serrj-sv/win_11_tips

## win_11_tips
1. Prevent Windows Update from downgrading Intel UHD driver:
Use the wushowhide.diagcab Tool from Microsoft to hide and block the driver update:
http://download.microsoft.com/download/f/2/2/f22d5fdb-59cd-4275-8c95-1be17bf70b21/wushowhide.diagcab

2. Completely disable Hyper-V:
- Remove Hyper-V related stuff in "Turn Windows Features On or OFF"
- Use DG & DC Readiness tool to completely disable Windows Defender Device Guard and Windows Defender Credential Guard:
latest:
https://docs.microsoft.com/en-us/windows/security/identity-protection/credential-guard/dg-readiness-tool
older:
https://www.microsoft.com/en-us/download/details.aspx?id=53337

3. Hardware-accelerated Bitlocker with Samsung nVME 980 Pro (Windows 10/11 Pro):
- Install Windows
- Install Samsung Magician
- Set nVME drive to "ready for encrypt"
- Disable Secure Boot in BIOS (prevent Windows auto-encrypt with software based bitlocker)
- Secure erase nVME drive
- Set "Disable Block Sid -> Enabled" in BIOS and proceed installing Windows immediately
- After Windows is installed, go to BIOS and enable Secure Boot
- Run gpedit.msc ->
  Local Computer Policy ->
    Administrative Templates ->
      Windows Components ->
        Bitlocker Drive Encryption ->
          Operating System Drives ->
             Configure use of hardware-based encryption for fixed data drives -> Enabled
- Enable bitlocker for system drive.
- Make sure HW acceleration is enabled (in elevated cmd prompt):
  > manage-bde -status C:
	1. Prevent Windows Update from downgrading Intel UHD driver:
	Use the wushowhide.diagcab Tool from Microsoft to hide and block the driver update:
	http://download.microsoft.com/download/f/2/2/f22d5fdb-59cd-4275-8c95-1be17bf70b21/wushowhide.diagcab

	2. Completely disable Hyper-V:
	- Remove Hyper-V related stuff in "Turn Windows Features On or OFF"
	- Use DG & DC Readiness tool to completely disable Windows Defender Device Guard and Windows Defender Credential Guard:
	latest:
	https://docs.microsoft.com/en-us/windows/security/identity-protection/credential-guard/dg-readiness-tool
	older:
	https://www.microsoft.com/en-us/download/details.aspx?id=53337

	3. Hardware-accelerated Bitlocker with Samsung nVME 980 Pro (Windows 10/11 Pro):
	- Install Windows
	- Install Samsung Magician
	- Set nVME drive to "ready for encrypt"
	- Disable Secure Boot in BIOS (prevent Windows auto-encrypt with software based bitlocker)
	- Secure erase nVME drive
	- Set "Disable Block Sid -> Enabled" in BIOS and proceed installing Windows immediately
	- After Windows is installed, go to BIOS and enable Secure Boot
	- Run gpedit.msc ->
	Local Computer Policy ->
	Administrative Templates ->
	Windows Components ->
	Bitlocker Drive Encryption ->
	Operating System Drives ->
	Configure use of hardware-based encryption for fixed data drives -> Enabled
	- Enable bitlocker for system drive.
	- Make sure HW acceleration is enabled (in elevated cmd prompt):
	> manage-bde -status C: