Wiki source code of Windows Server 2022
Last modified by Sebastian Marsching on 2022/05/30 12:24
Hide last authors
| author | version | line-number | content |
|---|---|---|---|
 |
1.1 | 1 | {{toc/}} |
| 2 | |||
| 3 | # Completely changing the language of the operating system | ||
| 4 | |||
| 5 | 1. Install language pack. | ||
| |
3.1 | 6 | 1. Run `%windir%\system32\sysprep\sysprep.exe`, select _Enter System Out-of-Box Experience (OOBE)_ (keeping _Generalize_ disabled) and select _Reboot_ (idea from [here](https://www.windowsphoneinfo.com/threads/windows-10-not-completely-changing-language.392074/)). |
| |
1.1 | 7 | 1. Select the correct language in the wizard that shows after the reboot. |
| |
3.1 | 8 | 1. Change network name(s) if necessary. Go to _Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\NetworkList\Profiles_ in the Registry Editor (idea from [here](https://winbuzzer.com/2021/06/24/how-to-change-network-name-in-windows-10-xcxwbt/)). Alternatively, reset the network settings (_Network & Internet settings_ ➞_ Network reset_) |
| |
1.1 | 9 | 1. Optionally, change the regional / format settings to something which is useful to you. For example, I use the en_US locale, but I prefer the ISO date format and 24 hour clock: |
| 10 | * Short date: yyyy-MM-dd | ||
| 11 | * Short time: HH:mm | ||
| 12 | * Long time: HH:mm:ss | ||
| 13 | * First day of week: Monday | ||
| 14 | * Measurement system: Metric | ||
| 15 | * Currency symbol: € | ||
| 16 | * Positive currency format: 1.1 € | ||
| 17 | * Negative currency format: -1.1 € | ||
| 18 | 1. Copy the settings to the welcome screen and new user accounts. | ||
| 19 | |||
| |
4.1 | 20 | Running sysprep can have undesired side effects, but it is the only way to really change the system language completely. If one is happy with only having most of the system in the new language, using the [[method described for Windows Server 2012 R2|doc:Windows.Windows_Server_2012_R2.WebHome|anchor="HRenaminglocaluserswhenchangingthelanguage"]] might be suitable. However, a few messages during startup and shutdown will still be displayed in the original language when using this method. |
| 21 | |||
| |
1.1 | 22 | # Changing the timeout in the Windows Boot Manager |
| 23 | |||
| 24 | bcdedit /timeout 10 | ||
| 25 | |||
| 26 | (from <https://docs.microsoft.com/en-us/windows-hardware/drivers/devtest/bcdedit--timeout>) | ||
| 27 | |||
| 28 | # Configuring the certificate for Remote Desktop | ||
| 29 | |||
| 30 | First, we have to get the thumbprint, then we can tell the Remote Desktop services to use the certificate with this thumbprint: | ||
| 31 | |||
| 32 | Get-ChildItem -Path Cert:LocalMachine\MY | ||
| 33 | Set-WmiInstance -Path (Get-WmiObject -class "Win32_TSGeneralSetting" -Namespace root\cimv2\terminalservices -Filter "TerminalName='RDP-tcp'").__path -argument @{SSLCertificateSHA1Hash="$Thumbprint"} | ||
| 34 | |||
| |
2.1 | 35 | (from <https://blog.icewolf.ch/archive/2021/07/03/secure-remote-desktop-connections-with-certificates.aspx>) |
| |
1.1 | 36 | |
| |
3.1 | 37 | # Enabling strong cryptography for older .NET apps |
| 38 | |||
| 39 | For 64-bit apps: | ||
| 40 | |||
| 41 | ```registry | ||
| 42 | [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\v2.0.50727] | ||
| 43 | "SystemDefaultTlsVersions" = dword:00000001 | ||
| 44 | "SchUseStrongCrypto" = dword:00000001 | ||
| 45 | [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\v4.0.30319] | ||
| 46 | "SystemDefaultTlsVersions" = dword:00000001 | ||
| 47 | "SchUseStrongCrypto" = dword:00000001 | ||
| 48 | ``` | ||
| 49 | |||
| 50 | For 32-bit apps: | ||
| 51 | |||
| 52 | ```registry | ||
| 53 | [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\v2.0.50727] | ||
| 54 | "SystemDefaultTlsVersions" = dword:00000001 | ||
| 55 | "SchUseStrongCrypto" = dword:00000001 | ||
| 56 | [HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\.NETFramework\v4.0.30319] | ||
| 57 | "SystemDefaultTlsVersions" = dword:00000001 | ||
| 58 | "SchUseStrongCrypto" = dword:00000001 | ||
| 59 | ``` | ||
| 60 | |||
| 61 | (see <https://docs.microsoft.com/en-us/mem/configmgr/core/plan-design/security/enable-tls-1-2-client>) | ||
| 62 | |||
| 63 | `SchUseStrongCrypto` enables support for TLS 1.1 and 1.2, and `SystemDefaultTlsVersions` allows .NET to use the system defaults. | ||
| 64 | |||
| 65 | These registry keys can be added through a group policy. | ||
| 66 | |||
| 67 | Typically, the computer has to be rebooted in order for these changs to become effective. | ||
| 68 | |||
| |
4.1 | 69 | # Using EUI-64 instead of random IPv6 addresses[Edit](https://sebastian.marsching.com/wiki/bin/edit/Windows/Windows_Server_2012_R2/WebHome?section=5) |
| |
1.1 | 70 | |
| |
4.1 | 71 | It might be desirable to use an EUI-64-based IPv6 address (an IPv6 address that is generated based on the MAC address of the NIC) instead of a randomly generated address during IPv6 autoconfiguration. This can be achieved by using the following netsh command (from an elevated command prompt): |
| 72 | |||
| 73 | ```bat | ||
| 74 | netsh interface ipv6 set global randomizeidentifiers=disabled store=active | ||
| 75 | netsh interface ipv6 set global randomizeidentifiers=disabled store=persistent | ||
| 76 | ``` | ||
| 77 | |||
| 78 | This is exactly the same way as [[for Windows Server 2012 R2|doc:Windows.Windows_Server_2012_R2.WebHome|anchor="HUseEUI-64insteadofrandomIPv6addresses"]]. | ||
| 79 | |||
| 80 | # Related pages | ||
| 81 | |||
| |
5.1 | 82 | * [[Active Directory|doc:Windows.Active_Directory.WebHome]] |
| |
4.1 | 83 | * [[Distributed File System (DFS)|doc:Windows.DFS.WebHome]] |
| |
5.1 | 84 | * [[Windows Server 2012 R2|doc:Windows.Windows_Server_2012_R2.WebHome]] (not all the information there applies, but some does) |
| 85 | * [[Windows Server Update Services (WSUS)|doc:Windows.WSUS.WebHome]] |