Windows Server 2022

# Completely changing the language of the operating system

1. Install language pack.

1. Run `%windir%\system32\sysprep\sysprep.exe`, select _Enter System Out-of-Box Experience (OOBE)_ (keeping _Generalize_ disabled) and select _Reboot_ (idea from [here](https://www.windowsphoneinfo.com/threads/windows-10-not-completely-changing-language.392074/)).

7

1. Select the correct language in the wizard that shows after the reboot.

8

1. Change network name(s) if necessary. Go to _Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\NetworkList\Profiles_ in the Registry Editor (idea from [here](https://winbuzzer.com/2021/06/24/how-to-change-network-name-in-windows-10-xcxwbt/)). Alternatively, reset the network settings (_Network & Internet settings_ ➞_ Network reset_)

9

1. Optionally, change the regional / format settings to something which is useful to you. For example, I use the en_US locale, but I prefer the ISO date format and 24 hour clock:

10

* Short date: yyyy-MM-dd

11

* Short time: HH:mm

12

* Long time: HH:mm:ss

13

* First day of week: Monday

14

* Measurement system: Metric

15

* Currency symbol: €

16

* Positive currency format: 1.1 €

17

* Negative currency format: -1.1 €

18

1. Copy the settings to the welcome screen and new user accounts.

19

20

# Changing the timeout in the Windows Boot Manager

bcdedit /timeout 10

(from <https://docs.microsoft.com/en-us/windows-hardware/drivers/devtest/bcdedit--timeout>)

25

26

# Configuring the certificate for Remote Desktop

27

28

First, we have to get the thumbprint, then we can tell the Remote Desktop services to use the certificate with this thumbprint:

29

30

Get-ChildItem -Path Cert:LocalMachine\MY

31

Set-WmiInstance -Path (Get-WmiObject -class "Win32_TSGeneralSetting" -Namespace root\cimv2\terminalservices -Filter "TerminalName='RDP-tcp'").__path -argument @{SSLCertificateSHA1Hash="$Thumbprint"}

32

33

(from <https://blog.icewolf.ch/archive/2021/07/03/secure-remote-desktop-connections-with-certificates.aspx>)

34

35

# Enabling strong cryptography for older .NET apps

For 64-bit apps:

```registry

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\v2.0.50727]

41

"SystemDefaultTlsVersions" = dword:00000001

42

"SchUseStrongCrypto" = dword:00000001

43

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\v4.0.30319]

44

"SystemDefaultTlsVersions" = dword:00000001

45

"SchUseStrongCrypto" = dword:00000001

```

For 32-bit apps:

```registry

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\v2.0.50727]

52

"SystemDefaultTlsVersions" = dword:00000001

53

"SchUseStrongCrypto" = dword:00000001

54

[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\.NETFramework\v4.0.30319]

55

"SystemDefaultTlsVersions" = dword:00000001

56

"SchUseStrongCrypto" = dword:00000001

57

```

58

59

(see <https://docs.microsoft.com/en-us/mem/configmgr/core/plan-design/security/enable-tls-1-2-client>)

60

61

`SchUseStrongCrypto` enables support for TLS 1.1 and 1.2, and `SystemDefaultTlsVersions` allows .NET to use the system defaults.

62

63

These registry keys can be added through a group policy.

64

65

Typically, the computer has to be rebooted in order for these changs to become effective.

66

67

# Using EUI-64 instead of random IPv6 addresses

68

69

This can be done in [[exactly the same ways as for Windows Server 2012 R2|doc:Windows.Windows_Server_2012_R2.WebHome|anchor="HUseEUI-64insteadofrandomIPv6addresses"]].

Wiki source code of Windows Server 2022

Applications

Navigation

Need help?

author	version	line-number	content
		1	{{toc/}}
		2
		3	# Completely changing the language of the operating system
		4
		5	1. Install language pack.
		6	1. Run `%windir%\system32\sysprep\sysprep.exe`, select _Enter System Out-of-Box Experience (OOBE)_ (keeping _Generalize_ disabled) and select _Reboot_ (idea from [here](https://www.windowsphoneinfo.com/threads/windows-10-not-completely-changing-language.392074/)).
		7	1. Select the correct language in the wizard that shows after the reboot.
		8	1. Change network name(s) if necessary. Go to _Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\NetworkList\Profiles_ in the Registry Editor (idea from [here](https://winbuzzer.com/2021/06/24/how-to-change-network-name-in-windows-10-xcxwbt/)). Alternatively, reset the network settings (_Network & Internet settings_ ➞_ Network reset_)
		9	1. Optionally, change the regional / format settings to something which is useful to you. For example, I use the en_US locale, but I prefer the ISO date format and 24 hour clock:
		10	* Short date: yyyy-MM-dd
		11	* Short time: HH:mm
		12	* Long time: HH:mm:ss
		13	* First day of week: Monday
		14	* Measurement system: Metric
		15	* Currency symbol: €
		16	* Positive currency format: 1.1 €
		17	* Negative currency format: -1.1 €
		18	1. Copy the settings to the welcome screen and new user accounts.
		19
		20	# Changing the timeout in the Windows Boot Manager
		21
		22	bcdedit /timeout 10
		23
		24	(from <https://docs.microsoft.com/en-us/windows-hardware/drivers/devtest/bcdedit--timeout>)
		25
		26	# Configuring the certificate for Remote Desktop
		27
		28	First, we have to get the thumbprint, then we can tell the Remote Desktop services to use the certificate with this thumbprint:
		29
		30	Get-ChildItem -Path Cert:LocalMachine\MY
		31	Set-WmiInstance -Path (Get-WmiObject -class "Win32_TSGeneralSetting" -Namespace root\cimv2\terminalservices -Filter "TerminalName='RDP-tcp'").__path -argument @{SSLCertificateSHA1Hash="$Thumbprint"}
		32
		33	(from <https://blog.icewolf.ch/archive/2021/07/03/secure-remote-desktop-connections-with-certificates.aspx>)
		34
		35	# Enabling strong cryptography for older .NET apps
		36
		37	For 64-bit apps:
		38
		39	```registry
		40	[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\v2.0.50727]
		41	"SystemDefaultTlsVersions" = dword:00000001
		42	"SchUseStrongCrypto" = dword:00000001
		43	[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\v4.0.30319]
		44	"SystemDefaultTlsVersions" = dword:00000001
		45	"SchUseStrongCrypto" = dword:00000001
		46	```
		47
		48	For 32-bit apps:
		49
		50	```registry
		51	[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\v2.0.50727]
		52	"SystemDefaultTlsVersions" = dword:00000001
		53	"SchUseStrongCrypto" = dword:00000001
		54	[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\.NETFramework\v4.0.30319]
		55	"SystemDefaultTlsVersions" = dword:00000001
		56	"SchUseStrongCrypto" = dword:00000001
		57	```
		58
		59	(see <https://docs.microsoft.com/en-us/mem/configmgr/core/plan-design/security/enable-tls-1-2-client>)
		60
		61	`SchUseStrongCrypto` enables support for TLS 1.1 and 1.2, and `SystemDefaultTlsVersions` allows .NET to use the system defaults.
		62
		63	These registry keys can be added through a group policy.
		64
		65	Typically, the computer has to be rebooted in order for these changs to become effective.
		66
		67	# Using EUI-64 instead of random IPv6 addresses
		68
		69	This can be done in [[exactly the same ways as for Windows Server 2012 R2\|doc:Windows.Windows_Server_2012_R2.WebHome\|anchor="HUseEUI-64insteadofrandomIPv6addresses"]].