## Windows privilege escalation guide

Ryan McFarland writes on his blog: “Privilege escalation always comes down to proper enumeration. But to accomplish proper enumeration you need to know what to check and look for. This takes familiarity with systems that normally comes along with experience. At first privilege escalation can seem like a daunting task, but after a while you start to filter through what is normal and what isn’t. It eventually becomes easier to know what to look for rather than digging through everything hoping to find that needle in the haystack. Hopefully this guide will provide a good foundation to build upon and get you started.”

## Windows Server 2016 on Hyper-V stuck at stopping

… and the guest server VM won’t reboot

If a Windows Server 2016 guest VM on Hyper-V hangs while stopping after Windows Updates, it might be caused by the recovery debug information type set. Especially when you have moved the Windows PageFile to a different partition/VHDX.

Microsoft Support article KB307973 states:

You can configure the actions that Windows takes when a system error (also referred to as a bug check, system crash, fatal system error, or stop error) occurs. You can configure the following actions:
Write an event to the System log.

To take advantage of the dump file feature, your paging file must be on the boot volume. If you have moved the paging file to another volume, you must move it back to the boot volume before you use this feature.

Meaning, you must have a page file on the boot volume for automatic memory dump to work (this is on by default). So turn this option off if you don’t have a page file on your boot volume (set it to none). This fixed my reboot issues.

## Reset the type of debugging information written to the log file.

The (none) option does not record any information in a memory dump file. To specify that you do not want Windows to record information in a memory dump file by modifying the registry, set the CrashDumpEnabled DWORD value to 0. For example, type the following information at a command prompt, and then press ENTER:

wmic recoveros set DebugInfoType = 0

This is only an issue if the PageFile is on a different VHDX. Here is a Microsoft forum references:

If necessary, kill TrustedInstaller.exe if the server is hung during reboot working on updates using Sysinternals Suite:

c:\path\to\pskill.exe \\servername TrustedInstaller.exe

## List all SPNs used in your Active Directory

There are a lot of hints & tips out there for troubleshooting SPNs, or Service Principal Names. Listing duplicate SPNs is fairly easy, just use setspn -X on your command-line and you’ll find out. But how do you find out which SPNs are used for which users and computers are used for this?

## How to: Determine which .NET Framework versions are installed

Users can install and run multiple versions of the .NET Framework on their computers. When you develop or deploy your app, you might need to know which .NET Framework versions are installed on the user’s computer.

## How to unzip a file in PowerShell

Unzipping a file on your PowerShell command line may come in handy sometimes, even on your Windows 10 or Windows 8.1 workstation. All that is required is PowerShell and the .NET 4.5 Framework.

## How to determine if a SQL Server backup is compressed?

Compressed SQL Server backups can be verified in PowerShell using a handy PowerShell function. This comes in handy when you need to verify if existing SQL Server backups are compressed.

## WsusPool keeps crashing: stops again and again

Sometimes you find your WSUS server keeps crashing over and over again. WSUS is unavailable and/or the WSUS management console hangs. When you start to investigate as to why Windows Server Update Services crashes, you’ll notice the following error message being logged in the HTTPErr log files:

## How to detect ethernet network speed in Windows

Ideal for Windows Server Core or Nano: Detect the ethernet network speed using PowerShell or WMI is ideal for Windows Server Core or Nano. If you ever need to lookup the speed of your ethernet network card in Windows on the command-line, use one of the following WMIC commands on your PowerShell prompt:

## DisableNSRecordsAutoCreation with Dnscmd

This post explains how to restrict automatic NS resource record registration in Windows Server DNS using Dnscmd. This prevents Windows Server DNS to automatically create NS records for zones that it hosts on the server.

## 5 Extra ways to clean up disk space in Windows Server

Disk cleanup in Windows Server 2012 (R2) using DISM is one of the most popular posts here on Saotn.org. It’s also valid for Windows Server 2016. So apparently, disk space usage is an issue on Windows Server. And that made me wonder: what more ways to clean up disk space in Windows Server are there?

## List all MAC addresses of all Hyper-V Virtual Machines

You sometimes need to list and get all MAC addresses of all Hyper-V virtual machines in your network. Either for your Hyper-V administration or provisioning if you don’t set an unique MAC address automatically. Here is how to get all those MAC addresses easily with PowerShell.

## 25 New SQLServer PowerShell cmdlets

Ayo Olubeko of the SQL Server Blog writes in the SQL PowerShell: July 2016 update. The July update for SSMS includes the first substantial improvement in SQL PowerShell in many years. We owe a lot of thanks for this effort to the great collaboration with our community. We have several new CMDLETs to share with you, but firstly, there is a very important change we had to make to be able to ship monthly updates to the SQL PowerShell component.

## KB3157663: Cumulative Update for Windows Server 2016 Technical Preview 5

When you’re installing Windows Server 2016 Technical Preview 5, don’t forget to install KB3157663 before installing any server roles, features, or other products. Installing KB3157663 prior to any other software will fix an error with DISM and Install-WindowsFeature, error code 0x800F081F:

## How to install IIS URL Rewrite Module on Windows Server 2016 & IIS 10

When you start to play with Windows Server 2016 and IIS 10, you’ll receive an error when you try to install the IIS URL Rewrite Module in IIS. The error occurs because the URL Rewrite Module installer contains an invalid version check for the IIS being used. Here is how to install IIS URL Rewrite Module in IIS 10

## PowerShell blacklist check script: find an IP address’ blacklist status & reputation

Here’s a blacklist check script written in PowerShell. You can use this to lookup an IP address in various blacklists (DNSBL, RBL). Such a check is a great indicator for an IP address’ reputation. Basically this PowerShell blacklist checker is a translation of my Bash script to check an IP address blacklist status in Linux.

16 queries, 0.169 seconds running PHP version 7.2.7