coin/pre-provisioning/qtci-windows-11_23H2-x86_64/README_MANUAL_INSTALLATIONS


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140

# List about manual pre-installations to Tier1 image:

VM Options:
Boot options/Firmware: BIOS

Language to install: English (United States)
Time and currency format: English (United States)
Keyboard or input method: United Kingdom
Windows 11 Enterprise
location: finnish


# If note "This PC can't run Windows 11" appears
shift + F10 - regedit - add: HKEY_LOCAL_MACHINE/SYSTEM/Setup/LabConfig
   'regedit' to open Registry Editor
   Go to: HKEY_LOCAL_MACHINE/SYSTEM/Setup/
   Right click 'Setup' folder: New -> Key -> Name: LabConfig
add DWORD value BypassTPMCheck with value 1
   Right click 'LabConfig' folder: New -> DWORD (32-bit) -> Name: BypassTPMCheck
   Double-click on the BypassTPMCheck, change value to 1
add DWORD value BypassSecureBootCheck value 1
   repeat
Close the regedit and the installation window ('X') to start the installation again.

Load driver - browse - virtio-win-0.1.204 - amd64 - w10


Region: Finland
Keyboard layout: United Kingdom
Keyboard layout: English (United State)


* Sign-in options - Domain join instead
   - Add user & pw
* Location - no
* Find my device - no
* Diagnostic data - Required only
* Inking and typing - no
* Tailored expreriences - no
* Advertising ID - no

Reboot
After reboot and startup, go to 'This PC' -> virtio-win-0.1.204 and run virtio-win-qt-x64

# Register the image to OpenNebula now
# After registering the image and opening a persistent VM out of it in ON, continue to these steps

* Using Windows Remote Desktop Connection (RDP) is recommended
   - Connect to the tier-1 VM with VNC in OpenNebula
   - Open CMD, run: ipconfig
   - Input the IP to RDP. Click "Show options" -> add username. Connect.
   - You can now copy&paste paths and .ps1 scripts later
* Resolution set to 1280x800
   - If 1280x800 is not listed in the settings, select a 1280 width (e.g. 1280x960) and:
      - regedit -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\GraphicsDrivers\Configuration
      - Select a key/folder and its subkeys (00/00) that has the resolution you just selected
      - Change every height value (e.g. 960) to 800
      - Restart Windows
* Coin-setup:
* Download the agent executable from the IP that is used in Qt5 dev COIN_DOWNLOAD_URL (check from a build log):
   http://[COIN IP]/coin/binary/windows_amd64/agent.exe
* Run the executable. It should do the following configurations to Windows but you should check them.
   - Installing Bootstrap agent
   - Disabling fast boot
      - No related settings in control panel.
      - Make sure it's disabled: gpedit -> Computer Configuration\Administrative Templates\System\Shutdown\
         - Require use of fast startup -> set to "Disabled".
   - Disabling firewall
   - Disabling UAC
   - Enabling autologin
      - regedit -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\PasswordLess\Device
         - DevicePasswordLessBuildVersion: 2 -> 0
      - netplwiz -> uncheck: "Users must enter a user name and password...", apply
   - Disabling windows updates
      - gpedit -> Computer Configuration\Administrative Templates\Windows Components\Windows Update\Manage end user experience
         - "Configure Automatic Updates" -> "Disabled"
   - Bootstrap agent CMD window should now pop-up at every Windows start up.
* Turn off Windows defender:
   - Microsoft Defender Antivirus turned off: Open 'gpedit.msc':  'Computer Configuration' - 'Administrative Templates' - 'Windows Components' - 'Microsoft Defender Antivirus'
      - Edit 'Turn off Microsoft Defender Antivirus' > 'Enabled' > 'Apply'
   - Reboot on Safe mode:
      - Open msconfig - Boot tab - enable “Safe boot“ - apply - restart
      - In Safe mode:
         - Take Ownership of Defender:
            - Open properties - Right click "C:\Program Files\Windows Defender\Platform" and select 'Properties'
            - Open Security tab - Advanced - Owner: Change - Advanced - Find now - Select Administrators - Ok - Ok
            - Remove all Permissions: Permissions tab
            - Select 'Disable inheritance'
            - Remove all entries
            - Select 'Replace all child object permi…' - Apply
         - Disable Windows defender also from RegEdit:
            - Open regedit - Navigate to 'HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services'
            - Change the following folders the key Start to 4
               - Sense (Windows defender advanced threat protection)
               - WdBoot (Windows defender boot)
               - WdFilter (Microsoft antimalware file system filter driver)
               - WdNisDrv (Windows Defender Network Inspection Driver)
               - WdNisSvc (Windows Defender Network Inspection Service)
               - WinDefend (Windows Defender Antivirus Service)
               - mpssvc (Windows Defender Firewall)
   - NOTE! Without these step windows defender can't be disabled!
   - Reboot back to normal mode
* Background defrag disabled: 'Defragment And Optimize Drives' - 'change settings' - unchecked "run on a schedule"
   - Run in terminal: 'schtasks /Delete /TN "Microsoft\Windows\Defrag\ScheduledDefrag"'
* Time:
   - Settings - Time & language - Date & time - Time zone: 'Coordinated Universal Time'
   - Settings - System - Date & time - "Set the time automatically: Off"
* Regional format:
   - Settings - Time & language - Language and region - regional format - English (United States)
* Power saver:
   - Settings - System - Power - Screen and sleep: set 'When plugged in, turn off my screen after' to 'never'
* Windows search disabled:
   - 'C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Tools\Services'
      - 'Windows search' - properties - stop & Startup type: disabled
* Sysmain disabled:
   - 'C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Tools\Services' - 'SysMain' - stop & disable
* Windows update:
   - Settings - Windows Update - run available updates (Windows update2024-02 Cumulative Update for Windows 11 Version 23H2 for x64-based Systems (KB5034765))
   - After reboot disable windows updates:
      - 'C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Tools\Services' - 'Windows updates' - stop & disable
* Turn windows features on or off -> Check the "SMB 1.0/CIFS File Sharing Support"
* Allow running scripts by all users
   - Open PowerShell, type: Set-ExecutionPolicy -ExecutionPolicy Bypass
* (Restart Windows)
* Google Chrome installed for RTA
* Virus & threat protection settings:
   * Check that there's no active antivirus providers
* Disable useless startup apps with Task manager
   - OneDrive
   - SecurityHealthSystray
   - Microsoft Edge
      - Open Edge and turn off all boosts and background tasks. Task manager should not show Edge processes when Edge is off.
* Disable clean manager
   - Settings: System -> Storage -> Storage management -> Storage Sense: Off
* Run the disable/enable .ps1 scripts
   - Copy&paste the scripts (+helpers.ps1) to the VM, run them.
* Install msvc2019 and msvc2022 (follow the msvc2019.txt and msvc2022.txt files)
   - Open Task Scheduler: Task Scheduler Library > Microsoft > VisualStudio > Updates > right-click: BackgroundDownload > disable
* Activate Windows
* When everything seems ready: shut down Windows, Select 'Power off' in OpenNebula.