- Details
- Written by: po3dno
- Category: Windows
- Hits: 15
C:\Windows\System32\certutil.exe -syncwithWU -f -f .\RootCAupd\GPO-Deployment
Preferences->Windows Settings->Registry->RootDirURL (Order: 1)->General
|
Action |
Update |
Properties
|
Hive |
HKEY_LOCAL_MACHINE |
|
Key path |
Software\Microsoft\SystemCertificates\AuthRoot\AutoUpdate |
|
Value name |
RootDirURL |
|
Value type |
REG_SZ |
|
Value data |
file://.\RootCAupd\GPO-Deployment |
- Details
- Written by: po3dno
- Category: Windows
- Hits: 188
https://dist.nuget.org/win-x86-commandline/latest/nuget.exe
%USERPROFILE%\AppData\Local\Microsoft\WindowsApps
nuget add new_package.1.0.0.nupkg -source \\myserver\packages
Setup Proxy
First you’ll need to tell your PowerShell session to use your proxy. You might also need to change the TLS protocol that’s accepted. Basically, what’s happening above is just a bad error message. It’s not verbose enough to say “HTTPS failure” or anything like that.
$proxy = '<YOUR CORPORATE PROXY HERE>' # update this
[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12
[system.net.webrequest]::defaultwebproxy = new-object system.net.webproxy($proxy)
[system.net.webrequest]::defaultwebproxy.credentials = [System.Net.CredentialCache]::DefaultNetworkCredentials
[system.net.webrequest]::defaultwebproxy.BypassProxyOnLocal = $true
Update Package Providers
This is similar-ish to sudo apt-get update. The first line gives you the package provider itself, the second registers PSGallery and the third installs PowerShellGet, which is basically an installer that a lot of packages use.
Install-PackageProvider -Name nuget -Scope AllUsers -Confirm:$false -Force -MinimumVersion 2.8.5.201
Register-PSRepository -Default -verbose
Install-Module -Name PowerShellGet -Scope AllUsers -Confirm:$false -Force -AllowClobber -MinimumVersion 2.2.4 -SkipPublisherCheck- Details
- Written by: po3dno
- Category: Windows
- Hits: 180
If you used Group Policy, disable the Group Policy setting that you used to enable Windows Defender Credential Guard (Computer Configuration -> Administrative Templates -> System -> Device Guard -> Turn on Virtualization Based Security).
Delete the following registry settings:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\LSA\LsaCfgFlags
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\DeviceGuard\LsaCfgFlags
If you also wish to disable virtualization-based security delete the following registry settings:
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\DeviceGuard\EnableVirtualizationBasedSecurity
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\DeviceGuard\RequirePlatformSecurityFeatures
If you manually remove these registry settings, make sure to delete them all. If you don't remove them all, the device might go into BitLocker recovery.
Delete the Windows Defender Credential Guard EFI variables by using bcdedit. From an elevated command prompt, type the following commands:
mountvol X: /s
copy %WINDIR%\System32\SecConfig.efi X:\EFI\Microsoft\Boot\SecConfig.efi /Y
bcdedit /create {0cb3b571-2f2e-4343-a879-d86a476d7215} /d "DebugTool" /application osloader
bcdedit /set {0cb3b571-2f2e-4343-a879-d86a476d7215} path "\EFI\Microsoft\Boot\SecConfig.efi"
bcdedit /set {bootmgr} bootsequence {0cb3b571-2f2e-4343-a879-d86a476d7215}
bcdedit /set {0cb3b571-2f2e-4343-a879-d86a476d7215} loadoptions DISABLE-LSA-ISO
bcdedit /set {0cb3b571-2f2e-4343-a879-d86a476d7215} device partition=X:
mountvol X: /d- Details
- Written by: po3dno
- Category: Windows
- Hits: 187
Если перед запуском обновления Inplace заданы следующие записи реестра, Windows 11 больше не отображает мастер приветствия для этого пользователя при первом входе в систему (записи относятся к HKCU, поэтому они связаны с пользователем). Вот обязательные записи:
необходимо ввести в соответствующую учетную запись пользователя в Windows 10 перед обновлением. Записи реестра можно установить с помощью пакетной программы. Маркус отметил, что в более крупных средах записи, безусловно, можно развертывать через GPO. Если все работает, Мастер приветствия больше не должен доставлять неудобства.
- Details
- Written by: po3dno
- Category: Windows
- Hits: 430
When you join a machine to the domain, by default it will be placed in the Computers container under the root of the domain. This can be undesirable, particularly if you want to apply distinct Group Policy to machines when they are initially joined to the domain. Fortunately, Active Directory lets you change the default location for new Computer accounts. The best way to make this change is with the redircmp tool that is included with Windows Server. For example, to redirect new computers in the cohovines.com domain to an Organizational Unit called NewComputers, run this command:
redircmp "OU=NewComputers,DC=cohovines,DC=com"
Under the covers, the redircmp tool updates an attribute of the domain NC head object called wellKnownObjects. The wellKnownObjects attribute contains a list of well known GUIDs and a distinguished name for each GUID. By using GUIDs, the path to an object can be dynamic without the client needing to be aware of anything other than the GUID for the object it is searching for. In this case, the aa312825-7688-11d1-aded-00c04fd8d5cd GUID is how Active Directory keeps track of the default location for new computer objects. You can use a tool like LDP to look at the wellKnownObjects attribute of the domain as shown below: