How to completely disable Hyper-V

Executing the following procedures will completely disable Hyper-V!

Features like Windows Subsystem for Linux, Docker Desktop and security features using Virtualization Based Security will be unavailable.
If your computer is a corporate managed device, consult with your IT department prior to making these changes, particularly with regards to Virtualization Based Security!

You have been warned.

This guide applies both to Windows 10 and Windows 11.
For Windows 11, please pay special attention to the last section, as Windows 11 24H2 have a bug which prevents VBS to be disabled unless special steps are followed (Thanks, Microsoft...).

For VMware Workstation, it is assumed you are running the latest version available, which as of writing is 17.5.6 and all virtual machines have been shut down cleanly. Pausing the virtual machines does not count!

VMware Workstation is now available completely free for both Commercial and Non-Commercial use.
By registering a free account in the Broadcom Download Portal, you can get access to the latest version of VMware Workstation and VMware Fusion.
Keep in mind the Updater feature in VMware Workstation is now broken (By purpose) and you will manually have to check for and download updated versions of VMware Workstation or VMware Fusion.

Step 1: Stop any running services Hyper-V depends on.

Click on the Start menu icon.
Type services and hit enter.
In the services dialog, scroll down the list until you find the Hyper-V services. For instance, HV Host Service.
If any of these services are running, make sure to stop them by right clicking on the service and select stop.
Right click on the Hyper-V services and select Properties.
In the settings dialog for the service, switch the startup type to Disabled and hit OK.
Repeat this for all other Hyper-V services.
Close the Services dialog.

Step 2: Ensure Hyper-V and any related features are not installed on the system.

Click on the start menu icon.
Type Features and select Turn Windows Features on or off.
In the Windows features dialog, scroll down and make sure the following options are unchecked
- Hyper-V and any sub items.
- Windows Hypervisor Platform
- Windows Subsystem for Linux
- Windows Subsystem for Android
Click OK and wait for Windows to apply the changes.
If prompted, restart your computer.

Step 3: Disable hypervisorlaunchtype during early boot

Click on the start menu icon.
Type powershell
Locate Windows PowerShell and right click on the shortcut to select Run as Administrator
In the PowerShell console, type the following command: bcdedit /set hypervisorlaunchtype off
Close the PowerShell console.

Step 4: Disable DeviceGuard - If Applicable

Note:
This step may not apply to all versions of Windows.
The Group Policy Editor is not available in Home Editions of Windows 10 and 11. Use the registry to carry out any changes.
In corporate environments, access to Group Policy Editor might be limited or any changes to group policies will be overwritten once the domain controller issues a GPO refresh. Consult with your IT department on how to make these changes permanent.

Click on the Start menu icon.
Type gpedit.msc and hit enter.
In the Group Policy Editor, go to the following key:
Local Computer Policy > Computer Configuration > Administrative Templates > System > Device Guard
Double click on Turn on Virtualization Based Security
Select Disabled and click OK
Close Group Policy Editor

Step 5: Disable Memory Integrity in Core Isolation

Click on the start menu icon.
Open the Settings app
In the search bar of Settings, type Core Isolation and select the suggestion.
In the Core Isolation settings window, make sure Memory Integrity is turned off.
Close the Settings app.

Step 6: For Windows 11 24H2 this is mandatory

Windows 11 24H2 has an annoying but known bug where Hyper-V will still cause performance issues despite being disabled with the above steps.
The core issue is that Microsoft in their infinite wisdom, decided to tie their Windows Hello biometrics authentication system to Virtualization Based Security.

To work around this issue, we need to use Microsoft's Device Guard and Credential Guard Hardware Readiness Tool to fix this.

Download the latest version of Device Guard and Credential Guard Hardware Readiness Tool here:
https://www.microsoft.com/en-us/download/details.aspx?id=53337
Extract the contents of the zip file to a location of your choosing, e.g. the root of the C Drive.
To use the tool to disable Device Guard and Credential Guard, do the following:
- Open a PowerShell console with Administrator privileges.
- Navigate to the folder where you stored the extracted content of the zip file.
- Run the following command to get temporary, unrestricted execution permissions:
  Set-ExecutionPolicy Unrestricted -Scope Process
- We are now ready to run the Device Guard and Credential Guard Hardware Readiness script
  .\DG_Readiness_Tool_v3.6.ps1 -Disable
Open the registry editor and navigate to:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\DeviceGuard\Scenarios
If the WindowsHello key does not exist, go ahead and create a new key under Scenarios named WindowsHello
In the WindowsHello key, create a new DWORD value named Enabled and set it to 0
Reboot your computer
During reboot, you will be asked to confirm you want to disable Device Guard and Credential Guard by hitting F3 to accept.

By disabling Device Guard and Credential Guard, you will temporary disable Windows Hello Pin, however, if you desire, you can re-enable it later without any issues.

Step 7: Confirm Hyper-V is fully disabled

After rebooting in Step 6, open a PowerShell console as Administrator
Run the following command to ensure Hyper-V is disabled
bcdedit /set hypervlaunchtype off
Reboot your computer again.
Once rebooted, open msinfo32 and scroll down in the bottom.
If the key Virtualization-Based Security is set to Not enabled
And any of the Hyper-V keys are set to Yes - You are good to go to enjoy full performance in VMware Workstation or VirtualBox