• Welcome to Maher's Digital World.

Windows 11

Started by Shadow.97, June 17, 2021, 03:13 AM

Previous topic - Next topic

Vasudev

Quote from: humbert on October 19, 2021, 04:42 AM
Quote from: Vasudev on October 18, 2021, 05:10 PM
What W11 wants TPM is to enable Disk Encryption, handle password generation/random numbers using discrete TPM used in Business class desktops/laptops. I do have TPM, Secure boot but CPU is 6700 which is unsupported.

In your case it's just the CPU. TPM and secure boot have been out for quite a while now.

I'm not too clear about the part regarding password generation. Does this mean every password we use must be generated by the TPM in the motherboard? If in order the enter the BIOS (or UEFI), will we now be forced to use a password to get in, and, will TPM generate it?

Sadly we still don't have an answer to my primary question. Say you have secure boot enabled but your OS won't boot and you must boot from Sergei Strelec's ISO to restore a Macrium Reflect image. If we are prevented from doing that, then how do we rescue our system?
We can switch Secure to custom mode and add our USB boot media and it works even with Secure boot enabled since it whitelists our device.
Password generation is similar to how mobile or ARM64 does same concept which resides outside the control of OS and most attempts to read/write the data from those chips/regions are blocked. So not connected to BIOS password generation.

humbert

Quote from: Vasudev on October 24, 2021, 05:50 PM
We can switch Secure to custom mode and add our USB boot media and it works even with Secure boot enabled since it whitelists our device.

So to do this you'd have to boot into the BIOS and then insert the flashdrive?

Also, does secure boot authorize the device itself or the OS that's on it? Say the flashdrive you authorized had Strelec's PE on it. If I reformatted that same device and installed Parted Magic, would it boot?

Quote from: Vasudev on October 24, 2021, 05:50 PM
Password generation is similar to how mobile or ARM64 does same concept which resides outside the control of OS and most attempts to read/write the data from those chips/regions are blocked. So not connected to BIOS password generation.

Are you saying this is the password that gets you into the BIOS and not related to anything done on the OS? Also, when secure boot and TPM are enabled, are you forced to use a password to get into the BIOS? If you lose the password must you open the case and remove the coin battery or something similar?

Vasudev

Quote from: humbert on October 25, 2021, 05:20 AM
Quote from: Vasudev on October 24, 2021, 05:50 PM
We can switch Secure to custom mode and add our USB boot media and it works even with Secure boot enabled since it whitelists our device.

So to do this you'd have to boot into the BIOS and then insert the flashdrive?

Also, does secure boot authorize the device itself or the OS that's on it? Say the flashdrive you authorized had Strelec's PE on it. If I reformatted that same device and installed Parted Magic, would it boot?

Quote from: Vasudev on October 24, 2021, 05:50 PM
Password generation is similar to how mobile or ARM64 does same concept which resides outside the control of OS and most attempts to read/write the data from those chips/regions are blocked. So not connected to BIOS password generation.

Are you saying this is the password that gets you into the BIOS and not related to anything done on the OS? Also, when secure boot and TPM are enabled, are you forced to use a password to get into the BIOS? If you lose the password must you open the case and remove the coin battery or something similar?
I use Ventoy nowadays so while you reformat the drive you may need to whitelist it again!
With newer TPMs even removing coin-cell won't erase the data since it will be stored on EEPROM. If the TPM can store password securely if vendors have implemented it; otherwise the BIOS and OS might use the hardware acceleration to generate a password which cryptographically secure.

humbert

Quote from: Vasudev on October 26, 2021, 09:47 PM
I use Ventoy nowadays so while you reformat the drive you may need to whitelist it again!

I was looking at their site but I'm not too clear what Ventoy does. Is this another Rufus or different?

Quote from: Vasudev on October 26, 2021, 09:47 PM
With newer TPMs even removing coin-cell won't erase the data since it will be stored on EEPROM. If the TPM can store password securely if vendors have implemented it; otherwise the BIOS and OS might use the hardware acceleration to generate a password which cryptographically secure.

What happens if you lose your password or simply sell your board?


scarface

#54
From now on, I will post the new versions of Windows 11 & 10 in this topic.
I consider that "Windows 7 Component Store Cleanup - Rebase" should be cleaned. At least I will remove some of my own posts to avoid the duplicate messages...

Today, new versions of Windows 7 x64, Windows 10 x64 pro v21H2 and Windows 11 with every updates till August 2023 are available on the forum.


As usual, they contain many reg tweaks, netfx 3.5, netfx 4.8, Net 6 & 7 desktop runtime, dx9 (and 12), 7zip 23.01, winrar 6.22, Treesize free, Visual C++ Redist, Ultraiso (full version), Subtitles Edit...
Fx sound enhancer v1.1.18 was added.
Nothing was deleted in winsxs and to obtain such a size, install.wim was converted into esd.

Windows defender is disabled by default but can be re-enabled again via gpedit.msc.
Note that the new feature Windows Defender Tamper protection was deactivated too.






In the previous versions a script was run to remove the useless appx and provisioned packages. It wasn't used in this version.
Here is the script previously used to remove provisioned apps (the "Sysprep" switch was used).
#This function finds any AppX/AppXProvisioned package and uninstalls it, except for Freshpaint, Windows Calculator, Windows Store, and Windows Photos.
#Also, to note - This does NOT remove essential system services/software/etc such as .NET framework installations, Cortana, Edge, etc.

#This is the switch parameter for running this script as a 'silent' script, for use in MDT images or any type of mass deployment without user interaction.

param (
  [switch]$Debloat, [switch]$SysPrep
)

Function Begin-SysPrep {

    param([switch]$SysPrep)
        Write-Verbose -Message ('Starting Sysprep Fixes')
 
        # Disable Windows Store Automatic Updates
       <# Write-Verbose -Message "Adding Registry key to Disable Windows Store Automatic Updates"
        $registryPath = "HKLM:\SOFTWARE\Policies\Microsoft\WindowsStore"
        If (!(Test-Path $registryPath)) {
            Mkdir $registryPath -ErrorAction SilentlyContinue
            New-ItemProperty $registryPath -Name AutoDownload -Value 2
        }
        Else {
            Set-ItemProperty $registryPath -Name AutoDownload -Value 2
        }
        #Stop WindowsStore Installer Service and set to Disabled
        Write-Verbose -Message ('Stopping InstallService')
        Stop-Service InstallService
        #>
 }

#Creates a PSDrive to be able to access the 'HKCR' tree
New-PSDrive -Name HKCR -PSProvider Registry -Root HKEY_CLASSES_ROOT
Function Start-Debloat {
   
    param([switch]$Debloat)

    #Removes AppxPackages
    #Credit to Reddit user /u/GavinEke for a modified version of my whitelist code
    [regex]$WhitelistedApps = 'Microsoft.ScreenSketch|Microsoft.Paint3D|Microsoft.WindowsCalculator|Microsoft.WindowsStore|Microsoft.Windows.Photos|CanonicalGroupLimited.UbuntuonWindows|`
    Microsoft.MicrosoftStickyNotes|Microsoft.MSPaint|Microsoft.WindowsCamera|.NET|Framework|Microsoft.HEIFImageExtension|Microsoft.ScreenSketch|Microsoft.StorePurchaseApp|`
    Microsoft.VP9VideoExtensions|Microsoft.WebMediaExtensions|Microsoft.WebpImageExtension|Microsoft.DesktopAppInstaller'
    Get-AppxPackage -AllUsers | Where-Object {$_.Name -NotMatch $WhitelistedApps} | Remove-AppxPackage -ErrorAction SilentlyContinue
    # Run this again to avoid error on 1803 or having to reboot.
    Get-AppxPackage -AllUsers | Where-Object {$_.Name -NotMatch $WhitelistedApps} | Remove-AppxPackage -ErrorAction SilentlyContinue
    $AppxRemoval = Get-AppxProvisionedPackage -Online | Where-Object {$_.PackageName -NotMatch $WhitelistedApps}
    ForEach ( $App in $AppxRemoval) {
   
        Remove-AppxProvisionedPackage -Online -PackageName $App.PackageName
       
        }
}

Function Remove-Keys {
       
    Param([switch]$Debloat)   
   
    #These are the registry keys that it will delete.
       
    $Keys = @(
       
        #Remove Background Tasks
        "HKCR:\Extensions\ContractId\Windows.BackgroundTasks\PackageId\46928bounde.EclipseManager_2.2.4.51_neutral__a5h4egax66k6y"
        "HKCR:\Extensions\ContractId\Windows.BackgroundTasks\PackageId\ActiproSoftwareLLC.562882FEEB491_2.6.18.18_neutral__24pqs290vpjk0"
        "HKCR:\Extensions\ContractId\Windows.BackgroundTasks\PackageId\Microsoft.MicrosoftOfficeHub_17.7909.7600.0_x64__8wekyb3d8bbwe"
        "HKCR:\Extensions\ContractId\Windows.BackgroundTasks\PackageId\Microsoft.PPIProjection_10.0.15063.0_neutral_neutral_cw5n1h2txyewy"
        "HKCR:\Extensions\ContractId\Windows.BackgroundTasks\PackageId\Microsoft.XboxGameCallableUI_1000.15063.0.0_neutral_neutral_cw5n1h2txyewy"
        "HKCR:\Extensions\ContractId\Windows.BackgroundTasks\PackageId\Microsoft.XboxGameCallableUI_1000.16299.15.0_neutral_neutral_cw5n1h2txyewy"
       
        #Windows File
        "HKCR:\Extensions\ContractId\Windows.File\PackageId\ActiproSoftwareLLC.562882FEEB491_2.6.18.18_neutral__24pqs290vpjk0"
       
        #Registry keys to delete if they aren't uninstalled by RemoveAppXPackage/RemoveAppXProvisionedPackage
        "HKCR:\Extensions\ContractId\Windows.Launch\PackageId\46928bounde.EclipseManager_2.2.4.51_neutral__a5h4egax66k6y"
        "HKCR:\Extensions\ContractId\Windows.Launch\PackageId\ActiproSoftwareLLC.562882FEEB491_2.6.18.18_neutral__24pqs290vpjk0"
        "HKCR:\Extensions\ContractId\Windows.Launch\PackageId\Microsoft.PPIProjection_10.0.15063.0_neutral_neutral_cw5n1h2txyewy"
        "HKCR:\Extensions\ContractId\Windows.Launch\PackageId\Microsoft.XboxGameCallableUI_1000.15063.0.0_neutral_neutral_cw5n1h2txyewy"
        "HKCR:\Extensions\ContractId\Windows.Launch\PackageId\Microsoft.XboxGameCallableUI_1000.16299.15.0_neutral_neutral_cw5n1h2txyewy"
       
        #Scheduled Tasks to delete
        "HKCR:\Extensions\ContractId\Windows.PreInstalledConfigTask\PackageId\Microsoft.MicrosoftOfficeHub_17.7909.7600.0_x64__8wekyb3d8bbwe"
       
        #Windows Protocol Keys
        "HKCR:\Extensions\ContractId\Windows.Protocol\PackageId\ActiproSoftwareLLC.562882FEEB491_2.6.18.18_neutral__24pqs290vpjk0"
        "HKCR:\Extensions\ContractId\Windows.Protocol\PackageId\Microsoft.PPIProjection_10.0.15063.0_neutral_neutral_cw5n1h2txyewy"
        "HKCR:\Extensions\ContractId\Windows.Protocol\PackageId\Microsoft.XboxGameCallableUI_1000.15063.0.0_neutral_neutral_cw5n1h2txyewy"
        "HKCR:\Extensions\ContractId\Windows.Protocol\PackageId\Microsoft.XboxGameCallableUI_1000.16299.15.0_neutral_neutral_cw5n1h2txyewy"
           
        #Windows Share Target
        "HKCR:\Extensions\ContractId\Windows.ShareTarget\PackageId\ActiproSoftwareLLC.562882FEEB491_2.6.18.18_neutral__24pqs290vpjk0"
    )
   
    #This writes the output of each key it is removing and also removes the keys listed above.
    ForEach ($Key in $Keys) {
        Write-Output "Removing $Key from registry"
        Remove-Item $Key -Recurse -ErrorAction SilentlyContinue
    }
}
       
Function Protect-Privacy {
   
    Param([switch]$Debloat)   

    #Creates a PSDrive to be able to access the 'HKCR' tree
    New-PSDrive -Name HKCR -PSProvider Registry -Root HKEY_CLASSES_ROOT
       
    #Disables Windows Feedback Experience
    Write-Output "Disabling Windows Feedback Experience program"
    $Advertising = 'HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\AdvertisingInfo'
    If (Test-Path $Advertising) {
        Set-ItemProperty $Advertising -Name Enabled -Value 0 -Verbose
    }
       
    #Stops Cortana from being used as part of your Windows Search Function
    Write-Output "Stopping Cortana from being used as part of your Windows Search Function"
    $Search = 'HKLM:\SOFTWARE\Policies\Microsoft\Windows\Windows Search'
    If (Test-Path $Search) {
        Set-ItemProperty $Search -Name AllowCortana -Value 0 -Verbose
    }
       
    #Stops the Windows Feedback Experience from sending anonymous data
    Write-Output "Stopping the Windows Feedback Experience program"
    $Period1 = 'HKCU:\Software\Microsoft\Siuf'
    $Period2 = 'HKCU:\Software\Microsoft\Siuf\Rules'
    $Period3 = 'HKCU:\Software\Microsoft\Siuf\Rules\PeriodInNanoSeconds'
    If (!(Test-Path $Period3)) {
        mkdir $Period1 -ErrorAction SilentlyContinue
        mkdir $Period2 -ErrorAction SilentlyContinue
        mkdir $Period3 -ErrorAction SilentlyContinue
        New-ItemProperty $Period3 -Name PeriodInNanoSeconds -Value 0 -Verbose -ErrorAction SilentlyContinue
    }
               
    Write-Output "Adding Registry key to prevent bloatware apps from returning"
    #Prevents bloatware applications from returning
    $registryPath = "HKLM:\SOFTWARE\Policies\Microsoft\Windows\CloudContent"
    If (!(Test-Path $registryPath)) {
        Mkdir $registryPath -ErrorAction SilentlyContinue
        New-ItemProperty $registryPath -Name DisableWindowsConsumerFeatures -Value 1 -Verbose -ErrorAction SilentlyContinue
    }         
   
    Write-Output "Setting Mixed Reality Portal value to 0 so that you can uninstall it in Settings"
    $Holo = 'HKCU:\Software\Microsoft\Windows\CurrentVersion\Holographic'   
    If (Test-Path $Holo) {
        Set-ItemProperty $Holo -Name FirstRunSucceeded -Value 0 -Verbose
    }
   
    #Disables live tiles
    Write-Output "Disabling live tiles"
    $Live = 'HKCU:\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\PushNotifications'   
    If (!(Test-Path $Live)) {
        mkdir $Live -ErrorAction SilentlyContinue     
        New-ItemProperty $Live -Name NoTileApplicationNotification -Value 1 -Verbose
    }
   
    #Turns off Data Collection via the AllowTelemtry key by changing it to 0
    Write-Output "Turning off Data Collection"
    $DataCollection = 'HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\DataCollection'   
    If (Test-Path $DataCollection) {
        Set-ItemProperty $DataCollection -Name AllowTelemetry -Value 0 -Verbose
    }
   
    #Disables People icon on Taskbar
    Write-Output "Disabling People icon on Taskbar"
    $People = 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\People'
    If (Test-Path $People) {
        Set-ItemProperty $People -Name PeopleBand -Value 0 -Verbose
    }

    #Disables suggestions on start menu
    Write-Output "Disabling suggestions on the Start Menu"
    $Suggestions = 'HKCU:\Software\Microsoft\Windows\CurrentVersion\ContentDeliveryManager'   
    If (Test-Path $Suggestions) {
        Set-ItemProperty $Suggestions -Name SystemPaneSuggestionsEnabled -Value 0 -Verbose
    }
   
   
     Write-Output "Removing CloudStore from registry if it exists"
     $CloudStore = 'HKCUSoftware\Microsoft\Windows\CurrentVersion\CloudStore'
     If (Test-Path $CloudStore) {
     Stop-Process Explorer.exe -Force
     Remove-Item $CloudStore
     Start-Process Explorer.exe -Wait
    }

    #Loads the registry keys/values below into the NTUSER.DAT file which prevents the apps from redownloading. Credit to a60wattfish
    reg load HKU\Default_User C:\Users\Default\NTUSER.DAT
    Set-ItemProperty -Path Registry::HKU\Default_User\SOFTWARE\Microsoft\Windows\CurrentVersion\ContentDeliveryManager -Name SystemPaneSuggestionsEnabled -Value 0
    Set-ItemProperty -Path Registry::HKU\Default_User\SOFTWARE\Microsoft\Windows\CurrentVersion\ContentDeliveryManager -Name PreInstalledAppsEnabled -Value 0
    Set-ItemProperty -Path Registry::HKU\Default_User\SOFTWARE\Microsoft\Windows\CurrentVersion\ContentDeliveryManager -Name OemPreInstalledAppsEnabled -Value 0
    reg unload HKU\Default_User
   
    #Disables scheduled tasks that are considered unnecessary
    Write-Output "Disabling scheduled tasks"
    #Get-ScheduledTask -TaskName XblGameSaveTaskLogon | Disable-ScheduledTask -ErrorAction SilentlyContinue
    Get-ScheduledTask -TaskName XblGameSaveTask | Disable-ScheduledTask -ErrorAction SilentlyContinue
    Get-ScheduledTask -TaskName Consolidator | Disable-ScheduledTask -ErrorAction SilentlyContinue
    Get-ScheduledTask -TaskName UsbCeip | Disable-ScheduledTask -ErrorAction SilentlyContinue
    Get-ScheduledTask -TaskName DmClient | Disable-ScheduledTask -ErrorAction SilentlyContinue
    Get-ScheduledTask -TaskName DmClientOnScenarioDownload | Disable-ScheduledTask -ErrorAction SilentlyContinue
}

#This includes fixes by xsisbest
Function FixWhitelistedApps {
   
    Param([switch]$Debloat)
   
    If(!(Get-AppxPackage -AllUsers | Select Microsoft.Paint3D, Microsoft.MSPaint, Microsoft.WindowsCalculator, Microsoft.WindowsStore, Microsoft.MicrosoftStickyNotes, Microsoft.WindowsSoundRecorder, Microsoft.Windows.Photos)) {
   
    #Credit to abulgatz for the 4 lines of code
    Get-AppxPackage -allusers Microsoft.Paint3D | Foreach {Add-AppxPackage -DisableDevelopmentMode -Register "$($_.InstallLocation)\AppXManifest.xml"}
    Get-AppxPackage -allusers Microsoft.MSPaint | Foreach {Add-AppxPackage -DisableDevelopmentMode -Register "$($_.InstallLocation)\AppXManifest.xml"}
    Get-AppxPackage -allusers Microsoft.WindowsCalculator | Foreach {Add-AppxPackage -DisableDevelopmentMode -Register "$($_.InstallLocation)\AppXManifest.xml"}
    Get-AppxPackage -allusers Microsoft.WindowsStore | Foreach {Add-AppxPackage -DisableDevelopmentMode -Register "$($_.InstallLocation)\AppXManifest.xml"}
    Get-AppxPackage -allusers Microsoft.MicrosoftStickyNotes | Foreach {Add-AppxPackage -DisableDevelopmentMode -Register "$($_.InstallLocation)\AppXManifest.xml"}
    Get-AppxPackage -allusers Microsoft.WindowsSoundRecorder | Foreach {Add-AppxPackage -DisableDevelopmentMode -Register "$($_.InstallLocation)\AppXManifest.xml"}
    Get-AppxPackage -allusers Microsoft.Windows.Photos | Foreach {Add-AppxPackage -DisableDevelopmentMode -Register "$($_.InstallLocation)\AppXManifest.xml"} }
}

Function CheckDMWService {

  Param([switch]$Debloat)
 
If (Get-Service -Name dmwappushservice | Where-Object {$_.StartType -eq "Disabled"}) {
    Set-Service -Name dmwappushservice -StartupType Automatic}

If(Get-Service -Name dmwappushservice | Where-Object {$_.Status -eq "Stopped"}) {
   Start-Service -Name dmwappushservice}
  }

Function CheckInstallService {
  Param([switch]$Debloat)
          If (Get-Service -Name InstallService | Where-Object {$_.Status -eq "Stopped"}) { 
            Start-Service -Name InstallService
            Set-Service -Name InstallService -StartupType Automatic
            }
        }

Write-Output "Initiating Sysprep"
Begin-SysPrep
Write-Output "Removing bloatware apps."
Start-Debloat
Write-Output "Removing leftover bloatware registry keys."
Remove-Keys
Write-Output "Checking to see if any Whitelisted Apps were removed, and if so re-adding them."
FixWhitelistedApps
Write-Output "Stopping telemetry, disabling unneccessary scheduled tasks, and preventing bloatware from returning."
Protect-Privacy
#Write-Output "Stopping Edge from taking over as the default PDF Viewer."
#Stop-EdgePDF
CheckDMWService
CheckInstallService
Write-Output "Finished all tasks."


Windows 10,11 link: Windows 10,11



Note that you can still download XP here (an updated, lite version of Maher's edition which includes every update):
kb4012598 and wmp11 with its updates have been integrated. What's more, some visual tweaks were applied as you can see on the screenshot below.
Finally, a few unneeded elements were removed (the list is available in the nlite log in the iso file).

Not available any longer.




Here is office 2007 with all the updates, till August 2018 (it's a switch-less installer).
Link: Office 2007





Rebase 1.3 for windows 7x64 with its tutorial by harkaz.
An essential program to slim down Windows 7.
Link: https://mega.nz/#!EUEQFQja!Zc1idDsCZXVzHuYHGpthefz_o82bMOgn7OdisvNsK_A


Note that a switch-less lite installer for the latest nvidia drivers for windows 10 & 11 x64 is available here (v546.29)
Only graphics driver and Physx system are installed. Geforce experience is not installed.
It is possible to run this during the installation ($oem$ folder).
Link: Nvidia driver








https://www.youtube.com/watch?v=9Ze7sHMKiVU
https://www.youtube.com/watch?v=fNEadYEZb9M
https://www.youtube.com/watch?v=VaXgcCOaaHk
https://www.youtube.com/watch?v=kEMqvrMoEF0
https://www.youtube.com/watch?v=ydjglwfe7II
https://www.youtube.com/watch?v=ODAyvkCNYSc
https://www.youtube.com/embed/7Fsx-1hw0Xg?cc_load_policy=1&cc_lang_pref=en
https://www.youtube.com/watch?v=24xRFPGMImY
https://www.youtube.com/watch?v=H3Ioxh3OTSU

https://www.youtube.com/watch?v=0DiCeoOoMCQ
https://www.youtube.com/watch?v=17CwZmI8mUQ
https://www.youtube.com/watch?v=1pKowWFBIuY
https://www.youtube.com/watch?v=TCxZRfqd_pM
https://www.youtube.com/watch?v=mSW_lKGf9us


scarface

Note that new versions of windows 10 & 11 will be available next week.


humbert

Quote from: scarface on January 09, 2022, 05:25 PM
Note that new versions of windows 10 & 11 will be available next week.

Who among us is using Windows 11? Probably nobody unless you're testing it inside a virtual machine. Just like most of you, I believe it's way too early do go with 11. There are all kinds of hacks and other modifications available for 10, but not for 11 -- at least not yet. I recommend patience.

Vasudev

Quote from: humbert on January 10, 2022, 05:21 AM
Quote from: scarface on January 09, 2022, 05:25 PM
Note that new versions of windows 10 & 11 will be available next week.

Who among us is using Windows 11? Probably nobody unless you're testing it inside a virtual machine. Just like most of you, I believe it's way too early do go with 11. There are all kinds of hacks and other modifications available for 10, but not for 11 -- at least not yet. I recommend patience.
None of my family's laptops/desktops  works with win 11.
Though I have downloaded latest copy of W7 and W11 from scarface.

humbert

Quote from: Vasudev on January 11, 2022, 03:49 PM
None of my family's laptops/desktops  works with win 11.
Though I have downloaded latest copy of W7 and W11 from scarface.

Not that you would actually want to use W11, but let me ask: these copies of W11 that didn't work - were they modified? In other words, were the secure boot and TPM requirements removed? I'm thinking these copies might run on older PC's. After all, the only real difference is removing these Micro$haft-imposed restrictions.

Vasudev

Quote from: humbert on January 12, 2022, 04:53 AM
Quote from: Vasudev on January 11, 2022, 03:49 PM
None of my family's laptops/desktops  works with win 11.
Though I have downloaded latest copy of W7 and W11 from scarface.

Not that you would actually want to use W11, but let me ask: these copies of W11 that didn't work - were they modified? In other words, were the secure boot and TPM requirements removed? I'm thinking these copies might run on older PC's. After all, the only real difference is removing these Micro$haft-imposed restrictions.
Its the CPU like I said. Being a intel skylake its EOL. Secure boot and TPM 2.0 is already working.