# Windows

# Bitlocker avec code PIN

**Modifier la group policy :**

---

*Computer Configuration\\Administrative Templates\\Windows Components\\Bitlocker Drive Encryption\\Operating System Drives\\Require additional authentication at startup*

Sélectionner :

*Configure TPM Startup PIN -> Require Startup PIN with TPM*

---

*Computer Configuration\\Administrative Templates\\Windows Components\\Bitlocker Drive Encryption\\Operating System Drives\\Disallow standard users from changing PIN or password*

Enabled

---

Pour les tablettes activer :

*Computer Configuration\\Administrative Templates\\Windows Components\\Bitlocker Drive Encryption\\Operating System Drives\\ Enable use of Bitlocker authentication requiring preboot keyboard input on slates*

**Activer Bitlocker**

```
manage-bde -protectors -add c: -TPMAndPIN
```

# Empêcher le réseau filaire et wifi en même temps

```
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\WcmSvc\Local.
```

Create the fMinimizeConnections registry DWORD to 3.

# Resynchroniser l'horloge avec l'AD

D'abord juste essayer la commande :

```
w32tm /config /syncfromflags:domhier /update
```

Sinon faire tout ca :

```
w32tm /unregister
net stop w32time
w32tm /register
net start w32time
w32tm /config /syncfromflags:domhier /update
net stop w32time
net start w32time
```

Ensuite vérifier :

```
w32tm /query /source
w32tm /query /configuration
```

# Forcer la mise à jour en Windows 11

```
reg.exe add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\HwReqChk" /f /v HwReqChkVars /t REG_MULTI_SZ /s , /d "SQ_SecureBootCapable=TRUE,SQ_SecureBootEnabled=TRUE,SQ_TpmVersion=2,SQ_RamMB=8192,"

reg.exe add "HKLM\SYSTEM\Setup\MoSetup" /f /v AllowUpgradesWithUnsupportedTPMOrCPU /t REG_DWORD /d 1
```

# Erreur NLA avec Active Directory

```
Test-ComputerSecureChannel -Repair -Credential woshub\administrator -Verbose
```

Si ca fonctionne pas :

```
Reset-ComputerMachinePassword -Server mun-dc01.woshub.com -Credential woshub\administrator
```