blob: abd3954dd65a20b029d6cb0633398b15f677ea1d (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
|
# Follow manual pre-setup from intra to install Windows 11 ARM and virtio drivers:
# "How to create a Windows 11 ARM tier1 image using Qemu"
# Configure Windows after pre-setup
* Enable Remote Desktop:
- Settings - System - Remote Desktop - On
* Resolution set to 1280x800
- Unfortunately not possible, only 1280x1024 is available
* Coin-setup:
- Installing Boostrap agent
- Disabling fast boot
- Disabling firewall
- Disabling UAC
- Enabling autologin
- Automatic login
- Disabling windows updates
* Turn off Windows defender:
- Microsoft Defender Antivirus turned off: Open 'gpedit.msc': 'Computer Configuration' - 'Administrative Templates' - 'Windows Components' - 'Microsoft Defender Antivirus'
- Edit 'Turn off Microsoft Defender Antivirus' > 'Enabled' > 'Apply'
- Reboot on Safe mode:
- Open msconfig - Boot tab - enable “Safe boot“ - apply - restart
- In Safe mode:
- Take Ownership of Defender:
- Open properties - Right click "C:\Program Files\Windows Defender\Platform" and select 'Properties'
- Open Security tab - Advanced - Owner: Change - Advanced - Find now - Select Administrators - Ok - Ok
- Remove all Permissions: Permissions tab - Select 'Disable inheritance' - Remove all entries -Select 'Replace all child object permi…' - Apply
- Disable Windows defender also from RegEdit:
- Open regedit - Navigate to 'HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services'
- Change the following folders the key Start to 4
- Sense (Windows defender advanced threat protection)
- WdBoot (Windows defender boot)
- WdFilter (Microsoft antimalware file system filter driver)
- WdNisDrv (Windows Defender Network Inspection Driver)
- WdNisSvc (Windows Defender Network Inspection Service)
- WinDefend (Windows Defender Antivirus Service)
- mpssvc (Windows Defender Firewall)
- NOTE! Without these step windows defender can't be disabled!
- Reboot back to normal mode
* Background defrag disabled: 'Defragment And Optimize Drives' - 'change settings' - unchecked "run on a schedule"
- Run in terminal: 'schtasks /Delete /TN "Microsoft\Windows\Defrag\ScheduledDefrag"'
* Time:
- Settings - System - Date & time - Time zone: 'Co-ordinated Universal Time'
- Settings - System - Date & time - "Set the time automatically: Off"
* Regional format:
- Settings - Time & language - Language and region - regional format - English (United States)
* Power saver:
- Settings - System - Power - Screen and sleep: set 'When plugged in, turn off my screen after' to 'never'
* Windows search disabled:
- 'C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Services' - 'Windows search' - stop & disable
* Sysmain disabled:
- 'C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Services' - 'SysMain' - stop & disable
* Windows update:
- Settings - Windows Update - run available updates (Windows update2023-09 Cumulative Update for Windows 11 Version 22H2 for arm64-based Systems (KB5030219))
- After reboot disable windows updates:
- 'C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Services' - 'Windows updates' - stop & disable
* Turn windows features on or off -> Check the "SMB 1.0/CIFS File Sharing Support"
* (Restart Windows)
* Google Chrome installed for RTA
* Virus & threat protection settings:
* Check that there's no active antivirus providers
* Activate Windows
# Next
Proceed to install pre-provisioning scripts manually to Tier1 image
|
