PXE Windows PE under UEFI and Secure Boot Enabled

1. Download Windows PE add-on for the Windows ADK for Windows 11, version 22H2 and install.

In this example, Windows ADK Folder (default, C:\Program Files (x86)\Windows Kits\10\Assessment and Deployment Kit\Windows Preinstallation Environment) is %PEFOLDER% and the TFTP Server Root is %TFTPROOT%

2. Patch BCD in %PEFOLDER%\amd64\Media\EFI\Microsoft\Boot\

  • Change the path of Boot Manager to our file, \bootx64.efi
    > bcdedit /store BCD /set {bootmgr} path \bootx64.efi
  • Disable Integritycheck and Change Bootmenupolicy to Legacy
    > bcdedit /store BCD /set {bootmgr} nointegritychecks Yes
    > bcdedit /store BCD /set {default} bootmenupolicy Legacy
  • Since linux file system treats file and directory names as case-sensitive, ramdisksdipath need to be modified if PXE is served via linux server
    > bcdedit /store BCD /set {7619dcc8-fafe-11d9-b411-000476eba25f} ramdisksdipath \Boot\boot.sdi
  • Entries of patched BCD should be identical to
    > bcdedit /store BCD /enum all
    
    Windows Boot Manager
    --------------------
    identifier              {bootmgr}
    path                    \bootx64.efi
    description             Windows Boot Manager
    locale                  en-US
    inherit                 {globalsettings}
    nointegritychecks       Yes
    flightsigning           Yes
    default                 {default}
    displayorder            {default}
    toolsdisplayorder       {memdiag}
    timeout                 30
    
    Windows Boot Loader
    -------------------
    identifier              {default}
    device                  ramdisk=[boot]\sources\boot.wim,{7619dcc8-fafe-11d9-b411-000476eba25f}
    path                    \windows\system32\boot\winload.efi
    description             Windows Setup
    locale                  en-US
    inherit                 {bootloadersettings}
    isolatedcontext         Yes
    osdevice                ramdisk=[boot]\sources\boot.wim,{7619dcc8-fafe-11d9-b411-000476eba25f}
    systemroot              \windows
    bootmenupolicy          Legacy
    detecthal               Yes
    winpe                   Yes
    ems                     No
    
    Windows Memory Tester
    ---------------------
    identifier              {memdiag}
    device                  boot
    path                    \efi\microsoft\boot\memtest.efi
    description             Windows Memory Diagnostic
    locale                  en-US
    inherit                 {globalsettings}
    
    EMS Settings
    ------------
    identifier              {emssettings}
    bootems                 No
    
    Debugger Settings
    -----------------
    identifier              {dbgsettings}
    debugtype               Serial
    debugport               1
    baudrate                115200
    
    Global Settings
    ---------------
    identifier              {globalsettings}
    inherit                 {dbgsettings}
                            {emssettings}
    
    Boot Loader Settings
    --------------------
    identifier              {bootloadersettings}
    inherit                 {globalsettings}
                            {hypervisorsettings}
    
    Hypervisor Settings
    -------------------
    identifier              {hypervisorsettings}
    description             Hypervisor Settings
    hypervisordebugtype     Serial
    hypervisordebugport     1
    hypervisorbaudrate      115200
    
    Device options
    --------------
    identifier              {7619dcc8-fafe-11d9-b411-000476eba25f}
    ramdisksdidevice        boot
    ramdisksdipath          \Boot\boot.sdi
    

3. Upload required files to TFTP server (For linux servers, capitalization DOES matter)

  • %PEFOLDER%\amd64\Media\EFI\Boot\bootx64.efi to %TFTPROOT%\bootx64.efi
  • %PEFOLDER%\amd64\Media\Boot\boot.sdi to %TFTPROOT%\Boot\boot.sdi
  • %PEFOLDER%\amd64\en-us\winpe.wim to %TFTPROOT%\sources\boot.wim
    Or customized windows 11 based .wim file, depending on the purposes
  • patched BCD to %TFTPROOT%\Boot\BCD


PXE would fail if TFTP directory and file structures are not properly set (e.g. capitalization mismatch on linux server)

4. Verify with hyper V

Windows Defender Credential Guard Prevents RDP from Using Saved Credentials

After recent windows update, Windows Defender Credential Guard blocks Saved Credentials when connecting to remote desktop.

CredentialUIBroker
AutomationId and ClassName of Fields

I modified my previous codes, and it now works for both types of RDP credential window.

CredentialAutoInput class can be used as following simple codes.

namespace UI
{
    internal class Uimain
    {
        static void Main(string[] args)
        {
            var u = new CredentialAutoInput();
            switch(u.GetId())
            {
                case "myid1":
                    u.Connect("myid1", "mypass1");
                    break;

                case "myid2":
                    u.Connect("myid2", "mypass2");
                    break;
            }
        }
    }
}

Remote Desktop Shadow Session with Saved Credentials

Remote Desktop Shadow Mode allows administrators to remotely view and/or interact with the user’s desktop.

To connect shadow session, /prompt option is needed because mstsc.exe tries to connect to client with the current user credential.

However, with /prompt option, mstsc.exe always requests a user credential to connect and it cannot be bypassed with saved one.

CredentialUIBroker

This credential window is not a standard WIN32 window but a XAML UI, thus it can be manipulated via UI Automation.

AutomationId and ClassName of Fields

Root NanoPi R5S Android

Android can be installed to recently launched Nanopi R5S model.
However it was not rooted initially and you can check it via termux or root checker.

termux
root checker

How to root.

1. Download USB image from FriendlyElec google drive.
2. Extract boot.img.
3. Patch boot.img with magisk.
4. Replace patched boot.img with original one.
5. Flash patched image with rkdevtool.

FriendlyElec google drive
extract boot.img
patch boot.img with magisk
flash patched image with rkdevtool
done

Change Registry Permission with PowerShell

# Save target key with takeownership right
$targetkey = [Microsoft.Win32.Registry]::LocalMachine.OpenSubKey("SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\AlternateShells\AvailableShells", [Microsoft.Win32.RegistryKeyPermissionCheck]::ReadWriteSubTree, [System.Security.AccessControl.RegistryRights]::takeownership)

# Obtain access control, owner, and rule of target key
$targetac = $targetkey.GetAccessControl()
$targetowner = $targetac.GetOwner([System.Security.Principal.NTAccount])
$targetrule = $targetac.GetAccessRules($true, $true, [System.Security.Principal.NTAccount])

# Obtain access control, owner, and rule of normal key
$adminac = [Microsoft.Win32.Registry]::LocalMachine.OpenSubKey("SOFTWARE\Microsoft\Windows NT\").GetAccessControl()
$adminowner = $adminac.GetOwner([System.Security.Principal.NTAccount])
$adminrule = $adminac.GetAccessRules($true, $true, [System.Security.Principal.NTAccount])

# Set owner and permission of target key
$targetac.SetOwner($adminowner)
$targetac.SetAccessRule($adminrule.Item(0))
$targetkey.SetAccessControl($targetac)

# Change key from 40000 to 20000
Rename-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\AlternateShells\AvailableShells" -Name 40000 -NewName 20000

# Restore owner and permission of target key
$targetac.SetAccessRule($targetrule.Item(2))
$targetac.SetOwner($targetowner)
$targetkey.SetAccessControl($targetac)

Bluetooth Audio of Windows Server 2022 on Deskmini A300

0. Uninstall Intel Bluetooth Driver.
Bluetooth Audio Device does not work properly under Intel Bluetooth Driver when Windows Server is installed.

1. Install latest Toshiba Bluetooth Stack.
https://dynabook.com/assistpc/download/modify/soft/btswt/index_j.htm

2. Set the driver manually.
During installation, Setup would fail to detect Bluetooth Device.
Then, right click on Unknown Device → Update Driver → Browse my computer for driver software → Let me pick from a list of device drivers on my computer → Choose USB Bluetooth Driver-2 (V2.1+EDR)

3. All done.
Audio output will come through the paired Bluetooth device.

Install Windows Server 2022 on Deskmini A300

INSTALLATION:
1. Boot with Windows Server 2022 DVD or USB.

2. OPTIONAL – Load RAID driver if RAID is configured. [Floppy(v0.0.0.000).zip]
: Load AMD-RAID Bottom Device driver (rcbottom.inf) first and then load AMD-RAID Controller driver (rcraid.inf).

3. OPTIONAL – Press shift-F10 and create vhdx for windows to be installed on virtual disk.

4. Start Install.

DEVICE MANAGER:
1. Install Windows 11 VGA driver. [AMD_VGA(v00.00.00.00).zip]
: Do not launch .exe directly.
: Instead, navigate to \AMD_VGA(v00.00.00.00)\Packages\Drivers\Display\WT6A_INF and click the right mouse button, then choose install.

2. Install Windows 11 Chipset driver as usual. [Chipset(v0.00.00.000).zip]

3. Enable Windows Audio and Windows Audio Endpoint Builder services.
: Next, Install Windows 11 Audio driver as usual. [Realtek_Audio(v0.0.00.0).zip]

4. OPTIONAL – Install Windows 11 Bluetooth driver as usual. [Intel_Bluetooth(v00.00.0.0).zip]
: Next, set Microsoft Personal Area Network Service driver manually.

5. OPTIONAL – Add WLAN feature via Server Manager.

: Next, reboot once -> enable WLAN service.

: Install Windows 11 WLAN driver as usual. [Intel_WLAN(v00.00.0.00).zip]

6. Set GPIO Driver.
: AMD GPIO Driver can be installed manually by updating Unknown Device (Microsoft ACPI Complaint System).
: Driver files are under ASROCK support page. [AMD All-in-1 with VGA driver, AllIn1(v00.00.00.00).zip]

ALL DONE:

How to set up Apache on Armbian

1. Install apache and php
sudo apt install apache2
sudo apt install php

2. Enable user directory
sudo a2enmod userdir
in /etc/apache2/mods-enabled/
sudo ln -s ../mods-available/userdir.conf userdir.conf
(for CentOS, edit /etc/httpd/conf.d/userdir.conf)

3. Remove Indexes for securiety in /etc/apache2/apache2.conf
<Directory /var/www/>
Options FollowSymLinks
AllowOverride None
Require all granted
</Directory>

4. Enable php engine for user directory in /etc/apache2/mods-enable/php7.3.conf
<FilesMatch “^\.ph(ar|p|ps|tml)$”>
# Require all denied
</FilesMatch>
<IfModule mod_userdir.c>
<Directory /home/*/public_html>
# php_admin_flag engine Off
</Directory>
</IfModule>