Disable auto-updates on Windows 10


Windows10Yesterday, Microsoft released Windows 10 to the public. For home users this update will be free of charge, even if your current Windows 7, 8 or 8.1 installation is semi-legal.

Windows 10 brings new features to the desktop. Among others, these include:

  • The start menu is back. Live tiles are integrated in this menu;
  • Speech control with Cortana, just like Siri on the iPhone does;
  • A new task-switcher to replace the Alt-Tab combination;
  • Action Center, just like the Notification center in Mac OSX;
  • The command prompt enters the 21st century;
  • The new Edge browser. Goodbye Internet Explorer and Silverlight;
  • Automatic installation of Windows updates and auto-rebooting.

The last one is a good feature to protect end-users if we forget about the consequences when Microsoft pushes out a bad update. Been there, done that. Even during the Beta-testing of Windows 10, when Microsoft pushed out a bad Nvidia video driver. But let’s not focus on that at this moment. In some environments you want to have more control over when and how updates are being installed and, if needed, when your PC is being restarted.

Option 1: Disable the Windows update service

There are a few options to disable auto-updating of Windows 10. The first one is to disable the Windows Update service itself. The disadvantage of this is that you don’t have the option to automatically check for updates and you won’t get notified is updates are ready, to install them on your workstation at a time convenient for you. However, if you want to go for this, use these PowerShell lines (or click around in the GUI).

stop-service wuauserv
set-service wuauserv –startup disabled

Finally, check if this all worked via WMI

get-wmiobject win32_service –filter "name='wuauserv'"

Option 2: Registry hack to bring back the old update

The second option is to bring back the old Windows update style by applying some lines in the registry. Copy and paste the lines below in a .reg file and apply this. This will bring back the old Windows Update applet in the Control Panel.

Windows Registry Editor Version 5.00 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsUpdate\UX] "IsConvergedUpdateStackEnabled"=dword:00000000

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsUpdate\UX\Settings] "UxOption"=dword:00000000

New job: Technical Consultant


SLTN-IAOn June 1st I started my new job as Technical Consultant with SLTN Inter Access. My first assignment is internal as VMware vCloud engineer to support Managed Services due to the coming holiday season. This will last till half August. See sltncloud.nl for more details.

I’ve worked with VMware vCloud Director since the first public release and still remember installing the service using RHEL and Oracle. Since then, many things changed. Microsoft SQL Server is supported and many things changed in the vShield support for networking like VPN and firewalling.

My department will be the UNIX/Infra group.

Install SSLH on your Synology DiskStation


sslhYou’re in an office or using public wifi and ports other than 53, 80 and 443 are blocked. How to SSH or VPN to your DiskStation? SSLH provides a solution for this, by acting as a proxy listening on port 443 and passing the traffic to deamons like SSHd, Apache or OpenVPN. The SSLH package is available in the SynoCommunity repository but manual work needs to be done to get it working.

By default, Apache on the Synology listens on port 443 without binding to an IP-address or interface. The first step would be to change the configuration so Apache listens on port 443 on localhost only. SSH to the DiskStation and change the configuration in these 3 files:

  • /etc/httpd/conf/extra/httpd-ssl.conf
  •  /etc/httpd/conf/extra/httpd-ssl.conf-sys
  •  /etc/httpd/conf/extra/httpd-ssl.conf-user

This can be done recursively with sed:

mkdir /root/http-backup
cp -a /etc/httpd/conf/extra/httpd-ssl.conf* /root/http-backup/
sed -i 's/*:443/' /etc/httpd/conf/extra/httpd-ssl.conf*

Now change the configuration of SSLH. By default, de service listens on port 3000. The configuration file can be found in /usr/local/sslh/var/sslh.cfg. Also change your host ( to the IP-address of the Synology. In case you use multiple interfaces, the interface to your router should be the one.

When done, reboot your Synology DiskStation and test if https, ssh and/or OpenVPN works via port 443.

Free e-Training (and exam): Brocade Certified vRouter Engineer


Brocade-BCVREAbout 2,5 years ago, Brocade acquired Vyatta, providing a software-based virtual router, virtual firewall and VPN products for Internet Protocol networks (IPv4 and IPv6). Brocade now let’s you become a Brocade Certified vRouter Engineer for free, by taking web-based training, gaining hands-on experience on a Vyatta appliance (in VMware, KVM, Virtualbox, whatever you like) and gives you a free in-person test at one of Person VUE’s testing centers.

I started with the course today. The full length of the training video’s is about 5 hours. I took the first hour or so. In terms of content I notice it’s not about protocols like BGP or OSFP itself, but about setting up and configuring the router (and protocols) via the Command Line Interface (CLI). Therefor I’d suggest everyone who’s not afraid for a CLI and doesn’t have in depth-knowledge of protocols to take the training and course.

It will cost you about a full day and gives you a free certification. If you don’t have any network certifications yet, this might be a nice first step to widen – and prove – your knowledge.

Information about the contents of the training can be found on this website. Get started with the training and certification on this website: www.brocade.com/NFV-Cert. Don’t forget to have a look at the free PDF: BCVRE in a Nutshell Study Guide for Exam 170-010. Good luck!

Synology DS1815 from the inside


About every two years I upgrade my Synology NAS. This time, the DS713+ made place for a DS1815. Tough the DS713+ isn’t bad at all, in particular after a memory upgrade, a faster CPU was preferred for single threaded applications like all Python apps are. Also, I needed a minimum of 4 Gbyte memory but more was preferred since Docker is a new Synology Package and more disk shelfs would be nice. I ended up ordering the new DS1815.

Some pictures from the unit, in particular the memory slot.




In-place upgrade CentOS6 to CentOS7


centos-logoI’m currently busy testing the CentOS6 to CentOS7 online upgrade.

The first tests on a plain CentOS (6.5) installation were successful and I’m hoping to start testing some (DirectAdmin development boxes running ‘real’ websites soon).

The CentOS core team has pre-build packages available of Red Hat’s tool to do the in-place upgrade. These are available as RPM-package in this repository.

Installation is done by adding a repo file (/etc/yum.repos.d/upgrade.repo) with this content:


Limit number of kernels in CentOS


By default, CentOS will keep the 5 last installed kernels available. Since kernels are getting bigger and the /boot partition is, in most of the cases, a primary partition which is difficult to extent, you can run into problems like I had today. My /boot was getting too small.

I always create it with a size of 150M, but 250M is more common these days. The workaround is quite easy: limit the number of old kernels that you want to keep after installing a new one to 3 instead of the default 5.

Install the package yum-utils:

yum install yum-utils

Now remove the old kernels:

package-cleanup --oldkernels --count=2

To make this permanent, edit /etc/yum.conf and set installonly_limit:


That’s it. CentOS will now install no more than 3 kernels. The current one and two older versions. This also works with other RPM-based systems like Fedora and Redhat or Oracle Enterprise Linux.

VMware Certified Associate


I haven’t update my VCP since version 3.5 Last week I noticed you could take the VMware Certified Associate exam for free with online delivery. Without learning I passed. Guess after building all the clusters, including updates to v5.5, the knowledge level is still okay.


Enable IPv6 on the Raspberry Pi


By default, Raspian comes unconfigured for IPv6. What a shame. To enable IPv6 support just follow these steps:

Enable the IPv6 kernel module by typing this in your shell:

sudo modprobe ipv6

Now, enable IPv6 by default after boot:

sudo echo "ipv6" >> /etc/modules

If needed, adjust your network configuration file by adding IPv6 here. Options are auto or dhcp. In my case, the modem acts as an IPv6 router (XS4ALL fiber). So adding this to the network options enabled DHCP:

sudo echo "iface eth0 inet6 dhcp" >> /etc/network/interfaces

Now reboot with:

sudo shutdown -rf now


Disable Teredo and ISATAP in Windows 7


I’ve just migrated the only Windows PC in home, used for running hamradio software. This used to be a Toshiba Satellite notebook but bought a Mac Mini last week and installed Bootcamp and WIndows 7. Since I’m using a Hurricane Electric IPv6 tunnel (tunnelbroker.net) at home, IPv6 will be auto-configured by my router. So no need to hav Teredo and/or ISATAP running. This is how to disable it:

Start a command prompt *as Administrator* and run:

netsh int ipv6 isatap set state disabled
netsh int ipv6 6to4 set state disabled
netsh int teredo set state disable

While your busy anyway you also want to disable the RFC4941 privacy extensions, hiding your real IPv6 address so your able to remotely log in to your PC without hassle:

netsh int ipv6 set privacy state=disabled store=active
netsh int ipv6 set privacy state=disabled store=persistent

Now reboot, start a command-box and type ipconfig. You only should see your Tunnelbroker.net IPv6 address (which can be set hard in the network configuration setting anyway)

Go to Top