How to Install a Bluetooth XInput Device on Windows Server 2022

A system running Windows Server 2022
Access to Windows 11 driver files

Step 1: Obtain the Driver Files from Windows 11
You can see the .inf and .sys files in the driver directoy, which are required for the installation.

C:\Windows11\System32\DriverStore\FileRepository\xinputhid.inf_amd64_0000000000000000> dir
 C 드라이브의 볼륨에는 이름이 없습니다.
 볼륨 일련 번호: 0000-0000

2024-05-30  오후 12:18    <DIR>          .
2024-07-02  오전 08:27    <DIR>          ..
2024-05-30  오전 11:13            21,106 xinputhid.inf
2024-05-30  오전 11:13            90,112 xinputhid.sys
               2개 파일             111,218 바이트


Step 2: Verify the Catalog File from Windows 11
Sigcheck can be downloaded from Sysinternals.

C:\Windows11> sigcheck64.exe -i C:\Windows11\System32\drivers\xinputhid.sys

Sigcheck v2.90 - File version and signature viewer
Copyright (C) 2004-2022 Mark Russinovich
Sysinternals -

        Verified:       Signed
        Link date:      오전 5:39 1918-03-01
        Signing date:   오전 10:45 2024-06-21
        Catalog:        C:\WINDOWS11\system32\CatRoot\{00000000-0000-0000-0000-000000000000}\
           Microsoft Windows
                Cert Status:    Valid
                Valid Usage:    NT5 Crypto, Code Signing


Step 3: Copy and install Catalog File to Windows Server 2022
SignTool is included in Visual Studio or Windows SDK.

C:\Windows2022> signtool catdb /v /u ""
Adding Catalog:
Catalog added successfully:
        System assigned name: \Windows\system32\CatRoot\{00000000-0000-0000-0000-000000000000}\99.CAT

Number of catalog files successfully Added: 1
Number of errors: 0

Step 4: Install Driver Files
1. Select Driver → Update driver → Browse my computer for drivers → Let me pick from a list of available drivers on my computer → Have a disk
2. Then, select folder containing ini/sys files and click OK
3. Make sure to disable driver signature enforcement option

PXE Windows PE under UEFI and Secure Boot Enabled

1. Download Windows PE add-on for the Windows ADK for Windows 11, version 22H2 and install.

In this example, Windows ADK Folder (default, C:\Program Files (x86)\Windows Kits\10\Assessment and Deployment Kit\Windows Preinstallation Environment) is %PEFOLDER% and the TFTP Server Root is %TFTPROOT%

2. Patch BCD in %PEFOLDER%\amd64\Media\EFI\Microsoft\Boot\

  • Change the path of Boot Manager to our file, \bootx64.efi
    > bcdedit /store BCD /set {bootmgr} path \bootx64.efi
  • Disable Integritycheck and Change Bootmenupolicy to Legacy
    > bcdedit /store BCD /set {bootmgr} nointegritychecks Yes
    > bcdedit /store BCD /set {default} bootmenupolicy Legacy
  • Since linux file system treats file and directory names as case-sensitive, ramdisksdipath need to be modified in case that PXE is served on linux server
    > bcdedit /store BCD /set {7619dcc8-fafe-11d9-b411-000476eba25f} ramdisksdipath \Boot\boot.sdi
  • Entries of patched BCD should be identical to:
    > bcdedit /store BCD /enum all
    Windows Boot Manager
    identifier              {bootmgr}
    path                    \bootx64.efi
    description             Windows Boot Manager
    locale                  en-US
    inherit                 {globalsettings}
    nointegritychecks       Yes
    flightsigning           Yes
    default                 {default}
    displayorder            {default}
    toolsdisplayorder       {memdiag}
    timeout                 30
    Windows Boot Loader
    identifier              {default}
    device                  ramdisk=[boot]\sources\boot.wim,{7619dcc8-fafe-11d9-b411-000476eba25f}
    path                    \windows\system32\boot\winload.efi
    description             Windows Setup
    locale                  en-US
    inherit                 {bootloadersettings}
    isolatedcontext         Yes
    osdevice                ramdisk=[boot]\sources\boot.wim,{7619dcc8-fafe-11d9-b411-000476eba25f}
    systemroot              \windows
    bootmenupolicy          Legacy
    detecthal               Yes
    winpe                   Yes
    ems                     No
    Windows Memory Tester
    identifier              {memdiag}
    device                  boot
    path                    \efi\microsoft\boot\memtest.efi
    description             Windows Memory Diagnostic
    locale                  en-US
    inherit                 {globalsettings}
    EMS Settings
    identifier              {emssettings}
    bootems                 No
    Debugger Settings
    identifier              {dbgsettings}
    debugtype               Serial
    debugport               1
    baudrate                115200
    Global Settings
    identifier              {globalsettings}
    inherit                 {dbgsettings}
    Boot Loader Settings
    identifier              {bootloadersettings}
    inherit                 {globalsettings}
    Hypervisor Settings
    identifier              {hypervisorsettings}
    description             Hypervisor Settings
    hypervisordebugtype     Serial
    hypervisordebugport     1
    hypervisorbaudrate      115200
    Device options
    identifier              {7619dcc8-fafe-11d9-b411-000476eba25f}
    ramdisksdidevice        boot
    ramdisksdipath          \Boot\boot.sdi

3. Upload required files to TFTP server (For linux servers, capitalization DOES matter)

  • %PEFOLDER%\amd64\Media\EFI\Boot\bootx64.efi to %TFTPROOT%\bootx64.efi
  • %PEFOLDER%\amd64\Media\Boot\boot.sdi to %TFTPROOT%\Boot\boot.sdi
  • %PEFOLDER%\amd64\en-us\winpe.wim to %TFTPROOT%\sources\boot.wim
    Or customized windows 11 based .wim file can be used, depending on the purposes
  • patched BCD to %TFTPROOT%\Boot\BCD

PXE would fail if TFTP directory and file structures are not properly set (e.g. capitalization mismatch on linux server)

4. Verify with hyper V

Windows Defender Credential Guard Prevents RDP from Using Saved Credentials

After recent windows update, Windows Defender Credential Guard blocks Saved Credentials when connecting to remote desktop.

AutomationId and ClassName of Fields

I modified my previous codes, and it now works for both types of RDP credential window.

CredentialAutoInput class can be used as following simple codes.

namespace UI
    internal class Uimain
        static void Main(string[] args)
            var u = new CredentialAutoInput();
                case "myid1":
                    u.Connect("myid1", "mypass1");

                case "myid2":
                    u.Connect("myid2", "mypass2");

Remote Desktop Shadow Session with Saved Credentials

Remote Desktop Shadow Mode allows administrators to remotely view and/or interact with the user’s desktop.

To connect shadow session, /prompt option is needed because mstsc.exe tries to connect to client with the current user credential.

However, with /prompt option, mstsc.exe always requests a user credential to connect and it cannot be bypassed with saved one.


This credential window is not a standard WIN32 window but a XAML UI, thus it can be manipulated via UI Automation.

AutomationId and ClassName of Fields

Root NanoPi R5S Android

Android can be installed to recently launched Nanopi R5S model.
However it was not rooted initially and you can check it via termux or root checker.

root checker

How to root.

1. Download USB image from FriendlyElec google drive.
2. Extract boot.img.
3. Patch boot.img with magisk.
4. Replace patched boot.img with original one.
5. Flash patched image with rkdevtool.

FriendlyElec google drive
extract boot.img
patch boot.img with magisk
flash patched image with rkdevtool

Change Registry Permission with PowerShell

# Save target key with takeownership right
$targetkey = [Microsoft.Win32.Registry]::LocalMachine.OpenSubKey("SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\AlternateShells\AvailableShells", [Microsoft.Win32.RegistryKeyPermissionCheck]::ReadWriteSubTree, [System.Security.AccessControl.RegistryRights]::takeownership)

# Obtain access control, owner, and rule of target key
$targetac = $targetkey.GetAccessControl()
$targetowner = $targetac.GetOwner([System.Security.Principal.NTAccount])
$targetrule = $targetac.GetAccessRules($true, $true, [System.Security.Principal.NTAccount])

# Obtain access control, owner, and rule of normal key
$adminac = [Microsoft.Win32.Registry]::LocalMachine.OpenSubKey("SOFTWARE\Microsoft\Windows NT\").GetAccessControl()
$adminowner = $adminac.GetOwner([System.Security.Principal.NTAccount])
$adminrule = $adminac.GetAccessRules($true, $true, [System.Security.Principal.NTAccount])

# Set owner and permission of target key

# Change key from 40000 to 20000
Rename-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\AlternateShells\AvailableShells" -Name 40000 -NewName 20000

# Restore owner and permission of target key

Bluetooth Audio of Windows Server 2022 on Deskmini A300

0. Uninstall Intel Bluetooth Driver.
Bluetooth Audio Device does not work properly under Intel Bluetooth Driver when Windows Server is installed.

1. Install latest Toshiba Bluetooth Stack.

2. Set the driver manually.
During installation, Setup would fail to detect Bluetooth Device.
Then, right click on Unknown Device → Update Driver → Browse my computer for driver software → Let me pick from a list of device drivers on my computer → Choose USB Bluetooth Driver-2 (V2.1+EDR)

3. All done.
Audio output will come through the paired Bluetooth device.

Install Windows Server 2022 on Deskmini A300

1. Boot with Windows Server 2022 DVD or USB.

2. OPTIONAL – Load RAID driver if RAID is configured. [Floppy(v0.0.0.000).zip]
: Load AMD-RAID Bottom Device driver (rcbottom.inf) first and then load AMD-RAID Controller driver (rcraid.inf).

3. OPTIONAL – Press shift-F10 and create vhdx for windows to be installed on virtual disk.

4. Start Install.

1. Install Windows 11 VGA driver. [AMD_VGA(v00.00.00.00).zip]
: Do not launch .exe directly.
: Instead, navigate to \AMD_VGA(v00.00.00.00)\Packages\Drivers\Display\WT6A_INF and click the right mouse button, then choose install.

2. Install Windows 11 Chipset driver as usual. [Chipset(v0.00.00.000).zip]

3. Enable Windows Audio and Windows Audio Endpoint Builder services.
: Next, Install Windows 11 Audio driver as usual. [Realtek_Audio(v0.0.00.0).zip]

4. OPTIONAL – Install Windows 11 Bluetooth driver as usual. [Intel_Bluetooth(v00.00.0.0).zip]
: Next, set Microsoft Personal Area Network Service driver manually.

5. OPTIONAL – Add WLAN feature via Server Manager.

: Next, reboot once -> enable WLAN service.

: Install Windows 11 WLAN driver as usual. [Intel_WLAN(v00.00.0.00).zip]

6. Set GPIO Driver.
: AMD GPIO Driver can be installed manually by updating Unknown Device (Microsoft ACPI Complaint System).
: Driver files are under ASROCK support page. [AMD All-in-1 with VGA driver, AllIn1(v00.00.00.00).zip]