# Follow manual pre-setup from intra to install Windows 11 ARM and virtio drivers: # "How to create a Windows 11 ARM tier1 image using Qemu" # Configure Windows after pre-setup * Enable Remote Desktop: - Settings - System - Remote Desktop - On * Resolution set to 1280x800 - Unfortunately not possible, only 1280x1024 is available * Coin-setup: - Installing Boostrap agent - Disabling fast boot - Disabling firewall - Disabling UAC - Enabling autologin - Automatic login - Disabling windows updates * Turn off Windows defender: - Microsoft Defender Antivirus turned off: Open 'gpedit.msc': 'Computer Configuration' - 'Administrative Templates' - 'Windows Components' - 'Microsoft Defender Antivirus' - Edit 'Turn off Microsoft Defender Antivirus' > 'Enabled' > 'Apply' - Reboot on Safe mode: - Open msconfig - Boot tab - enable “Safe boot“ - apply - restart - In Safe mode: - Take Ownership of Defender: - Open properties - Right click "C:\Program Files\Windows Defender\Platform" and select 'Properties' - Open Security tab - Advanced - Owner: Change - Advanced - Find now - Select Administrators - Ok - Ok - Remove all Permissions: Permissions tab - Select 'Disable inheritance' - Remove all entries -Select 'Replace all child object permi…' - Apply - Disable Windows defender also from RegEdit: - Open regedit - Navigate to 'HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services' - Change the following folders the key Start to 4 - Sense (Windows defender advanced threat protection) - WdBoot (Windows defender boot) - WdFilter (Microsoft antimalware file system filter driver) - WdNisDrv (Windows Defender Network Inspection Driver) - WdNisSvc (Windows Defender Network Inspection Service) - WinDefend (Windows Defender Antivirus Service) - mpssvc (Windows Defender Firewall) - NOTE! Without these step windows defender can't be disabled! - Reboot back to normal mode * Background defrag disabled: 'Defragment And Optimize Drives' - 'change settings' - unchecked "run on a schedule" - Run in terminal: 'schtasks /Delete /TN "Microsoft\Windows\Defrag\ScheduledDefrag"' * Time: - Settings - System - Date & time - Time zone: 'Co-ordinated Universal Time' - Settings - System - Date & time - "Set the time automatically: Off" * Regional format: - Settings - Time & language - Language and region - regional format - English (United States) * Power saver: - Settings - System - Power - Screen and sleep: set 'When plugged in, turn off my screen after' to 'never' * Windows search disabled: - 'C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Services' - 'Windows search' - stop & disable * Sysmain disabled: - 'C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Services' - 'SysMain' - stop & disable * Windows update: - Settings - Windows Update - run available updates (Windows update2023-09 Cumulative Update for Windows 11 Version 22H2 for arm64-based Systems (KB5030219)) - After reboot disable windows updates: - 'C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Services' - 'Windows updates' - stop & disable * Turn windows features on or off -> Check the "SMB 1.0/CIFS File Sharing Support" * Disable Windows Restore Points: Search 'Create a restore point' -> 'System Protection' tab -> Configure C: drive -> Disable & Delete restore points. * Disable widgets: Right click the task bar -> 'Taskbar settings' -> toggle off anything related to widgets. * (Restart Windows) * Google Chrome installed for RTA * Virus & threat protection settings: * Check that there's no active antivirus providers * Run .NET runtime optimization service: open terminal and run: Start-Process -NoNewWindow -FilePath "C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\ngen.exe" -ArgumentList ExecuteQueuedItems -Wait - It may be needed to rerun after installing Visual Studio. Just run it until it prints: "All compilation targets are up to date." * Activate Windows # Next Proceed to install pre-provisioning scripts manually to Tier1 image