Windows 10
Bitlocker
For some reason Windows Bitlocker would not prompt for the decryption password that was set when Bitlocker was initialized. This may be related to TPM and somehow the password is handed off to the TPM chip and the user is no longer prompted for passwords.[1]. To prevent that and to restore the password prompt:
- Open
gpedit.msc
- Open Computer Configuration > Administrative Templates > Windows Components > BitLocker Drive Encryption > Operating System Drives
- Select and enable Require additional authentication at startup
- Allow BitLocker without a compatible TPM: Yes
- Configure TPM startup: Do not allow TPM
- Configure TPM startup PIN: Require startup PIN with TPM
- Configure TPM startup key: Do not allow startup key with TPM
- Configure TPM startup key and PIN: Do not allow startup key and PIN with TPM
- Allow enhanced PINs for startup: Enabled
- Configure use of passwords for operating system drives: Enabled
- Configure password complexity for operating system drives: Allow password complexity
For non-system drives, the following needs to be set:
- Open Fixed Data Drives
- Enable Configure use of passwords for fixed data drives
- Require password for fixed data drive: Checked
WSL
Installation
The Windows Subsystem for Linux Installation Guide for Windows 10 are pretty staightforward, but let's summarize them anyway. As an administrator in a PowerShell window:
cd c:\temp Enable-WindowsOptionalFeature -Online -FeatureName Microsoft-Windows-Subsystem-Linux
Download[2] a Linux distribution, for example Ubuntu 18.04:
Invoke-WebRequest -Uri https://aka.ms/wsl-ubuntu-1804 -OutFile Ubuntu.appx -UseBasicParsing
Install with:
Add-AppPackage .\Ubuntu.appx
The noisy terminal bell can be disabled[3] via /etc/inputrc
:
set bell-style none
Usage
Change the default user to someone else:
$ alpine config --default-user bob
But how do we find out the actual executable for our installed distribution?
$ where *leap* C:\Windows\System32\FileAppxStreamingDataSource.dll C:\Windows\System32\PeopleAPIs.dll C:\Users\ck\AppData\Local\Microsoft\WindowsApps\openSUSE-Leap-15-1.exe
Let's try this:
$ openSUSE-Leap-15-1 config --default-user bob /usr/bin/id: ‘bob’: no such user
We have to make sure the user actually exists in the VM :-)
Restart WSL:
Restart-Service LxssManager Get-Service LxssManager
Or, w/o PowerShell:
$ sc queryex LxssManager | find "PID" PID : 2540 $ tasklist /FI "PID eq 2540" Image Name PID Session Name Session# Mem Usage ========================= ======== ================ =========== ============ svchost.exe 2540 Services 0 11,256 K
Sound
For some reason we needed sound support in our WLS environment. Another blog explained how to do this[4] but we only need sound on the command line, so we can omit some parts. The important steps are:
- Download a precompiled
pulseaudio
binary from freedesktop.org - Extract and edit a two files before we can start it:
etc\pulse\default.pa load-module module-waveout sink_name=output source_name=input load-module module-waveout sink_name=output source_name=input record=0 #load-module module-native-protocol-tcp load-module module-native-protocol-tcp auth-ip-acl=127.0.0.1
etc\pulse\daemon.conf
; exit-idle-time = 20
exit-idle-time = -1
- With that,
pulseaudio.exe
should be able to start and will now listen onlocalhost
- For our needs, all we needed to do was to point our music program (in WSL) to the Pulseaudio server (running in Windows):
export PULSE_SERVER=tcp:127.0.0.1 mpg123 file.mp3
Other programs may need other hints to connect to the Pulseaudio server though.
Miscellaneous
Disable 3D Objects
Remove the key {0DB7E03F-FC29-4DC6-9020-FF41B59E513A} from the registry locations to disable that useless 3D Objects
directory:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\NameSpace\
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\NameSpace
Disable Web Search
Disable the (Bing) Web Search[5] in the start menu:
Windows Registry Editor Version 5.00 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Search] "CortanaConsent"=dword:00000000 "BingSearchEnabled"=dword:00000000
Group Policy Editor
For some reason the Group Policy Editor cannot be started as a mere user:
$ runas /user:root "mmc %windir%\system32\gpedit.msc" Enter the password for root: Attempting to start mmc C:\WINDOWS\system32\gpedit.msc as user "WIN10\root" ... RUNAS ERROR: Unable to run - mmc C:\WINDOWS\system32\gpedit.msc 740: The requested operation requires elevation.
Once can run the Group Policy Editor
via the Start Menu, but we need to provide the .msc
here so that the "Run as administrator" option is offered:
Import Certificates
Root certificates, and intermediates:
Get-ChildItem -Path "*crt" | Foreach-Object { certutil.exe -addstore -user root $_.FullName } Get-ChildItem -Path "*crt" | Foreach-Object { certutil.exe -addstore -user CA $_.FullName }
If there are subdirectories involved:
Get-ChildItem -Path "." -Recurse -Filter *.crt | Foreach-Object { echo $_.Name }
Generate a Java keystore from the certificates:
Get-ChildItem -Path "*crt" | Foreach-Object { keytool -import -alias $_.Name -keystore ..\keystore.pfx -file $_.FullName -storepass XXX -noprompt }
List the certificates in the keystore:
keytool -v -list -keystore .\keystore.pfx -storepass XXX | Select-String "Alias"
Samba Guest Logins
To access SMB2 guest logins with Windows 10, we may need to enable "insecure guest logons" in the Group Policy[6]:
- Start
gpedit.msc
- Enter Computer Configuration > Administrative Templates > Network > Lanman Workstation
- Enable "Enable insecure guest logons"
Startup Items
According to their support site[7]:
- open
shell:startup
viaWindows+R
to open the Startup items directory. - place whatever needed here, for example
pagent
shortcuts[8]:
> Create a shortcut to the pageant.exe > Right click on the shortcut and open 'Properties' > Target: "<path to>/pageant.exe" key.ppk > Start in: "<path to key.ppk>"
Verbose Boot
To enable verbose boot[9], via the Windows Registry:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System DWORD32:VerboseStatus=1
Or via a Group Policy:
- Open
gpedit.msc
- Select Computer Configuration > Administrative Templates > System
- Select and enable Display highly detailed status messages
WinSxS
Clean Up the WinSxS Folder, from an elevated command prompt:
dism.exe /online /Cleanup-Image /StartComponentCleanup /ResetBase
Add /SPSuperseded
to remove old service pack remnants.
Serial number
$ wmic bios get serialnumber SerialNumber 1AB1234AAA
Product Key
$ wmic path softwarelicensingservice get OA3xOriginalProductKey DQ93P-D6KF9-49T8M-7YR9V-89TTB
Links
- Download Windows 10 Disc Image
- Installation of OpenSSH For Windows Server 2019 and Windows 10
- O&O ShutUp10
References
- ↑ Windows BitLocker not offering unlock-by-password option
- ↑ Manually download Windows Subsystem for Linux distro packages
- ↑ Disable beep of Linux Bash on Windows 10
- ↑ Enabling sound in WSL / Ubuntu – Let It Sing!
- ↑ How to disable Bing web search results in Windows 10 Start Menu
- ↑ Guest access in SMB2 disabled by default in Windows
- ↑ Add an app to run automatically at startup in Windows 10
- ↑ pageant-autoload-keys-at-startup.txt
- ↑ How to enable verbose startup, shutdown, logon, and logoff status messages in the Windows Server 2003 family