[[PageOutline]] = Windows 7 Enterprise = == Activate Windows == Activate: {{{ cscript C:\Windows\System32\Slmgr.vbs /ato }}} Show infos: {{{ cscript C:\Windows\System32\Slmgr.vbs /dlv }}} == Adding Language Packs == see http://technet.microsoft.com/en-us/library/cc766472%28v=ws.10%29.aspx === Copy a Language Pack to the Windows Distribution === from http://technet.microsoft.com/en-us/library/cc765987%28v=ws.10%29.aspx Important: start cmd as Administrator. From the Startmenu, select cmd by right mouse button and select: "Run as Administrator" Network shares are not available in this environment, so better copy all required files to c:\ before hand. From Linux: {{{ # /mnt: mount ISO with Language Packs (SP1) # $WORK/installfiles: contents of a Win7 SP1 installation DVD WORK=/tmp/win7 cd $WORK mkdir langpacks-extracted cd langpacks-extracted cabextract /mnt/langpacks/de-de/lp.cab mkdir -p installfiles/langpacks rsync -av /mnt/langpacks/de-de installfiles/langpacks/ rsync -av langpacks/de-de/sp1/sources/license/. installfiles/sources/license/. rsync -av langpacks/de-de/sp1/setup/sources/. installfiles/sources/. }}} Steps 5-8 must be performed on a Windows System with WAIK tools. == why-doesnt-local-administrator-group-have-full-administrator-rights == http://windows7forums.com/windows-7-support/36990-why-doesnt-local-administrator-group-have-full-administrator-rights.html Test: {{{ net localgroup users /delete localadmin }}} {{{ System error 5 has occurred. Access is denied. }}} This is not a bug, it is a feature of Windows 7, named UAC (User Account Control). By default, an application that is started by a user who is a member of the `Administrator` group, is executed with normal (`Users`) priviliges. The user has the oppurtinuty to start that application by right-click and `"Run as Administrator"` without further password queries. See http://technet.microsoft.com/en-us/library/cc709691%28WS.10%29.aspx == .Net Framework 3.5 == is part of the Windows 7 base installation. == Proxy == {{{ netsh.exe winhttp set proxy proxy:3128 ";*.dass-it.de" }}} == winlogon == when a system has joind a domain, local users are no longer displayed, nor are the domains displayed as select-box. So, if the users tries to logon as a local user, he has to select "other user" and type NETBIOSNAME\USERNAME. However, he can also type {{{ .\USERNAME }}} ("." is taken as local system) The settings from {{{ hkey_local_machine\SOFTWARE\Microsoft\Windows NT\CurrentVersion\winlogon }}} are only partly evaluated. Last user is now stored at: {{{ [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\LogonUI] "LastLoggedOnProvider"="" "LastLoggedOnSAMUser"="" "LastLoggedOnUser"="" }}} == Bitlocker == Harddisk encryption, included in in Windows 7. It uses TPM. No Passwort is required to boot the system (eg. passwords are read from TPM). However, in case changes are made to the BIOS or boot files, the system requires a recovery key. see http://www.msxfaq.de/verschiedenes/bitlocker.htm === Command-line tools === {{{ manage-bde -status # get password information manage-bde -protectors -get c: # write recovery password to drive d: manage-bde -protectors -add c: -RecoveryPassword d: # activate # # The batch file should enable the TMP chip (and set the password): manage-bde –tpm –TurnOn # %ERRORLEVEL% # 0 success: reboot is required # -1: already on # -2147217406: TPM not detected # reboot # Requires manual BIOS intenvention, at bootup, press F10 to enable TPM manage-bde –tpm –TakeOwnerShip # 0: success # -1: if TPM has already an owner manage-bde -on c: -RecoveryPassword $RecoveryPassword$ # reboot # password: 8x6 digits, divisible by 11, less than 720896 manage-bde –protectors c: -add -rp "110000-000066-..." # BitLocker Drive Preparation Tool BdeHdCfg.exe }}} Bitlocker for Windows 7 requires TPM. There are workarounds to use it without TPM, but then the key is stored on an USB-Drive, and the system requires that this USB-Drive is inserted on every boot, see http://www.vistaclues.com/enable-bitlocker-without-a-tpm/ === OPSI Package === wiki:opsi#bitlocker