Windows 7 Enterprise

Activate Windows


cscript C:\Windows\System32\Slmgr.vbs /ato

Show infos:

cscript C:\Windows\System32\Slmgr.vbs /dlv

Adding Language Packs


Copy a Language Pack to the Windows Distribution


Important: start cmd as Administrator. From the Startmenu, select cmd by right mouse button and select: "Run as Administrator"

Network shares are not available in this environment, so better copy all required files to c:\ before hand.

From Linux:

# /mnt: mount ISO with Language Packs (SP1)
# $WORK/installfiles: contents of a Win7 SP1 installation DVD


cd $WORK
mkdir langpacks-extracted
cd langpacks-extracted
cabextract /mnt/langpacks/de-de/
mkdir -p installfiles/langpacks
rsync -av /mnt/langpacks/de-de installfiles/langpacks/
rsync -av langpacks/de-de/sp1/sources/license/. installfiles/sources/license/.
rsync -av langpacks/de-de/sp1/setup/sources/. installfiles/sources/.

Steps 5-8 must be performed on a Windows System with WAIK tools.



net localgroup users /delete localadmin
System error 5 has occurred.
Access is denied.

This is not a bug, it is a feature of Windows 7, named UAC (User Account Control). By default, an application that is started by a user who is a member of the Administrator group, is executed with normal (Users) priviliges. The user has the oppurtinuty to start that application by right-click and "Run as Administrator" without further password queries.


.Net Framework 3.5

is part of the Windows 7 base installation.


netsh.exe winhttp set proxy proxy:3128 "<local>;*"


when a system has joind a domain, local users are no longer displayed, nor are the domains displayed as select-box.

So, if the users tries to logon as a local user, he has to select "other user" and type NETBIOSNAME\USERNAME.

However, he can also type


("." is taken as local system)

The settings from

hkey_local_machine\SOFTWARE\Microsoft\Windows NT\CurrentVersion\winlogon

are only partly evaluated.

Last user is now stored at:



Harddisk encryption, included in in Windows 7.

It uses TPM.

No Passwort is required to boot the system (eg. passwords are read from TPM).

However, in case changes are made to the BIOS or boot files, the system requires a recovery key.


Command-line tools

manage-bde -status
# get password information
manage-bde -protectors -get c:
# write recovery password to drive d:
manage-bde -protectors -add c: -RecoveryPassword d:

# activate
# The batch file should enable the TMP chip (and set the password):

manage-bde –tpm –TurnOn
# 0 success: reboot is required
# -1: already on
# -2147217406: TPM not detected
# reboot
# Requires manual BIOS intenvention, at bootup, press F10 to enable TPM

manage-bde –tpm –TakeOwnerShip <password>
# 0: success
# -1: if TPM has already an owner

manage-bde -on c: -RecoveryPassword $RecoveryPassword$
# reboot

# password: 8x6 digits, divisible by 11, less than 720896
manage-bde –protectors c: -add -rp "110000-000066-..."

# BitLocker Drive Preparation Tool

Bitlocker for Windows 7 requires TPM. There are workarounds to use it without TPM, but then the key is stored on an USB-Drive, and the system requires that this USB-Drive is inserted on every boot, see

OPSI Package


Last modified on Jun 28, 2012 at 9:32:29 AM Last modified on Jun 28, 2012, 9:32:29 AM
Note: See TracWiki for help on using the wiki.