience a memory leak causing it to gradually consume more system memory over time without releasing it, leading to potential performance issues and resource exhaustion. Killing the service temporarily resolves this issue.
The file desktop.ini may generate under %ProgramData%\Microsoft\Windows\Start Menu\Programs\Startup automatically, causing it to open when signing in to Windows. Deleting the file resolves this issue. This issue is not present when booting in Safe mode.
When using dark mode, apps have a white outline.
Volumes with valid drive letters may not show up properly in the Windows Preinstallation Environment unless they are (re)assigned through the Diskpart utility.

Desktop Window Manager[edit | edit source]

The taskbar may become fully transparent when installing graphics drivers under some configurations.

Shell[edit | edit source]

When explorer.exe is started from the SYSTEM account, the old Windows 10 taskbar will appear instead of the new one.
When updating folder options, the File Explorer window might flicker in the background.
The Widgets pane's contents may fail to render on certain devices, the user can still interact with them.
The Widgets pane may not load and instantly close upon trying to open it.
Sometimes the Search Box shows a black box instead of the search results.
Many areas still use the old Windows 10 branding, including the Setup and the boot menu.
The default theme is broken in the Home SKU. Changing the theme resolves the issue.

Setup[edit | edit source]

When installing N editions, the out-of-box experience will fail to load due to the absence of required MPEG-4 codecs.
The "Forgot your password?" link when setting up a Microsoft account or unchecking the option to receive promotional emails both lead to a blank screen.
The fake boot screen presented by the Windows logon application (winlogon.exe) during the second stage of setup utilizes the wrong boot logo bitmap.
The first logon animation lacks the animated background present in later builds. Like in contemporary Cobalt builds, Times New Roman is also used as the default font instead of Segoe UI Variable after the initial greeting text.
If the network is disconnected on the Microsoft account logon page and the option to create a new account is selected, the OOBE will crash, presenting the user with a login screen with no users.