Sysadmins of the North

Moving away from WordPress

Yes, I'm moving Sysadmins of the North away from WordPress and migrate to another CMS.

For quite some time now I'm unhappy with Gutenberg in WordPress, and its constant changing functionality. This breaks websites and doesn't look professional, not even for a personal blog. I've been using WordPress since the very first version of this site back in 2007 (WaybackMachine link), and I've been part of the community for as long, I contributed to Support, Docs, Hosting, Core and had a lot of fun at WordCamp EU & NL. So this was not an easy decision to make.

Read more...

Disable ECDH public server param reuse in Windows Server IIS

Windows Server IIS is known for reusing DH key values, but there is a way to disable ECDH public server param reuse in Windows Server IIS and here is how.

ECDH public server param reuse is when a server uses the same DH (Diffie-Hellman) key value for multiple handshakes, instead of generating a new one for every handshake. They should be "ephemeral" though which is why it is called "DHE" or "ECDHE", and this means the key is single-use and should never be reused. Windows Server IIS is known for reusing DH key values, but there is a way to disable ECDH public server param reuse in Windows Server IIS.

Read more...

Create strong passwords in Windows

Learn how to create strong and unique passwords in Windows using PowerShell, because the use of those is important. Whereas creating a secure password was difficult in Windows, you nowadays have the tools at hand to do this properly. Unique passwords keeps you safe(r) online and all those unique passwords are easily and securely stored in a password manager.

You know the use of strong and unique passwords is important. Not-so-secure passwords are easily cracked and we read about account takeovers all the time. In this post I show you a couple of methods of creating more secure passwords and random passwords in Windows. Where possible with PowerShell of course. Save these passwords in a password manager (I recommend Bitwarden or Devolutions Hub) for easy usage.

Read more...

Install IIS in Windows 11 using PowerShell

Do you have a need for IIS in your Windows 11 development station, and now you wonder how to install IIS? Internet Information Services (IIS) for Windows Server is a flexible, secure and manageable webserver for hosting anything on the web. Here I describe how you can easily install IIS and some modules using PowerShell.

Read more...

Monitor website performance in IIS with Zabbix

Zabbix is a great tool to monitor your website performance on IIS using Performance Counters, PowerShell and WMI.

Monitor your website performance on IIS with Zabbix, Performance Counters, PowerShell and WMI, because it is important to keep an eye on website and webserver performance. For this, Zabbix is a great tool and knowing how to collect metrics using Performance Counters, PowerShell and WMI is readily in your toolbox.

Read more...

Use PowerShell with SSL client certificates for HTTPS GET requests

Sometimes you have use a specific TLS/SSL certificate or thumbprint for outgoing HTTPS connections because of endpoint restrictions. To test these connections you can use PowerShell, but how do you get the required certificate from your certificate store?

Read more...

Test if a port is open with PowerShell

You don't always need telnet to test if a port is open, PowerShell offers the Test-NetConnection cmdlet which has this option. The cmdlet also has a -Quiet parameter returning only $true or $false. This makes the command ideal for scripting and automation and there is no need for Telnet client.

Read more...

Calculate SHA-256 checksums in PowerShell

Sometimes you need to create a file checksum to make sure files are not tampered with. Luckily PowerShell offers a standard cmdlet for this: Get-FileHash. Use this to validate file integrity in Windows (Windows Server).

Read more...

IPv6 support for WSL2! 🥳

Ok, this one is huge: Windows Subsystem for Linux (WSL) 2 now has native support for IPv6! Almost exactly a year ago I asked about when we'd get IPv6 support in WSL2 on Twitter X, and now we have it.

Read more...

Windows SID to username and vice versa

Old school: learn how to convert a Windows SID (security identifier) to an username, or vice versa (username to SID) using PowerShell and VBScript.

Sometimes you need to convert a Windows SID (security identifier) to an username, or vice versa (username to SID). In this post I show you a couple of methods to translate the one into the other using VBScript and PowerShell.

Read more...

Get SQL database backup details with PowerShell

Learn how to query the .bak file for header information. Whenever I need to restore an SQL Server .bak backup file, I want to know some properties of the backup file to make sure I'm working with the correct file(s). Luckily, the .bak file and PowerShell provide all the information I need, so I don't have to start a Restore procedure in SQL Server Management Studio (SSMS) just to view the header information. As you know, SSMS is slow...

Read more...

Get IIS Current Connections using PowerShell

Use Get-Counter in PowerShell to get the current number of connections to IIS hosted websites. This information is stored in Windows Server Performance Counters, and you can get it using `Get-Counter` cmdlet in PowerShell of course. But in post I'll show you a different - and perhaps even faster - method using CIM and Win32\_PerfRawData\_W3SVC\_WebService. Read on...

For compatibility with PowerShell 7 (pwsh), you'll use the Get-CimInstance cmdlet and not Get-WmiObject. This is because Get-WmiObject is not compatible with PowerShell 7. Whether or not Win32_PerfRawData_W3SVC_WebService is faster than Get-Counter, it gives you more flexibility to create advanced monitoring scripts.

Read more...

Install SSL/TLS certificates in Windows Server using PowerShell

The following PowerShell snippet can be used to quickly install an SSL (or TLS) certificate in Windows Server. It assumes you have a PFX file and its password. The default location is Cert:\LocalMachine\My, to use for IIS websites.

Read more...

Tune Windows Server TCP/IP and IIS

When you have set up your ASP.NET / .NET or PHP configuration for high performing websites in Windows Server, it sometimes becomes important to reconfigure Windows Server's TCP/IP stack and IIS too. You may have to increase network throughput and performance, or you just might run out of available ports / sockets (aka port exhaustion). And, as you know, fast page loads are more and more important nowadays for seach engine optimization (SEO) and user experience. Therefore we’ll dive into tuning IIS and TCP/IP stack for high performance websites and high volume of web requests a bit.

Read more...

Install Windows Updates using PowerShell

You can use PowerShell to install Windows Updates automatically, unattended and simple. Neat, right? For this, you don't have to have an enterprise environment with WSUS, or Windows Server, but since this is Sysadmins of the North, I assume you do. In this post I'm show you how to install Windows Updates with PowerShell and the PSWindowsUpdate module.

Read more...