Posts

Registry Value Types

A registry value can store data in various formats. When you store data under a registry value, for instance by calling the RegSetValueEx function, you can specify one of the following values to indicate the type of data being stored. When you retrieve a registry value, functions such as RegQueryValueEx use these values to indicate the type of data retrieved.
Read more

WsusPool keeps crashing: stops again and again

,

Sometimes you find your WSUS server keeps crashing over and over again. WSUS is unavailable and/or the WSUS management console hangs. When you start to investigate as to why Windows Server Update Services crashes, you’ll notice the following error message being logged in the HTTPErr log files:

Read more

Merge multiple files into one new file in Windows

A quicky: if you need to merge multiple text files into one new file in Windows, you can use the copy command in cmd.exe, and here is how:

Read more

How to detect ethernet network speed in Windows

,

Ideal for Windows Server Core or Nano: Detect the ethernet network speed using PowerShell or WMI is ideal for Windows Server Core or Nano. If you ever need to lookup the speed of your ethernet network card in Windows on the command-line, use one of the following WMIC commands on your PowerShell prompt:

Read more

Vulnerabilities in .NET Core, ASP.NET Core Could Allow Elevation of Privilege

Microsoft Security Advisory 4021279: Microsoft is releasing this security advisory to provide information about vulnerabilities in public .NET Core and ASP.NET Core. This advisory also provides guidance on what developers can do to update their applications correctly.

Read more

DisableNSRecordsAutoCreation with Dnscmd

This post explains how to restrict automatic NS resource record registration in Windows Server DNS using Dnscmd. This prevents Windows Server DNS to automatically create NS records for zones that it hosts on the server.

Read more

Enable NTFS long paths in Windows Server 2016 by Group Policy

Windows Server 2016 was finally released last week, meaning we can finally lift the idiotic 260 characters limitation for NTFS paths. In this post I’ll show you how to configure the Enable Win32 long paths setting for the NTFS file system, through Group Policy (a GPO).

Read more

Intrusion Detection with Windows Event ID’s

Found via cyber-ir.com: This paper is the best I have ever read on how to build IOC’s with Windows Event ID’s. I highly recommend you to read it, it contains very useful information and some very interesting behavioural examples of attacker activity. If you are looking to enhance your detection in your core network this is the document!

Read more

5 Extra ways to clean up disk space in Windows Server

Disk cleanup in Windows Server 2012 (R2) using DISM is one of the most popular posts here on Saotn.org. It’s also valid for Windows Server 2016. So apparently, disk space usage is an issue on Windows Server. And that made me wonder: what more ways to clean up disk space in Windows Server are there?

Read more

Windows Server 2016 licensing model

Mark O’Shea writes on TechNet that the licensing model for Standard and Datacenter were changed with Windows Server 2016, and he introduces the changes. The information is pulled from the Windows Server 2016 Licensing Datasheet, and if you need more details you can also download the Windows Server 2016 and System Center 2016 licensing FAQ. Spoil alert (tl;dr): you’ll be paying on a core-basis, instead of per CPU.

Read more

KB3157663: Cumulative Update for Windows Server 2016 Technical Preview 5

When you’re installing Windows Server 2016 Technical Preview 5, don’t forget to install KB3157663 before installing any server roles, features, or other products. Installing KB3157663 prior to any other software will fix an error with DISM and Install-WindowsFeature, error code 0x800F081F:

Read more

KMS Migration from 2008 R2 to Windows Server 2012 R2 and KMS Activation Known Issues

How to migratie an Windows Server 2008 R2 KMS to Windows Server 2012 R2, for volume activation of Microsoft products? On a new KMS server? You don’t, apparently there is no Windows Server 2008 (R2) KMS to Windows Server 2012 R2 migration. There is no way to automatically transfer your KMS role along with the products its activating to another server. Luckily Charity Shelbourne wrote up a handy how to for this task.

Read more

PowerShell blacklist check script: find an IP address’ blacklist status & reputation

Here’s a blacklist check script written in PowerShell. You can use this to lookup an IP address in various blacklists (DNSBL, RBL). Such a check is a great indicator for an IP address’ reputation. Basically this PowerShell blacklist checker is a translation of my Bash script to check an IP address blacklist status in Linux.

Read more

AppCmd introduction and examples

AppCmd, in combination with WinRM, is the Windows Server IIS systems administrator’s swiss-army knife for his daily routine. This post introduces AppCmd and provides a lot of AppCmd examples. AppCmd.exe is a command-line utility to manage IIS 7+ web servers. It exposes all important IIS server management functionality available through a set of intuitive management objects that can be manipulated through the cmd.exe or PowerShell command-line, or through PowerShell scripts. In this post you’ll find more information about AppCmd usage and examples.

Read more

Get current number of FTP client connections (NonAnonymous) with PowerShell and Get-Counter

Ever wanted to know the current number of active FTP client connections on your Windows Server FTP Service? You can get this statistic using PowerShell, the Get-Counter cmdlet and the Microsoft FTP Service Current NonAnonymous Users performance counter.

Read more