Disable TLS on Windows 2012 R2 (IIS 8)

A handy GUI tool to make this an easy one-off thing is IIS Crypto.

Here’s the actual registry change that is made if you need to script it:

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.0]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.0\Client]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.0\Server]

A reboot is required for the change to apply.

Multiple KMS keys confusion

If you have access to a VLSC and can get KMS licenses, you may see keys for different Operating systems.  Intuitively, that suggests you would register each key to be able to activate a corresponding operating system.  Not so.  Get the highest level operating system KMS and subsequent operating systems are covered by the one key.  For example, Windows 2016 covers 2012, 2008, 10, and so on…

Check out this article for more detail: Windows Server 2016 Activation

Office 2016 KMS license in Windows 2012 is a bit goofy.  Intuitively, you’d think you would use the Volume Activation Tools to plug in your key.  Nope.

Download and run the Microsoft Office 2016 Volume License Pack.  It will launch the VAT GUI and then you can plug in your KMS license.

Why is it done that way?  I honestly don’t know.  I’m sure there’s a Microsoft explanation why but I don’t feel like digging through the Internet to find an obscure article with an unofficial explanation.  I’m just glad I finally got the KMS license thing set up.

Throttle PowerShell scripts to not kill CPU or RAM

Having fun deploying gobs of parallel processes when suddenly things start to slow as CPU and RAM are getting clobbered.  I came up with a way to help scripts be a little more polite to clear up the logjam.  Look for the top of loops or iterative processes to inject checking utilization before proceeding.  If thresholds are exceeded, then the script can pause a bit and check back to see if thresholds came down.  Essentially, it’s a call to a function to check utilization and a small loop to hang out in until utilization comes down.   I have CPU and RAM threshold dialed in at 80%.  One can change to suit.

The function:

function highCpuRam {
 $highCpuRam = $false
 $cpuUsed = [int](gwmi win32_processor).LoadPercentage
 $memUsed = [int]((((gwmi win32_OperatingSystem).FreePhysicalMemory) / ((gwmi win32_OperatingSystem).TotalVisibleMemorySize)) * 100)
 if ($cpuUsed -gt 80) {$highCpuRam = $true}
 if ($memUsed -gt 80) {$highCpuRam = $true}
 return $highCpuRam

The check:

 do {
 $busy = highCpuRam
 if ($busy) {"Throttling down. CPU/RAM busy."
 Start-Sleep -m 500}
 while ($busy)

Find the largest files modified today

If you’re not using fancy file auditing software to track things, it may be challenging to find out who just filled up your drive with a bunch of data.  Here’s a PowerShell script to brute force way, crawling through your network shared drive to find the largest files that were modified today.  It can take a while to run if you have many folders and files to crawl through.  Now you can have a list of your top 100 largest files and who owns them.

# Largest X files created today
$limit = 100
$filesToday = Get-Childitem $searchPath * -Recurse -File -ErrorAction "SilentlyContinue" | 
 Where-Object {($_.LastWriteTime -gt (Get-Date).Date)} 
$largestFiles = $filesToday | Sort-Object -Property length -Descending | Select-Object Name, @{Name="SizeInMB";Expression={$_.Length / 1MB}},@{Name="Path";Expression={$_.directory}}, @{Name="Owner";Expression={(Get-Acl $_.FullName).Owner}} -First $limit
$largestFiles | Export-Csv (".\largestFilesToday_" + (Get-Date -Format "yyyy_MM_dd_hhmm") + ".csv")

JSON vs XML for PowerShell

It felt like XML was a bit dated for data transport.  It is/has been a bit cumbersome to parse and manage from PowerShell.  I’ve been seeing a lot more JSON everywhere and was curious to know if support for it was implemented in PowerShell.  It is.  As it turns out, it’s much easier to use.  Now to go back and update all my scripts to start using it.  Sigh…

Here’s an awesome article by June Blender on how to transition to start using it:



Get-WinEvent vs. Get-EventLog

So, these two appear to be very similar at first glance.  However, depending on the data one wants to filter in on, one is significantly better than the other.  For me, the bottom line is using Get-Eventlog for filtering the Security Event Log is much faster.  That’s what I needed to know.

An article by Mark Berry was very helpful:

PowerShell: Get-WinEvent vs. Get-EventLog


  1. If you’re writing a PowerShell script to handle events from Vista or Server 2008, avoid the Get-WinEvent –FilterHashtable parameter; use –FilterXML instead.
  2. Even on Vista and beyond, consider using Get-EventLog if you need to filter the Security log for Audit Failures.

Need to parse a remote Event Log for a specific Event ID and text in the description

My situation is that I need to go through all the System events and look for a particular service and account for when it started and stopped.  The one way I am able to identify the specific service from a specific vendor is that they identified their software in the description.  The Event ID for services starting and stopping is 7036.  Using this script, I’m able to get all those vendor specific service stop/start events:

Get-WinEvent -ComputerName <computer> -FilterHashtable @{logname='system'; id=7036} | Where-Object {$_.message -like "*<my text to find>*"}

This may also be helpful:

Get-EventLog -ComputerName <computer> -Log "Security" | where {($_.Message -like '*<search text>*') -and ($_.EntryType -eq 'FailureAudit')}


Career and Professional Website