Category: OS

Posted on

How to Install a Bluetooth XInput Device on Windows Server 2022

Requirements:
A system running Windows Server 2022
Access to Windows 11 driver files

Step 1: Obtain the Driver Files from Windows 11
You can see the .inf and .sys files in the driver directoy, which are required for the installation.

C:\Windows11\System32\DriverStore\FileRepository\xinputhid.inf_amd64_0000000000000000> dir
 C 드라이브의 볼륨에는 이름이 없습니다.
 볼륨 일련 번호: 0000-0000

2024-05-30  오후 12:18    <DIR>          .
2024-07-02  오전 08:27    <DIR>          ..
2024-05-30  오전 11:13            21,106 xinputhid.inf
2024-05-30  오전 11:13            90,112 xinputhid.sys
               2개 파일             111,218 바이트

C:\Windows11\System32\DriverStore\FileRepository\xinputhid.inf_amd64_0000000000000000>

Step 2: Verify the Catalog File from Windows 11
Sigcheck can be downloaded from Sysinternals. 

C:\Windows11> sigcheck64.exe -i C:\Windows11\System32\drivers\xinputhid.sys

Sigcheck v2.90 - File version and signature viewer
Copyright (C) 2004-2022 Mark Russinovich
Sysinternals - www.sysinternals.com

c:\windows11\system32\drivers\xinputhid.sys:
        Verified:       Signed
        Link date:      오전 5:39 1918-03-01
        Signing date:   오전 10:45 2024-06-21
        Catalog:        C:\WINDOWS11\system32\CatRoot\{00000000-0000-0000-0000-000000000000}\Microsoft-Windows-Client-Desktop-Required-Package~0000000000000000~amd64~~10.0.00000.0000.cat
        Signers:
           Microsoft Windows
                Cert Status:    Valid
                Valid Usage:    NT5 Crypto, Code Signing

....

Step 3: Copy and install Catalog File to Windows Server 2022
SignTool is included in Visual Studio or Windows SDK.

C:\Windows2022> signtool catdb /v /u "Microsoft-Windows-Client-Desktop-Required-Package~0000000000000000~amd64~~10.0.00000.0000.cat"
Adding Catalog: Microsoft-Windows-Client-Desktop-Required-Package~0000000000000000~amd64~~10.0.00000.0000.cat
Catalog added successfully: Microsoft-Windows-Client-Desktop-Required-Package~0000000000000000~amd64~~10.0.00000.0000.cat
        System assigned name: \Windows\system32\CatRoot\{00000000-0000-0000-0000-000000000000}\99.CAT

Number of catalog files successfully Added: 1
Number of errors: 0

Step 4: Install Driver Files
1. Select Driver → Update driver → Browse my computer for drivers → Let me pick from a list of available drivers on my computer → Have a disk
2. Then, select folder containing ini/sys files and click OK
3. Make sure to disable driver signature enforcement option

Posted on

PXE Windows PE under UEFI and Secure Boot Enabled

1. Download Windows PE add-on for the Windows ADK for Windows 11, version 22H2 and install.

In this example, Windows ADK Folder (default, C:\Program Files (x86)\Windows Kits\10\Assessment and Deployment Kit\Windows Preinstallation Environment) is %PEFOLDER% and the TFTP Server Root is %TFTPROOT%

2. Patch BCD in %PEFOLDER%\amd64\Media\EFI\Microsoft\Boot\

  • Change the path of Boot Manager to our file, \bootx64.efi 
    > bcdedit /store BCD /set {bootmgr} path \bootx64.efi
  • Disable Integritycheck and Change Bootmenupolicy to Legacy 
    > bcdedit /store BCD /set {bootmgr} nointegritychecks Yes
> bcdedit /store BCD /set {default} bootmenupolicy Legacy
  • Since linux file system treats file and directory names as case-sensitive, ramdisksdipath need to be modified in case that PXE is served on linux server 
    > bcdedit /store BCD /set {7619dcc8-fafe-11d9-b411-000476eba25f} ramdisksdipath \Boot\boot.sdi
  • Entries of patched BCD should be identical to: 
    > bcdedit /store BCD /enum all

Windows Boot Manager
--------------------
identifier              {bootmgr}
path                    \bootx64.efi
description             Windows Boot Manager
locale                  en-US
inherit                 {globalsettings}
nointegritychecks       Yes
flightsigning           Yes
default                 {default}
displayorder            {default}
toolsdisplayorder       {memdiag}
timeout                 30

Windows Boot Loader
-------------------
identifier              {default}
device                  ramdisk=[boot]\sources\boot.wim,{7619dcc8-fafe-11d9-b411-000476eba25f}
path                    \windows\system32\boot\winload.efi
description             Windows Setup
locale                  en-US
inherit                 {bootloadersettings}
isolatedcontext         Yes
osdevice                ramdisk=[boot]\sources\boot.wim,{7619dcc8-fafe-11d9-b411-000476eba25f}
systemroot              \windows
bootmenupolicy          Legacy
detecthal               Yes
winpe                   Yes
ems                     No

Windows Memory Tester
---------------------
identifier              {memdiag}
device                  boot
path                    \efi\microsoft\boot\memtest.efi
description             Windows Memory Diagnostic
locale                  en-US
inherit                 {globalsettings}

EMS Settings
------------
identifier              {emssettings}
bootems                 No

Debugger Settings
-----------------
identifier              {dbgsettings}
debugtype               Serial
debugport               1
baudrate                115200

Global Settings
---------------
identifier              {globalsettings}
inherit                 {dbgsettings}
                        {emssettings}

Boot Loader Settings
--------------------
identifier              {bootloadersettings}
inherit                 {globalsettings}
                        {hypervisorsettings}

Hypervisor Settings
-------------------
identifier              {hypervisorsettings}
description             Hypervisor Settings
hypervisordebugtype     Serial
hypervisordebugport     1
hypervisorbaudrate      115200

Device options
--------------
identifier              {7619dcc8-fafe-11d9-b411-000476eba25f}
ramdisksdidevice        boot
ramdisksdipath          \Boot\boot.sdi

3. Upload required files to TFTP server (For linux servers, capitalization DOES matter)

  • %PEFOLDER%\amd64\Media\EFI\Boot\bootx64.efi to %TFTPROOT%\bootx64.efi
  • %PEFOLDER%\amd64\Media\Boot\boot.sdi to %TFTPROOT%\Boot\boot.sdi
  • %PEFOLDER%\amd64\en-us\winpe.wim to %TFTPROOT%\sources\boot.wim
    Or customized windows 11 based .wim file can be used, depending on the purposes
  • patched BCD to %TFTPROOT%\Boot\BCD


PXE would fail if TFTP directory and file structures are not properly set (e.g. capitalization mismatch on linux server)

4. Verify with hyper V

Posted on

Windows Defender Credential Guard Prevents RDP from Using Saved Credentials

After recent windows update, Windows Defender Credential Guard blocks Saved Credentials when connecting to remote desktop.

CredentialUIBroker
AutomationId and ClassName of Fields

I modified my previous codes, and it now works for both types of RDP credential window.

CredentialAutoInput class can be used as following simple codes.

namespace UI
{
    internal class Uimain
    {
        static void Main(string[] args)
        {
            var u = new CredentialAutoInput();
            switch(u.GetId())
            {
                case "myid1":
                    u.Connect("myid1", "mypass1");
                    break;

                case "myid2":
                    u.Connect("myid2", "mypass2");
                    break;
            }
        }
    }
}
Posted on

Remote Desktop Shadow Session with Saved Credentials

Remote Desktop Shadow Mode allows administrators to remotely view and/or interact with the user’s desktop.

To connect shadow session, /prompt option is needed because mstsc.exe tries to connect to client with the current user credential.

However, with /prompt option, mstsc.exe always requests a user credential to connect and it cannot be bypassed with saved one.

CredentialUIBroker

This credential window is not a standard WIN32 window but a XAML UI, thus it can be manipulated via UI Automation.

AutomationId and ClassName of Fields

Posted on

Root NanoPi R5S Android

Android can be installed to recently launched Nanopi R5S model.
However it was not rooted initially and you can check it via termux or root checker.

termux
root checker

How to root.

1. Download USB image from FriendlyElec google drive.
2. Extract boot.img.
3. Patch boot.img with magisk.
4. Replace patched boot.img with original one.
5. Flash patched image with rkdevtool.

FriendlyElec google drive
extract boot.img
patch boot.img with magisk
flash patched image with rkdevtool
done
Posted on

Change Registry Permission with PowerShell

# Save target key with takeownership right
$targetkey = [Microsoft.Win32.Registry]::LocalMachine.OpenSubKey("SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\AlternateShells\AvailableShells", [Microsoft.Win32.RegistryKeyPermissionCheck]::ReadWriteSubTree, [System.Security.AccessControl.RegistryRights]::takeownership)

# Obtain access control, owner, and rule of target key
$targetac = $targetkey.GetAccessControl()
$targetowner = $targetac.GetOwner([System.Security.Principal.NTAccount])
$targetrule = $targetac.GetAccessRules($true, $true, [System.Security.Principal.NTAccount])

# Obtain access control, owner, and rule of normal key
$adminac = [Microsoft.Win32.Registry]::LocalMachine.OpenSubKey("SOFTWARE\Microsoft\Windows NT\").GetAccessControl()
$adminowner = $adminac.GetOwner([System.Security.Principal.NTAccount])
$adminrule = $adminac.GetAccessRules($true, $true, [System.Security.Principal.NTAccount])

# Set owner and permission of target key
$targetac.SetOwner($adminowner)
$targetac.SetAccessRule($adminrule.Item(0))
$targetkey.SetAccessControl($targetac)

# Change key from 40000 to 20000
Rename-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\AlternateShells\AvailableShells" -Name 40000 -NewName 20000

# Restore owner and permission of target key
$targetac.SetAccessRule($targetrule.Item(2))
$targetac.SetOwner($targetowner)
$targetkey.SetAccessControl($targetac)
Posted on

Bluetooth Audio of Windows Server 2022 on Deskmini A300

0. Uninstall Intel Bluetooth Driver.
Bluetooth Audio Device does not work properly under Intel Bluetooth Driver when Windows Server is installed.

1. Install latest Toshiba Bluetooth Stack.
https://dynabook.com/assistpc/download/modify/soft/btswt/index_j.htm

2. Set the driver manually.
During installation, Setup would fail to detect Bluetooth Device.
Then, right click on Unknown Device → Update Driver → Browse my computer for driver software → Let me pick from a list of device drivers on my computer → Choose USB Bluetooth Driver-2 (V2.1+EDR)

3. All done.
Audio output will come through the paired Bluetooth device.

Posted on

Install Windows Server 2022 on Deskmini A300

INSTALLATION:
1. Boot with Windows Server 2022 DVD or USB.

2. OPTIONAL – Load RAID driver if RAID is configured. [Floppy(v0.0.0.000).zip]
: Load AMD-RAID Bottom Device driver (rcbottom.inf) first and then load AMD-RAID Controller driver (rcraid.inf).

3. OPTIONAL – Press shift-F10 and create vhdx for windows to be installed on virtual disk.

4. Start Install.

DEVICE MANAGER:
1. Install Windows 11 VGA driver. [AMD_VGA(v00.00.00.00).zip]
: Do not launch .exe directly.
: Instead, navigate to \AMD_VGA(v00.00.00.00)\Packages\Drivers\Display\WT6A_INF and click the right mouse button, then choose install.

2. Install Windows 11 Chipset driver as usual. [Chipset(v0.00.00.000).zip]

3. Enable Windows Audio and Windows Audio Endpoint Builder services.
: Next, Install Windows 11 Audio driver as usual. [Realtek_Audio(v0.0.00.0).zip]

4. OPTIONAL – Install Windows 11 Bluetooth driver as usual. [Intel_Bluetooth(v00.00.0.0).zip]
: Next, set Microsoft Personal Area Network Service driver manually.

5. OPTIONAL – Add WLAN feature via Server Manager.

: Next, reboot once -> enable WLAN service.

: Install Windows 11 WLAN driver as usual. [Intel_WLAN(v00.00.0.00).zip]

6. Set GPIO Driver.
: AMD GPIO Driver can be installed manually by updating Unknown Device (Microsoft ACPI Complaint System).
: Driver files are under ASROCK support page. [AMD All-in-1 with VGA driver, AllIn1(v00.00.00.00).zip]

ALL DONE: