Windows Server 2022

Microsoft’s operating system for server computers including Active Directory, DNS Server, DHCP Server and Group Policy


Downloads

Option Download
VirtIO Driver https://fedorapeople.org/groups/virt/virtio-win/direct-downloads/archive-virtio/
Microsoft Windows Server 2022 https://www.microsoft.com/en-us/evalcenter/download-windows-server-2022
Microsoft Server Language and Optional Features Preview https://www.microsoft.com/en-us/software-download/windowsinsiderpreviewserver

Change hostname

Rename-Computer -NewName Server1 -PassThru

Set time zone

Set-TimeZone "Central Europe Standard Time”

Set time and date

Set-Date -Date "05/17/2022 08:12"

Reduce boot menu timeout

bcdedit /timeout 3

Scan the system for any device hardware changes

pnputil /scan-devices

List devices

pnputil /enum-devices

Install device driver

pnputil -i -a D:\NetKVM\2k22\amd64\*

read more…


Change server core shell

Set-ItemProperty -Path 'HKLM:\Software\Microsoft\Windows NT\CurrentVersion\WinLogon' -Name Shell -Value 'PowerShell.exe'

Enable PowerShell script execution

Set-ExecutionPolicy RemoteSigned

Set PowerShell default working directory

notepad $PSHOME\Profile.ps1

Set-Location $HOME

read more…


Disable automatic updates

Set-ItemProperty -Path HKLM:\Software\Policies\Microsoft\Windows\WindowsUpdate\AU -Name AUOptions -Value 1

Enable install and manage updates via PowerShell

Install-PackageProvider -Name NuGet -Force

Install-Module -Name PSWindowsUpdate -Force

Create PowerShell updates inbound firewall rules

enable-WUremoting

Download and install all available updates locally from Windows Update servers

Install-WindowsUpdate -MicrosoftUpdate -AcceptAll -AutoReboot

Restart local computer

Restart-Computer

Stop (shut down) local computer

Stop-Computer

Update remote computers

Get-WindowsUpdate -verbose -computer core,client1,server1 -AcceptAll -Install -AutoReboot

remote-updates


Restart remote computers

Restart-Computer -ComputerName core,client1,server1 -Force

Stop (shut down) remote computers

Stop-Computer -ComputerName core,client1,server1 -Force

Enable download optional features directly from windows update

gpedit

download-features-from-windows-update

Set-ItemProperty -Path HKLM:\Software\Microsoft\Windows\CurrentVersion\Policies\Servicing -Name RepairContentServerSource -Value 2

regedit

use-windows-update-server

Set-ItemProperty -Path HKLM:\Software\Policies\Microsoft\Windows\WindowsUpdate\AU -Name UseWUServer -Value 1

Feature on Demand (FOD)

Microsoft offers a special package which allows you to install some graphical tools and snap-ins on Windows Core Server.

Install-WindowsFeature -Name Failover-Clustering -IncludeManagementTools

Add-WindowsCapability -Online -Name ServerCore.AppCompatibility

Install Feature on Demand from mounted ISO image

Add-WindowsCapability -Online -Name ServerCore.AppCompatibility -Source D:\LanguagesAndOptionalFeatures\ -LimitAccess

Feature on Demand tools

Server Configuration sconfig
Microsoft Management Console mmc
Event Viewer eventvwr
Performance Monitor perfmon
Resource Monitor resmon
Device Manager devmgmt
File Explorer explorer
Windows PowerShell powershell_ise
Disk Management diskmgmt
Failover Cluster Manager clusdmin
Hyper-V Manager virtmgmt
Task Scheduler taskschd

read more…


Check network profile

Get-NetConnectionProfile

Set network profile from Public to Private

Set-NetConnectionProfile -InterfaceIndex 3 -NetworkCategory Private

Check network settings

Get-NetIPConfiguration

Set manual IP Address

New-NetIPaddress -InterfaceIndex 3 -IPAddress 192.168.122.20 -PrefixLength 24 -DefaultGateway 192.168.122.1

Set Active Directory domain server as DNS server

Set-DNSClientServerAddress -InterfaceIndex 3 -ServerAddresses 192.168.122.10,192.168.122.1
Note

Reset IP address

Set-DnsClientServerAddress -InterfaceIndex 3 -ResetServerAddresses

Return to getting an IP address from DHCP Server

Set-NetIPInterface -InterfaceIndex 3 -Dhcp Enabled

Set TrustedHosts

Set-item wsman:\localhost\client\TrustedHosts -value *

Enable Active Directory domain services

active-directory-domain-services-deployment-windows-server-2022e

active-directory-domain-services-options-windows-server-2022


Create and share Roaming user profiles directory

roaming-user-profiles-directory-windows-server-2022


Create Roaming user profiles template

roaming-user-profiles-template-profile-windows-server-2022 Profile path \\Server1\User Profiles$\%username%

gpupdate

read more…


Join on-premises Active Directory domain

ping wildw1ng.local

ping 8.8.8.8

Tip

Enable ping response on Server Core

Sconfig.exe > option 4) Remote management > option 3) Enable server response to ping

join-domain-windows-server-2022-core

Add-Computer -DomainName "wildw1ng.local" -Restart

Add second Domain Controller to an existing domain

add-domain-controller-to-existing-domain


Disable network adapter

Disable-NetAdapter -Name “Ethernet0”

Enable network adapter

Enable-NetAdapter -Name “Ethernet0”

Disable IPv6 support for your network adapter

Disable-NetAdapterBinding -Name "Ethernet0" -ComponentID ms_tcpip6

Enable IPv6 support for your network adapter

Enable-NetAdapterBinding -Name "Ethernet0" -ComponentID ms_tcpip6

Check the status of IPv6 support for your network adapter

Get-NetAdapterBinding -ComponentID ms_tcpip6

Configure winhttp proxy server

netsh Winhttp set proxy SERVERNAME:PORT

Enable Windows Defender Firewall for all profiles

Set-NetFirewallProfile -Profile Domain,Public,Private -Enabled True
Note

Completely disable Windows Firewall

Get-NetFirewallProfile | Set-NetFirewallProfile -Enabled False

Check available OpenSSH packages

Get-WindowsCapability -Online | ? Name -like 'OpenSSH*'

Install OpenSSH client

Add-WindowsCapability -Online -Name OpenSSH.Client

Install OpenSSH server

Add-WindowsCapability -Online -Name OpenSSH.Server

Start the sshd service

Start-Service sshd

Set-Service -Name sshd -StartupType Automatic

Allow incoming connections to TCP port 22 in the Windows Defender Firewall

New-NetFirewallRule -Name sshd -DisplayName 'OpenSSH-Server-In-TCP' -Enabled True -Direction Inbound -Protocol TCP -Action Allow -LocalPort 22

Verify the Firewall rule is configured

notepad verify-ssh-firewall.ps1

if (!(Get-NetFirewallRule -Name "OpenSSH-Server-In-TCP" -ErrorAction SilentlyContinue | Select-Object Name, Enabled)) {
    Write-Output "Firewall Rule 'OpenSSH-Server-In-TCP' does not exist, creating it..."
    New-NetFirewallRule -Name 'OpenSSH-Server-In-TCP' -DisplayName 'OpenSSH Server (sshd)' -Enabled True -Direction Inbound -Protocol TCP -Action Allow -LocalPort 22
} else {
    Write-Output "Firewall rule 'OpenSSH-Server-In-TCP' has been created and exists."
}

.\verify-ssh-firewall.ps1
Tip

Run PowerShell cli instead of cmd.exe shell when logging in via SSH

New-ItemProperty -Path "HKLM:\SOFTWARE\OpenSSH" -Name DefaultShell -Value "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -PropertyType String -Force

Connect to OpenSSH Server

ssh administrator@core

connect-via-ssh

System-wide configuration file at %programdata%\ssh\ssh_config


Public key authentication

Copy and rename ~/.ssh/id_rsa.pub from linux
to windows server %programdata%\ssh\administrators_authorized_keys sshd-windows-id_rsa

Update access control list (ACL)

icacls.exe "C:\ProgramData\ssh\administrators_authorized_keys" /inheritance:r /grant "Administrators:F" /grant "SYSTEM:F"

Open SSH Server (sshd) reads configuration data from %programdata%\ssh\sshd_config by default

notepad %programdata%\ssh\sshd_config

PubkeyAuthentication yes
PasswordAuthentication no

sshd-windows

Restart-Service sshd

read more…


Enable remote access via RDP

cscript C:\Windows\System32\Scregedit.wsf /ar 0

Enable remote management

Configure-SMRemoting.exe -Enable

Enable-NetFirewallRule -DisplayGroup “Windows Remote Management”

Enable-NetFireWallRule -DisplayName “Windows Management Instrumentation (DCOM-In)
Enable-NetFireWallRule -DisplayGroup “Remote Event Log Management”

Enable-NetFireWallRule -DisplayGroup “Remote Service Management”

Enable-NetFireWallRule -DisplayGroup “Remote Volume Management”

Enable-NetFireWallRule -DisplayGroup “Remote Scheduled Tasks Management”

Enable-NetFireWallRule -DisplayGroup “Windows Firewall Remote Management”

Enable-NetFirewallRule -DisplayGroup "Remote Administration"

Display current Remote Management settings

Configure-SMRemoting.exe -Get

Allow PowerShell Remoting

Enable-PSRemoting -Force

List available roles on Windows Server

Get-WindowsFeature

List installed roles and features in Windows Server

Get-WindowsFeature | Where-Object {$_. installstate -eq "installed"} | ft Name,Installstate

Install role

Install-WindowsFeature DNS -IncludeManagementTools

List services

Get-Service

List stopped services

Get-Service | Where-Object {$_.status -eq   “stopped”}

Restart service

Restart-Service -Name spooler

Manage processes

Task Manager taskmgr.exe

Get-Process cmd, wuaucl* | Select-Object ProcessName, StartTime, MainWindowTitle, Path, Company|ft

List physical disks status and health

Get-PhysicalDisk | Sort Size | FT FriendlyName, Size, MediaType, SpindleSpeed, HealthStatus, OperationalStatus -AutoSize

List free disk space

Get-WmiObject -Class Win32_LogicalDisk |
Select-Object -Property DeviceID, VolumeName, @{Label='FreeSpace (Gb)'; expression={($_.FreeSpace/1GB).ToString('F2')}},
@{Label='Total (Gb)'; expression={($_.Size/1GB).ToString('F2')}},
@{label='FreePercent'; expression={[Math]::Round(($_.freespace / $_.size) * 100, 2)}}|ft

List logs of last 10 boots

Get-EventLog system | where-object {$_.eventid -eq 6006} | select -last 10

List installed programs

Get-ItemProperty HKLM:\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | Select-Object DisplayName, DisplayVersion, Publisher, InstallDate | Format-Table -AutoSize

Download and extract archive file from an external website

Invoke-WebRequest https://servername/file.zip -outfile file.zip

Expand-Archive -path '.\file.zip' -DestinationPath C:\Users\Administrator\Documents\

Copy all files from a directory to a remote computer over the network

$session = New-PSSession -ComputerName REMOTEHOSTNAME

Copy-Item -Path "C:\Logs\*" -ToSession $session -Destination "C:\Logs\" -Recurse -Force

Force delete directory

directory-access-denied

Take ownership

takeown /f 'D:\User Profiles /a /r /d y /skipsl

Change permissions

cacls 'D:\User Profiles' /e /t /g administrators:f

Delete directory

Remove-Item -Force -Recurse -Path 'D:\User Profiles'

List listening and established ports

Get-NetTCPConnection -State Listen,Established

List process names for the OwningProcess fields

Get-NetTCPConnection | Select-Object -Property *,@{'Name' = 'ProcessName';'Expression'={(Get-Process -Id $_.OwningProcess).Name}}

Check evaluation period

slmgr -dlv

slmgr -dli

Extend evaluation period

slmgr -rearm

Activate Windows Server

slmgr.vbs -ipk PRODUCTKEY

slmgr.vbs -ato

Activate your host on a KMS server

slmgr /ipk PRODUCTKEY

slmgr /skms kms.wildw1ng.local:1688

slmgr /ato