DIY: Server 2022 to workstation post install settings

Discussion in 'Windows Server' started by damianfox, Nov 15, 2021.

  1. damianfox

    damianfox MDL Senior Member

    Jan 23, 2011
    403
    275
    10
    #1 damianfox, Nov 15, 2021
    Last edited: Nov 18, 2021
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  2. (\_/)^(\_/)

    (\_/)^(\_/) MDL Member

    May 31, 2020
    1,758
    1,488
    60
    Very Nice it will help many people a lot :)
    Let RokkumanX add many new settings too :)
    I will Add BombBlaster to Server 2022 After this page of this thread :)
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  3. RokkumanX

    RokkumanX MDL Member

    Apr 8, 2020
    152
    199
    10
    Thank you very much!

    There is so much you can tweak and change in Windows Server 2022, I'm really looking forward to see more options covered.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  4. damianfox

    damianfox MDL Senior Member

    Jan 23, 2011
    403
    275
    10
    Yes there's a few more tweaks that also involve regedit, like adding your Name and such. I'll let other people have fun with that. I'm not a regedit fan.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  5. (\_/)^(\_/)

    (\_/)^(\_/) MDL Member

    May 31, 2020
    1,758
    1,488
    60
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  6. case-sensitive

    case-sensitive MDL Expert

    Nov 7, 2013
    1,124
    450
    60
    damianfox .......... What are the advantages of using server 2022 rather than normal consumer editions ?
     
  7. (\_/)^(\_/)

    (\_/)^(\_/) MDL Member

    May 31, 2020
    1,758
    1,488
    60
    #7 (\_/)^(\_/), Nov 15, 2021
    Last edited: Nov 15, 2021
    Remove Edge Chromium Browser added some more things to abbodi1406 script :
    Code:
    echo ======================================================
    echo ----------------- Remove EdgeChromium ----------------
    echo ======================================================
    Powershell -EP Bypass -MTA -NOL -NONI -NOP -C "Write-Host 'Remove Edge Chromium' -ForegroundColor Green"
    for /D %%i in ("%LocalAppData%\Microsoft\Edge SxS\Application\*") do if exist "%%i\installer\setup.exe" (
    echo Canary...
    start "" /w "%%i\installer\setup.exe" --uninstall --msedge-sxs --verbose-logging --force-uninstall --delete-profile
    )
    for /D %%i in ("%LocalAppData%\Microsoft\Edge Internal\Application\*") do if exist "%%i\installer\setup.exe" (
    echo Internal...
    start "" /w "%%i\installer\setup.exe" --uninstall --msedge-internal --verbose-logging --force-uninstall --delete-profile
    )
    for /D %%i in ("%LocalAppData%\Microsoft\Edge Dev\Application\*") do if exist "%%i\installer\setup.exe" (
    echo Dev...
    start "" /w "%%i\installer\setup.exe" --uninstall --msedge-dev --verbose-logging --force-uninstall --delete-profile
    )
    for /D %%i in ("%LocalAppData%\Microsoft\Edge Beta\Application\*") do if exist "%%i\installer\setup.exe" (
    echo Beta...
    start "" /w "%%i\installer\setup.exe" --uninstall --msedge-beta --verbose-logging --force-uninstall --delete-profile
    )
    for /D %%i in ("%LocalAppData%\Microsoft\Edge\Application\*") do if exist "%%i\installer\setup.exe" (
    echo Stable...
    start "" /w "%%i\installer\setup.exe" --uninstall --verbose-logging --force-uninstall --delete-profile
    )
    for /D %%i in ("%LocalAppData%\Microsoft\EdgeWebView\Application\*") do if exist "%%i\installer\setup.exe" (
    echo WebView2 Runtime...
    start "" /w "%%i\installer\setup.exe" --uninstall --msedgewebview --verbose-logging --force-uninstall --delete-profile
    )
    
    for /D %%i in ("%ProgramFiles(x86)%\Microsoft\EdgeWebView\Application\*") do if exist "%%i\installer\setup.exe" (
    echo WebView2 Runtime...
    start "" /w "%%i\installer\setup.exe" --uninstall --msedgewebview --system-level --verbose-logging --force-uninstall --delete-profile
    )
    for /D %%i in ("%ProgramFiles(x86)%\Microsoft\Edge\Application\*") do if exist "%%i\installer\setup.exe" (
    echo Stable...
    start "" /w "%%i\installer\setup.exe" --uninstall --system-level --verbose-logging --force-uninstall --delete-profile
    )
    for /D %%i in ("%ProgramFiles(x86)%\Microsoft\Edge Beta\Application\*") do if exist "%%i\installer\setup.exe" (
    echo Beta...
    start "" /w "%%i\installer\setup.exe" --uninstall --msedge-beta --system-level --verbose-logging --force-uninstall --delete-profile
    )
    for /D %%i in ("%ProgramFiles(x86)%\Microsoft\Edge Dev\Application\*") do if exist "%%i\installer\setup.exe" (
    echo Dev...
    start "" /w "%%i\installer\setup.exe" --uninstall --msedge-dev --system-level --verbose-logging --force-uninstall --delete-profile
    )
    for /D %%i in ("%ProgramFiles(x86)%\Microsoft\Edge Internal\Application\*") do if exist "%%i\installer\setup.exe" (
    echo Internal...
    start "" /w "%%i\installer\setup.exe" --uninstall --msedge-internal --system-level --verbose-logging --force-uninstall --delete-profile
    )
    
    Powershell -EP Bypass -MTA -NOL -NONI -NOP -C "Write-Host 'Remove EdgeChromium LeftOvers' -ForegroundColor Green"
    reg add "HKLM\SOFTWARE\Microsoft\EdgeUpdate" /v DoNotUpdateToEdgeWithChromium /t REG_DWORD /d 1 /f>NUL  2>NUL
    reg delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Microsoft Edge" /v NoRemove /f>NUL  2>NUL
    reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Microsoft Edge" /v NoRemove /f>NUL  2>NUL
    reg delete "HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Microsoft Edge" /v NoRemove /f>NUL  2>NUL
    reg delete "HKLM\SYSTEM\CurrentControlSet\Services\edgeupdate" /f>NUL  2>NUL
    reg delete "HKLM\SYSTEM\CurrentControlSet\Services\edgeupdatem" /f>NUL  2>NUL
    del /f /q "%UserProfile%\Desktop\Microsoft Edge*.lnk">NUL  2>NUL
    del /f /q "%AppData%\Microsoft\Internet Explorer\Quick Launch\Microsoft Edge*.lnk">NUL  2>NUL
    del /f /q "%SystemRoot%\System32\config\systemprofile\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Microsoft Edge*.lnk">NUL  2>NUL
    IF EXIST "%UserProfile%\Desktop\Microsoft Edge.*" del /f /q "%UserProfile%\Desktop\Microsoft Edge.*">NUL  2>NUL
    IF EXIST "%AppData%\Microsoft\Internet Explorer\Quick Launch\User Pinned" rd /s /q "%AppData%\Microsoft\Internet Explorer\Quick Launch\User Pinned">NUL  2>NUL
    IF EXIST "%AppData%\Microsoft\Internet Explorer\Quick Launch\Microsoft Edge*.lnk" del /f /q "%AppData%\Microsoft\Internet Explorer\Quick Launch\Microsoft Edge*.lnk">NUL  2>NUL
    IF EXIST "%UserProfile%\AppData\Local\Microsoft\Edge" rd /s /q "%UserProfile%\AppData\Local\Microsoft\Edge">NUL  2>NUL
    IF EXIST "%LocalAppData%\MicrosoftEdge" rd /s /q "%LocalAppData%\MicrosoftEdge">NUL  2>NUL
    IF EXIST "%ProgramFiles(x86)%\Microsoft" rd /s /q "%ProgramFiles(x86)%\Microsoft">NUL  2>NUL
    IF EXIST "%ProgramData%\Microsoft\EdgeUpdate" rd /s /q "%ProgramData%\Microsoft\EdgeUpdate">NUL  2>NUL
    reg.exe add "HKLM\SYSTEM\CurrentControlSet\Services\edgeupdate" /v "Start" /t reg_DWORD /d 4 /f
    reg.exe add "HKLM\SYSTEM\CurrentControlSet\Services\edgeupdatem" /v "Start" /t reg_DWORD /d 4 /f
    echo ======================================================
    
    Disable Windows Features
    Code:
    echo ======================================================
    echo -------------- Disable Windows Features --------------
    echo ======================================================
    Powershell -EP Bypass -MTA -NOL -NONI -NOP -C "Write-Host 'Disable Windows Optional Features' -ForegroundColor Green"
    Powershell -EP Bypass -MTA -NOL -NONI -NOP -C "Get-WindowsOptionalFeature -Online | Where-Object {$_.State -eq 'Enabled' } | OGV -PassThru -Title 'Select Windows Optional Features to Disable' | Disable-WindowsOptionalFeature -Online -NoRestart -Verbose"
    echo ======================================================
    
    Remove Windows Capabilities
    Code:
    echo ======================================================
    echo ------------- Remove Windows Capabilities ------------
    echo ======================================================
    Powershell -EP Bypass -MTA -NOL -NONI -NOP -C "Write-Host 'Remove Windows Capabilities' -ForegroundColor Green"
    Powershell -EP Bypass -MTA -NOL -NONI -NOP -C "Get-WindowsCapability -Online | Where-Object {$_.State -eq 'Installed' } | OGV -PassThru -Title 'Select Windows Capabilities to Remove' | Remove-WindowsCapability -Online -Verbose"
    echo ======================================================
    
    Disable NetAdapter Bindings
    Code:
    Powershell -EP Bypass -MTA -NOL -NONI -NOP -C "Get-NetAdapterBinding | Where-Object {$_.Enabled -eq 'True' } | OGV -PassThru -Title 'Disable NetAdapter Bindings' | Set-NetAdapterBinding -Enabled 0 -ea SilentlyContinue -Verbose"
    
    Add This PC And Control Panel to Desktop
    Code:
    echo ======================================================
    echo ------ Add This PC And Control Panel to Desktop ------
    echo ======================================================
    Powershell -EP Bypass -MTA -NOL -NONI -NOP -C "Write-Host 'Add This PC And Control Panel to Desktop' -ForegroundColor Green"
    reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel" /v "{20D04FE0-3AEA-1069-A2D8-08002B30309D}" /t reg_DWORD /d "0" /f
    reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu" /v "{20D04FE0-3AEA-1069-A2D8-08002B30309D}" /t reg_DWORD /d "0" /f
    reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel" /v "{5399E694-6CE5-4D6C-8FCE-1D8870FDCBA0}" /t reg_DWORD /d "0" /f
    reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu" /v "{5399E694-6CE5-4D6C-8FCE-1D8870FDCBA0}" /t reg_DWORD /d "0" /f
    echo ======================================================
    
    Set Mobo Company and Model
    Code:
    echo ======================================================
    echo ------------ Set Mobo Company and Model --------------
    echo ======================================================
    Powershell -EP Bypass -MTA -NOL -NONI -NOP -C "Write-Host 'Set Mobo Company and Model' -ForegroundColor Green"
    FOR /F "tokens=3* delims= " %%i in ('reg query HKLM\HARDWARE\DESCRIPTION\System\BIOS /v BaseBoardManufacturer') DO (SET BaseBoardManufacturer=%%i %%j)
    FOR /F "tokens=3* delims= " %%i in ('reg query HKLM\HARDWARE\DESCRIPTION\System\BIOS /v BaseBoardProduct') DO (SET BaseBoardProduct=%%i %%j)
    ECHO Manufacturer="%BaseBoardManufacturer%"
    ECHO Product="%BaseBoardProduct%"
    reg add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\OEMInformation" /t reg_SZ /v Manufacturer /d "%BaseBoardManufacturer%" /f
    reg add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\OEMInformation" /t reg_SZ /v Model /d "%BaseBoardProduct%" /f
    echo ======================================================
    
    Disable File Transfer to Recycle Bin
    Code:
    Powershell -EP Bypass -MTA -NOL -NONI -NOP -C "Write-Host 'Disable File Transfer to Recycle Bin' -ForegroundColor Green"
    Powershell -EP Bypass -MTA -NOL -NONI -NOP -C "$key = 'HKCU:\Software\Microsoft\Windows\CurrentVersion\Explorer\BitBucket\Volume'; Get-ChildItem $key | foreach { Set-ItemProperty -Path \"$key\$($_.pschildname)\" -Name MaxCapacity -Value 1 -EA SilentlyContinue -Verbose }"
    Powershell -EP Bypass -MTA -NOL -NONI -NOP -C "$key = 'HKCU:\Software\Microsoft\Windows\CurrentVersion\Explorer\BitBucket\Volume'; Get-ChildItem $key | foreach { Set-ItemProperty -Path \"$key\$($_.pschildname)\" -Name NukeOnDelete -Value 1 -EA SilentlyContinue -Verbose }"
    
    Remove All Routiong Tables
    Code:
    Powershell -EP Bypass -MTA -NOL -NONI -NOP -C "Write-Host 'Remove All Routiong Tables' -ForegroundColor Green"
    %systemroot%\System32\route -f
    %systemroot%\System32\route print
    
    Remove All Scheduled Tasks
    Code:
    Powershell -EP Bypass -MTA -NOL -NONI -NOP -C "Write-Host 'Remove All Scheduled Tasks' -ForegroundColor Green"
    Powershell -EP Bypass -MTA -NOL -NONI -NOP -C "Get-Scheduledtask | Unregister-ScheduledTask -Confirm:$false -EA SilentlyContinue -Verbose"
    
    Disable WMI Autologgers
    Code:
    Powershell -EP Bypass -MTA -NOL -NONI -NOP -C "Write-Host 'Disable WMI Autologgers' -ForegroundColor Green"
    reg add "HKLM\SYSTEM\CurrentControlSet\Control\WMI\Autologger\AutoLogger-Diagtrack-Listener" /v "Start" /t REG_DWORD /d 0 /f
    Powershell -EP Bypass -MTA -NOL -NONI -NOP -C "Get-AutologgerConfig | Set-AutologgerConfig -Start 0 -InitStatus 0 -Confirm:$false -EA Ignore -Verbose"
    
    Remove & Disable System Restore Points Creation
    Code:
    Powershell -EP Bypass -MTA -NOL -NONI -NOP -C "Write-Host 'Remove All System Restore Points' -ForegroundColor Green"
    vssadmin List Shadows
    vssadmin delete shadows /All /Quiet
    Powershell -EP Bypass -MTA -NOL -NONI -NOP -C "Disable-ComputerRestore -Drive $env:SystemDrive -Verbose"
    reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore" /v "DisableSR" /t REG_DWORD /d 1 /f
    reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore" /v "DisableConfig" /t REG_DWORD /d 1 /f
    
    Lot Lot More n More n More
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  8. damianfox

    damianfox MDL Senior Member

    Jan 23, 2011
    403
    275
    10
    It leaves out all the bloat thus making the system faster. It's also more tested and polished because it has to be, you can't have business's going down losing money. It's not used by consumers because of the price. But in reality I assume and feel it's better than regular Windows.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  9. pawelm8

    pawelm8 MDL Novice

    Jul 29, 2021
    34
    35
    0
    I have the Ctrl+Alt+Delete, Shutdown Tracker, IE Harden mode, Server Manager and some more in form of a .reg file. It's easier to apply this way:
    Windows Registry Editor Version 5.00

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System]
    "disablecad"=dword:00000001
    "shutdownwithoutlogon"=dword:0000001
    "undockwithoutlogon"=dword:00000001

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Reliability]
    "ShutDownReasonOn"=dword:00000000

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ServerManager]
    "DoNotOpenServerManagerAtLogon"=dword:00000001

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
    "IEHarden"=dword:00000000

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Kernel]
    "DisableExceptionChainValidation"=dword:00000001
     
  10. RokkumanX

    RokkumanX MDL Member

    Apr 8, 2020
    152
    199
    10
    #10 RokkumanX, Nov 15, 2021
    Last edited: Nov 16, 2021
    Here's a quick and dirty checklist of all the basic stuff that needs to be done:

    1. Change Computer Name
    Control Panel -> System and Security -> System -> Advanced system settings -> Computer Name -> click on Change

    2. Setting Owner Info
    Regedit -> HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion -> double click on RegisteredOwner and enter your name

    3. Create new user account
    User Accounts (control userpasswords2) -> click on Add

    4. Enabling Wireless Networking
    Open Server Manager, click Manage then Add Roles and Features, chose the option Role-based or feature-based installation, click Next on Server Roles, check Wireless LAN Service on Features, click Next, check Restart the destination server automatically if required and finally click Install

    5. Enabling Sound
    Control Panel -> System and Security -> Administrative Tools -> Services
    Enable and start the Windows Audio and Windows Audio Endpoint Builder services, set to Automatic

    6. Disabling Ctrl+Alt+Del
    Local Security Policy -> Local Policies -> Security Options and double click Interactive Logon: Do not require CTRL+ALT+DEL, change the checkbox to Enabled and click OK

    7. Disabling Strong Password Enforcement + Change Maximum Password Age
    Local Security Policy -> Account Policies -> Password Policy and double click Password must meet complexity requirements, on the selection box, choose Disabled and click OK
    Double click Maximum Password Age and set it to 0 days. This will stop the password from expiring

    8. Disabling Shutdown Event Tracker
    Local Group Policy Editor -> Computer Configuration -> Administrative Templates -> System and double click Display Shutdown Event Tracker, set Display Shutdown Event Tracker to Disabled and click OK, restart computer

    9. Disabling I.E. Enhanced Security Configuration
    Open Server Manager and click Local Server on the left, on the right you have the option IE Enhanced Security Configuration, which is set to On, set both options to Off and click OK

    10. Performance for Applications + Visual Effects + DEP
    Control Panel -> System and Security -> System -> Advanced system settings -> Advanced -> Performance -> click Settings
    Visual Effects -> choose Adjust for best appearance
    Advanced -> choose Programs
    Data Execution Prevention -> choose Turn on DEP for essential Windows programs andservices only

    11. Enabling Memory Compression
    Powershell (run as Administrator) -> type Enable-MMAgent -MemoryCompression and hit enter
    Open Task Manager -> Performance -> Memory to verify it's turned on

    12. Disable Server Manager at startup
    Local Group Policy Editor -> Computer Configuration -> Administrative Templates -> System -> Server Manager -> double click Do not display Server Manager automatically at logon and change the setting to Enabled
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  11. kgtuning

    kgtuning MDL Member

    Aug 26, 2015
    128
    70
    10
    How about Bluetooth? Does that come enabled by default like say for an xbox controller?
     
  12. damianfox

    damianfox MDL Senior Member

    Jan 23, 2011
    403
    275
    10
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  13. pawelm8

    pawelm8 MDL Novice

    Jul 29, 2021
    34
    35
    0
    Did you managed to install the driver for Bluetooth PAN (Personal Area Network) device (ID BTH\MS_BTHPAN)? Actual BT device installed fine for me, but this BT PAN virtual device driver couldn't be found and Windows 10 driver won't install without modification (but then it's not signed anymore).
     
  14. damianfox

    damianfox MDL Senior Member

    Jan 23, 2011
    403
    275
    10
    I don't use Bluetooth so my driver is never installed. It does say Bluetooth is supported though.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  15. RokkumanX

    RokkumanX MDL Member

    Apr 8, 2020
    152
    199
    10
    I have not had a single problem yet and with all drivers updated everything works fantastic including Bluetooth.

    Every piece of software, tweaks, whatever just work.

    I'm really impressed with all this and the stability.

    Why does the consumer version suck so much compared to this insane beast.

    However, I downloaded 10 LTSC 2021 today and I think I'm going to use that for my gaming rig.

    I don't want to end up with a game or gaming software not working.

    I feel like it's a win win :)
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  16. damianfox

    damianfox MDL Senior Member

    Jan 23, 2011
    403
    275
    10
    Only problem I had with Server and games was back with Server 2012 we had to install some additional DirectX components. But not anymore. Heck we even had to install regular mouse icons lol
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  17. RokkumanX

    RokkumanX MDL Member

    Apr 8, 2020
    152
    199
    10
    Yep those were the days.

    I remember I hated Windows 8 and went with Server 2012 instead until 8.1 came out.

    It's fun to think and look back on things but I can't say I want to go back.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  18. pawelm8

    pawelm8 MDL Novice

    Jul 29, 2021
    34
    35
    0
  19. freddie-o

    freddie-o MDL Addicted

    Jul 29, 2009
    949
    1,236
    30
    This?

    Double click "Unknown Device" >> Update driver >> Browse my computer for drivers >> Let me pick from a list of available drivers on my computer
    Select "Bluetooth" >> Click next >> Select "Microsoft" (left pane) then double-click "Personal Area Network Service" (right pane)
    Click Yes on the "Update Driver Warning" dialog that appears