Add Windows 11 compatibiliy Milestone XProtect

Windows-11-compatibiliy-Milestone-XProtect.md

@@ -0,0 +1,174 @@
+# Windows 11 Baseline for Milestone XProtect
+
+Minimal-interference Windows 11 configuration optimized for Milestone Recording workloads.
+
+---
+
+## 1. Power Configuration (Prevent Disk Sleep)
+
+```powershell
+powercfg -change -disk-timeout-ac 0
+powercfg -change -standby-timeout-ac 0
+powercfg -change -hibernate-timeout-ac 0
+powercfg -h off
+```
+
+---
+
+## 2. Disable NTFS Last Access Updates
+
+```powershell
+fsutil behavior query disablelastaccess
+fsutil behavior set disablelastaccess 1
+```
+
+---
+
+## 3. Disable Fast Startup
+
+```powershell
+powercfg /hibernate off
+```
+
+### Or via registry
+
+```powershell
+reg add "HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power" /v HiberbootEnabled /t REG_DWORD /d 0 /f
+```
+
+---
+
+## 4. Disable Windows Search Indexing
+
+```powershell
+Stop-Service WSearch
+Set-Service WSearch -StartupType Disabled
+```
+
+---
+
+## 5. Disable Hyper-V / VBS (If Not Required)
+
+```powershell
+bcdedit /set hypervisorlaunchtype off
+```
+
+### Verification
+
+```powershell
+bcdedit
+```
+
+### Check Device Guard Status
+
+```powershell
+Get-CimInstance -Namespace root\Microsoft\Windows\DeviceGuard -ClassName Win32_DeviceGuard
+```
+
+---
+
+## 6. Windows Defender Exclusions (Mandatory)
+
+```powershell
+Add-MpPreference -ExclusionPath "D:\MediaDatabase"
+Add-MpPreference -ExclusionPath "C:\Program Files\Milestone"
+Add-MpPreference -ExclusionPath "C:\ProgramData\Milestone"
+
+Add-MpPreference -ExclusionProcess "VideoOS.Recorder.Service.exe"
+Add-MpPreference -ExclusionProcess "VideoOS.Event.Server.exe"
+Add-MpPreference -ExclusionProcess "VideoOS.Management.Server.exe"
+Add-MpPreference -ExclusionProcess "sqlservr.exe"
+```
+
+### Verify Exclusions
+
+```powershell
+Get-MpPreference | Select -ExpandProperty ExclusionPath
+```
+
+---
+
+## 7. Disable Windows Update Auto-Reboot
+
+```powershell
+reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU" /v NoAutoRebootWithLoggedOnUsers /t REG_DWORD /d 1 /f
+```
+
+---
+
+## 8. Service Recovery Policy (Recording Server)
+
+```powershell
+sc.exe failure "Milestone XProtect Recording Server" reset=600 actions=restart/120000/restart/120000/restart/120000
+```
+
+---
+
+## 9. Enable Crash Dump for Recorder
+
+```powershell
+mkdir C:\Dumps
+
+reg add "HKLM\SOFTWARE\Microsoft\Windows\Windows Error Reporting\LocalDumps\VideoOS.Recorder.Service.exe" /v DumpType /t REG_DWORD /d 2 /f
+reg add "HKLM\SOFTWARE\Microsoft\Windows\Windows Error Reporting\LocalDumps\VideoOS.Recorder.Service.exe" /v DumpFolder /t REG_EXPAND_SZ /d "C:\Dumps" /f
+```
+
+---
+
+## 10. Verify SQL Service Startup Type
+
+```powershell
+Set-Service MSSQLSERVER -StartupType Automatic
+```
+
+---
+
+## 11. System Integrity Check
+
+```powershell
+sfc /scannow
+DISM /Online /Cleanup-Image /RestoreHealth
+```
+
+---
+
+## 12. Disk Health Check
+
+```powershell
+Get-PhysicalDisk | Select FriendlyName,MediaType,HealthStatus,OperationalStatus
+```
+
+### NTFS Check (Offline Recommended)
+
+```powershell
+chkdsk D: /f
+```
+
+---
+
+## 13. Optional – Disable Real-Time Protection  
+(If Antivirus handled externally)
+
+```powershell
+Set-MpPreference -DisableRealtimeMonitoring $true
+```
+
+---
+
+# Final Validation Checklist
+
+```powershell
+Get-Service *Milestone*
+Get-Service MSSQL*
+Get-ComputerInfo | Select OsName,OsVersion,OsBuildNumber
+```
+
+---
+
+# Result
+
+✔ Minimal-interference Windows 11 environment  
+✔ Optimized for Milestone Recording workloads  
+✔ Reduced disk latency and service interruption risks  
+✔ Defender tuned for video database workloads  
+✔ Crash dump enabled for advanced diagnostics