Windows 10: Difference between revisions

From Andreida
 
(18 intermediate revisions by the same user not shown)
Line 1: Line 1:


= Activation =
== Activation ==


== Is your Windows 10 using a "product key" or a "digital license"? ==
=== Is your Windows 10 using a "product key" or a "digital license"? ===
* Right click the start button
* Right click the start button
* Select "System"
* Select "System"
Line 14: Line 14:
In case of a "digital license", you don't need to care about a "product key", you can just reinstall this pc and skip the dialog, where you are asked to enter a "product key".
In case of a "digital license", you don't need to care about a "product key", you can just reinstall this pc and skip the dialog, where you are asked to enter a "product key".


== Get product key from installed Windows 10 ==
=== Get product key from installed Windows 10 ===


=== Get Windows 10 product key from the UEFI firmware ===
==== Get Windows 10 product key from the UEFI firmware ====
powershell
powershell
(Get-WmiObject -query 'select * from SoftwareLicensingService').OA3xOriginalProductKey
(Get-WmiObject -query 'select * from SoftwareLicensingService').OA3xOriginalProductKey


=== Get Windows 10 product key from the registry ===
==== Get Windows 10 product key from the registry ====
Create productkey.vbs
Create productkey.vbs
<pre>
<pre>
Line 51: Line 51:
</pre>
</pre>


= Automatically login into Windows 10 with username and password =
== Automatically login into Windows 10 with username and password ==
* start netplwiz
* start netplwiz (with windows-key+r, not the search)
* uncheck "needs password"
* uncheck "needs password"


=== if the checkbox for "needs password" is missing ===
= Use a hard disk with more than 2TB with Windows 10 =
==== in the settings (not possible for everyone) ====
Windows Settings / Account / Sign-In options:
Set "Require Windows Hello sign-in" to off. This option does not exist for everyone. See next variant:

([https://www.askvg.com/fix-users-must-enter-a-user-name-and-password-to-use-this-computer-checkbox-missing-in-windows-10/ source])

==== in the registry ====
* open the registry editor
regedit
* goto HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\PasswordLess\Device
* change the value of DevicePasswordLessBuildVersion from 2 to 0
DevicePasswordLessBuildVersion = 0
* start netplwiz again

([https://www.askvg.com/fix-users-must-enter-a-user-name-and-password-to-use-this-computer-checkbox-missing-in-windows-10/ source])

== Use a hard disk with more than 2TB with Windows 10 ==
You have to set/format the hard disk to GPT.
You have to set/format the hard disk to GPT.
If your system/bios does not allow booting from a GPT or >2TB HD, you can boot from a small HD/SDD and then use the large GPT disk.
If your system/bios does not allow booting from a GPT or >2TB HD, you can boot from a small HD/SDD and then use the large GPT disk.




GPT has no "extended". Your disk will be "primary" and you don't have to care about it, because you can create a lot of partition on it, not just the normal "four partition on a primary disk".
GPT has no "extended". Your disk will be "primary" and you don't have to care about it, because you can create a lot of partitions on it, not just the normal "four partition on a primary disk".

* Do not use GPT for a Windows 7 OS disk (data disk is ok). Windows 8 and above are ok.
* Do not use GPT for disks with less than 2 TB.

Here the link to the conversion method: https://learn.microsoft.com/en-us/windows-server/storage/disk-management/change-an-mbr-disk-into-a-gpt-disk

Command prompt as admin:
diskpart
list disk
select disk <disk-number>
clean
convert gpt
exit

== Remove Tiles from Start Menu ==
* Right click each tile and select "Unpin from Start Menu"
* Do this for all tiles
* Close the start menu and open it again


== Virtual Machines ==

=== Problems with the Guard ===


You can always check the VM Safety via "Click Start, type msinfo32.exe, and then click System Information. >.


VMWare workstation and device/credential guard are not compatible. (short version)
When the VMWare image of QNX OS does not start but instead you get something like the following error dialog:

First thing to try: (from https://www.youtube.com/watch?v=CGpv2Dvzyeg)
Launch cmd as admin...
bcdedit /create {0cb3b571-2f2e-4343-a879-d86a476d7215} /d "DebugTool" /application osloader
bcdedit /set {0cb3b571-2f2e-4343-a879-d86a476d7215} path "\EFI\Microsoft\Boot\SecConfig.efi"
bcdedit /set {bootmgr} bootsequence {0cb3b571-2f2e-4343-a879-d86a476d7215}
bcdedit /set {0cb3b571-2f2e-4343-a879-d86a476d7215} loadoptions DISABLE-LSA-ISO,DISABLE-VBS
bcdedit /set hypervisorlaunchtype off
Restart your system ...


If this is not enough, follow the link from the dialog box to the vmware site and from there to the Microsoft site where you have to scroll down a lot to see how to disable all the guard thingies.
AFTER you follow the MS guide, do the above again! Or follow the copy/paste in the "long version" (next sub chapter).


VMWare workstation and device/credential guard are not compatible (long version) or how to Disable Windows Defender Credential Guard
https://docs.microsoft.com/en-us/windows/security/identity-protection/credential-guard/credential-guard-manage#disable-windows-defender-credential-guard
https://www.youtube.com/watch?v=CGpv2Dvzyeg
To open the Group policy settings editor: "Run" and type "gpedit.msc", right-click, select "run as admin".
* If you used Group Policy, disable the Group Policy setting that you used to enable Windows Defender Credential Guard (Computer Configuration -> Administrative Templates -> System -> Device Guard -> Turn on Virtualization Based Security).
* Delete the following registry settings:
** HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\LSA\LsaCfgFlags
** HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\DeviceGuard\LsaCfgFlags
* If you also wish to disable virtualization-based security delete the following registry settings:
** HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\DeviceGuard\EnableVirtualizationBasedSecurity
** HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\DeviceGuard\RequirePlatformSecurityFeatures
Important
If you manually remove these registry settings, make sure to delete them all. If you don't remove them all, the device might go into BitLocker recovery.
* Delete the Windows Defender Credential Guard EFI variables by using bcdedit. From an elevated command prompt, type the following commands:
* mountvol X: /s
* copy %WINDIR%\System32\SecConfig.efi X:\EFI\Microsoft\Boot\SecConfig.efi /Y
* bcdedit /create {0cb3b571-2f2e-4343-a879-d86a476d7215} /d "DebugTool" /application osloader
* bcdedit /set {0cb3b571-2f2e-4343-a879-d86a476d7215} path "\EFI\Microsoft\Boot\SecConfig.efi"
* bcdedit /set {bootmgr} bootsequence {0cb3b571-2f2e-4343-a879-d86a476d7215}
* bcdedit /set {0cb3b571-2f2e-4343-a879-d86a476d7215} loadoptions DISABLE-LSA-ISO
* bcdedit /set {0cb3b571-2f2e-4343-a879-d86a476d7215} device partition=X:
* mountvol X: /d
* Restart the PC.
* Accept the prompt to disable Windows Defender Credential Guard.
* Alternatively, you can disable the virtualization-based security features to turn off Windows Defender Credential Guard.


Note
The PC must have one-time access to a domain controller to decrypt content, such as files that were encrypted with EFS. If you want to turn off both Windows Defender Credential Guard and virtualization-based security, run the following bcdedit commands after turning off all virtualization-based security Group Policy and registry settings:
bcdedit /set {0cb3b571-2f2e-4343-a879-d86a476d7215} loadoptions DISABLE-LSA-ISO,DISABLE-VBS
bcdedit /set vsmlaunchtype off


VMware Workstation and Device/Credential Guard are not compatible Problem Resolve.
Go to Control Panel - Uninstall a Program - Turn Windows features on or off - (uncheck/turn off) Hyper-V. Click
OK
Select Do not restart.
And then type the following cmds in cmd prompt..
to Delete the related EFI variables from the BCD file... Launch cmd as admin...

bcdedit /create {0cb3b571-2f2e-4343-a879-d86a476d7215} /d "DebugTool" /application osloader
bcdedit /set {0cb3b571-2f2e-4343-a879-d86a476d7215} path "\EFI\Microsoft\Boot\SecConfig.efi"
bcdedit /set {bootmgr} bootsequence {0cb3b571-2f2e-4343-a879-d86a476d7215}
bcdedit /set {0cb3b571-2f2e-4343-a879-d86a476d7215} loadoptions DISABLE-LSA-ISO,DISABLE-VBS
bcdedit /set hypervisorlaunchtype off

Restart your system ...

== Misc ==
=== Autostart Folder ===
WIN+r:
shell:startup

=== What is using space on my Windows 10 ===
Settings / System / Storage

=== Shortcut to dialog with power plan selection ===
New shortcut: "powercfg.cpl"

=== ssh/scp/sftp server ===
SHH server must be running, check the services, set it to automatically and start it for now or boot.

=== Remote Desktop (RDP) ===
* Port 3389
* Allow it: Settings/System/Remote Desktop

=== install NET Framework 3.5 ===
mount windows iso as drive ... D: for example, if you don't use D:, change D: in the next line
DISM /Online /Enable-Feature /FeatureName:NetFx3 /All /LimitAccess /Source:D:\sources\sxs

=== ssh ===

==== client ====
* services: ssh agent: automatic + start (running)
* /Users/<user>/.ssh directory writeable only by user (Properties/Security/Advanced/Disable inheritance + check All childs/create like current; then remove all but the one for the current user)
* rsa_id or dsa_id should exist

==== server ====
* install Open SSH server (apps and features / optional / add)
* services: open ssh server: automatic + start (running)
* /Users/<user>/.ssh directory writeable only by user (Properties/Security/Advanced/Disable inheritance + check All childs/create like current; then remove all but the one for the current user)
* if <user> has admin rights:
** copy authorized_keys to c:\ProgramData\ssh\administrators_authorized_keys then remove rights for all but System and Administrative Users, like above with removing inheritance)

=== Delete Windows Defender History ===
delete all files in c:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\

==== Long Paths ====
Some times you get problems when you have to read or write long paths in Windows.
You can try to allow longer paths. Open the registry editor to
Computer\HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\FileSystem
and change
LongPathsEnabled 0
to
LongPathsEnabled 1

==== Hide devices from the audio selector in the tray bar ====
Search for "Manage sound devices" and open it.
Select the one you don't want to see and "disable" it.

Latest revision as of 18:03, 9 April 2024

Activation

Is your Windows 10 using a "product key" or a "digital license"?

  • Right click the start button
  • Select "System"
  • Select "Home" (upper left)
  • Select "Update & Security"
  • Select "Activation"

Look for a text like

Windows is activated with a digital license

In case of a "digital license", you don't need to care about a "product key", you can just reinstall this pc and skip the dialog, where you are asked to enter a "product key".

Get product key from installed Windows 10

Get Windows 10 product key from the UEFI firmware

powershell
(Get-WmiObject -query 'select * from SoftwareLicensingService').OA3xOriginalProductKey

Get Windows 10 product key from the registry

Create productkey.vbs

Set WshShell = CreateObject("WScript.Shell")
MsgBox ConvertToKey(WshShell.RegRead("HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\DigitalProductId"))

Function ConvertToKey(Key)
Const KeyOffset = 52
i = 28
Chars = "BCDFGHJKMPQRTVWXY2346789"
Do
Cur = 0
x = 14
Do
Cur = Cur * 256
Cur = Key(x + KeyOffset) + Cur
Key(x + KeyOffset) = (Cur \ 24) And 255
Cur = Cur Mod 24
x = x -1
Loop While x >= 0
i = i -1
KeyOutput = Mid(Chars, Cur + 1, 1) & KeyOutput
If (((29 - i) Mod 6) = 0) And (i <> -1) Then
i = i -1
KeyOutput = "-" & KeyOutput
End If
Loop While i >= 0
ConvertToKey = KeyOutput
End Function

Automatically login into Windows 10 with username and password

  • start netplwiz (with windows-key+r, not the search)
  • uncheck "needs password"

if the checkbox for "needs password" is missing

in the settings (not possible for everyone)

Windows Settings / Account / Sign-In options: Set "Require Windows Hello sign-in" to off. This option does not exist for everyone. See next variant:

(source)

in the registry

  • open the registry editor
 regedit
  • goto HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\PasswordLess\Device
  • change the value of DevicePasswordLessBuildVersion from 2 to 0
DevicePasswordLessBuildVersion = 0
  • start netplwiz again

(source)

Use a hard disk with more than 2TB with Windows 10

You have to set/format the hard disk to GPT. If your system/bios does not allow booting from a GPT or >2TB HD, you can boot from a small HD/SDD and then use the large GPT disk.


GPT has no "extended". Your disk will be "primary" and you don't have to care about it, because you can create a lot of partitions on it, not just the normal "four partition on a primary disk".

  • Do not use GPT for a Windows 7 OS disk (data disk is ok). Windows 8 and above are ok.
  • Do not use GPT for disks with less than 2 TB.

Here the link to the conversion method: https://learn.microsoft.com/en-us/windows-server/storage/disk-management/change-an-mbr-disk-into-a-gpt-disk

Command prompt as admin:

diskpart 
list disk
select disk <disk-number>
clean 
convert gpt
exit

Remove Tiles from Start Menu

  • Right click each tile and select "Unpin from Start Menu"
  • Do this for all tiles
  • Close the start menu and open it again


Virtual Machines

Problems with the Guard

You can always check the VM Safety via "Click Start, type msinfo32.exe, and then click System Information. >.


VMWare workstation and device/credential guard are not compatible. (short version) When the VMWare image of QNX OS does not start but instead you get something like the following error dialog:


First thing to try: (from https://www.youtube.com/watch?v=CGpv2Dvzyeg) Launch cmd as admin...

bcdedit /create {0cb3b571-2f2e-4343-a879-d86a476d7215} /d "DebugTool" /application osloader
bcdedit /set {0cb3b571-2f2e-4343-a879-d86a476d7215} path "\EFI\Microsoft\Boot\SecConfig.efi"
bcdedit /set {bootmgr} bootsequence {0cb3b571-2f2e-4343-a879-d86a476d7215}
bcdedit /set {0cb3b571-2f2e-4343-a879-d86a476d7215} loadoptions DISABLE-LSA-ISO,DISABLE-VBS
bcdedit /set hypervisorlaunchtype off

Restart your system ...


If this is not enough, follow the link from the dialog box to the vmware site and from there to the Microsoft site where you have to scroll down a lot to see how to disable all the guard thingies. AFTER you follow the MS guide, do the above again! Or follow the copy/paste in the "long version" (next sub chapter).


VMWare workstation and device/credential guard are not compatible (long version) or how to Disable Windows Defender Credential Guard https://docs.microsoft.com/en-us/windows/security/identity-protection/credential-guard/credential-guard-manage#disable-windows-defender-credential-guard https://www.youtube.com/watch?v=CGpv2Dvzyeg To open the Group policy settings editor: "Run" and type "gpedit.msc", right-click, select "run as admin".

  • If you used Group Policy, disable the Group Policy setting that you used to enable Windows Defender Credential Guard (Computer Configuration -> Administrative Templates -> System -> Device Guard -> Turn on Virtualization Based Security).
  • Delete the following registry settings:
    • HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\LSA\LsaCfgFlags
    • HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\DeviceGuard\LsaCfgFlags
  • If you also wish to disable virtualization-based security delete the following registry settings:
    • HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\DeviceGuard\EnableVirtualizationBasedSecurity
    • HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\DeviceGuard\RequirePlatformSecurityFeatures

Important If you manually remove these registry settings, make sure to delete them all. If you don't remove them all, the device might go into BitLocker recovery.

  • Delete the Windows Defender Credential Guard EFI variables by using bcdedit. From an elevated command prompt, type the following commands:
  • mountvol X: /s
  • copy %WINDIR%\System32\SecConfig.efi X:\EFI\Microsoft\Boot\SecConfig.efi /Y
  • bcdedit /create {0cb3b571-2f2e-4343-a879-d86a476d7215} /d "DebugTool" /application osloader
  • bcdedit /set {0cb3b571-2f2e-4343-a879-d86a476d7215} path "\EFI\Microsoft\Boot\SecConfig.efi"
  • bcdedit /set {bootmgr} bootsequence {0cb3b571-2f2e-4343-a879-d86a476d7215}
  • bcdedit /set {0cb3b571-2f2e-4343-a879-d86a476d7215} loadoptions DISABLE-LSA-ISO
  • bcdedit /set {0cb3b571-2f2e-4343-a879-d86a476d7215} device partition=X:
  • mountvol X: /d
  • Restart the PC.
  • Accept the prompt to disable Windows Defender Credential Guard.
  • Alternatively, you can disable the virtualization-based security features to turn off Windows Defender Credential Guard.


Note The PC must have one-time access to a domain controller to decrypt content, such as files that were encrypted with EFS. If you want to turn off both Windows Defender Credential Guard and virtualization-based security, run the following bcdedit commands after turning off all virtualization-based security Group Policy and registry settings: bcdedit /set {0cb3b571-2f2e-4343-a879-d86a476d7215} loadoptions DISABLE-LSA-ISO,DISABLE-VBS bcdedit /set vsmlaunchtype off


VMware Workstation and Device/Credential Guard are not compatible Problem Resolve. Go to Control Panel - Uninstall a Program - Turn Windows features on or off - (uncheck/turn off) Hyper-V. Click OK Select Do not restart. And then type the following cmds in cmd prompt.. to Delete the related EFI variables from the BCD file... Launch cmd as admin...

bcdedit /create {0cb3b571-2f2e-4343-a879-d86a476d7215} /d "DebugTool" /application osloader 
bcdedit /set {0cb3b571-2f2e-4343-a879-d86a476d7215} path "\EFI\Microsoft\Boot\SecConfig.efi" 
bcdedit /set {bootmgr} bootsequence {0cb3b571-2f2e-4343-a879-d86a476d7215} 
bcdedit /set {0cb3b571-2f2e-4343-a879-d86a476d7215} loadoptions DISABLE-LSA-ISO,DISABLE-VBS 
bcdedit /set hypervisorlaunchtype off 

Restart your system ...

Misc

Autostart Folder

WIN+r:

shell:startup

What is using space on my Windows 10

Settings / System / Storage

Shortcut to dialog with power plan selection

New shortcut: "powercfg.cpl"

ssh/scp/sftp server

SHH server must be running, check the services, set it to automatically and start it for now or boot.

Remote Desktop (RDP)

  • Port 3389
  • Allow it: Settings/System/Remote Desktop

install NET Framework 3.5

mount windows iso as drive ... D: for example, if you don't use D:, change D: in the next line

DISM /Online /Enable-Feature /FeatureName:NetFx3 /All /LimitAccess /Source:D:\sources\sxs

ssh

client

  • services: ssh agent: automatic + start (running)
  • /Users/<user>/.ssh directory writeable only by user (Properties/Security/Advanced/Disable inheritance + check All childs/create like current; then remove all but the one for the current user)
  • rsa_id or dsa_id should exist

server

  • install Open SSH server (apps and features / optional / add)
  • services: open ssh server: automatic + start (running)
  • /Users/<user>/.ssh directory writeable only by user (Properties/Security/Advanced/Disable inheritance + check All childs/create like current; then remove all but the one for the current user)
  • if <user> has admin rights:
    • copy authorized_keys to c:\ProgramData\ssh\administrators_authorized_keys then remove rights for all but System and Administrative Users, like above with removing inheritance)

Delete Windows Defender History

delete all files in c:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\

Long Paths

Some times you get problems when you have to read or write long paths in Windows. You can try to allow longer paths. Open the registry editor to

Computer\HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\FileSystem

and change

LongPathsEnabled 0

to

LongPathsEnabled 1

Hide devices from the audio selector in the tray bar

Search for "Manage sound devices" and open it. Select the one you don't want to see and "disable" it.