Difference between revisions of "Windows 10 Support"

Powershell

start-process powershell –verb runAs

Get-WindowsOptionalFeature -Online -FeatureName "SMB1Protocol"

Enable-WindowsOptionalFeature -Online -FeatureName "SMB1Protocol" -All

Disable-WindowsOptionalFeature -Online -FeatureName "SMB1Protocol"

 <ComputerName>\<LocalUsername>
Start > Settings > Accounts > Your account
Other accounts you use
Add a Microsoft account
nano -w /home/e-smith/files/samba/netlogon/netlogon.bat

REM To set the time when clients logon to the domain:
net time \\servername /set /yes
REM To map a home directory to drive h:
net use h: /home /persistent:no
net use j: \\servername\ibay1 /persistent:no
net use p: \\servername\ibay2 /persistent:no
if exist Z: net use Z: /del /yes

unix2dos /home/e-smith/files/samba/netlogon/netlogon.bat


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\Protect\Providers\df9d8cd0-1501-11d1-8c7a-00c04fc297eb]
"ProtectionPolicy"=dword:00000001

 config setprop smb ServerMaxProtocol NT1 
 expand-template /etc/smb.conf
 service smb restart

 config setprop smb ServerMinProtocol NT1 
 expand-template /etc/smb.conf
 service smb restart

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanServer\ParametersRegistry]
"SMB1"=dword:00000001
"SMB2"=dword:00000000

@echo off
reg delete HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\LanManWorkstation\Parameters /v "DNSNameResolutionRequired" /f
reg delete HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\LanManWorkstation\Parameters /v "DomainCompatibilityMode" /f
reg delete HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ProfSvc\Parameters /v "UseProfilePathExtensionVersion" /f

reg delete HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\NetworkProvider\HardenedPaths /v "\\\\*\\netlogon" /f

reg delete  HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\System /v "SlowLinkDetectEnabled" /f
reg delete  HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\System /v  "DeleteRoamingCache" /f
reg delete  HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\System /v "WaitForNetwork" /f
reg delete  HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\System /v  "CompatibleRUPSecurity" /f

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"NetJoinLegacyAccountReuse"=dword:00000001

@@ Line 5: / Line 5: @@
 ==Background==
-Windows 10 was released in July 2015. Due to changes in the way that trust relationships are established with domain controllers, some modifications to the windows registry needs to take place.
+Windows 10 was released in July 2015.
-==Join a Window 10 client to SME Server 8 or 9==
+{{Warning box|Due to changes in the way that trust relationships are established with domain controllers, some modifications to the windows registry need to take place}}
-Previously you needed to edit your Win7 registry to facilitate the joining of a SME Server Domain, however this can more easily be achieved by importing win7samba.reg fix by using either a usb key or by the network with http.
-*Save the Win7 registry patch (win7samba.reg) from https://your-server-ip/server-resources/regedit/ with your favourite web browser
+(Note: Windows 11 is due soon. This will be revised in the light of experience for Windows 11).
-*On your windows desktop, start "regedit" from the  start menu and import the win7samba.reg
+Microsoft [https://support.microsoft.com/en-sg/help/2696547/how-to-detect-enable-and-disable-smbv1-smbv2-and-smbv3-in-windows-and How To detect, enable and disable SMBv1, SMBv2, and SMBv3 in Windows]
+==Join a Window 10 client to SME Server 10==
+Previously you needed to edit your Win10 registry to facilitate the joining of a SME Server Domain, however this can more easily be achieved by importing win10samba.reg fix either by using a usb key or by the network with http.To proceed:
+*Save the Win10 registry patch (win10samba.reg) from https://your-server-ip/server-resources/regedit/ with your favourite web browser
+*On your windows desktop, start "regedit" from the  start menu and import the win10samba.reg
 *Set your domain instead of your workgroup. Add the client machine to the domain as normal.
 *When asked on your Windows PC use the 'admin' username and your SME Server admins password.
 *You have to reboot your computer to reach the domain
-{{Tip box|To connect a windows 10 client to your domain, Go to the "start menu", right click on computer, select "Properties", select the link "change Settings", then click on "Change" Tab.. Enter your servers "Domain" value in the domain field and 'Connect'. Enter the username of admin(*) with the servers admin password when asked, and you should get back the response 'Connected to Domain'.}}
+'''Using PowerShell'''<br>
+As seen on https://forums.contribs.org/index.php/topic,54125.0.html there is another way (maybe both changes are needed - needs '''verification'''):
+Start Powershell:
+ Powershell
+Run as superuser:
+ start-process powershell –verb runAs
+Check Client settings:
+ Get-WindowsOptionalFeature -Online -FeatureName "SMB1Protocol"
+Enable SMB1:
+ Enable-WindowsOptionalFeature -Online -FeatureName "SMB1Protocol" -All
+If you want to disable it:
+ Disable-WindowsOptionalFeature -Online -FeatureName "SMB1Protocol"
+Source: <nowiki>https://winaero.com/blog/enable-smb1-sharig-protocol-windows-10/</nowiki>
+{{Tip box|To connect a windows 10 client to your domain, Go to the "start menu", right click on Settings, select "Accounts", select the link "Work Access", then " join or leave a Domain". Enter your servers "Domain" value in the domain field and 'Connect'. Enter the username of admin(*) with the servers admin password when asked.}}
 (*) Admin or any user in the 'Domain Admins' group can join the domain.
 <gallery>
-Image:W7-4.png
+Image:w10dom-1.png
-Image:W7-5.png
+Image:w10dom-2.png
-Image:W7-6.png
+Image:w10dom-3.png
-Image:W7-8.png
+Image:w10dom-4.png
 </gallery>
-===Setting up network drives===
+=====MS Windows Workgroup configuration=====
+Go to the "start menu", right click on computer, select "System", select the link "System Info", then click on "Change settings" Tab. In the field for "Computer name, domain and workgroup settings", type your "workgroup".<br />
-In  order to have logon script working you must add the following Keys in registry :
+===Adding a Microsoft account to your domain account===
+{{Note box|When you are using Windows 10 in a SME Server domain environment you will normally login with your domain account to be able to use network shares without entering your credentials. You can still login with a local account by using the 'Other user' option and entering the computer name as the domain in the Username box, like this:<tt> <ComputerName>\<LocalUsername></tt>}}
-Windows Registry Editor Version 5.00
+If you want to be automatically signed into Microsoft's Cloud services (like you would when you login to Windows 10 with a Microsoft Account) you can add your Microsoft Account to your Domain account:
-[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\NetworkProvider\HardenedPaths]
+*Go to: <tt>Start > Settings > Accounts > Your account</tt>
-"\\\\*\\netlogon"="RequireMutualAuthentication=0,RequireIntegrity=0,RequirePrivacy=0"
+*Scroll down to the section: '<tt>Other accounts you use</tt>'
+*Click on the '<tt>Add a Microsoft account</tt>' link and supply your credentials
+===Setting up network drives===
 If you are using SME Server as a domain controller and the workstations have joined the domain
-you can automate drive mapping and syncronise the PC time with the netlogon.bat file
+you can automate drive mapping and synchronise the PC time with the netlogon.bat file
-Note: [[:SME_Server:Documentation:Administration_Manual:Chapter13#Workgroup |Chapter 13]] has a method for admin to edit the netlogon.bat file without using the command line. You can consider also the [[SME_Server:Documentation:Administration_Manual:Chapter7|chapter 7]] on Configuring the Computers on Your Network
+Note: [[:SME_Server:Documentation:Administration_Manual:Chapter13#Workgroup |Chapter 13]] has a method for the admin to edit the netlogon.bat file without using the command line. You can consider also the [[SME_Server:Documentation:Administration_Manual:Chapter7|chapter 7]] on Configuring the Computers on Your Network
   nano -w /home/e-smith/files/samba/netlogon/netlogon.bat
@@ Line 54: / Line 87: @@
 and reset file to dos format
-  unix2dos /home/e-smith/files/samba/netlogon/netlogon.bat
+  unix2dos /home/e-smith/files/samba/netlogon/netlogon.bat<br />
+===Outlook 2016 on Win10===
-===Slow login with win10 to sme8/9 domain===
+reference: [[Bugzilla:10106]] and SME10 [[Bugzilla:10169]]
-With certain networks you may have an issue with a slow login to the SME Server domain due to a timeout issue on the network. In this case you should install a second patch (in first you have to install the win7samba.reg). The history of this patch can be found at [[bugzilla:7332]]
-This is what you need to find in your server-ressources
+A registry modification has been added to the default win10samba.reg. While setting up an email account on a Windows 10 computer joined to a domain (with roaming profiles) you would get an error code: 0x8004011c without this modification.
-  cat /home/e-smith/files/server-resources/regedit/windows_samba_performance.reg
+  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\Protect\Providers\df9d8cd0-1501-11d1-8c7a-00c04fc297eb]
+ "ProtectionPolicy"=dword:00000001
-  Windows Registry Editor Version 5.00
+==Notes concerning Windows 10 and SME Server 10==
+As reported  in [[Bugzilla:9555]], with a default configuration, while samba 4.4.4-12 should be able to use the SMB3_11 protocol and Windows 10 should ask for it, it could occur that the negotiation fails, if so, please report. However, there seem to be two ways to work around this. First, by editing the server config:
- [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\System]
+  config setprop smb ServerMaxProtocol NT1
- "SlowLinkDetectEnabled"=dword:00000000
+  expand-template /etc/smb.conf
- "DeleteRoamingCache"=dword:00000001
+  service smb restart
- "WaitForNetwork"=dword:00000000
- "CompatibleRUPSecurity"=dword:00000001
-After this you follow the usual way to add the patch to your windows registery
+  config setprop smb ServerMinProtocol NT1
+  expand-template /etc/smb.conf
+  service smb restart
-*Save the registry patch ('''windows_samba_performance.reg''') from https://your-server-ip/server-resources/regedit/ with your favourite web browser
+Second, an alternative would be to patch the registry of every windows 10 client with the following:
-*On your windows desktop, start "regedit" from the  start menu and import the windows_samba_performance.reg
-==Adding Windows 7 Support to SME Server 7==
+ [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanServer\ParametersRegistry]
+ "SMB1"=dword:00000001
+ "SMB2"=dword:00000000
-===Configuring Clients===
+==Reverting win10samba.reg changes==
-*Install the Windows 7 registry patch from http://yourserver/server-resources/
+If you need to revert the win10samba.reg changes, this is a batch file to do it:<br>
-*Add the client machine to the domain as normal.
+ @echo off
+ reg delete HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\LanManWorkstation\Parameters /v "DNSNameResolutionRequired" /f
+ reg delete HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\LanManWorkstation\Parameters /v "DomainCompatibilityMode" /f
+ reg delete HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ProfSvc\Parameters /v "UseProfilePathExtensionVersion" /f
-{{Note box|You may see an error message on join regarding primary DNS suffix. This doesn't seem to affect any actual functionality}}
+ reg delete HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\NetworkProvider\HardenedPaths /v "\\\\*\\netlogon" /f
-*Log in as the 'admin' user for the first time.
+ reg delete  HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\System /v "SlowLinkDetectEnabled" /f
+ reg delete  HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\System /v  "DeleteRoamingCache" /f
+ reg delete  HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\System /v "WaitForNetwork" /f
+ reg delete  HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\System /v  "CompatibleRUPSecurity" /f
-{{Note box|You may see an error message when logging in for the first time. This appears to be a once off timeout issue which does not recur.}}
+==Windows 10 update error when using ESET products and can't access SME SERVER : SSL_ERROR_BAD_CERT_ALERT==
+See [[Bugzilla:9205]] and forum post https://forums.contribs.org/index.php/topic,53813.0.html
-Refer to [[bugzilla:5897]] and [[bugzilla:7002]] for details of following error
+Re issues when ESET products are installed on Windows 10.
-{{Note box| You may see an error message "The specified domain either does not exist or could not be contacted." when logging in for the first time. This is a harmless message.  Windows 7 after it joins the domain tries to resolve its dns name (and assumes that the domain controller will setup a dns entry for its hostname.  See following for a MS hotfix [http://wiki.samba.org/index.php/Windows7]}}
-===Roaming Profiles===
+==Windows 10 and Windows 11 issues joining domains==
-Windows 7 clients require that a version 2 profile folder exist in the profiles$ share, which on SME Server is located in /home/e-smith/files/samba/profiles.
+Following reports of issues here:
+https://forums.koozali.org/index.php/topic,54919.0.html
-This additional profile folder is automatically provisioned for existing users when the installing latest version of e-smith-samba (see [[bugzilla:5423|bug 5423]]). After this point, all new user accounts have the folder created as soon as they are added.
+See here:
+https://support.microsoft.com/en-us/topic/kb5020276-netjoin-domain-join-hardening-changes-2b65a0f3-1f4c-42ef-ac0f-1caaf421baf8
-{{Note box|If version 2 profile folders are not available, Windows 7 will create a temporary profile when you log in. Should you experience this problem, make sure that your SME Server installation is fully up to date.}}
+Possible reg fix:
-Version 2 profiles are not compatible with Windows XP and earlier. If you have mixed environments you will be required to maintain two separate profiles for each user.
+ [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
+ "NetJoinLegacyAccountReuse"=dword:00000001
+Please check the bugs for any potential issues.
 [[Category:Howto]]
 [[Category:Administration]]

Difference between revisions of "Windows 10 Support"

Latest revision as of 19:04, 14 March 2024

Contents

Author

Background

Join a Window 10 client to SME Server 10

MS Windows Workgroup configuration

Adding a Microsoft account to your domain account

Setting up network drives

Outlook 2016 on Win10

Notes concerning Windows 10 and SME Server 10

Reverting win10samba.reg changes

Windows 10 update error when using ESET products and can't access SME SERVER : SSL_ERROR_BAD_CERT_ALERT

Windows 10 and Windows 11 issues joining domains

Navigation menu

Page actions

Page actions

Personal tools

Koozali SME Server

Recent activities

Koozali resources

Koozali SME Server wiki

Tools

Search

	Skill level: medium
	The instructions on this page require a basic knowledge of linux.

	Warning:
	Due to changes in the way that trust relationships are established with domain controllers, some modifications to the windows registry need to take place

	Tip:
	To connect a windows 10 client to your domain, Go to the "start menu", right click on Settings, select "Accounts", select the link "Work Access", then " join or leave a Domain". Enter your servers "Domain" value in the domain field and 'Connect'. Enter the username of admin(*) with the servers admin password when asked.

	Note:
	When you are using Windows 10 in a SME Server domain environment you will normally login with your domain account to be able to use network shares without entering your credentials. You can still login with a local account by using the 'Other user' option and entering the computer name as the domain in the Username box, like this: `<ComputerName>\<LocalUsername>`