In this article, we will discuss Windows logging, using the event viewer and denoting where the windows logs are stored.
Windows server options include a robust logging and management system for logs. These logs record events as they happen on your server via a user process, or a running process. This information is very helpful in troubleshooting services and other issues, or to investigate a security problem.
Continue reading “Where Are The Windows Logs Stored?”When running MSSQL or Microsoft SQL Server, we need to determine whether it is optimized or will it need more resources to achieve better performance. This article reviews what behaviors to look for, where to find them, and how to view signs of distress.
Continue reading “Finding Resource Usage Details in MSSQL”
Apache Tomcat installs several Java Enterprise Edition specs including Java Servlet, JavaServer Pages, Java EL, and WebSocket. It provides for a “pure Java” HTTP web server environment in which Java code can run.
Tomcat 9 is the latest version of Apache’s Tomcat service and can easily be installed on Windows to serve as a convenient way to run Java.
There are many features and tools that Tomcat 9 has to offer that can make the deployment of web pages more manageable, including the use of JavaServer Pages.
Reading Time: 2 minutesMac users work in their native Unix environment are familiar with using the terminal to SSH into their Linux based servers. When using a Mac to log into a Windows environment, or vice versa, the task is performed differently. Window machines use a different protocol, one aptly named RDP (Remote Desktop Protocol). For our tutorial, we’ll explore how to use your Mac to connect to a Windows server. Let’s get started!
Reading Time: 2 minutesWindows periodically checks for the latest updates and security features for your devices. Automatic updates are implemented with the intention of running your device smoothly and securely. With top security in mind, most Liquid Web servers are set to automatically install these updates thus saving you the task of remembering to implement critical updates or patches.
The vast majority of the times, windows updates complete successfully, keeping you and your customers safe. These updates rarely cause any server issues, but you may find that you want to roll back an update due to an unforeseen server change. Fear not, in this tutorial we’ll show you how to easily undo a Windows update on 2016, 2008R2 and 2012R2 servers.
Complete the removal of the update by rebooting the server.
Complete the removal of the update by rebooting the server.
Still having issues with reverting a Windows update? Liquid Web customers enjoy 24/7 support with our Managed Dedicated and VPS servers. Find out today why we are the most loved in hosting!
Reading Time: 2 minutesIf you’re using a Windows-based server to host your content, you may using Microsoft’s database server product, MSSQL. However, licensing restrictions can make using MSSQL difficult, especially for small businesses. Microsoft offers a free version of MSSQL called MSSQL Express that will be suitable for many users, but this version does have limitations on database size and memory usage. If you need a more robust database solution but want to try something with a lower cost (like a free, open-source database server), you could try MySQL database server.
MySQL is a standard part of the typical Linux server build (or LAMP stack) but is also available for use on Windows operating systems. Depending on your needs, you could fully develop your database in MySQL. Many popular Content Management Systems (CMS) also use MySQL by default, so using MySQL to manage those applications may be beneficial. MySQL and MSSQL can be run on the same server at the same time, so you’re free to use both or to experiment as needed.
Installing MySQL on your Windows server is as simple as downloading an MSI Installer package and clicking through a few options.
Have other thoughts or questions? Our Sales and Support teams are available 24 hours by phone or e-mail to assist. Reach out to us by opening a support ticket at support@liquidweb.com, giving us a call at 1-800-580-4985 or, open a chat with us and we’ll be happy to answer any questions you may have!
Reading Time: 4 minutesReact.js (React) is an open-source JavaScript library useful in building user interfaces. React is a library so our main focus for this article is installing a JavaScript environment and a Package Manager so that we can download and install libraries including React.
When we are done, you will have a React environment you can use to start development on your Liquid Web server.
The first step is to download the Node.js installer for Windows. Let’s use the latest Long Term Support (LTS) version for Windows and choose the 64-bit version, using the Windows Installer icon.
Once downloaded, we run the Node.js installer (.msi fuke) and follow the steps to complete the installation.
Now that we have Node.js installed, we can move on to the next step.
We’ll need to use the command prompt (command line) to interact with Node.js and the Node Package Manager (NPM) to install React. Let’s take a few minutes to cover the commands we’ll need to use to get around. Here are the basic commands we will need to get around and create folders/directories:
Click the Start Menu (1), start typing the word command (2), then choose either Command Prompt or the Node.js command prompt (3) — either choice will work.
A command prompt window will open with the path showing as C:\Users\<username> where the <username> on your system will be the user you are logged in as.
To execute a command, we type the command and any required options, then press Enter to execute it and see the results. Let’s walk through each of the commands listed above to see what happens:
dir
Let’s look at the contents of the downloads folder with this command:
dir downloads
The path shows we are still in the directory C:\Users\ReactUser>, however, we are looking at the contents of C:\Users\ReactUser\downloads and we see that it has one file. Let’s move to the downloads directory with this command:
cd downloads
We’ve changed to the downloads folder as the command prompt shows C:\Users\ReactUser\Downloads>. You can use the dir command to see the contents of this directory/folder. Next, let’s go back to the previous directory with this command:
cd..
Now we are back to where we started. Let’s create a new directory for our first project and name it reactproject1. We’ll use the command:
mkdir reactproject1
Again, we use the dir command to list the files within our current folder.
dir
If you want to learn more about commands, please check out these links:
There are two ways to install React for your projects. Let’s look at each approach so that you can decide which one you prefer to use.
This install option allows you to full control over everything that is installed and defined as dependencies.
Step 1: To get started, we need to open a command prompt.
Step 2: Create a project folder named reactproject1:
mkdir reactproject1
Press Enter to execute the command, and we get a new directory called reactproject1. If you did this as part of the Command Prompt examples, you could skip this step as it will tell you that it already exists.
Step 3: Move to the project folder, using cd reactproject1, so we can install React into it.
cd reactproject1
At this point, you will see your prompt indicate C:\Users\ReactUser\reactproject1.
Step 4: Create a package.json file, the following command will walk you through creating a package.json file.
npm init
Step 5: Install React and other modules using npm install — save react, thiswill install React into your project and update the package.json file with dependencies.
npm install --save react
We can install additional packages using npm install — save and the name of the package we want to install. Here we are installing react-dom: npm install — save react-dom
npm install --save react-dom
Step 1: To get started, we need to open a command prompt and type npm install -g create-react-app. This installs the Create-React-App module which makes it very easy to create and deploy React into projects with a single command.
npm install -g create-react-appCreate-React-App is installed in the following location: C:\Users\<username>\AppData\Roaming\npm\node_modules\create-react-app\
Once Create-React-App is installed, we can use it to create a project folder and install React and dependencies automatically.
To make sure you are in the desired directory when creating a new project, you can use dir to see where you are, and cd <directory_name> or cd.. to get to the desired location.
Step 2: To create a new project and deploy React into it, we run create-react-app <project_name>. Let’s do this to create reactproject2.
create-react-app reactproject2
The entire process is automated and begins with creating a new React app folder for the project, then installs packages and dependencies. The default packages include react, react-dom, and react-scripts. The installation will take a few minutes.
To run our new project, we need to use the command prompt to change to the project folder, then start it. The cd reactproject2 command will take us to the reactproject2 folder.
cd reactproject2
And npm start will run the project application.
The default browser will open and load the project:
To learn more about React, you may find these links helpful:
You now have your environment set for building out projects! If you are running our lightning fast servers, our support team is at your disposal for any questions you may have.
Reading Time: 4 minutesWhen looking to host web sites or services from a Windows server, there are several options to consider. It is worth reviewing the strengths and weaknesses of each server type to determine which one is most likely to meet your particular needs before you spend the time installing and configuring a web service.
Some of the most common web servers available for Windows services are Tomcat, Microsoft IIS (Internet Information Services), and of course the Apache server. Many server owners will choose to use a control panel which manages most of the common tasks usually needed to administer a web server such as e-mail and firewall configuration.
At LiquidWeb, that option means you’re using one of our Fully Managed Windows Servers with Plesk. Alternately, some administrators who need more flexibility choose one of our Core or Self-Managed Windows Servers. This article is intended for the latter type of server with no Plesk (or other) server management control panel.
This guide was written for a 64-bit Windows server since a modern server is more likely to utilize that platform. There are also a few potential issues with Apache on a Win32 systems (non 64-bit) which you should be aware of and can be reviewed here.
Downloading Apache:
While there are several mirrors to choose from for downloading the pre-compiled Apache binaries for windows, we’ll be using ApacheHaus for our purposes.
Download Here:
(This is the 64-bit version with OpenSSL version 1.1.1a included). If you would like to utilize an alternate version they are listed here:
We will assume that you have installed all the latest available updates for your version of Windows. If not, it is very important to do so now to avoid unexpected issues. These instructions are specifically adapted from the directions provided by ApacheHaus where we obtained the binary package. You may find the entire document in the extracted Apache folder under the file “readme_first.html”.
Before installing Apache, we first need to install the below package. Once it has been installed, it is often a good idea to restart the system to ensure any remaining changes requiring a restart are completed.
“You can now test your installation by opening up your Web Browser and typing in the address: http://localhost
If everything is working properly, you should see the Apache Haus’ test page.“
To shut down the new Apache server instance, you can go back to the Command Prompt and press “Control-C”.
httpd.exe -k install -n "Apache HTTP Server"
Output:
Installing the 'Apache HTTP Server' service
The 'Apache HTTP Server' service is successfully installed.
Testing httpd.conf....
Errors reported here must be corrected before the service can be started.
(this line should be blank)
services.mscLook for the service “Apache HTTP Server.” Looking towards the left of that line you should see “Automatic.” If you do not, double-click the line and change the Startup Type to “Automatic.”
To allow connections from the Internet to your new web server, you will need to configure a Windows Firewall rule to do so. Follow these steps:
That’s it! You now have the Apache Web Server installed on your Windows server. From here you’ll likely want to install some Apache modules. Almost certainly you will need to install the PHP module for Apache, as well as MySQL. Doing so is beyond the scope of this tutorial; however, you should be able to find a variety of instructions by searching “How to Install PHP (or other) Apache module on Windows server,” or similar at your favorite search engine.
Reading Time: 3 minutesAs administrators for our servers, we may find ourselves needing to do certain things while on the go. We may also not have a laptop or PC within reach. But one thing most of us have at all times is a cell phone. Whether we have an Android or an iPhone, most of us do possess a smartphone. One thing great about these smartphones is their constant connection to the Internet. Having that constant connection makes it simple to use various apps that assist with admin tasks through our smartphones. Here is a list of five applications available both on iPhone and Android. If you are interested in checking them out, click on your phone’s type next to the application name. You can also search for these applications by name in your smartphone’s app store. Continue reading “5 Android/iPhone Apps for IT Admins”
Reading Time: 6 minutesWhen investigating site infections or defacing on a Windows Servers, the most common root cause is poor file security or poor configuration choices when it comes to how IIS should access file content. The easiest way to prevent this is to start with a secure site.
Setting up a website in IIS is exceedingly easy, but several of the default settings are not optimum when it comes to security or ease of management. Further, some practices that used to be considered necessary or standards are no longer or were never necessary, to begin with. As such, we recommend that you follow these steps to set up a website to ensure that it is set up correctly and securely. And while some of these setting or permission changes may seem nitpicky, they go a long way on systems that host multiple domains or multiple tenants as they prevent any cross-site file access.
To add a website in IIS (Internet Information Services), open up the IIS manager, right-click on Sites, and select Add Website.
When adding a site to IIS, we typically recommend using the domain name as the “Site name” for easy identification. Next, under “Physical path”, you will need to supply the path to where your website content is located or use the “…” to navigate to and select the folder. Configuration options under “Connect as…” and “Test Settings…” do not need to be modified.
When it comes to configuring site bindings, popular belief suggests that you should select a specific IP from the “IP address” drop dropdown; however, that is based on out of date practices typically in relation to how SSLs used to require dedicated IPs. This is no longer necessary and can actually cause issues when getting into any eplicated or highly available configuration, so it is best to leave IP addresses set to All Unassigned and type the domain name you plan to host in the “Host name” field. Do note that you can only supply one value here; additional host names can be added after creating the site by right-clicking on the site and going to Bindings. Further, depending on your needs, you may opt to select “https” instead of “http”. To host a site with an SSL, please visit our article on the subject after setting up the site to add an SSL and configure it.
Technically that is all you need to do to set up a site in IIS; however, the site may or may not work, and the security settings on the site are not optimum. The next step in securing your site is to configure the IIS user that will access your files. To do this, you will need to change the associated Anonymous user and make a few security changes on the website’s content folder.
In IIS, select your new site on the left, in the main window double click on Authentication, select Anonymous Authentication, and then click “Edit…” on the right action bar.
By default, a new site in IIS utilizes the IUSR account for accessing files. This account is a built-in shared account typically used by IIS to access file content. This means that it will use the application pool’s identity (user) to access file content.
It may be okay to leave this configured if you only plan on hosting one domain; however, when it comes to hosting multiple domains, this is not secure as it would then be possible for any site using the same account to access files from another site. As such, and as a standard practice, we recommend switching away from using the IUSR account for sites, and instead selecting “Application pool identity” and clicking OK. Alternately, you could manually create a user on the system for each site; however, then you need to manage credentials for an additional user, need to configure permissions for two users (the anonymous user and the application pool user) and possible complications with password complexity and rotation requirements your server or organization may have.
There is nothing further you need to configure in IIS in terms of security; however, for reference, let’s take a look at the application pool settings really quick. To check the settings on the application pool, in IIS, select Application Pools on the left menu, select the application pool for the site you created (typically the same name as the name of the site), and then click “Advanced Settings…” on the right action bar.
In here, the related setting is the identity, which by default is “ApplicationPoolIdentity”. This means to access file content, IIS and the associated application pool will use a hidden, dynamic user based off the name of the application pool to access files. This user has no associated password, can only be used by IIS, and only has access to files specifically granted to it. As such, it removes the requirement of managing system users and credentials.
Now, as mentioned, the “ApplicationPoolIdentity” user has very few permissions, so the next and last step is to ensure that the website files have proper security settings set on them. Browse through your file system and find the folder where you plan on hosting your site’s files. Right-click on the folder and go to properties. In the properties interface, select the Security tab.
By default, there are a number of security permissions set up on the folder that are unnecessary and potentially insecure (there may be more than shown here). To best secure a site, we recommend removing all but the “SYSTEM” and “Administrators” groups and adding the “ApplicationPoolIdentity” user (and possibly any other user you may require, such as an FTP user); however, to do this, you will need to disable inheritance. To do this, click on “Advanced”, then click on “Disable inheritance”.
Here you will get a popup asking if you want to copy the current settings or start with no settings. Either option can work; however, it is easier to copy the current settings and then remove the unnecessary permissions. So select “ConvertConcert inherited permissions into explicit permission on this object” and then click OK.
At this point, to remove the unnecessary permissions, click Edit and remove everything other than the “SYSTEM” and “Administrators” groups. Next, you need to add the “ApplicationPoolIdentity” user to this folder. To do this, click “Add…”. Now, depending on your server configuration, you may get a pop-up asking for you to authenticate to an active directory domain. Simply click the cancel button a few times until you get the Select Users of Groups screen shown below.
On this screen, you will want to make sure that the “Location” selected is your computer. If it is not, click “Locations…” and select your computer (should be at the top; you may also need to click cancel on some authentication windows here as well).
The “ApplicationPoolIdentity” user is a hidden user, so it is not possible to search for this user. As such, you will have to type the username to add it. The username you will need to type is “IIS AppPool\<applicationpoolname>“. Please see the following example and fill yours out accordingly:
Once you type the user name, click OK. Now that you’ve added the user, which is by default only granted read permissions, you will want to verify your security settings look similar to the following image, and then click OK.
And with that, you’re done and have a secure site ready to be viewed by the masses without needing to fear that hackers will deface it.
As a bonus, if you’re looking to get your fingers wet with some Powershell, the steps covered in this article can also be accomplished on a Windows Server 2012 or newer server through Powershell. Simply fill out the first two variables with your domain name and the path to your content, and then run the rest of the PowerShell commands to set up the site in IIS and configure folder permissions.
[String]$Domain = ‘<domain_Name>’
[String]$Root = ‘<path_to_your_content>’
Import-Module WebAdministration
#Create App pool & Website
New-WebAppPool -Name $Domain
New-Website -Name $Domain -HostHeader $Domain -PhysicalPath $Root -ApplicationPool $Domain
Set-WebConfigurationProperty -Filter system.webServer/security/authentication/anonymousAuthentication -Location $Domain -PSPath MACHINE/WEBROOT/APPHOST -Name userName -Value ''
#Optionally add www. Binding
New-WebBinding -Name $Domain -HostHeader www.$Domain -ErrorAction
#Remove inheritance (copy)
$ACL = Get-ACL $Root
$ACL.SetAccessRuleProtection($True,$True) | Out-Null
$ACL.Access | ?{ !(($_.IdentityReference -eq 'NT AUTHORITY\SYSTEM') -or ($_.IdentityReference -eq 'BUILTIN\Administrators')) } | %{ $ACL.RemoveAccessRule( $_ ) } | Out-Null
$ACL | Set-ACL
#Add IIS user permissions
$ACL = Get-ACL $Root
$acl.SetAccessRuleProtection($False, $True)
$Rule = New-Object System.Security.AccessControl.FileSystemAccessRule("IIS AppPool\$Domain", "ReadAndExecute", "ContainerInherit, ObjectInherit", "None", "Allow")
$acl.AddAccessRule($Rule)
$acl | Set-Acl
Additional Notes: In some cases, sites may need additional write or modify permissions on specific files or folders for file uploads, cache files, or other content. It is important that you do not apply modified permissions to the entire site. Instead, modify specific directories or files as needed. To apply these settings, go to the file or folder that needs modification, right-click on it, and select Properties. Switch to the Security tab and click Edit. In there, select the user that has the name of the website (liquidweb.com in my example above), select modify under the Allow column, and then click OK. This will give the ApplicationPoolIdentity and IIS the ability to write to or modify the file(s) or folder(s).
Still need additional protection for your Liquid Web server? Our Server Protection packages provides a suite of security tools especially for Windows servers. You’ll get routine vulnerability scans, hardened server configurations, anti-Virus and even malware cleanup, should your site get hacked. Don’t wait another vunerable minute, check out how we can protect you.