Changes for page Windows Server 2022
Last modified by Sebastian Marsching on 2022/05/30 12:24
From version 2.1
edited by Sebastian Marsching
on 2022/05/30 12:01
on 2022/05/30 12:01
Change comment:
There is no comment for this version
To version 4.1
edited by Sebastian Marsching
on 2022/05/30 12:22
on 2022/05/30 12:22
Change comment:
There is no comment for this version
Summary
-
Page properties (1 modified, 0 added, 0 removed)
Details
- Page properties
-
- Content
-
... ... @@ -3,9 +3,9 @@ 3 3 # Completely changing the language of the operating system 4 4 5 5 1. Install language pack. 6 -1. Run `%windir%\system32\sysprep\sysprep.exe`, select ing_Enter System Out-of-Box Experience (OOBE)_ (keeping _Generalize_ disabled) and select _Reboot_ (idea from [here](https://www.windowsphoneinfo.com/threads/windows-10-not-completely-changing-language.392074/)).6 +1. Run `%windir%\system32\sysprep\sysprep.exe`, select _Enter System Out-of-Box Experience (OOBE)_ (keeping _Generalize_ disabled) and select _Reboot_ (idea from [here](https://www.windowsphoneinfo.com/threads/windows-10-not-completely-changing-language.392074/)). 7 7 1. Select the correct language in the wizard that shows after the reboot. 8 -1. Change network name(s) if ncessary. Go to _Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\NetworkList\Profiles_ in the Registry Editor (idea from [here](https://winbuzzer.com/2021/06/24/how-to-change-network-name-in-windows-10-xcxwbt/)). Alternatively, reset the network settings (_Network & Internet settings_ ➞_ Network reset_) 8 +1. Change network name(s) if necessary. Go to _Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\NetworkList\Profiles_ in the Registry Editor (idea from [here](https://winbuzzer.com/2021/06/24/how-to-change-network-name-in-windows-10-xcxwbt/)). Alternatively, reset the network settings (_Network & Internet settings_ ➞_ Network reset_) 9 9 1. Optionally, change the regional / format settings to something which is useful to you. For example, I use the en_US locale, but I prefer the ISO date format and 24 hour clock: 10 10 * Short date: yyyy-MM-dd 11 11 * Short time: HH:mm ... ... @@ -17,6 +17,8 @@ 17 17 * Negative currency format: -1.1 € 18 18 1. Copy the settings to the welcome screen and new user accounts. 19 19 20 +Running sysprep can have undesired side effects, but it is the only way to really change the system language completely. If one is happy with only having most of the system in the new language, using the [[method described for Windows Server 2012 R2|doc:Windows.Windows_Server_2012_R2.WebHome|anchor="HRenaminglocaluserswhenchangingthelanguage"]] might be suitable. However, a few messages during startup and shutdown will still be displayed in the original language when using this method. 21 + 20 20 # Changing the timeout in the Windows Boot Manager 21 21 22 22 bcdedit /timeout 10 ... ... @@ -32,6 +32,51 @@ 32 32 33 33 (from <https://blog.icewolf.ch/archive/2021/07/03/secure-remote-desktop-connections-with-certificates.aspx>) 34 34 35 -# UsingEUI-64 insteadofrandomIPv6 addresses37 +# Enabling strong cryptography for older .NET apps 36 36 37 -This can be done in [[exactly the same ways as for Windows Server 2012 R2|doc:Windows.Windows_Server_2012_R2.WebHome|anchor="HUseEUI-64insteadofrandomIPv6addresses"]]. 39 +For 64-bit apps: 40 + 41 +```registry 42 +[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\v2.0.50727] 43 + "SystemDefaultTlsVersions" = dword:00000001 44 + "SchUseStrongCrypto" = dword:00000001 45 +[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\v4.0.30319] 46 + "SystemDefaultTlsVersions" = dword:00000001 47 + "SchUseStrongCrypto" = dword:00000001 48 +``` 49 + 50 +For 32-bit apps: 51 + 52 +```registry 53 +[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\v2.0.50727] 54 + "SystemDefaultTlsVersions" = dword:00000001 55 + "SchUseStrongCrypto" = dword:00000001 56 +[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\.NETFramework\v4.0.30319] 57 + "SystemDefaultTlsVersions" = dword:00000001 58 + "SchUseStrongCrypto" = dword:00000001 59 +``` 60 + 61 +(see <https://docs.microsoft.com/en-us/mem/configmgr/core/plan-design/security/enable-tls-1-2-client>) 62 + 63 +`SchUseStrongCrypto` enables support for TLS 1.1 and 1.2, and `SystemDefaultTlsVersions` allows .NET to use the system defaults. 64 + 65 +These registry keys can be added through a group policy. 66 + 67 +Typically, the computer has to be rebooted in order for these changs to become effective. 68 + 69 +# Using EUI-64 instead of random IPv6 addresses[Edit](https://sebastian.marsching.com/wiki/bin/edit/Windows/Windows_Server_2012_R2/WebHome?section=5) 70 + 71 +It might be desirable to use an EUI-64-based IPv6 address (an IPv6 address that is generated based on the MAC address of the NIC) instead of a randomly generated address during IPv6 autoconfiguration. This can be achieved by using the following netsh command (from an elevated command prompt): 72 + 73 +```bat 74 +netsh interface ipv6 set global randomizeidentifiers=disabled store=active 75 +netsh interface ipv6 set global randomizeidentifiers=disabled store=persistent 76 +``` 77 + 78 +This is exactly the same way as [[for Windows Server 2012 R2|doc:Windows.Windows_Server_2012_R2.WebHome|anchor="HUseEUI-64insteadofrandomIPv6addresses"]]. 79 + 80 +# Related pages 81 + 82 +* [[Active Directory|Active Directory]] 83 +* [[Distributed File System (DFS)|doc:Windows.DFS.WebHome]] 84 +* [[Windows Server 2012 R2|Windows Server 2012 R2]] (not all the information there applies, but some does)