Windows 10: Difference between revisions
(18 intermediate revisions by the same user not shown) | |||
Line 1: | Line 1: | ||
= Activation = |
== Activation == |
||
== Is your Windows 10 using a "product key" or a "digital license"? == |
=== Is your Windows 10 using a "product key" or a "digital license"? === |
||
* Right click the start button |
* Right click the start button |
||
* Select "System" |
* Select "System" |
||
Line 14: | Line 14: | ||
In case of a "digital license", you don't need to care about a "product key", you can just reinstall this pc and skip the dialog, where you are asked to enter a "product key". |
In case of a "digital license", you don't need to care about a "product key", you can just reinstall this pc and skip the dialog, where you are asked to enter a "product key". |
||
== Get product key from installed Windows 10 == |
=== Get product key from installed Windows 10 === |
||
=== Get Windows 10 product key from the UEFI firmware === |
==== Get Windows 10 product key from the UEFI firmware ==== |
||
powershell |
powershell |
||
(Get-WmiObject -query 'select * from SoftwareLicensingService').OA3xOriginalProductKey |
(Get-WmiObject -query 'select * from SoftwareLicensingService').OA3xOriginalProductKey |
||
=== Get Windows 10 product key from the registry === |
==== Get Windows 10 product key from the registry ==== |
||
Create productkey.vbs |
Create productkey.vbs |
||
<pre> |
<pre> |
||
Line 51: | Line 51: | ||
</pre> |
</pre> |
||
= Automatically login into Windows 10 with username and password = |
== Automatically login into Windows 10 with username and password == |
||
* start netplwiz |
* start netplwiz (with windows-key+r, not the search) |
||
* uncheck "needs password" |
* uncheck "needs password" |
||
=== if the checkbox for "needs password" is missing === |
|||
= Use a hard disk with more than 2TB with Windows 10 = |
|||
==== in the settings (not possible for everyone) ==== |
|||
Windows Settings / Account / Sign-In options: |
|||
Set "Require Windows Hello sign-in" to off. This option does not exist for everyone. See next variant: |
|||
([https://www.askvg.com/fix-users-must-enter-a-user-name-and-password-to-use-this-computer-checkbox-missing-in-windows-10/ source]) |
|||
==== in the registry ==== |
|||
* open the registry editor |
|||
regedit |
|||
* goto HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\PasswordLess\Device |
|||
* change the value of DevicePasswordLessBuildVersion from 2 to 0 |
|||
DevicePasswordLessBuildVersion = 0 |
|||
* start netplwiz again |
|||
([https://www.askvg.com/fix-users-must-enter-a-user-name-and-password-to-use-this-computer-checkbox-missing-in-windows-10/ source]) |
|||
== Use a hard disk with more than 2TB with Windows 10 == |
|||
You have to set/format the hard disk to GPT. |
You have to set/format the hard disk to GPT. |
||
If your system/bios does not allow booting from a GPT or >2TB HD, you can boot from a small HD/SDD and then use the large GPT disk. |
If your system/bios does not allow booting from a GPT or >2TB HD, you can boot from a small HD/SDD and then use the large GPT disk. |
||
GPT has no "extended". Your disk will be "primary" and you don't have to care about it, because you can create a lot of |
GPT has no "extended". Your disk will be "primary" and you don't have to care about it, because you can create a lot of partitions on it, not just the normal "four partition on a primary disk". |
||
* Do not use GPT for a Windows 7 OS disk (data disk is ok). Windows 8 and above are ok. |
|||
* Do not use GPT for disks with less than 2 TB. |
|||
Here the link to the conversion method: https://learn.microsoft.com/en-us/windows-server/storage/disk-management/change-an-mbr-disk-into-a-gpt-disk |
|||
Command prompt as admin: |
|||
diskpart |
|||
list disk |
|||
select disk <disk-number> |
|||
clean |
|||
convert gpt |
|||
exit |
|||
== Remove Tiles from Start Menu == |
|||
* Right click each tile and select "Unpin from Start Menu" |
|||
* Do this for all tiles |
|||
* Close the start menu and open it again |
|||
== Virtual Machines == |
|||
=== Problems with the Guard === |
|||
You can always check the VM Safety via "Click Start, type msinfo32.exe, and then click System Information. >. |
|||
VMWare workstation and device/credential guard are not compatible. (short version) |
|||
When the VMWare image of QNX OS does not start but instead you get something like the following error dialog: |
|||
First thing to try: (from https://www.youtube.com/watch?v=CGpv2Dvzyeg) |
|||
Launch cmd as admin... |
|||
bcdedit /create {0cb3b571-2f2e-4343-a879-d86a476d7215} /d "DebugTool" /application osloader |
|||
bcdedit /set {0cb3b571-2f2e-4343-a879-d86a476d7215} path "\EFI\Microsoft\Boot\SecConfig.efi" |
|||
bcdedit /set {bootmgr} bootsequence {0cb3b571-2f2e-4343-a879-d86a476d7215} |
|||
bcdedit /set {0cb3b571-2f2e-4343-a879-d86a476d7215} loadoptions DISABLE-LSA-ISO,DISABLE-VBS |
|||
bcdedit /set hypervisorlaunchtype off |
|||
Restart your system ... |
|||
If this is not enough, follow the link from the dialog box to the vmware site and from there to the Microsoft site where you have to scroll down a lot to see how to disable all the guard thingies. |
|||
AFTER you follow the MS guide, do the above again! Or follow the copy/paste in the "long version" (next sub chapter). |
|||
VMWare workstation and device/credential guard are not compatible (long version) or how to Disable Windows Defender Credential Guard |
|||
https://docs.microsoft.com/en-us/windows/security/identity-protection/credential-guard/credential-guard-manage#disable-windows-defender-credential-guard |
|||
https://www.youtube.com/watch?v=CGpv2Dvzyeg |
|||
To open the Group policy settings editor: "Run" and type "gpedit.msc", right-click, select "run as admin". |
|||
* If you used Group Policy, disable the Group Policy setting that you used to enable Windows Defender Credential Guard (Computer Configuration -> Administrative Templates -> System -> Device Guard -> Turn on Virtualization Based Security). |
|||
* Delete the following registry settings: |
|||
** HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\LSA\LsaCfgFlags |
|||
** HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\DeviceGuard\LsaCfgFlags |
|||
* If you also wish to disable virtualization-based security delete the following registry settings: |
|||
** HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\DeviceGuard\EnableVirtualizationBasedSecurity |
|||
** HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\DeviceGuard\RequirePlatformSecurityFeatures |
|||
Important |
|||
If you manually remove these registry settings, make sure to delete them all. If you don't remove them all, the device might go into BitLocker recovery. |
|||
* Delete the Windows Defender Credential Guard EFI variables by using bcdedit. From an elevated command prompt, type the following commands: |
|||
* mountvol X: /s |
|||
* copy %WINDIR%\System32\SecConfig.efi X:\EFI\Microsoft\Boot\SecConfig.efi /Y |
|||
* bcdedit /create {0cb3b571-2f2e-4343-a879-d86a476d7215} /d "DebugTool" /application osloader |
|||
* bcdedit /set {0cb3b571-2f2e-4343-a879-d86a476d7215} path "\EFI\Microsoft\Boot\SecConfig.efi" |
|||
* bcdedit /set {bootmgr} bootsequence {0cb3b571-2f2e-4343-a879-d86a476d7215} |
|||
* bcdedit /set {0cb3b571-2f2e-4343-a879-d86a476d7215} loadoptions DISABLE-LSA-ISO |
|||
* bcdedit /set {0cb3b571-2f2e-4343-a879-d86a476d7215} device partition=X: |
|||
* mountvol X: /d |
|||
* Restart the PC. |
|||
* Accept the prompt to disable Windows Defender Credential Guard. |
|||
* Alternatively, you can disable the virtualization-based security features to turn off Windows Defender Credential Guard. |
|||
Note |
|||
The PC must have one-time access to a domain controller to decrypt content, such as files that were encrypted with EFS. If you want to turn off both Windows Defender Credential Guard and virtualization-based security, run the following bcdedit commands after turning off all virtualization-based security Group Policy and registry settings: |
|||
bcdedit /set {0cb3b571-2f2e-4343-a879-d86a476d7215} loadoptions DISABLE-LSA-ISO,DISABLE-VBS |
|||
bcdedit /set vsmlaunchtype off |
|||
VMware Workstation and Device/Credential Guard are not compatible Problem Resolve. |
|||
Go to Control Panel - Uninstall a Program - Turn Windows features on or off - (uncheck/turn off) Hyper-V. Click |
|||
OK |
|||
Select Do not restart. |
|||
And then type the following cmds in cmd prompt.. |
|||
to Delete the related EFI variables from the BCD file... Launch cmd as admin... |
|||
bcdedit /create {0cb3b571-2f2e-4343-a879-d86a476d7215} /d "DebugTool" /application osloader |
|||
bcdedit /set {0cb3b571-2f2e-4343-a879-d86a476d7215} path "\EFI\Microsoft\Boot\SecConfig.efi" |
|||
bcdedit /set {bootmgr} bootsequence {0cb3b571-2f2e-4343-a879-d86a476d7215} |
|||
bcdedit /set {0cb3b571-2f2e-4343-a879-d86a476d7215} loadoptions DISABLE-LSA-ISO,DISABLE-VBS |
|||
bcdedit /set hypervisorlaunchtype off |
|||
Restart your system ... |
|||
== Misc == |
|||
=== Autostart Folder === |
|||
WIN+r: |
|||
shell:startup |
|||
=== What is using space on my Windows 10 === |
|||
Settings / System / Storage |
|||
=== Shortcut to dialog with power plan selection === |
|||
New shortcut: "powercfg.cpl" |
|||
=== ssh/scp/sftp server === |
|||
SHH server must be running, check the services, set it to automatically and start it for now or boot. |
|||
=== Remote Desktop (RDP) === |
|||
* Port 3389 |
|||
* Allow it: Settings/System/Remote Desktop |
|||
=== install NET Framework 3.5 === |
|||
mount windows iso as drive ... D: for example, if you don't use D:, change D: in the next line |
|||
DISM /Online /Enable-Feature /FeatureName:NetFx3 /All /LimitAccess /Source:D:\sources\sxs |
|||
=== ssh === |
|||
==== client ==== |
|||
* services: ssh agent: automatic + start (running) |
|||
* /Users/<user>/.ssh directory writeable only by user (Properties/Security/Advanced/Disable inheritance + check All childs/create like current; then remove all but the one for the current user) |
|||
* rsa_id or dsa_id should exist |
|||
==== server ==== |
|||
* install Open SSH server (apps and features / optional / add) |
|||
* services: open ssh server: automatic + start (running) |
|||
* /Users/<user>/.ssh directory writeable only by user (Properties/Security/Advanced/Disable inheritance + check All childs/create like current; then remove all but the one for the current user) |
|||
* if <user> has admin rights: |
|||
** copy authorized_keys to c:\ProgramData\ssh\administrators_authorized_keys then remove rights for all but System and Administrative Users, like above with removing inheritance) |
|||
=== Delete Windows Defender History === |
|||
delete all files in c:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\ |
|||
==== Long Paths ==== |
|||
Some times you get problems when you have to read or write long paths in Windows. |
|||
You can try to allow longer paths. Open the registry editor to |
|||
Computer\HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\FileSystem |
|||
and change |
|||
LongPathsEnabled 0 |
|||
to |
|||
LongPathsEnabled 1 |
|||
==== Hide devices from the audio selector in the tray bar ==== |
|||
Search for "Manage sound devices" and open it. |
|||
Select the one you don't want to see and "disable" it. |
Latest revision as of 18:03, 9 April 2024
Activation
Is your Windows 10 using a "product key" or a "digital license"?
- Right click the start button
- Select "System"
- Select "Home" (upper left)
- Select "Update & Security"
- Select "Activation"
Look for a text like
Windows is activated with a digital license
In case of a "digital license", you don't need to care about a "product key", you can just reinstall this pc and skip the dialog, where you are asked to enter a "product key".
Get product key from installed Windows 10
Get Windows 10 product key from the UEFI firmware
powershell (Get-WmiObject -query 'select * from SoftwareLicensingService').OA3xOriginalProductKey
Get Windows 10 product key from the registry
Create productkey.vbs
Set WshShell = CreateObject("WScript.Shell") MsgBox ConvertToKey(WshShell.RegRead("HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\DigitalProductId")) Function ConvertToKey(Key) Const KeyOffset = 52 i = 28 Chars = "BCDFGHJKMPQRTVWXY2346789" Do Cur = 0 x = 14 Do Cur = Cur * 256 Cur = Key(x + KeyOffset) + Cur Key(x + KeyOffset) = (Cur \ 24) And 255 Cur = Cur Mod 24 x = x -1 Loop While x >= 0 i = i -1 KeyOutput = Mid(Chars, Cur + 1, 1) & KeyOutput If (((29 - i) Mod 6) = 0) And (i <> -1) Then i = i -1 KeyOutput = "-" & KeyOutput End If Loop While i >= 0 ConvertToKey = KeyOutput End Function
Automatically login into Windows 10 with username and password
- start netplwiz (with windows-key+r, not the search)
- uncheck "needs password"
if the checkbox for "needs password" is missing
in the settings (not possible for everyone)
Windows Settings / Account / Sign-In options: Set "Require Windows Hello sign-in" to off. This option does not exist for everyone. See next variant:
(source)
in the registry
- open the registry editor
regedit
- goto HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\PasswordLess\Device
- change the value of DevicePasswordLessBuildVersion from 2 to 0
DevicePasswordLessBuildVersion = 0
- start netplwiz again
(source)
Use a hard disk with more than 2TB with Windows 10
You have to set/format the hard disk to GPT. If your system/bios does not allow booting from a GPT or >2TB HD, you can boot from a small HD/SDD and then use the large GPT disk.
GPT has no "extended". Your disk will be "primary" and you don't have to care about it, because you can create a lot of partitions on it, not just the normal "four partition on a primary disk".
- Do not use GPT for a Windows 7 OS disk (data disk is ok). Windows 8 and above are ok.
- Do not use GPT for disks with less than 2 TB.
Here the link to the conversion method: https://learn.microsoft.com/en-us/windows-server/storage/disk-management/change-an-mbr-disk-into-a-gpt-disk
Command prompt as admin:
diskpart list disk select disk <disk-number> clean convert gpt exit
Remove Tiles from Start Menu
- Right click each tile and select "Unpin from Start Menu"
- Do this for all tiles
- Close the start menu and open it again
Virtual Machines
Problems with the Guard
You can always check the VM Safety via "Click Start, type msinfo32.exe, and then click System Information. >.
VMWare workstation and device/credential guard are not compatible. (short version)
When the VMWare image of QNX OS does not start but instead you get something like the following error dialog:
First thing to try: (from https://www.youtube.com/watch?v=CGpv2Dvzyeg)
Launch cmd as admin...
bcdedit /create {0cb3b571-2f2e-4343-a879-d86a476d7215} /d "DebugTool" /application osloader bcdedit /set {0cb3b571-2f2e-4343-a879-d86a476d7215} path "\EFI\Microsoft\Boot\SecConfig.efi" bcdedit /set {bootmgr} bootsequence {0cb3b571-2f2e-4343-a879-d86a476d7215} bcdedit /set {0cb3b571-2f2e-4343-a879-d86a476d7215} loadoptions DISABLE-LSA-ISO,DISABLE-VBS bcdedit /set hypervisorlaunchtype off
Restart your system ...
If this is not enough, follow the link from the dialog box to the vmware site and from there to the Microsoft site where you have to scroll down a lot to see how to disable all the guard thingies.
AFTER you follow the MS guide, do the above again! Or follow the copy/paste in the "long version" (next sub chapter).
VMWare workstation and device/credential guard are not compatible (long version) or how to Disable Windows Defender Credential Guard
https://docs.microsoft.com/en-us/windows/security/identity-protection/credential-guard/credential-guard-manage#disable-windows-defender-credential-guard
https://www.youtube.com/watch?v=CGpv2Dvzyeg
To open the Group policy settings editor: "Run" and type "gpedit.msc", right-click, select "run as admin".
- If you used Group Policy, disable the Group Policy setting that you used to enable Windows Defender Credential Guard (Computer Configuration -> Administrative Templates -> System -> Device Guard -> Turn on Virtualization Based Security).
- Delete the following registry settings:
- HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\LSA\LsaCfgFlags
- HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\DeviceGuard\LsaCfgFlags
- If you also wish to disable virtualization-based security delete the following registry settings:
- HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\DeviceGuard\EnableVirtualizationBasedSecurity
- HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\DeviceGuard\RequirePlatformSecurityFeatures
Important If you manually remove these registry settings, make sure to delete them all. If you don't remove them all, the device might go into BitLocker recovery.
- Delete the Windows Defender Credential Guard EFI variables by using bcdedit. From an elevated command prompt, type the following commands:
- mountvol X: /s
- copy %WINDIR%\System32\SecConfig.efi X:\EFI\Microsoft\Boot\SecConfig.efi /Y
- bcdedit /create {0cb3b571-2f2e-4343-a879-d86a476d7215} /d "DebugTool" /application osloader
- bcdedit /set {0cb3b571-2f2e-4343-a879-d86a476d7215} path "\EFI\Microsoft\Boot\SecConfig.efi"
- bcdedit /set {bootmgr} bootsequence {0cb3b571-2f2e-4343-a879-d86a476d7215}
- bcdedit /set {0cb3b571-2f2e-4343-a879-d86a476d7215} loadoptions DISABLE-LSA-ISO
- bcdedit /set {0cb3b571-2f2e-4343-a879-d86a476d7215} device partition=X:
- mountvol X: /d
- Restart the PC.
- Accept the prompt to disable Windows Defender Credential Guard.
- Alternatively, you can disable the virtualization-based security features to turn off Windows Defender Credential Guard.
Note
The PC must have one-time access to a domain controller to decrypt content, such as files that were encrypted with EFS. If you want to turn off both Windows Defender Credential Guard and virtualization-based security, run the following bcdedit commands after turning off all virtualization-based security Group Policy and registry settings:
bcdedit /set {0cb3b571-2f2e-4343-a879-d86a476d7215} loadoptions DISABLE-LSA-ISO,DISABLE-VBS
bcdedit /set vsmlaunchtype off
VMware Workstation and Device/Credential Guard are not compatible Problem Resolve.
Go to Control Panel - Uninstall a Program - Turn Windows features on or off - (uncheck/turn off) Hyper-V. Click
OK
Select Do not restart.
And then type the following cmds in cmd prompt..
to Delete the related EFI variables from the BCD file... Launch cmd as admin...
bcdedit /create {0cb3b571-2f2e-4343-a879-d86a476d7215} /d "DebugTool" /application osloader bcdedit /set {0cb3b571-2f2e-4343-a879-d86a476d7215} path "\EFI\Microsoft\Boot\SecConfig.efi" bcdedit /set {bootmgr} bootsequence {0cb3b571-2f2e-4343-a879-d86a476d7215} bcdedit /set {0cb3b571-2f2e-4343-a879-d86a476d7215} loadoptions DISABLE-LSA-ISO,DISABLE-VBS bcdedit /set hypervisorlaunchtype off
Restart your system ...
Misc
Autostart Folder
WIN+r:
shell:startup
What is using space on my Windows 10
Settings / System / Storage
Shortcut to dialog with power plan selection
New shortcut: "powercfg.cpl"
ssh/scp/sftp server
SHH server must be running, check the services, set it to automatically and start it for now or boot.
Remote Desktop (RDP)
- Port 3389
- Allow it: Settings/System/Remote Desktop
install NET Framework 3.5
mount windows iso as drive ... D: for example, if you don't use D:, change D: in the next line
DISM /Online /Enable-Feature /FeatureName:NetFx3 /All /LimitAccess /Source:D:\sources\sxs
ssh
client
- services: ssh agent: automatic + start (running)
- /Users/<user>/.ssh directory writeable only by user (Properties/Security/Advanced/Disable inheritance + check All childs/create like current; then remove all but the one for the current user)
- rsa_id or dsa_id should exist
server
- install Open SSH server (apps and features / optional / add)
- services: open ssh server: automatic + start (running)
- /Users/<user>/.ssh directory writeable only by user (Properties/Security/Advanced/Disable inheritance + check All childs/create like current; then remove all but the one for the current user)
- if <user> has admin rights:
- copy authorized_keys to c:\ProgramData\ssh\administrators_authorized_keys then remove rights for all but System and Administrative Users, like above with removing inheritance)
Delete Windows Defender History
delete all files in c:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\
Long Paths
Some times you get problems when you have to read or write long paths in Windows. You can try to allow longer paths. Open the registry editor to
Computer\HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\FileSystem
and change
LongPathsEnabled 0
to
LongPathsEnabled 1
Hide devices from the audio selector in the tray bar
Search for "Manage sound devices" and open it. Select the one you don't want to see and "disable" it.