ZAVCXL0005 - Windows: Difference between revisions

From miki
Jump to navigation Jump to search
 
(23 intermediate revisions by the same user not shown)
Line 12: Line 12:


{| class="install_simple_log"
{| class="install_simple_log"
|-
|'''Outlook''' (<tt>package</tt>)||
* <small>[YYYY-MM-DD]</small> Update to vX.Y
* Michael Peeters
* michael.peeters@st.com
* Server: Safex1.mail1.st.com
* Username: michael.peeters@st.com
* Use Cached Exchange mode
* Mail to keep offline: 3 months
* More settings: Data file: {{file|D:\....ost}}
* Settings - Mail &rarr; Reading Pane &rarr; '''uncheck''s' Mark item as read when selection change.
* Install CalDav Synchronizer, see [[Owncloud]]. Additional settings:
:* Url '''<code>https://owncloud.immie.org/owncloud/remote.php/dav/addressbooks/users/mip/default/</code>'''.
:* Select '''Use manual proxy configuration''', with URL '''<code>zavcxl0005:8118</code>'''.
:: We must use Privoxy as proxy because Zscaler corrupts the certificate (or we must tell CalDav to ignore certificate issue). This works only if the vbox network is attached to ''NAT'' because the firewall drops connection to Privoxy port. Also, maybe this is not important, but Privoxy is configured with <code>listen-address :8118</code>.
* Email accounts
:* '''immie.org''' and '''noekeon.org''' via port forwarding.
:* If VirtualBox is configured in Bridged mode, use server '''zavcxl0005'''. This assumes SSH listens to <code>0.0.0.0</code>. Outlook will complain that certificate is not correct.
:* If VirtualBox is configured in NAT mode, we can fix the certificate warning by using real server names in Outlook account configuration ('''mail.gandi.net''', '''smtp.priorweb.be''' and '''mail.priorweb.be'''), but this assumes that (1) SSH listens to <code>0.0.0.0</code> and (2) that Windows {{file|hosts}} file contains the lines:
<source lang=text>
10.0.2.2 mail.gandi.net
10.0.2.2 smtp.priorweb.be
10.0.2.2 mail.priorweb.be
</source>
|-
|-
|'''Application''' (<tt>package</tt>, repo ''Repository'')||
|'''Application''' (<tt>package</tt>, repo ''Repository'')||
Line 27: Line 51:
{| class="install_simple_log"
{| class="install_simple_log"
|-
|-
|'''Application''' (<tt>package</tt>)||<small>[YYYY-MM-DD]</small> Update<br/>Additional configuration settings
|'''MSYS / MinGW''' (<tt>package</tt>)||
* Install MinGW Get, and select MinGW base and MSYS base system
* Create a shortcut in {{file|C:\ProgramData\Microsoft\Windows\Start Menu}} with target <code>C:\bin\mingw\msys\1.0\msys.bat -rxvt</code>.
:(Optionally change the icon).
* {{red|OBSOLETE?}} Actually MSYSGit is much better. It associates with .sh file in the setup. So this is only needed to build C project since MSYSGit does not have ''make''.
|'''MSYSGit''' (<tt>package</tt>)||
* Git available in bash and CMD.EXE.
|}
|}


Line 39: Line 69:
== P2V ==
== P2V ==
* Resize {{file|C:}} / {{file|/dev/sda1}} partition to '''60GB''' using ''gparted''.
* Resize {{file|C:}} / {{file|/dev/sda1}} partition to '''60GB''' using ''gparted''.
* Move BCD partition {{file|/dev/sda2}} contiguous to {{file|/dev/sda1}} using ''gparted''.
* Delete BCD partition {{file|/dev/sda2}}.


* Create raw partition disk:
* Create raw partition disk:
Line 51: Line 81:
* Set hard-disk as '''Solid-state Drive'''
* Set hard-disk as '''Solid-state Drive'''


Boot VM with Win Repair disk
Boot VM with Ubuntu Live CD:
* In Gparted, delete all partitions but {{file|/dev/sda1}}, and set boot flag.
* No windows partition found
:This is needed to have Windows Repair Disc detect correctly the windows installation.
* Open command prompt
C: # fails
D: # Ok
dir # Ok
mountvol # Show C: and D: present, with same UUID
bootrec /fixmbr
Reboot and restart. We get the message:
Missing operating system
Reboot with Repair disk
* Open command prompt:
bootrec /rebuildbcd
[1] D:\Windows
Add installation to boot list? Yes(Y)/No(N)/All(A):Y
... but this fails.


Boot in windows repair. Now it detects the partition. Let repair and restart. Boot again Windows repair disc. To skip automatic recovery, select restore image, then next, then cancel twice. Open a command prompt:
Boot in Linux Live/CD. In Gparted, delete all partitions but /dev/sda1. Set boot flag on /dev/sda1.
mountvol # Show a single volume C: (+X: and D: from the current boot)
c:
bcdedit /export C:\BCD_Backup
ren C:\boot\BCD bcd.old
bootrec /rebuildbcd
... and say ''Y'' when asked to add installation to boot list. Reboot, press F8.


Boot in windows repair. Now it detects the partition. Let repair and restart. Windows boots but we get a blue screen that quickly disappear.
Boot normally: Windows boots but we get a blue screen that quickly disappear.
Go into advanced boot options by hitting F8 at boot, and choose ''Disable automatic restart on system failure''. We see the message:
Go into advanced boot options by hitting F8 at boot, and choose ''Disable automatic restart on system failure''. We see the message:


Line 79: Line 102:
*** STOP: 0x0000007B (0xFFFFF880009A9928, 0xFFFFFFFFC0000034, ...)
*** STOP: 0x0000007B (0xFFFFF880009A9928, 0xFFFFFFFFC0000034, ...)


When started in safe mode, several drivers are started, and stops at CLASSPNP.SYS.
Boot in windows repair. To skip automatic recovery, select restore image, then next, then cancel twice. Open a command prompt:

mountvol # Show a single volume C: (+X: and D: from the current boot)
Boot linux livecd, then delete all occurences of {{file|AGP440.sys}} and {{file|intelppm.sys}}.
c:

bcdedit /export C:\BCD_Backup
Boot Windows repair cd, import into registry:
ren C:\boot\BCD bcd.old

bootrec /rebuildbcd
<source lang=reg>
... and say ''Y'' when asked to add installation to boot list. Reboot, press F8.
Windows Registry Editor Version 5.00
We still get the same error as above (0x0000007B).
In safe mode, several drivers are started, and stops at CLASSPNP.SYS.
[HKEY_LOCAL_MACHINE\remote_SYSTEM\ControlSet001\Control\Class\{4D36E96A-E325-11CE-BFC1-08002BE10318}\0000]
"InfPath"="mshdc.inf"
"InfSection"="msahci_Inst"
"ProviderName"="Microsoft"
"DriverDateData"=hex:00,80,8c,a3,c5,94,c6,01
"DriverDate"="6-21-2006"
"DriverVersion"="6.1.7600.16385"
"MatchingDeviceId"="pci\\cc_010601"
"DriverDesc"="Standard AHCI 1.0 Serial ATA Controller"
"Migrated"=dword:00000001
[HKEY_LOCAL_MACHINE\remote_SYSTEM\ControlSet001\Control\PnP]
"DisableCDDB"=-
[HKEY_LOCAL_MACHINE\remote_SYSTEM\ControlSet001\services\atapi]
"Start"=dword:00000000
[HKEY_LOCAL_MACHINE\remote_SYSTEM\ControlSet001\services\msahci]
"Start"=dword:00000000
</source>

Reboot... it boots! Let's shutdown w/o logging... it boots again! Yeehaa!!!

To get administrator access, first install <code>chntpw</code>:
* Either enable ''universe'' repository on ubuntu live cd (edit {{file|/etc/apt/sources.list}}
* Or copy package
Then
cd /media/ubuntu/OSDisk/Windows/System32/config
chntpw -l SAM
chntpw -u SysAdmin SAM
cd
sudo umount /media/ubuntu/OSDisk

=== Virtualbox launcher ===
We create the file {{file|/home/peetersm/.local/share/applications/virtualbox-vbox.desktop}}:
<source lang="text">
#!/usr/bin/env xdg-open

[Desktop Entry]
Version=1.0
Type=Application
Terminal=false
Icon[en_US]=virtualbox
Name[en_US]=vbox's VirtualBox
Exec=/home/peetersm/bin/vbox.sh
Comment[en_US]=Run several virtual systems on a single host computer
Name=vbox's VirtualBox
Comment=Run several virtual systems on a single host computer
Icon=virtualbox
</source>

This will launch virtualbox as user ''vbox''.


== System Settings ==
== System Settings ==
Line 94: Line 169:
|-
|-
|1st install||
|1st install||
* (temporarily) reset ''SysAdmin'' password (using <code>chntpw</code>) and then set password.
* TBC
* Install Virtualbox additions (no Direct3D support)
* Disable hibernation - Hibernate not supported, so we simply delete {{file|hiberfil.sys}} (first edit security permissions)
&rarr; used space: 34.110.431.232 (31.7GB)
* Turn off system restore (computer &rarr; properties &rarr; system protection)
* Clean up disk {{file|C:}} drive (service pack backup 500MB, queued error reporting)
&rarr; used space: 28.867.043.328 (26.8GB)
* Disable paging file (was set to ''Automatically manage paging file size for all drives'')
&rarr; used space: 22.665.486.336 (21.1GB)
|-
|-
|File system||
|Tuning||
* {{green|1st}} Disable '''Windows Search'''<br/>via ''Control Panel'' &rarr; ''Programs and Features'' &rarr; ''Turn Windows features on or off'' &rarr; ''Windows Search''
* TBC
|-
|Network||
* TBC
|-
|Preferences||
* TBC
|-
|Miscellaneous||
* TBC
|}
|}


== To Do ==
== To Do ==
=== Issues ===
=== Issues ===
* '''{{red|To Do}}''' — Disable Remote Assistance (System properties &rarr; Remote)?
* '''{{red|To Do}}''' &mdash; Uninstall McAfee Endpoint Encryption
* '''{{red|To Do}}''' &mdash; Install MS symbols for Process Explorer [http://blogs.msdn.com/b/vijaysk/archive/2009/04/02/getting-better-stack-traces-in-process-monitor-process-explorer.aspx]
* '''{{red|To Do}}''' &mdash; Disable igfxCUIService Module because it crashes (see Action Center)
* '''{{red|Issue}}''' — To be completed
* '''{{red|Issue}}''' — To be completed
* '''{{red|To Do}}''' Description
* '''{{red|To Do}}''' &mdash; Import '''STWLAN2''' settings on Linux host
:*Interesting blogs [http://community.arubanetworks.com/t5/Wireless-Access/Machine-authentication-on-WIN7-configuration/m-p/228737#M46967 Machine authentication on WIN7 - configuration], [http://www.networkworld.com/article/2940463/it-skills-training/machine-authentication-and-user-authentication.html Machine Authentication and User Authentication]
:*See also [[Wifi]].
:* Wireless settings
<source lang=bash>
STWLAN2 Wireless Network Properties
-----------------------------------

Connection:

Name : STWLAN2
SSID : STWLAN2
Network type : Access point
Network availability: All users
[X] Connect automatically when this network is in range

Security:

Security type : [WPA2-Enterprise ]
Encryption type: [AES ]

Choose a network authentication method:
[Microsoft: Protected EAP (PEAP) ]

Protected EAP Properties
When connecting:
[X] Validate server certificate
[ ] Connect to these servers:
[ ]
Trusted Root Certification Authorities
[X] ST ROOT CA 1
[X] ST ROOT CA 2
[X] Do not prompt user to authorize new serers or trusted certification authorities
Select Authentication Method:
Secured password (EAP-MSCHAP v2)
[X] Automatically use my Windows logon name and password (and domain if any)
[X] Enable Fast Reconnect
[ ] Enforce Network Access Protection
[ ] Disconnect if server does not present cryptobinding TLV
[ ] Enable Identity Privacy [ ]

Advanced settings
802.1X settings
[X] Specify authentication mode
[Compuer authentication ]
[ ] Delete credentials for all users
[ ] Enable single sign on for this network
802.11 settings
Fast roaming
[X] Enable Pairwise Master Key (PMK) caching
PMK time to live (minutes) [720 ]
Number of entries in PMK cache [128 ]
[ ] This network uses pre-authentication
[ ] Enable FIPS compliance for this network
</source>
<source lang=winbatch>
netsh wlan show profile STWLAN2 key=clear
</source>

<source lang=text>
Profile STWLAN2 on interface Wireless Network Connection 2:
=======================================================================

Applied: Group Policy Profile

Profile information
-------------------
Version : 1
Type : Wireless LAN
Name : STWLAN2
Control options :
Connection mode : Connect automatically
Network broadcast : Connect only if this network is broadcasting
AutoSwitch : Do not switch to other networks

Connectivity settings
---------------------
Number of SSIDs : 1
SSID name : "STWLAN2"
Network type : Infrastructure
Radio type : [ Any Radio Type ]
Vendor extension : Not present

Security settings
-----------------
Authentication : WPA2-Enterprise
Cipher : CCMP
Security key : Absent
802.1X : Enabled
EAP type : Microsoft: Protected EAP (PEAP)
802.1X auth credential : Machine credential
Cache user information : Yes
</source>

<source lang=winbatch>
netsh wlan export profile
</source>

<source lang=xml>
<?xml version="1.0"?>
<WLANProfile xmlns="http://www.microsoft.com/networking/WLAN/profile/v1">
<name>STWLAN2</name>
<SSIDConfig>
<SSID>
<hex>5354574C414E32</hex>
<name>STWLAN2</name>
</SSID>
</SSIDConfig>
<connectionType>ESS</connectionType>
<MSM>
<security>
<authEncryption>
<authentication>WPA2</authentication>
<encryption>AES</encryption>
<useOneX>true</useOneX>
</authEncryption>
<PMKCacheMode>enabled</PMKCacheMode>
<PMKCacheTTL>720</PMKCacheTTL>
<PMKCacheSize>128</PMKCacheSize>
<preAuthMode>disabled</preAuthMode>
<OneX xmlns="http://www.microsoft.com/networking/OneX/v1">
<heldPeriod>1</heldPeriod>
<authPeriod>18</authPeriod>
<startPeriod>5</startPeriod>
<maxStart>3</maxStart>
<authMode>machine</authMode>
<EAPConfig><EapHostConfig xmlns="http://www.microsoft.com/provisioning/EapHostConfig"><EapMethod><Type xmlns="http://www.microsoft.com/provisioning/EapCommon">25</Type><VendorId xmlns="http://www.microsoft.com/provisioning/EapCommon">0</VendorId><VendorType xmlns="http://www.microsoft.com/provisioning/EapCommon">0</VendorType><AuthorId xmlns="http://www.microsoft.com/provisioning/EapCommon">0</AuthorId></EapMethod><Config xmlns="http://www.microsoft.com/provisioning/EapHostConfig"><Eap xmlns="http://www.microsoft.com/provisioning/BaseEapConnectionPropertiesV1"><Type>25</Type><EapType xmlns="http://www.microsoft.com/provisioning/MsPeapConnectionPropertiesV1"><ServerValidation><DisableUserPromptForServerValidation>true</DisableUserPromptForServerValidation><ServerNames></ServerNames><TrustedRootCA>d6 6d 4e c1 a0 66 6e 3d 8c 49 a8 5a 2a b3 4a ca c7 73 49 d7 </TrustedRootCA><TrustedRootCA>00 91 14 ef 7e 8b 1b ae bd 77 07 ab 4f b5 ef 20 44 71 29 4b </TrustedRootCA><TrustedRootCA>eb 1d 7b 59 20 43 9c 3a d7 f8 75 8e 0e af 3a 9f 40 e2 7b 8d </TrustedRootCA></ServerValidation><FastReconnect>true</FastReconnect><InnerEapOptional>false</InnerEapOptional><Eap xmlns="http://www.microsoft.com/provisioning/BaseEapConnectionPropertiesV1"><Type>26</Type><EapType xmlns="http://www.microsoft.com/provisioning/MsChapV2ConnectionPropertiesV1"><UseWinLogonCredentials>true</UseWinLogonCredentials></EapType></Eap><EnableQuarantineChecks>false</EnableQuarantineChecks><RequireCryptoBinding>false</RequireCryptoBinding><PeapExtensions><PerformServerValidation xmlns="http://www.microsoft.com/provisioning/MsPeapConnectionPropertiesV2">true</PerformServerValidation><AcceptServerName xmlns="http://www.microsoft.com/provisioning/MsPeapConnectionPropertiesV2">false</AcceptServerName></PeapExtensions></EapType></Eap></Config></EapHostConfig></EAPConfig>
</OneX>
</security>
</MSM>
</WLANProfile>
</source>


=== Done & Fixed ===
=== Done & Fixed ===

Latest revision as of 11:51, 22 April 2022

Introduction

This is the configuration page for the Windows 7 partition on ZAVCWL0035.

Configuration Files

All configuration files can be found here.

Installed Applications

Common applications

See Common configuration for Linux.

Essential

Outlook (package)
  • [YYYY-MM-DD] Update to vX.Y
  • Michael Peeters
  • michael.peeters@st.com
  • Server: Safex1.mail1.st.com
  • Username: michael.peeters@st.com
  • Use Cached Exchange mode
  • Mail to keep offline: 3 months
  • More settings: Data file: D:\....ost
  • Settings - Mail → Reading Pane → 'unchecks' Mark item as read when selection change.
  • Install CalDav Synchronizer, see Owncloud. Additional settings:
We must use Privoxy as proxy because Zscaler corrupts the certificate (or we must tell CalDav to ignore certificate issue). This works only if the vbox network is attached to NAT because the firewall drops connection to Privoxy port. Also, maybe this is not important, but Privoxy is configured with listen-address :8118.
  • Email accounts
  • immie.org and noekeon.org via port forwarding.
  • If VirtualBox is configured in Bridged mode, use server zavcxl0005. This assumes SSH listens to 0.0.0.0. Outlook will complain that certificate is not correct.
  • If VirtualBox is configured in NAT mode, we can fix the certificate warning by using real server names in Outlook account configuration (mail.gandi.net, smtp.priorweb.be and mail.priorweb.be), but this assumes that (1) SSH listens to 0.0.0.0 and (2) that Windows hosts file contains the lines:
10.0.2.2	mail.gandi.net
10.0.2.2	smtp.priorweb.be
10.0.2.2	mail.priorweb.be
Application (package, repo Repository)
sudo apt-...
Application (package)
  • [YYYY-MM-DD] Update to vX.Y
  • TBC

Local

MSYS / MinGW (package)
  • Install MinGW Get, and select MinGW base and MSYS base system
  • Create a shortcut in C:\ProgramData\Microsoft\Windows\Start Menu with target C:\bin\mingw\msys\1.0\msys.bat -rxvt.
(Optionally change the icon).
  • OBSOLETE? Actually MSYSGit is much better. It associates with .sh file in the setup. So this is only needed to build C project since MSYSGit does not have make.
MSYSGit (package)
  • Git available in bash and CMD.EXE.

Uninstalled

Application (package) [YYYY-MM-DD] Update
Additional configuration settings

P2V

  • Resize C: / /dev/sda1 partition to 60GB using gparted.
  • Delete BCD partition /dev/sda2.
  • Create raw partition disk:
sudo dd if=/dev/sda of=vm.mbr bs=512 count=1
sudo install-mbr -i n -p D -t 0 vm.mbr            # Certainly useless since we'll repair the boot with Win rescue disk
sudo vboxmanage internalcommands createrawvmdk -filename zavcwl0035-sda1-mbr.vmdk -rawdisk /dev/sda -partitions 1 -relative -mbr vm.mbr
# This creates 2 files: ...-mbr.vmdk, and ...-mbr-pt.vmdk

Create VM:

  • Mount zavcwl0035-sda1-mbr.vmdk
  • Set hard-disk as Solid-state Drive

Boot VM with Ubuntu Live CD:

  • In Gparted, delete all partitions but /dev/sda1, and set boot flag.
This is needed to have Windows Repair Disc detect correctly the windows installation.

Boot in windows repair. Now it detects the partition. Let repair and restart. Boot again Windows repair disc. To skip automatic recovery, select restore image, then next, then cancel twice. Open a command prompt:

mountvol             # Show a single volume C: (+X: and D: from the current boot)
c:
bcdedit /export C:\BCD_Backup
ren C:\boot\BCD bcd.old
bootrec /rebuildbcd

... and say Y when asked to add installation to boot list. Reboot, press F8.

Boot normally: Windows boots but we get a blue screen that quickly disappear. Go into advanced boot options by hitting F8 at boot, and choose Disable automatic restart on system failure. We see the message:

A problem has been detected ...
...
Technical information:

*** STOP: 0x0000007B (0xFFFFF880009A9928, 0xFFFFFFFFC0000034, ...)

When started in safe mode, several drivers are started, and stops at CLASSPNP.SYS.

Boot linux livecd, then delete all occurences of AGP440.sys and intelppm.sys.

Boot Windows repair cd, import into registry:

Windows Registry Editor Version 5.00
 
[HKEY_LOCAL_MACHINE\remote_SYSTEM\ControlSet001\Control\Class\{4D36E96A-E325-11CE-BFC1-08002BE10318}\0000]
"InfPath"="mshdc.inf"
"InfSection"="msahci_Inst"
"ProviderName"="Microsoft"
"DriverDateData"=hex:00,80,8c,a3,c5,94,c6,01
"DriverDate"="6-21-2006"
"DriverVersion"="6.1.7600.16385"
"MatchingDeviceId"="pci\\cc_010601"
"DriverDesc"="Standard AHCI 1.0 Serial ATA Controller"
"Migrated"=dword:00000001
 
[HKEY_LOCAL_MACHINE\remote_SYSTEM\ControlSet001\Control\PnP]
"DisableCDDB"=-
 
[HKEY_LOCAL_MACHINE\remote_SYSTEM\ControlSet001\services\atapi]
"Start"=dword:00000000
 
[HKEY_LOCAL_MACHINE\remote_SYSTEM\ControlSet001\services\msahci]
"Start"=dword:00000000

Reboot... it boots! Let's shutdown w/o logging... it boots again! Yeehaa!!!

To get administrator access, first install chntpw:

  • Either enable universe repository on ubuntu live cd (edit /etc/apt/sources.list
  • Or copy package

Then

cd /media/ubuntu/OSDisk/Windows/System32/config
chntpw -l SAM
chntpw -u SysAdmin SAM
cd
sudo umount /media/ubuntu/OSDisk

Virtualbox launcher

We create the file /home/peetersm/.local/share/applications/virtualbox-vbox.desktop:

#!/usr/bin/env xdg-open

[Desktop Entry]
Version=1.0
Type=Application
Terminal=false
Icon[en_US]=virtualbox
Name[en_US]=vbox's VirtualBox
Exec=/home/peetersm/bin/vbox.sh
Comment[en_US]=Run several virtual systems on a single host computer
Name=vbox's VirtualBox
Comment=Run several virtual systems on a single host computer
Icon=virtualbox

This will launch virtualbox as user vbox.

System Settings

1st install
  • (temporarily) reset SysAdmin password (using chntpw) and then set password.
  • Install Virtualbox additions (no Direct3D support)
  • Disable hibernation - Hibernate not supported, so we simply delete hiberfil.sys (first edit security permissions)

→ used space: 34.110.431.232 (31.7GB)

  • Turn off system restore (computer → properties → system protection)
  • Clean up disk C: drive (service pack backup 500MB, queued error reporting)

→ used space: 28.867.043.328 (26.8GB)

  • Disable paging file (was set to Automatically manage paging file size for all drives)

→ used space: 22.665.486.336 (21.1GB)

Tuning
  • 1st Disable Windows Search
    via Control PanelPrograms and FeaturesTurn Windows features on or offWindows Search

To Do

Issues

  • To Do — Disable Remote Assistance (System properties → Remote)?
  • To Do — Uninstall McAfee Endpoint Encryption
  • To Do — Install MS symbols for Process Explorer [1]
  • To Do — Disable igfxCUIService Module because it crashes (see Action Center)
  • Issue — To be completed
  • To Do — Import STWLAN2 settings on Linux host
STWLAN2 Wireless Network Properties
-----------------------------------

Connection:

  Name	              : STWLAN2
  SSID	              : STWLAN2
  Network type        : Access point
  Network availability: All users
  [X] Connect automatically when this network is in range

Security:

  Security type  : [WPA2-Enterprise    ]
  Encryption type: [AES                ]

  Choose a network authentication method: 
  [Microsoft: Protected EAP (PEAP)     ]

    Protected EAP Properties
      When connecting:
       [X] Validate server certificate
       [ ] Connect to these servers: 
           [                       ]
       Trusted Root Certification Authorities
         [X] ST ROOT CA 1
         [X] ST ROOT CA 2
       [X] Do not prompt user to authorize new serers or trusted certification authorities
    
      Select Authentication Method:
        Secured password (EAP-MSCHAP v2)
          [X] Automatically use my Windows logon name and password (and domain if any)
        [X] Enable Fast Reconnect
        [ ] Enforce Network Access Protection
        [ ] Disconnect if server does not present cryptobinding TLV
        [ ] Enable Identity Privacy  [                       ]

  Advanced settings
    802.1X settings
      [X] Specify authentication mode
        [Compuer authentication   ]
        [ ] Delete credentials for all users
      [ ] Enable single sign on for this network
    802.11 settings
      Fast roaming
        [X] Enable Pairwise Master Key (PMK) caching
          PMK time to live (minutes)     [720  ]
          Number of entries in PMK cache [128  ]
        [ ] This network uses pre-authentication
      [ ] Enable FIPS compliance for this network
netsh wlan show profile STWLAN2 key=clear
Profile STWLAN2 on interface Wireless Network Connection 2:
=======================================================================

Applied: Group Policy Profile

Profile information
-------------------
Version                : 1
Type                   : Wireless LAN
Name                   : STWLAN2
Control options        :
Connection mode    : Connect automatically
Network broadcast  : Connect only if this network is broadcasting
AutoSwitch         : Do not switch to other networks

Connectivity settings
---------------------
Number of SSIDs        : 1
SSID name              : "STWLAN2"
Network type           : Infrastructure
Radio type             : [ Any Radio Type ]
Vendor extension          : Not present

Security settings
-----------------
Authentication         : WPA2-Enterprise
Cipher                 : CCMP
Security key           : Absent
    802.1X                 : Enabled
EAP type               : Microsoft: Protected EAP (PEAP)
    802.1X auth credential : Machine credential
    Cache user information : Yes
netsh wlan export profile
<?xml version="1.0"?>
<WLANProfile xmlns="http://www.microsoft.com/networking/WLAN/profile/v1">
	<name>STWLAN2</name>
	<SSIDConfig>
		<SSID>
			<hex>5354574C414E32</hex>
			<name>STWLAN2</name>
		</SSID>
	</SSIDConfig>
	<connectionType>ESS</connectionType>
	<MSM>
		<security>
			<authEncryption>
				<authentication>WPA2</authentication>
				<encryption>AES</encryption>
				<useOneX>true</useOneX>
			</authEncryption>
			<PMKCacheMode>enabled</PMKCacheMode>
			<PMKCacheTTL>720</PMKCacheTTL>
			<PMKCacheSize>128</PMKCacheSize>
			<preAuthMode>disabled</preAuthMode>
			<OneX xmlns="http://www.microsoft.com/networking/OneX/v1">
				<heldPeriod>1</heldPeriod>
				<authPeriod>18</authPeriod>
				<startPeriod>5</startPeriod>
				<maxStart>3</maxStart>
				<authMode>machine</authMode>
				<EAPConfig><EapHostConfig xmlns="http://www.microsoft.com/provisioning/EapHostConfig"><EapMethod><Type xmlns="http://www.microsoft.com/provisioning/EapCommon">25</Type><VendorId xmlns="http://www.microsoft.com/provisioning/EapCommon">0</VendorId><VendorType xmlns="http://www.microsoft.com/provisioning/EapCommon">0</VendorType><AuthorId xmlns="http://www.microsoft.com/provisioning/EapCommon">0</AuthorId></EapMethod><Config xmlns="http://www.microsoft.com/provisioning/EapHostConfig"><Eap xmlns="http://www.microsoft.com/provisioning/BaseEapConnectionPropertiesV1"><Type>25</Type><EapType xmlns="http://www.microsoft.com/provisioning/MsPeapConnectionPropertiesV1"><ServerValidation><DisableUserPromptForServerValidation>true</DisableUserPromptForServerValidation><ServerNames></ServerNames><TrustedRootCA>d6 6d 4e c1 a0 66 6e 3d 8c 49 a8 5a 2a b3 4a ca c7 73 49 d7 </TrustedRootCA><TrustedRootCA>00 91 14 ef 7e 8b 1b ae bd 77 07 ab 4f b5 ef 20 44 71 29 4b </TrustedRootCA><TrustedRootCA>eb 1d 7b 59 20 43 9c 3a d7 f8 75 8e 0e af 3a 9f 40 e2 7b 8d </TrustedRootCA></ServerValidation><FastReconnect>true</FastReconnect><InnerEapOptional>false</InnerEapOptional><Eap xmlns="http://www.microsoft.com/provisioning/BaseEapConnectionPropertiesV1"><Type>26</Type><EapType xmlns="http://www.microsoft.com/provisioning/MsChapV2ConnectionPropertiesV1"><UseWinLogonCredentials>true</UseWinLogonCredentials></EapType></Eap><EnableQuarantineChecks>false</EnableQuarantineChecks><RequireCryptoBinding>false</RequireCryptoBinding><PeapExtensions><PerformServerValidation xmlns="http://www.microsoft.com/provisioning/MsPeapConnectionPropertiesV2">true</PerformServerValidation><AcceptServerName xmlns="http://www.microsoft.com/provisioning/MsPeapConnectionPropertiesV2">false</AcceptServerName></PeapExtensions></EapType></Eap></Config></EapHostConfig></EAPConfig>
			</OneX>
		</security>
	</MSM>
</WLANProfile>

Done & Fixed

  • Fixed — Issue description
    Fix description
  • Done — Description