wiki:windows/windows7
Last modified 5 years ago Last modified on 06/28/12 09:32:29

Windows 7 Enterprise

Activate Windows

Activate:

cscript C:\Windows\System32\Slmgr.vbs /ato

Show infos:

cscript C:\Windows\System32\Slmgr.vbs /dlv

Adding Language Packs

see http://technet.microsoft.com/en-us/library/cc766472%28v=ws.10%29.aspx

Copy a Language Pack to the Windows Distribution

from http://technet.microsoft.com/en-us/library/cc765987%28v=ws.10%29.aspx

Important: start cmd as Administrator. From the Startmenu, select cmd by right mouse button and select: "Run as Administrator"

Network shares are not available in this environment, so better copy all required files to c:\ before hand.

From Linux:

# /mnt: mount ISO with Language Packs (SP1)
# $WORK/installfiles: contents of a Win7 SP1 installation DVD

WORK=/tmp/win7

cd $WORK
mkdir langpacks-extracted
cd langpacks-extracted
cabextract /mnt/langpacks/de-de/lp.cab
mkdir -p installfiles/langpacks
rsync -av /mnt/langpacks/de-de installfiles/langpacks/
rsync -av langpacks/de-de/sp1/sources/license/. installfiles/sources/license/.
rsync -av langpacks/de-de/sp1/setup/sources/. installfiles/sources/.

Steps 5-8 must be performed on a Windows System with WAIK tools.

why-doesnt-local-administrator-group-have-full-administrator-rights

http://windows7forums.com/windows-7-support/36990-why-doesnt-local-administrator-group-have-full-administrator-rights.html

Test:

net localgroup users /delete localadmin
System error 5 has occurred.
Access is denied.

This is not a bug, it is a feature of Windows 7, named UAC (User Account Control). By default, an application that is started by a user who is a member of the Administrator group, is executed with normal (Users) priviliges. The user has the oppurtinuty to start that application by right-click and "Run as Administrator" without further password queries.

See http://technet.microsoft.com/en-us/library/cc709691%28WS.10%29.aspx

.Net Framework 3.5

is part of the Windows 7 base installation.

Proxy

netsh.exe winhttp set proxy proxy:3128 "<local>;*.dass-it.de"

winlogon

when a system has joind a domain, local users are no longer displayed, nor are the domains displayed as select-box.

So, if the users tries to logon as a local user, he has to select "other user" and type NETBIOSNAME\USERNAME.

However, he can also type

.\USERNAME

("." is taken as local system)

The settings from

hkey_local_machine\SOFTWARE\Microsoft\Windows NT\CurrentVersion\winlogon

are only partly evaluated.

Last user is now stored at:

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\LogonUI]
"LastLoggedOnProvider"=""
"LastLoggedOnSAMUser"=""
"LastLoggedOnUser"=""

Bitlocker

Harddisk encryption, included in in Windows 7.

It uses TPM.

No Passwort is required to boot the system (eg. passwords are read from TPM).

However, in case changes are made to the BIOS or boot files, the system requires a recovery key.

see http://www.msxfaq.de/verschiedenes/bitlocker.htm

Command-line tools

manage-bde -status
# get password information
manage-bde -protectors -get c:
# write recovery password to drive d:
manage-bde -protectors -add c: -RecoveryPassword d:

# activate
#
# The batch file should enable the TMP chip (and set the password):

manage-bde –tpm –TurnOn
# %ERRORLEVEL%
# 0 success: reboot is required
# -1: already on
# -2147217406: TPM not detected
# reboot
# Requires manual BIOS intenvention, at bootup, press F10 to enable TPM

manage-bde –tpm –TakeOwnerShip <password>
# 0: success
# -1: if TPM has already an owner

manage-bde -on c: -RecoveryPassword $RecoveryPassword$
# reboot

# password: 8x6 digits, divisible by 11, less than 720896
manage-bde –protectors c: -add -rp "110000-000066-..."

# BitLocker Drive Preparation Tool
BdeHdCfg.exe

Bitlocker for Windows 7 requires TPM. There are workarounds to use it without TPM, but then the key is stored on an USB-Drive, and the system requires that this USB-Drive is inserted on every boot, see http://www.vistaclues.com/enable-bitlocker-without-a-tpm/

OPSI Package

wiki:opsi#bitlocker