How to Install WSL 2 on Windows Server
A couple of months ago Microsoft announced the Windows Subsystem for Linux 2 (WSL 2), which is a successor of the Windows Subsytem for Linux shipped a couple of years ago. WSL 2 is currently available for Windows Insiders running Windows 10 Insider Preview Build 18917 or higher and with the Docker Tech Preview, you can now even run Docker Linux Container directly on WSL 2. With the latest Windows Server Insider Preview build 18945, you are also able to run WSL 2 on Windows Server. In this blog post, I am going to show you how you can install the Windows Subsystem for Linux 2 (WSL 2) on Windows Server. The Windows Subsystem for Linux was already available in earlier versions of Windows Server; however, WSL 2 brings a lot of new advantages. Read more here: https://www.thomasmaurer.ch/2019/08/how-to-install-wsl-2-on-windows-server/Future of On-Prem Active Directory/ Active Directory Directory Services
What is the future of On-Prem Active Directory/ Active Directory Directory Services? Azure AD does not have the capabilities to do what AD/ADDS does and Azure AD does not work in environments where you cannot expose the systems to the internet. With Microsoft's push for hybrid everything. A large amount of important items are getting left behind.FEATURE REQUEST - DONE - Full Bluetooth Support in Windows Server 2022 / vNext - and why at all
Windows Server 2022 or later has a no / limited Bluetooth support. Not because it is technically impossible, rather because it is missing drivers. Issue: Bluetooth devices cannot be added in Settings app as expected. Usecase: Logitech MX Master (1-3) Bluetooth Mouse and other stuff like that Workaround: NOTE: please don't blame the messenger for potential copyright issues that the solution is to use the drivers from a different Windows OS. I am aware it is not permitted if you see it stricly, so I hope the link won't be taken down. https://techcommunity.microsoft.com/t5/windows-server-for-it-pro/bluetooth-and-wireless-display-not-working-on-windows-server/m-p/3709709#M9149
Server 2022 Preview missing Let's Encrypt Root certificate
First posted to LetsEncrypt.org and was advised to post this issue here. https://community.letsencrypt.org/t/fyi-windows-server-2022-does-not-have-root-certificate/157208 At the time I'm writing this, Microsoft Windows Server 2022 has not been released and is only available in "Preview". Having said that I've installed the "Preview", installed all patches, and experienced the following errors when connecting to resources that use LE certificate. This happened when using Edge and Chrome. Your connection isn't private Attackers might be trying to steal your information from website.domain.com (for example, passwords, messages, or credit cards). NET::ERR_CERT_AUTHORITY_INVALID Firefox worked fine since it uses its own certificate store. After adding the root certificate to the root store, all was fine. The following output shows the certs currently in the root store by default as well as the PowerShell & OS version: PS C:\> gci Cert:\LocalMachine\Root PSParentPath: Microsoft.PowerShell.Security\Certificate::LocalMachine\Root Thumbprint Subject ---------- ------- CDD4EEAE6000AC7F40C3802C171E30148030C072 CN=Microsoft Root Certificate Authority, DC=microsoft, DC=com BE36A4562FB2EE05DBB3D32323ADF445084ED656 CN=Thawte Timestamping CA, OU=Thawte Certification, O=Thawte, L=Durbanville, S=Western Cape, C=ZA A43489159A520F0D93D032CCAF37E7FE20A8B419 CN=Microsoft Root Authority, OU=Microsoft Corporation, OU=Copyright (c) 1997 Microsoft Corp. 92B46C76E13054E104F230517E6E504D43AB10B5 CN=Symantec Enterprise Mobile Root for Microsoft, O=Symantec Corporation, C=US 8F43288AD272F3103B6FB1428485EA3014C0BCFE CN=Microsoft Root Certificate Authority 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US 7F88CD7223F3C813818C994614A89C99FA3B5247 CN=Microsoft Authenticode(tm) Root Authority, O=MSFT, C=US 3B1EFD3A66EA28B16697394703A72CA340A05BD5 CN=Microsoft Root Certificate Authority 2010, O=Microsoft Corporation, L=Redmond, S=Washington, C=US 31F9FC8BA3805986B721EA7295C65B3A44534274 CN=Microsoft ECC TS Root Certificate Authority 2018, O=Microsoft Corporation, L=Redmond, S=Washington, C=US 245C97DF7514E7CF2DF8BE72AE957B9E04741E85 OU=Copyright (c) 1997 Microsoft Corp., OU=Microsoft Time Stamping Service Root, OU=Microsoft Corporation, O=Microsoft Trust Network 18F7C1FCC3090203FD5BAA2F861A754976C8DD25 OU="NO LIABILITY ACCEPTED, (c)97 VeriSign, Inc.", OU=VeriSign Time Stamping Service Root, OU="VeriSign, Inc.", O=VeriSign Trust Network 06F1AA330B927B753A40E68CDF22E34BCBEF3352 CN=Microsoft ECC Product Root Certificate Authority 2018, O=Microsoft Corporation, L=Redmond, S=Washington, C=US 0119E81BE9A14CD8E22F40AC118C687ECBA3F4D8 CN=Microsoft Time Stamp Root Certificate Authority 2014, O=Microsoft Corporation, L=Redmond, S=Washington, C=US DF3C24F9BFD666761B268073FE06D1CC8D4F82A4 CN=DigiCert Global Root G2, OU=www.digicert.com, O=DigiCert Inc, C=US D4DE20D05E66FC53FE1A50882C78DB2852CAE474 CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IE B1BC968BD4F49D622AA89A81F2150152A41D829C CN=GlobalSign Root CA, OU=Root CA, O=GlobalSign nv-sa, C=BE A8985D3A65E5E5C4B2D7D66D40C6DD2FB19C5436 CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US 75E0ABB6138512271C04F85FDDDE38E4B7242EFE CN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R2 742C3192E607E424EB4549542BE1BBC53E6174E2 OU=Class 3 Public Primary Certification Authority, O="VeriSign, Inc.", C=US 0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43 CN=DigiCert Assured ID Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US PS C:\> $PSVersionTable Name Value ---- ----- PSVersion 5.1.20348.1 PSEdition Desktop PSCompatibleVersions {1.0, 2.0, 3.0, 4.0...} BuildVersion 10.0.20348.1 CLRVersion 4.0.30319.42000 WSManStackVersion 3.0 PSRemotingProtocolVersion 2.3 SerializationVersion 1.1.0.1 PS C:\> gwmi win32_operatingsystem | fl Caption, Version, BuildNumber Caption : Microsoft Windows Server 2022 Datacenter Evaluation Version : 10.0.20348 BuildNumber : 20348 EDIT @petercooperjr in the previously mentioned Let's Encrypt thread offered this feedback. Thanks. I don't know if it'd help whomever looks at it, but if you look at the Microsoft Trusted Root Program's page of their current trusted roots, you can see that ISRG Root X1 is there. (And it looks like ISRG Root X2 is there too!) https://docs.microsoft.com/en-us/security/trusted-root/participants-list https://docs.microsoft.com/en-us/security/trusted-root/participants-list This document provides details about the participating Certificate Authorities in the Microsoft Trusted Root Program.
Nano Server in virtual machine on Linux
Hello. I do not want a full Windows install and would like to use the Nano Server inside qemu under Linux. The 2016 version supports this, but as of version 1709, Nano only supports container images hosted on Windows. This obviously defeats the point of the minimal environment. I was interested in the Nano Server because its license is free and it contains only the core system without everything I don't need. 1) Why was the support for virtual machines removed? 2) Is there an alternative?Feature Request: NetBIOS and WINS deprecation / removal
It is 2022. While having a good course to remove SMB 1 in Windows Server and Windows Client we still have the following things enabled by default, which are not enhancing security and performance. Please consider the following related changes: - Introduce an ADMX Template to disable LMhosts, to raise security - Introduce an ADMX Template to disable NetBIOS over TCP/IP for Network interfaces to raise security. - try to remove WINS from Windows Server feature and support of NetBIOS altogether as you gradually did with SMB1. - try to remove dependencies (also in PowerShell) that somehow rely on using NT4 authentication format (domainname\username) instead of UPN (username@domainname.tld)
Is Enforcing LDAP Signing enabled by default starting with Windows Server 2025?
When connecting to Windows Server 2025 (Preview) using LDAP simple bind, the server rejected the bind. 「The server requires binds to turn on integrity checking if SSL\TLS are not already active on the connection」was displayed as an error message. If you change the LDAP server signing requirement from the default value to disabled according to the page below, LDAP simple bind will succeed. https://learn.microsoft.com/ja-jp/troubleshoot/windows-server/active-directory/enable-ldap-signing-in-windows-server Is Enforcing LDAP Signing enabled by default starting with Windows Server 2025? If so, where is the announcement about enabling LDAP server signing requirements?
