Electrical-Forenics Home ray@RayFranco.com                       601.529.7473
   © Dr. Ray Franco, PhD, PE  -  208 Fairways Dr., Vicksburg, MS 39183

Updated 10/03/2024

Microsoft Enforcement

Microsoft wants for force you to use the following:

Windows 11

Purchasing Licenses

According to zdnet.com on July 7, 2023, Windows 11 Pro is on sale from Stack Social for $30, and it is valid for 3 machines:

Article - https://www.zdnet.com/article/get-windows-11-pro-for-30-to-upgrade-your-security-and-work-tools/
 
Link to Purchase.

From the same site, Microsoft Office 2021 Edition is on sale for $30 for one user. The website says the sale is valid for 7 days.

On 8/30/2023, from Stack Social, I purchased Microsoft Office 2021 for the Mac for $35. There was a handling fee $2.75 and state tax. To install this software, I had to create a Microsft Account, which required me to verify an email address, give them my first and last name, set up a password, and give them my date of birth. I also had to provide my Region (US). It also looks like, I have to sign in to my Microsoft Account everytime, I want to use this software. They obviously want to track me. They want me to pay for the software, then they want to track me and sell my data! Of course, I lied to them. I am quickly becoming a Microsoft hater.

Installation

I followed the excellent tutorial on YouTube: "ExplainingComputers - Installing Windows 11 on Unsupported Hardware".
 
https://www.youtube.com/watch?v=UL_maCWM5bk
 
However, to make a bootable USB drive, it uses the program "Rufus".
 
Download Page - https://rufus.ie/downloads/
 
See Rufus Quicks below this section.

At the end of the installation process, the installer will try to force you to use a Microsoft Account to activate Windows. To use a local account instead of a Microsoft Account, when prompted for the Microsoft Account email address, use a fake email such as no@thankyou.com. Then type anything for the password. The installer will inform you that something went wrong. After you hit the next button, it will prompt you for your name, and set up a local account.

The no@thankyou.com to bypass having to create Microsoft account no longer works. However, there is another bypass:

  1. Microsoft might have blocked a sneaky bypass that let you setup Windows 11 without a Microsoft Account
  2. Door slammed on last remaining easy Windows 11 local account setup workaround

Rufus Quirks

Windows 11 Configuration

I followed the excellent tutorial on YouTube: "ExplainingComputers - Windows 11 Configuration: Privacy, Desktop Settings & Registry".
 
https://www.youtube.com/watch?v=QqLbk-PmX2Q

Privacy

Setting | Notification ! Additional Setting - uncheck all.

Setting | Personalisation| Device Usage| Cut All Off.

Setting | Personalization | Start - uncheck all

Setting | Personalization | Start | Cut All Off.

Setting | Privacy & Security | General | Disable All.

Setting | Privacy & Security | Diagnostics & Feedback | Fedback Frequence - Select Never.

Setting | Privacy & Security | Activity History | Cut All Off.

Setting | Privacy & Security | Search Permissions | Cut All Off.

Setting | Personalisation| Device Usage| Cut All Off.

Open Microsoft Expolor | Click on the Menu, "...", | Options | View Tap | Uncheck Show Sync Provider Notifications | Click On Apply and Click on Apply to Folders.

Taskbar & Computer Icon

Right Click Taskbar | Select Settings | Disable Widgets | Disable Chat | Taskbar Bechavior - Align Left.

Remove Microsoft Store and Micro Edge Browwer

Plug in USB Flash Drive | Select Take No Action | Drag the USB icon to the taskbar.

Setting | Personalization | Themes | Desktop Icon Setting | check box Computer.

Disable OneDrive

"You can turn off the folder backup. If you don't have enough space or simply don't need the backup option, right-click on the OneDrive icon in the Windows 11 System Tray and select Settings. Go to the section for "Sync and backup" and click the "Manage backup" button for "Back up important PC folders to OneDrive." Then, turn off the switch for any folder that you don't want backed up. You can turn them all off, or just certain ones."

References:

  1. Windows 11 now turns on OneDrive folder backup without your permission

Windows 11 - Downloads Folder

Microsoft is smarter than we are. Thereforce, they force us to use what they want whether we want it or not.

Windows 11 now want to sort your downloads by date, and you must change the setting to get it to sort by name.

To fix this problem click on Sort, the Group by, then select none.

References:

  1. Windows 11 keeps reverting back to default sort setting
  2. File Explorer Keeps Resetting Sort Order? How to Stop it

Hardware and Software Security

To protect us from malware and ransomware and prevent unautherized access of data, all of the Operating System (OS) vendors have agreed to use encription keys to authenticate both software and hardware. Futhermore, Microsoft has become the Certificate of Authorty (CA) for this.

This adds considerable complexity, and locks down our computers so we cannot even upgrade an Ethernet port without verifying authentication.

ServeTheHome (STH) ran by Patrick Kennedy, purchases an HP Elite Mini 800 G9 off of Ebay. He was able to add an HP 2.5 GHz Ethernet port, but he was NOT able to add an HP 10 GHz Ethernet port because someone had already set the administrative password. This pc still had 34 months of warranty on it. He call HP, they told him it was a security issure, and the only way to solve this was to send pc in and have the motherboard replaced. There is no jumper to reset the password on this model. At one time HP had software that would do this, but it is now not available. As the Patrick Kennedy stated, this is going to cause a huge problem on the used pc market.

Personaly, I am not sure the benifits are worth the complexity, and I certainly do not like giving up control of my computer.

UEFI with Secure Boot, Trusted Platform Module 2.0, & Microsoft Windows 11

Athough Microsoft and the PC Industry incrementally gave us UEFI, Sercure Boot and the Trusted Platform Module, the Microsoft master plan was to tie all of these together and lock down both the software and hardware in OUR computers claiming that we needed the security. Personaly, I do not like Microsoft telling me what I need, nor do I like them being the gatekeeper of this technology. Microsoft got the Linux Distros to go along with this, by allowing them to submit a joint shim for review and authenication to Microsoft. Each Linux distro then has to authenicate their software and place their keys into the shim.

Microsoft's master plan was revealed in thier requirments for Windows 11:

The idea is that OS and all executable software is authenicated with public and private encription keys that are stored in the Trusted Platform Module. The TPM and UEFI/BIOS insure authentication of both the software and hardware before Windows is allowed to boot.

Presently, these are not really required in order to install Windows 11. There are work arounds. Microsoft wants us to throw away our perfectly good hardware so they can lock down our computers and provide with better security. What did you expect? Microsoft's biggest customer is the PC Industry. It's a win win. Microsoft sell more volume Windows 11 liciences to the PC Industry, and the PC Industry sells more PC's to the comsumer. Microsoft will end sercuity support for Windows 10 on October 14, 2025.

To make matter worst, Microsoft chose to use the name "BitLocker: for both Device BitLocker and Drive BitLocker. These are two different things. The best I can determine, Device BitLocker, is an enchanced form of Secure Boot. It has been available since Windows 8.1 on "ALL" Windows Devices. Whereas Drive BitLocker encripts the entire drive, and is only available on Pro, Enterise and Educational editions of Windows.

The requirement for a Microsoft Account to install Windows 11 Home is revealving. They not only want to make money by sending you adds, and selling your data. Microsoft want to know your identity! No wonder there are Microsoft Haters! Why would anyone that knows how to use Linux use Microsoft. Well, everyone is not technically savey enought to use Linux and because of this vendors often do not write drivers for Linux. I am not sure that I can get the data out of cameras with Linux. Ditto, for my page scanner.

References:

  1. Microsoft - Secure Boot
  2. Microsoft - Secure Boot and Trusted Boot
  3. Microsoft - Windows 11 and Secure Boot
  4. Wikipedia - UEFI
  5. Wikipedia - Trusted Platform Module
  6. Debian Wiki - Secure Boot
  7. Ubunut Wiki - Secure Boot
  8. Arch Wiki - Unified Extensible Firmware Interface/Secure Boot

Microsoft's BitLocker (Device or Drive Encryption)

To secure the data on your drive, Microsoft wants to encrypt it. Provided that your hardware meets the reqirements, this feature is enabled by default,

Mircosoft has two types of BitLocker:

Unfortunately, Microsoft's terminology has and still causes much unnecessary confusion. Microsoft refers to BitLocker Device as "Device Encryption" and BitLocker Drive as Standard BitLocker or just "BitLocker".

Device Encryption

The requirements for BitLocker Device Encryption are [11]:

Device Encryption is enabled by default. You can disable/enable it by going to:

Settings > Privacy & Security > Device Encryption (3rd from the top).

If the option is not visable, your PC does not meet one of the requirements for device encryption. To find out which requirement, type "system information" in the search box, right click on the app and run as adminstrator.

Drive Encryption (BitLocker)

The requirements for BitLocker Drive are [11]:

Microsoft's terminology is counter intutive:

Drive Encryption is disabled by default. You can enable/disable it by typing "Manage BitLocker" into the Search Box.

Recovery Keys

My PC's

My HP EliteDesk G4, G5 and G6 computers do not meet the prerequisites for Device Encryption because "un-allowed DMA capable bus/device(s) were detected. You can go into the registry and white list the devices [13]. However, these have Windows Pro so it is easier to just enable Drive Encryption (BitLocker). That is, if for some reason, currently unbeknown to me, there is an advantage to encrypting my drives.

My HP Elite Mini G9 did meet all of the prerequisites for Device Encrption. It came with Windows 10 Pro installed, which I upgrade to Windows 11 Pro without using my Microsoft Account. Later, I added Micosoft Office using my subscription (Microsoft Account). I ended up with Device Encription enabled and no backup recovery key. I disabled Device Encryption.

- - - - - - - -

References

  1. Microsoft - Overview of BitLocker device encryption
  2. Microsoft - What is device encryption, and should I use it?
  3. Wikipedia - BitLocker
  4. Microsoft BitLocker Overview - 08/03/2023/
  5. Microsoft BitLocker Basic Deployment 06/05/2023
  6. Microsoft - Device encryption in Windows
  7. Microsoft - Turn on device encryption
  8. Microsoft - BitLocker FAQ
  9. Dell - How to Enable or Disable BitLocker with TPM in Windows
  10. PCWorld - A beginner’s guide to BitLocker, Windows’ built-in encryption tool
  11. The Windows Club - Difference between Device Encryption and BitLocker
  12. The Windows Club - Why Microsoft stores your Windows Device Encryption Key to OneDrive
  13. SuperUser - Un-allowed DMA capable bus/device(s) detected
  14. Zdnet.com - Why Windows 11 requires a TPM - and how to get around that
  15. Zdnet.com - Is OneDrive messing with your files? How to get your Windows storage under control
  16. Zdnet.com - Microsoft cracks down on Windows 11 upgrades for 'incompatible' PCs, but there's a fix - for now

Reference 4 states: "if your device doesn't support BitLocker, you may be able to use Windows Device Encryption instead". While Reference 5 states, "If device encryption isn't available on your device, you might be able to turn on standard BitLocker encryption instead".

Power Management

The power consummed by a microprocessor is directly proportional to its speed or clock frequency, Newer Intel and AMD processor can dyamaically adjust the clock frequency, depending on the load, and either increase (turbo mode) or decrease the power consumption.

To lower the power consumption in their mobile processors AMD developed a technology that they called PowerNow.

A similar technology to lower the power comsumption of desktop processors has been developed by both AMD and Intel.

AMD calls their technology, Cool'n'Quiet. To reduce poweer consumption, the clock frequency is dynamically adjusted (depending on the load) up to 30 times per second.

Intel calls their technlogy, Enhanced Intel SpeedStep Technology (EIST). EIST used the operating system to control CPU throttling. Early implementation of this technology (2006) in Linux only adjusted the clock frequency about once a second.

I do not know why EIST needs the OS. Now, Intel wants control back from Microsoft. Intel's new technology is called call SpeedShift, and the CPU has more control over adjusting its frequency and core voltage.

HP refers to all of this as Runtime Power Management. It must be enabled in their UEFI-BIOS:

What I have observed when running Linux Debian 12 and playing 4K video is that with HP's Runtime Power Management enabled, there is considerable fan noise, and no fan noise when it is disabled. This appears to be having the exact opposite effect that it was intended to have. I have not compared CPU temperatures yet.

References:

  1. Wikipedia - Intel Turbo Boost
  2. Wikipedia - Intel SpeedStep
  3. Examining Intel's New Speed Shift Tech on Skylake.
  4. HP Runtime Power Management v1.0

My HP 27, 4k monitor would not detect an active Display Port signal from my HP mini 800 G4. I fault this problem for two days. The monitor just stay in the sleep mode, claiming there was no active display signal. Finally, I unplugged the monitor for about 20 minutes (got his suggestion off of the Internet, but I did not think much of it). After plugging it back in, it would accept a Display Port signal, but the refresh rate was on 30 Hz. Furthermore, Windows 11 list all of the bios setting for Intel 630, and there was no 60 Hz refresh at 2840 x 2100.

However, I could use the HP Display Port to HDMI adapter and everything worked correctly, exept awaking from sleep (see below).

Windows 11 Monitor NOT Waking from Sleep

With an HP HDMI small board card (Part No. 906318-002) installed the option slot of an HP 800 mini G4, my HP Z27 monitor would not awake from sleep.

This problem does not occur when using HP's Display Port to HDMI adapter, and an HDMI cable. However, to wake the monitor, I have to hit a key on the keyboard. Moving the mouse, will not awake the monitor.

Fixing this is a three step process, and the Order is Important!

1. Disable Link State Power Mangement

Go to “Control Panel -> Power Options,” then select “Change plan settings,” for the power plan you’re currently using, and “Change advanced power settings.”

Next, scroll down to “PCI Express,” click the “+” icon next to it, and under “Link State Power Management,” change the setting to “Off” and click “Save changes.”

References:

2. Change the Intel Graphis Power Plan

Go to “Control Panel -> Power Options,” then select “Change plan settings,” for the power plan you’re currently using, and “Change advanced power settings.”

Next, scroll down to “Intel Graphis Settings,” click the “+” icon next to it, and under “Intel Graphis Power Plan,” click the “+” icon next to it, and change the setting to “Maximum Performance” and click “Save changes.”

3. Do a Clean Install of the Driver using the Intel Graphics Command Center

Intel's Graphics Command Center will automaticly be installed the first time you do an update to Windows 11. Go to Support and select Download Graphics Drivers. This will open up a webpage. Click on Graphics, and then Downlaod the "Intel 7th-10th Gen Processor Graphis-Window". Open the downloaded file. Begin the Installzation. Click the checkbox, "Execute a clean installation". Click Start. Opitional click, "show details". When completed click on "Reboot"; DO NOT Click on Finish. Clicking on Finish will cause excess fan noise.

HP 800 G4 Mini PC

HP ProDesk 400 G4 Desktop Mini PC | Removing & Replacing Parts

Photoshop Elements

With a 4K monitor, the UI for Photoshop Elements is way too large. You can change it, under,
 
Edit > Preferences > Display & Cursor
 
However, there are only two choices: 100% and 200%. Appartently, auto is 200% for a high resolution monitor.

New versions of Photoshop Elements come out at the end of September - $99.

References

  1. Zdnet.com - Why iPhone 15 isn't as repairable as Apple wants you to believe

Add a Shutdown Button

  1. Right click on an empty space on the scrren. Select new->shortcut.
  2. Enter: "shutdown /s /t 0" (without the quotes) and select Next.
  3. Right Click on the new shutdown shortcut and select properties.
  4. Select the icon of your choice.

For Windows Defender: "%windir%\explorer.exe windowsdefender:" - you need the colon. Browse and select Security Heath Systray icon. Additional icons located in System32\imagers.dll