PXE Windows PE under UEFI and Secure Boot Enabled

1. Download Windows PE add-on for the Windows ADK for Windows 11, version 22H2 and install.

In this example, Windows ADK Folder (default, C:\Program Files (x86)\Windows Kits\10\Assessment and Deployment Kit\Windows Preinstallation Environment) is %PEFOLDER% and the TFTP Server Root is %TFTPROOT%

2. Patch BCD in %PEFOLDER%\amd64\Media\EFI\Microsoft\Boot\

  • Change the path of Boot Manager to our file, \bootx64.efi
    > bcdedit /store BCD /set {bootmgr} path \bootx64.efi
  • Disable Integritycheck and Change Bootmenupolicy to Legacy
    > bcdedit /store BCD /set {bootmgr} nointegritychecks Yes
    > bcdedit /store BCD /set {default} bootmenupolicy Legacy
  • Since linux file system treats file and directory names as case-sensitive, ramdisksdipath need to be modified if PXE is served via linux server
    > bcdedit /store BCD /set {7619dcc8-fafe-11d9-b411-000476eba25f} ramdisksdipath \Boot\boot.sdi
  • Entries of patched BCD should be identical to
    > bcdedit /store BCD /enum all
    Windows Boot Manager
    identifier              {bootmgr}
    path                    \bootx64.efi
    description             Windows Boot Manager
    locale                  en-US
    inherit                 {globalsettings}
    nointegritychecks       Yes
    flightsigning           Yes
    default                 {default}
    displayorder            {default}
    toolsdisplayorder       {memdiag}
    timeout                 30
    Windows Boot Loader
    identifier              {default}
    device                  ramdisk=[boot]\sources\boot.wim,{7619dcc8-fafe-11d9-b411-000476eba25f}
    path                    \windows\system32\boot\winload.efi
    description             Windows Setup
    locale                  en-US
    inherit                 {bootloadersettings}
    isolatedcontext         Yes
    osdevice                ramdisk=[boot]\sources\boot.wim,{7619dcc8-fafe-11d9-b411-000476eba25f}
    systemroot              \windows
    bootmenupolicy          Legacy
    detecthal               Yes
    winpe                   Yes
    ems                     No
    Windows Memory Tester
    identifier              {memdiag}
    device                  boot
    path                    \efi\microsoft\boot\memtest.efi
    description             Windows Memory Diagnostic
    locale                  en-US
    inherit                 {globalsettings}
    EMS Settings
    identifier              {emssettings}
    bootems                 No
    Debugger Settings
    identifier              {dbgsettings}
    debugtype               Serial
    debugport               1
    baudrate                115200
    Global Settings
    identifier              {globalsettings}
    inherit                 {dbgsettings}
    Boot Loader Settings
    identifier              {bootloadersettings}
    inherit                 {globalsettings}
    Hypervisor Settings
    identifier              {hypervisorsettings}
    description             Hypervisor Settings
    hypervisordebugtype     Serial
    hypervisordebugport     1
    hypervisorbaudrate      115200
    Device options
    identifier              {7619dcc8-fafe-11d9-b411-000476eba25f}
    ramdisksdidevice        boot
    ramdisksdipath          \Boot\boot.sdi

3. Upload required files to TFTP server (For linux servers, capitalization DOES matter)

  • %PEFOLDER%\amd64\Media\EFI\Boot\bootx64.efi to %TFTPROOT%\bootx64.efi
  • %PEFOLDER%\amd64\Media\Boot\boot.sdi to %TFTPROOT%\Boot\boot.sdi
  • %PEFOLDER%\amd64\en-us\winpe.wim to %TFTPROOT%\sources\boot.wim
    Or customized windows 11 based .wim file, depending on the purposes
  • patched BCD to %TFTPROOT%\Boot\BCD

PXE would fail if TFTP directory and file structures are not properly set (e.g. capitalization mismatch on linux server)

4. Verify with hyper V

Windows Defender Credential Guard Prevents RDP from Using Saved Credentials

After recent windows update, Windows Defender Credential Guard blocks Saved Credentials when connecting to remote desktop.

AutomationId and ClassName of Fields

I modified my previous codes, and it now works for both types of RDP credential window.

CredentialAutoInput class can be used as following simple codes.

namespace UI
    internal class Uimain
        static void Main(string[] args)
            var u = new CredentialAutoInput();
                case "myid1":
                    u.Connect("myid1", "mypass1");

                case "myid2":
                    u.Connect("myid2", "mypass2");

Remote Desktop Shadow Session with Saved Credentials

Remote Desktop Shadow Mode allows administrators to remotely view and/or interact with the user’s desktop.

To connect shadow session, /prompt option is needed because mstsc.exe tries to connect to client with the current user credential.

However, with /prompt option, mstsc.exe always requests a user credential to connect and it cannot be bypassed with saved one.


This credential window is not a standard WIN32 window but a XAML UI, thus it can be manipulated via UI Automation.

AutomationId and ClassName of Fields

Root NanoPi R5S Android

Android can be installed to recently launched Nanopi R5S model.
However it was not rooted initially and you can check it via termux or root checker.

root checker

How to root.

1. Download USB image from FriendlyElec google drive.
2. Extract boot.img.
3. Patch boot.img with magisk.
4. Replace patched boot.img with original one.
5. Flash patched image with rkdevtool.

FriendlyElec google drive
extract boot.img
patch boot.img with magisk
flash patched image with rkdevtool

Change Registry Permission with PowerShell

# Save target key with takeownership right
$targetkey = [Microsoft.Win32.Registry]::LocalMachine.OpenSubKey("SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\AlternateShells\AvailableShells", [Microsoft.Win32.RegistryKeyPermissionCheck]::ReadWriteSubTree, [System.Security.AccessControl.RegistryRights]::takeownership)

# Obtain access control, owner, and rule of target key
$targetac = $targetkey.GetAccessControl()
$targetowner = $targetac.GetOwner([System.Security.Principal.NTAccount])
$targetrule = $targetac.GetAccessRules($true, $true, [System.Security.Principal.NTAccount])

# Obtain access control, owner, and rule of normal key
$adminac = [Microsoft.Win32.Registry]::LocalMachine.OpenSubKey("SOFTWARE\Microsoft\Windows NT\").GetAccessControl()
$adminowner = $adminac.GetOwner([System.Security.Principal.NTAccount])
$adminrule = $adminac.GetAccessRules($true, $true, [System.Security.Principal.NTAccount])

# Set owner and permission of target key

# Change key from 40000 to 20000
Rename-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\AlternateShells\AvailableShells" -Name 40000 -NewName 20000

# Restore owner and permission of target key

Bluetooth Audio of Windows Server 2022 on Deskmini A300

0. Uninstall Intel Bluetooth Driver.
Bluetooth Audio Device does not work properly under Intel Bluetooth Driver when Windows Server is installed.

1. Install latest Toshiba Bluetooth Stack.

2. Set the driver manually.
During installation, Setup would fail to detect Bluetooth Device.
Then, right click on Unknown Device → Update Driver → Browse my computer for driver software → Let me pick from a list of device drivers on my computer → Choose USB Bluetooth Driver-2 (V2.1+EDR)

3. All done.
Audio output will come through the paired Bluetooth device.

Install Windows Server 2022 on Deskmini A300

1. Boot with Windows Server 2022 DVD or USB.

2. OPTIONAL – Load RAID driver if RAID is configured. [Floppy(v0.0.0.000).zip]
: Load AMD-RAID Bottom Device driver (rcbottom.inf) first and then load AMD-RAID Controller driver (rcraid.inf).

3. OPTIONAL – Press shift-F10 and create vhdx for windows to be installed on virtual disk.

4. Start Install.

1. Install Windows 11 VGA driver. [AMD_VGA(v00.00.00.00).zip]
: Do not launch .exe directly.
: Instead, navigate to \AMD_VGA(v00.00.00.00)\Packages\Drivers\Display\WT6A_INF and click the right mouse button, then choose install.

2. Install Windows 11 Chipset driver as usual. [Chipset(v0.00.00.000).zip]

3. Enable Windows Audio and Windows Audio Endpoint Builder services.
: Next, Install Windows 11 Audio driver as usual. [Realtek_Audio(v0.0.00.0).zip]

4. OPTIONAL – Install Windows 11 Bluetooth driver as usual. [Intel_Bluetooth(v00.00.0.0).zip]
: Next, set Microsoft Personal Area Network Service driver manually.

5. OPTIONAL – Add WLAN feature via Server Manager.

: Next, reboot once -> enable WLAN service.

: Install Windows 11 WLAN driver as usual. [Intel_WLAN(v00.00.0.00).zip]

6. Set GPIO Driver.
: AMD GPIO Driver can be installed manually by updating Unknown Device (Microsoft ACPI Complaint System).
: Driver files are under ASROCK support page. [AMD All-in-1 with VGA driver, AllIn1(v00.00.00.00).zip]


How to set up Apache on Armbian

1. Install apache and php
sudo apt install apache2
sudo apt install php

2. Enable user directory
sudo a2enmod userdir
in /etc/apache2/mods-enabled/
sudo ln -s ../mods-available/userdir.conf userdir.conf
(for CentOS, edit /etc/httpd/conf.d/userdir.conf)

3. Remove Indexes for securiety in /etc/apache2/apache2.conf
<Directory /var/www/>
Options FollowSymLinks
AllowOverride None
Require all granted

4. Enable php engine for user directory in /etc/apache2/mods-enable/php7.3.conf
<FilesMatch “^\.ph(ar|p|ps|tml)$”>
# Require all denied
<IfModule mod_userdir.c>
<Directory /home/*/public_html>
# php_admin_flag engine Off