Wiki source code of Windows Server 2022
Version 3.1 by Sebastian Marsching on 2022/05/30 12:03
Show last authors
author | version | line-number | content |
---|---|---|---|
1 | {{toc/}} | ||
2 | |||
3 | # Completely changing the language of the operating system | ||
4 | |||
5 | 1. Install language pack. | ||
6 | 1. Run `%windir%\system32\sysprep\sysprep.exe`, select _Enter System Out-of-Box Experience (OOBE)_ (keeping _Generalize_ disabled) and select _Reboot_ (idea from [here](https://www.windowsphoneinfo.com/threads/windows-10-not-completely-changing-language.392074/)). | ||
7 | 1. Select the correct language in the wizard that shows after the reboot. | ||
8 | 1. Change network name(s) if necessary. Go to _Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\NetworkList\Profiles_ in the Registry Editor (idea from [here](https://winbuzzer.com/2021/06/24/how-to-change-network-name-in-windows-10-xcxwbt/)). Alternatively, reset the network settings (_Network & Internet settings_ ➞_ Network reset_) | ||
9 | 1. Optionally, change the regional / format settings to something which is useful to you. For example, I use the en_US locale, but I prefer the ISO date format and 24 hour clock: | ||
10 | * Short date: yyyy-MM-dd | ||
11 | * Short time: HH:mm | ||
12 | * Long time: HH:mm:ss | ||
13 | * First day of week: Monday | ||
14 | * Measurement system: Metric | ||
15 | * Currency symbol: € | ||
16 | * Positive currency format: 1.1 € | ||
17 | * Negative currency format: -1.1 € | ||
18 | 1. Copy the settings to the welcome screen and new user accounts. | ||
19 | |||
20 | # Changing the timeout in the Windows Boot Manager | ||
21 | |||
22 | bcdedit /timeout 10 | ||
23 | |||
24 | (from <https://docs.microsoft.com/en-us/windows-hardware/drivers/devtest/bcdedit--timeout>) | ||
25 | |||
26 | # Configuring the certificate for Remote Desktop | ||
27 | |||
28 | First, we have to get the thumbprint, then we can tell the Remote Desktop services to use the certificate with this thumbprint: | ||
29 | |||
30 | Get-ChildItem -Path Cert:LocalMachine\MY | ||
31 | Set-WmiInstance -Path (Get-WmiObject -class "Win32_TSGeneralSetting" -Namespace root\cimv2\terminalservices -Filter "TerminalName='RDP-tcp'").__path -argument @{SSLCertificateSHA1Hash="$Thumbprint"} | ||
32 | |||
33 | (from <https://blog.icewolf.ch/archive/2021/07/03/secure-remote-desktop-connections-with-certificates.aspx>) | ||
34 | |||
35 | # Enabling strong cryptography for older .NET apps | ||
36 | |||
37 | For 64-bit apps: | ||
38 | |||
39 | ```registry | ||
40 | [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\v2.0.50727] | ||
41 | "SystemDefaultTlsVersions" = dword:00000001 | ||
42 | "SchUseStrongCrypto" = dword:00000001 | ||
43 | [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\v4.0.30319] | ||
44 | "SystemDefaultTlsVersions" = dword:00000001 | ||
45 | "SchUseStrongCrypto" = dword:00000001 | ||
46 | ``` | ||
47 | |||
48 | For 32-bit apps: | ||
49 | |||
50 | ```registry | ||
51 | [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\v2.0.50727] | ||
52 | "SystemDefaultTlsVersions" = dword:00000001 | ||
53 | "SchUseStrongCrypto" = dword:00000001 | ||
54 | [HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\.NETFramework\v4.0.30319] | ||
55 | "SystemDefaultTlsVersions" = dword:00000001 | ||
56 | "SchUseStrongCrypto" = dword:00000001 | ||
57 | ``` | ||
58 | |||
59 | (see <https://docs.microsoft.com/en-us/mem/configmgr/core/plan-design/security/enable-tls-1-2-client>) | ||
60 | |||
61 | `SchUseStrongCrypto` enables support for TLS 1.1 and 1.2, and `SystemDefaultTlsVersions` allows .NET to use the system defaults. | ||
62 | |||
63 | These registry keys can be added through a group policy. | ||
64 | |||
65 | Typically, the computer has to be rebooted in order for these changs to become effective. | ||
66 | |||
67 | # Using EUI-64 instead of random IPv6 addresses | ||
68 | |||
69 | This can be done in [[exactly the same ways as for Windows Server 2012 R2|doc:Windows.Windows_Server_2012_R2.WebHome|anchor="HUseEUI-64insteadofrandomIPv6addresses"]]. |