Changes for page Windows Server 2022

Summary

• Page properties (1 modified, 0 added, 0 removed)

Details

Page properties

Content

...	...	@@ -3,9 +3,9 @@
3	3	# Completely changing the language of the operating system
4	4
5	5	1. Install language pack.
6		-1. Run `%windir%\system32\sysprep\sysprep.exe`, selecting “Enter System Out-of-Box Experience OOBE)” (“Generalize” disabled) and “Reboot”. (idea from [here](https://www.windowsphoneinfo.com/threads/windows-10-not-completely-changing-language.392074/))
	6	+1. Run `%windir%\system32\sysprep\sysprep.exe`, select _Enter System Out-of-Box Experience (OOBE)_ (keeping _Generalize_ disabled) and select _Reboot_ (idea from [here](https://www.windowsphoneinfo.com/threads/windows-10-not-completely-changing-language.392074/)).
7	7	1. Select the correct language in the wizard that shows after the reboot.
8		-1. Change network name(s) if ncessary. Go to `Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\NetworkList\Profiles` in the Registry Editor (idea from [here](https://winbuzzer.com/2021/06/24/how-to-change-network-name-in-windows-10-xcxwbt/)). Alternatively, reset the network settings (_Network & Internet settings_ ➞_ Network reset_)
	8	+1. Change network name(s) if necessary. Go to _Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\NetworkList\Profiles_ in the Registry Editor (idea from [here](https://winbuzzer.com/2021/06/24/how-to-change-network-name-in-windows-10-xcxwbt/)). Alternatively, reset the network settings (_Network & Internet settings_ ➞_ Network reset_)
9	9	1. Optionally, change the regional / format settings to something which is useful to you. For example, I use the en_US locale, but I prefer the ISO date format and 24 hour clock:
10	10	* Short date: yyyy-MM-dd
11	11	* Short time: HH:mm
...	...	@@ -30,8 +30,40 @@
30	30	Get-ChildItem -Path Cert:LocalMachine\MY
31	31	Set-WmiInstance -Path (Get-WmiObject -class "Win32_TSGeneralSetting" -Namespace root\cimv2\terminalservices -Filter "TerminalName='RDP-tcp'").__path -argument @{SSLCertificateSHA1Hash="$Thumbprint"}
32	32
33		-(from https://blog.icewolf.ch/archive/2021/07/03/secure-remote-desktop-connections-with-certificates.aspx)
	33	+(from <https://blog.icewolf.ch/archive/2021/07/03/secure-remote-desktop-connections-with-certificates.aspx>)
34	34
	35	+# Enabling strong cryptography for older .NET apps
	36	+
	37	+For 64-bit apps:
	38	+
	39	+```registry
	40	+[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\v2.0.50727]
	41	+ "SystemDefaultTlsVersions" = dword:00000001
	42	+ "SchUseStrongCrypto" = dword:00000001
	43	+[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\v4.0.30319]
	44	+ "SystemDefaultTlsVersions" = dword:00000001
	45	+ "SchUseStrongCrypto" = dword:00000001
	46	+```
	47	+
	48	+For 32-bit apps:
	49	+
	50	+```registry
	51	+[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\v2.0.50727]
	52	+ "SystemDefaultTlsVersions" = dword:00000001
	53	+ "SchUseStrongCrypto" = dword:00000001
	54	+[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\.NETFramework\v4.0.30319]
	55	+ "SystemDefaultTlsVersions" = dword:00000001
	56	+ "SchUseStrongCrypto" = dword:00000001
	57	+```
	58	+
	59	+(see <https://docs.microsoft.com/en-us/mem/configmgr/core/plan-design/security/enable-tls-1-2-client>)
	60	+
	61	+`SchUseStrongCrypto` enables support for TLS 1.1 and 1.2, and `SystemDefaultTlsVersions` allows .NET to use the system defaults.
	62	+
	63	+These registry keys can be added through a group policy.
	64	+
	65	+Typically, the computer has to be rebooted in order for these changs to become effective.
	66	+
35	35	# Using EUI-64 instead of random IPv6 addresses
36	36
37	37	This can be done in [[exactly the same ways as for Windows Server 2012 R2|doc:Windows.Windows_Server_2012_R2.WebHome|anchor="HUseEUI-64insteadofrandomIPv6addresses"]].