Windows Server 2022
Version 2.1 by Sebastian Marsching on 2022/05/30 12:01
- Completely changing the language of the operating system
- Changing the timeout in the Windows Boot Manager
- Configuring the certificate for Remote Desktop
- Using EUI-64 instead of random IPv6 addresses
Completely changing the language of the operating system
- Install language pack.
- Run %windir%\system32\sysprep\sysprep.exe, selecting Enter System Out-of-Box Experience (OOBE) (keeping Generalize disabled) and select Reboot (idea from here).
- Select the correct language in the wizard that shows after the reboot.
- Change network name(s) if ncessary. Go to Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\NetworkList\Profiles in the Registry Editor (idea from here). Alternatively, reset the network settings (Network & Internet settings ➞_ Network reset_)
- Optionally, change the regional / format settings to something which is useful to you. For example, I use the en_US locale, but I prefer the ISO date format and 24 hour clock:
- Short date: yyyy-MM-dd
- Short time: HH:mm
- Long time: HH:mm:ss
- First day of week: Monday
- Measurement system: Metric
- Currency symbol: €
- Positive currency format: 1.1 €
- Negative currency format: -1.1 €
- Copy the settings to the welcome screen and new user accounts.
Changing the timeout in the Windows Boot Manager
bcdedit /timeout 10
(from https://docs.microsoft.com/en-us/windows-hardware/drivers/devtest/bcdedit--timeout)
Configuring the certificate for Remote Desktop
First, we have to get the thumbprint, then we can tell the Remote Desktop services to use the certificate with this thumbprint:
Get-ChildItem -Path Cert:LocalMachine\MY
Set-WmiInstance -Path (Get-WmiObject -class "Win32_TSGeneralSetting" -Namespace root\cimv2\terminalservices -Filter "TerminalName='RDP-tcp'").__path -argument @{SSLCertificateSHA1Hash="$Thumbprint"}
Set-WmiInstance -Path (Get-WmiObject -class "Win32_TSGeneralSetting" -Namespace root\cimv2\terminalservices -Filter "TerminalName='RDP-tcp'").__path -argument @{SSLCertificateSHA1Hash="$Thumbprint"}
(from https://blog.icewolf.ch/archive/2021/07/03/secure-remote-desktop-connections-with-certificates.aspx)
Using EUI-64 instead of random IPv6 addresses
This can be done in exactly the same ways as for Windows Server 2012 R2.