When you set up a new public facing FTP server in Windows Server IIS (FTPSvc), it is important to properly secure it. Of course there’s authentication and authorization, but in this post I’ll show you how to configure an IP allow list for IIS FTP Server using PowerShell, iisadministration and webadministration modules.
Since Apache 2.4.6, a new module is used to configure and set up access control for websites: mod_authz_core. This means you have to use a different syntax for allowing or blocking hosts and IP addresses to your website. But unfortunately, old documentation is never updated and people even still write blog posts using that old syntax, leaving you with an unprotected website. Not what you had in mind, now is it?…
When you have just installed your new Windows Server, with or without IIS as web server, it is important to take a few extra security measurements. Securing your server is important to keep hackers out and your data safe. This article provides 4 key steps in strengthening your Windows Server web (IIS) or file server security.
Set up HTTP Strict-Transport-Security (HSTS) in Windows Server IIS 10. Scott Hanselman wrote a great post on how to enable HTTP Strict-Transport-Security (HSTS) on IIS web servers, and here is some more technical information about HSTS in IIS, and other security headers…
Sometimes you need to convert a Windows SID (security identifier) to an username, or vice versa (username to SID). In this post I show you a couple of methods to translate the one into the other using VBScript and PowerShell.
You can use PowerShell to install Windows Updates automatically, unattended and simple. Neat, right? For this, you don’t have to have an enterprise environment with WSUS, or Windows Server, but since this is Sysadmins of the North, I assume you do. In this post I’m going to show you how to install Windows Updates with PowerShell and the PSWindowsUpdate module.
Easily send your DevOps reporting by email with this PowerShell function, because the Send-MailMessage cmdlet is obsolete. Of course you’ll be using StartTLS and authenticated SMTP as additional security.
Recently, Jeff Starr wrote about blocking IP addresses posting random string comment spam. That post reminded me about my own older post about blocking WordPress comment spammers manually. With just a few manual steps, you create your own little blocklist for WordPress in either a .htaccess or web.config file. Here are the IP addresses I’m currently blocking. Note, this list can get long (loooonnggg).
Sometimes you need to create an additional SQL Server Login (user) for your database (databases). Here is a small T-SQL snippet that creates such a login for contained databases in SQL Server and adds memberships.
Sysadmins of the North is just a technical blog, like so many others out there. Here I write about IT stuff that I find interesting, problems I encountered and solved. Topics include computers, servers, web, sysadmin, database, virtualization, optimization and security.
For the most part, I write as it comes; posts may seem incoherently written sometimes (my apologies :-) ). Drop me a comment somewhere to say hi, or discuss about any of the topics. I always love the interaction!
Sharing is caring…
Please don’t forget to share posts you found interesting with your friends, family and co-workers, thanks! Link to Sysadmins of the North from your website using the following code:
<ahref="https://www.saotn.org"title="Sysadmins of the North, discuss about Sysadmin, Windows Server, IIS, security, website & WordPress, MySQL, GNU/Linux, optimization">
Sysadmins of the North, discuss about Sysadmin, Windows Server, IIS, security, website & WordPress, MySQL, GNU/Linux, optimization
</a>Code language:HTML, XML(xml)
Sometimes you need to convert a Windows SID (security identifier) to an username, or vice versa (an username to an SID). In this post I show you a couple of methods to translate the one into the other. One is using VBScript and one is using PowerShell.
Quickly get SQL Server backup .bak file header information using PowerShell and SQL Server Management Objects (SMO). Determine the name of the SQL server that wrote the backup set.
Do you want to know how to get the current number of connections to IIS hosted websites? The information is stored in Windows Server Performance Counters, and you can get it using Get-Counter cmdlet in PowerShell of course. But in post I’ll show you a different -and perhaps even faster- method using WMI/CIM and Win32_PerfRawData_W3SVC_WebService.
Use PowerShell to install SSL certificate in Windows Server and change its FriendlyName property. As a bonus, I show you how to verify a certificate’s Common Name (Subject) and Subject Alternative Name (SAN) using certutil.exe and PowerShell Get-PfxCertificate.
When you have set up your ASP.NET / .NET or PHP configuration for high performing websites in Windows Server, it sometimes becomes important to reconfigure Windows Server’s TCP/IP stack and IIS too. You may have to increase network throughput and performance, or you just might run out of available ports / sockets (aka port exhaustion).
In this post I show you how you can use PowerShell to install Windows Updates. Quickly and silently. This makes the use of PSWindowsUpdate module perfect for your day to day automation. The module even supports scheduling (on remote computers too!), it has the ability to search WSUS and Windows Update for updates, scheduling and performing the download and installation of updates.
In this post I provide you with a small PowerShell function you can use to send email over a TLS secured SMTP connection with SMTP authentication. As a framework you can use in your own scripting and extend it. You can even create a PowerShell module of it.
Here is a small T-SQL snippet that creates an additional (extra) SQL Server Login (User) for contained databases in SQL Server. It sets memberships too.
SQL Server performance monitoring in Zabbix: Keeping your SQL Server and databases in top shape is key for a good performing SQL Server database server and its databases. A good performing SQL Server makes happy customers, and that’s what puts bread on the plank, right? In this post I’ll show you how you can use Windows Performance counters, PowerShell / WMI and Zabbix for in depth monitoring of your SQL Server server and databases.
Here is a query you can use to query all posts in WordPress not having a Yoast SEO meta description yet. You can run this on your MySQL prompt or in phpMyAdmin.
Before you can properly debug crash and memory dumps in Windows (Windows 11, Windows 10, Windows Server), you need to install WinDbg -Windows Debugger- and its debugging symbols. In this article I explain how to set up these debugging symbols for WinDbg in Windows. Debug BSOD like a boss!
To extract all files from a .msi file, use the following msiexec command and arguments. Windows has the ability to allow the MSI package (.msi file) contents to be extracted using the command line or via a script.
If you need to connect virt-manager to a KVM host over ssh in Windows, then Windows 11 and WSL 2 made things a whole lot easier for you. Even if you need to connect virt-manager through an ssh tunnel and arbitrary port because your network is reachable only through a bastion host and ssh key authentication. Here is how.
Available categories
Are you looking for a specific category of posts? Here are the categories I have on Sysadmins of the North.
Currently I work as an application manager / administrator at Embrace – The Human Cloud in Groningen (the Netherlands). At Embrace we develop and manage software to automate processes and unlock knowledge, social intranets, and so forth. Smart technology helps your organization move forward.
Before Embrace, I was over 20 years at Vevida.com as a systems- and applications manager/administrator.
My experience and specialties include Windows Server, IIS, WSL & Linux (CentOS, Debian), PHP, WordPress, websites, MySQL, optimization and security. Vevida is now part of TWS, Total Webhosting Solutions, and incorporated into Yourhosting.nl. My SysOps department went to the company cldin.eu, Cldin.eu’s mission is to build the best-in-class digital infrastructures that scale.
In this post I describe some of the settings and changes I made to make my Windows 10 and Ubuntu WSL into a fully fledged development environment. Here are the settings and tools I use for DevOps/SysOps on Windows.
Since Win32-OpenSSH version 8.9.1.0p1-Beta there is decent support for FIDO/U2F hardware authenticators. This means we can use a YubiKey with Windows 11 and Windows 10, w00h00! In this post, I’ll show you how to install Microsoft OpenSSH client in Windows 11 and Windows 10, and how to configure your YubiKey. If you follow this guide and all goes well, you no longer need additional tools like Git Bash or MremoteNG/MobaXterm.
Here are 3 ways of blocking access to a PHP sendmail.php script on your Windows Server IIS webserver. This comes in handy if a websites on your webserver sends out spam and you need to block access to a script on a specific website or globally in IIS. You can use a web.config file for this purpose, and here is how.
Yesterday, I showed you how to block IP addresses in Windows Firewall using PowerShell. This comes in handy when blocking IP addresses that are brute-force attacking your servers. In this short post I’ll show you how to bulk add IP addresses in Windows Firewall, list an IP address and how to remove all IP addresses from Windows Defender Firewall with Advanced Security.