Windows Server 2022

# Completely changing the language of the operating system

1. Install language pack.

1. Run `%windir%\system32\sysprep\sysprep.exe`, select _Enter System Out-of-Box Experience (OOBE)_ (keeping _Generalize_ disabled) and select _Reboot_ (idea from [here](https://www.windowsphoneinfo.com/threads/windows-10-not-completely-changing-language.392074/)).

7

1. Select the correct language in the wizard that shows after the reboot.

8

1. Change network name(s) if necessary. Go to _Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\NetworkList\Profiles_ in the Registry Editor (idea from [here](https://winbuzzer.com/2021/06/24/how-to-change-network-name-in-windows-10-xcxwbt/)). Alternatively, reset the network settings (_Network & Internet settings_ ➞_ Network reset_)

9

1. Optionally, change the regional / format settings to something which is useful to you. For example, I use the en_US locale, but I prefer the ISO date format and 24 hour clock:

10

* Short date: yyyy-MM-dd

11

* Short time: HH:mm

12

* Long time: HH:mm:ss

13

* First day of week: Monday

14

* Measurement system: Metric

15

* Currency symbol: €

16

* Positive currency format: 1.1 €

17

* Negative currency format: -1.1 €

18

1. Copy the settings to the welcome screen and new user accounts.

19

20

Running sysprep can have undesired side effects, but it is the only way to really change the system language completely. If one is happy with only having most of the system in the new language, using the [[method described for Windows Server 2012 R2|doc:Windows.Windows_Server_2012_R2.WebHome|anchor="HRenaminglocaluserswhenchangingthelanguage"]] might be suitable. However, a few messages during startup and shutdown will still be displayed in the original language when using this method.

21

22

# Changing the timeout in the Windows Boot Manager

bcdedit /timeout 10

(from <https://docs.microsoft.com/en-us/windows-hardware/drivers/devtest/bcdedit--timeout>)

27

28

# Configuring the certificate for Remote Desktop

29

30

First, we have to get the thumbprint, then we can tell the Remote Desktop services to use the certificate with this thumbprint:

31

32

Get-ChildItem -Path Cert:LocalMachine\MY

33

Set-WmiInstance -Path (Get-WmiObject -class "Win32_TSGeneralSetting" -Namespace root\cimv2\terminalservices -Filter "TerminalName='RDP-tcp'").__path -argument @{SSLCertificateSHA1Hash="$Thumbprint"}

34

35

(from <https://blog.icewolf.ch/archive/2021/07/03/secure-remote-desktop-connections-with-certificates.aspx>)

36

37

# Enabling strong cryptography for older .NET apps

For 64-bit apps:

```registry

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\v2.0.50727]

43

"SystemDefaultTlsVersions" = dword:00000001

44

"SchUseStrongCrypto" = dword:00000001

45

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\v4.0.30319]

46

"SystemDefaultTlsVersions" = dword:00000001

47

"SchUseStrongCrypto" = dword:00000001

```

For 32-bit apps:

```registry

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\v2.0.50727]

54

"SystemDefaultTlsVersions" = dword:00000001

55

"SchUseStrongCrypto" = dword:00000001

56

[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\.NETFramework\v4.0.30319]

57

"SystemDefaultTlsVersions" = dword:00000001

58

"SchUseStrongCrypto" = dword:00000001

59

```

60

61

(see <https://docs.microsoft.com/en-us/mem/configmgr/core/plan-design/security/enable-tls-1-2-client>)

62

63

`SchUseStrongCrypto` enables support for TLS 1.1 and 1.2, and `SystemDefaultTlsVersions` allows .NET to use the system defaults.

64

65

These registry keys can be added through a group policy.

66

67

Typically, the computer has to be rebooted in order for these changs to become effective.

68

69

# Using EUI-64 instead of random IPv6 addresses[Edit](https://sebastian.marsching.com/wiki/bin/edit/Windows/Windows_Server_2012_R2/WebHome?section=5)

70

71

It might be desirable to use an EUI-64-based IPv6 address (an IPv6 address that is generated based on the MAC address of the NIC) instead of a randomly generated address during IPv6 autoconfiguration. This can be achieved by using the following netsh command (from an elevated command prompt):

72

73

```bat

74

netsh interface ipv6 set global randomizeidentifiers=disabled store=active

75

netsh interface ipv6 set global randomizeidentifiers=disabled store=persistent

76

```

77

78

This is exactly the same way as [[for Windows Server 2012 R2|doc:Windows.Windows_Server_2012_R2.WebHome|anchor="HUseEUI-64insteadofrandomIPv6addresses"]].

# Related pages

* [[Active Directory|doc:Windows.Active_Directory.WebHome]]

83

* [[Distributed File System (DFS)|doc:Windows.DFS.WebHome]]

84

* [[Windows Server 2012 R2|doc:Windows.Windows_Server_2012_R2.WebHome]] (not all the information there applies, but some does)

85

* [[Windows Server Update Services (WSUS)|doc:Windows.WSUS.WebHome]]

Wiki source code of Windows Server 2022

Applications

Navigation

Need help?

author	version	line-number	content
		1	{{toc/}}
		2
		3	# Completely changing the language of the operating system
		4
		5	1. Install language pack.
		6	1. Run `%windir%\system32\sysprep\sysprep.exe`, select _Enter System Out-of-Box Experience (OOBE)_ (keeping _Generalize_ disabled) and select _Reboot_ (idea from [here](https://www.windowsphoneinfo.com/threads/windows-10-not-completely-changing-language.392074/)).
		7	1. Select the correct language in the wizard that shows after the reboot.
		8	1. Change network name(s) if necessary. Go to _Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\NetworkList\Profiles_ in the Registry Editor (idea from [here](https://winbuzzer.com/2021/06/24/how-to-change-network-name-in-windows-10-xcxwbt/)). Alternatively, reset the network settings (_Network & Internet settings_ ➞_ Network reset_)
		9	1. Optionally, change the regional / format settings to something which is useful to you. For example, I use the en_US locale, but I prefer the ISO date format and 24 hour clock:
		10	* Short date: yyyy-MM-dd
		11	* Short time: HH:mm
		12	* Long time: HH:mm:ss
		13	* First day of week: Monday
		14	* Measurement system: Metric
		15	* Currency symbol: €
		16	* Positive currency format: 1.1 €
		17	* Negative currency format: -1.1 €
		18	1. Copy the settings to the welcome screen and new user accounts.
		19
		20	Running sysprep can have undesired side effects, but it is the only way to really change the system language completely. If one is happy with only having most of the system in the new language, using the [[method described for Windows Server 2012 R2\|doc:Windows.Windows_Server_2012_R2.WebHome\|anchor="HRenaminglocaluserswhenchangingthelanguage"]] might be suitable. However, a few messages during startup and shutdown will still be displayed in the original language when using this method.
		21
		22	# Changing the timeout in the Windows Boot Manager
		23
		24	bcdedit /timeout 10
		25
		26	(from <https://docs.microsoft.com/en-us/windows-hardware/drivers/devtest/bcdedit--timeout>)
		27
		28	# Configuring the certificate for Remote Desktop
		29
		30	First, we have to get the thumbprint, then we can tell the Remote Desktop services to use the certificate with this thumbprint:
		31
		32	Get-ChildItem -Path Cert:LocalMachine\MY
		33	Set-WmiInstance -Path (Get-WmiObject -class "Win32_TSGeneralSetting" -Namespace root\cimv2\terminalservices -Filter "TerminalName='RDP-tcp'").__path -argument @{SSLCertificateSHA1Hash="$Thumbprint"}
		34
		35	(from <https://blog.icewolf.ch/archive/2021/07/03/secure-remote-desktop-connections-with-certificates.aspx>)
		36
		37	# Enabling strong cryptography for older .NET apps
		38
		39	For 64-bit apps:
		40
		41	```registry
		42	[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\v2.0.50727]
		43	"SystemDefaultTlsVersions" = dword:00000001
		44	"SchUseStrongCrypto" = dword:00000001
		45	[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\v4.0.30319]
		46	"SystemDefaultTlsVersions" = dword:00000001
		47	"SchUseStrongCrypto" = dword:00000001
		48	```
		49
		50	For 32-bit apps:
		51
		52	```registry
		53	[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\v2.0.50727]
		54	"SystemDefaultTlsVersions" = dword:00000001
		55	"SchUseStrongCrypto" = dword:00000001
		56	[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\.NETFramework\v4.0.30319]
		57	"SystemDefaultTlsVersions" = dword:00000001
		58	"SchUseStrongCrypto" = dword:00000001
		59	```
		60
		61	(see <https://docs.microsoft.com/en-us/mem/configmgr/core/plan-design/security/enable-tls-1-2-client>)
		62
		63	`SchUseStrongCrypto` enables support for TLS 1.1 and 1.2, and `SystemDefaultTlsVersions` allows .NET to use the system defaults.
		64
		65	These registry keys can be added through a group policy.
		66
		67	Typically, the computer has to be rebooted in order for these changs to become effective.
		68
		69	# Using EUI-64 instead of random IPv6 addresses[Edit](https://sebastian.marsching.com/wiki/bin/edit/Windows/Windows_Server_2012_R2/WebHome?section=5)
		70
		71	It might be desirable to use an EUI-64-based IPv6 address (an IPv6 address that is generated based on the MAC address of the NIC) instead of a randomly generated address during IPv6 autoconfiguration. This can be achieved by using the following netsh command (from an elevated command prompt):
		72
		73	```bat
		74	netsh interface ipv6 set global randomizeidentifiers=disabled store=active
		75	netsh interface ipv6 set global randomizeidentifiers=disabled store=persistent
		76	```
		77
		78	This is exactly the same way as [[for Windows Server 2012 R2\|doc:Windows.Windows_Server_2012_R2.WebHome\|anchor="HUseEUI-64insteadofrandomIPv6addresses"]].
		79
		80	# Related pages
		81
		82	* [[Active Directory\|doc:Windows.Active_Directory.WebHome]]
		83	* [[Distributed File System (DFS)\|doc:Windows.DFS.WebHome]]
		84	* [[Windows Server 2012 R2\|doc:Windows.Windows_Server_2012_R2.WebHome]] (not all the information there applies, but some does)
		85	* [[Windows Server Update Services (WSUS)\|doc:Windows.WSUS.WebHome]]