The December update changed the credential guard default behavior.
Increase the MaxTicketAge registry value on the PDC emulator (not recommended unless diagnosed). Part 9: Automation and Deployment Tips for the December Build Large enterprises deploy thousands of December-updated servers. Here is how to script the process. Use a Custom Answer File (autounattend.xml) Include the December update by slipstreaming it into the ISO using DISM:
Dism /Mount-Image /ImageFile:C:\ISO\sources\install.wim /index:2 /MountDir:C:\mount Dism /Add-Package /Image:C:\mount /PackagePath:C:\Patches\KB5048654.msu Dism /Commit-Image /Unmount-Image Configuration Server2022DecUpdate Import-DscResource -ModuleName PSDesiredStateConfiguration Node 'SRV-FILE01' WindowsUpdateAgent UpdateToDec2024 UpdateId = 'kb5048654' Ensure = 'Present' windows server 2022 ltsc 21h2 x64 english decem updated
After installing the December updated version, register the server with Azure Arc. Then query:
Introduction In the ever-evolving landscape of enterprise IT, maintaining a secure, stable, and high-performing server operating system is non-negotiable. Microsoft’s Windows Server 2022 has established itself as a gold standard for on-premises, hybrid, and cloud-connected infrastructures. Among its many releases, the LTSC (Long-Term Servicing Channel) version—specifically build 21H2 —remains the backbone for organizations demanding a decade of stable support. The December update changed the credential guard default
The keyword that has recently gained significant traction among IT professionals and system administrators is: This refers to the December 2024 cumulative update package (often colloquially shortened to "DecEM" or December Update) for the English x64 version of Windows Server 2022 LTSC.
Increased security checks on SMB and Kerberos tickets. Here is how to script the process
The December hardening of NETLOGON combined with certain network switch configurations.