Michael Waterman

Ramblings on IT and Security

Category: Automation

How to: Configuring Windows Server Core with PowerShell

January 11, 2026 / / 0 Comments

A couple of weeks ago, I came across a discussion on Reddit about Windows Server Core versus Windows Server with a GUI. Not the usual debate about usability or learning curves, but something more telling, a lot of people were genuinely struggling to set up a Server Core installation from scratch.

Yes, there’s the built-in sconfig utility. It works, and for a one-off setup it’s perfectly fine. But let’s be honest, if you’re running Server Core in a production environment, clicking through menus or manually configuring systems shouldn’t be part of the plan. Server Core practically begs for automation.

Continue reading

How to: Build a PKI with PowerShell – Part 4 – Enterprise CA

January 3, 2026 / / 0 Comments

Other parts in this series

How to: Build a PKI with PowerShell – Part 1 – Preparation

How to: Build a PKI with PowerShell – Part 2 – IIS WebServer

How to: Build a PKI with PowerShell – Part 3 – Offline Root CA

In the previous parts of this series, we’ve laid the foundation of my PKI infrastructure. I’ve designed the architecture, prepared the environment, built the web distribution layer, and established a secure and isolated Root Certificate Authority. With that foundation in place, I can now move on to the component that will actually issue certificates: the Enterprise Certification Authority.

Continue reading

How to: Build a PKI with PowerShell – Part 3 – Offline Root CA

January 3, 2026 / / 0 Comments

Other parts in this series

How to: Build a PKI with PowerShell – Part 1 – Preparation

How to: Build a PKI with PowerShell – Part 2 – IIS WebServer

How to: Build a PKI with PowerShell – Part 4 – Enterprise CA

In the previous part, I prepared the PKI Web Server, the semi-public-facing component responsible for distributing CRLs, certificates, and policy information.
In this part, I’ll move to the most sensitive and critical component of the entire PKI design: the Offline Root Certificate Authority. This system forms the foundation of trust. Everything else in the PKI ultimately depends on it, so it better be very secure!

Continue reading

How to: Build a PKI with PowerShell – Part 2 – IIS WebServer

January 3, 2026 / / 0 Comments

Other parts in this series

How to: Build a PKI with PowerShell – Part 1 – Preparation

How to: Build a PKI with PowerShell – Part 3 – Offline Root CA

How to: Build a PKI with PowerShell – Part 4 – Enterprise CA

In the previous part, I’ve covered the design choices and preparation work needed before touching any infrastructure. In this part, I’ll finally start building something: the PKI Web Server.

I know, I know, not the most exciting exercise, but stay tuned, perhaps I’ll have some former Microsoft Security engineer tips here! However boring, this server plays a crucial role in the overall trust model. It hosts:

  • The Certificate Revocation List (CRL)
  • The Certificate Distribution Point (CDP)
  • The Certification Practice Statement (CPS)

In short: it becomes the “public-facing” component of your PKI.

Continue reading

From ClickOps to DevOps, building secure Windows images with Packer on Proxmox

December 19, 2025 / / 2 Comments

Update 26-12-2025: Uploaded new and improved PowerShell scripts to GitHub. Added Windows 11, Ubuntu Server & Ubuntu Desktop to the repository.

In June 2023, I wrote a blog about the principle of clean source. At its core, clean source is about knowing exactly what you are using as the foundation of your installations, and automating that process so the outcome is predictable and repeatable.

Back then, I relied on what we now have to call legacy tooling. While that approach still works, it was already showing its age. Tools like MDT have been deprecated for quite some time, and although community efforts try to keep them alive, it’s clear that this path is slowly coming to an end.

That realization pushed me to take a step back and ask a simple question: why not approach this from a DevOps mindset instead? As it turns out, that opened the door to some pretty cool possibilities.

Continue reading

Fixing Packer + Proxmox template build failures: “can’t lock file … got timeout”

November 29, 2025 / / 0 Comments

While automating my Proxmox environment with Packer, most of the workflow worked flawlessly: Ubuntu autoinstall, cloud-init, SSH provisioning, and qemu-guest-agent all behaved exactly as expected. But every build consistently failed at the very last step, converting the VM into a template, which was very annoying.

Despite the VM installing perfectly, Proxmox refused to stop it cleanly and returned a persistent lock-related error. This led to a surprisingly long troubleshooting process, which eventually revealed a simple root cause: stale lock files left behind from earlier interrupted builds……sigh

In this post, I’ll share the exact error, the steps I went through to diagnose it, and how cleaning up these old lock files immediately restored stable, repeatable builds, it’s been a few very long days…

Continue reading

Secure LUKS containers on Linux

October 14, 2025 / / 0 Comments

Lately, I’ve been refining parts of my Linux workflow to make them both more secure and practical. One of those improvements came from something simple but powerful, using encrypted containers instead of relying solely on full-disk encryption.

In this post, I’ll walk you through how I built a secure, self-contained LUKS container on Linux, explain what’s really happening behind the scenes, and share a few lessons learned along the way, including troubleshooting tips and two small Bash scripts that make mounting and unmounting effortless.

Continue reading

Navigating PowerShell Remoting Challenges with PowerShell 7

August 27, 2023 / / 0 Comments

In the world of system administration and automation, PowerShell has been a trusted companion for managing tasks efficiently across a variety of environments. With the introduction of PowerShell Core 7, the capabilities of PowerShell expanded further by becoming cross-platform, allowing administrators to manage systems regardless of their operating system. Recently, I embarked on a journey to explore the capabilities of PowerShell Core 7’s remoting features, but as often happens in the world of technology, I encountered an unexpected challenge.

Continue reading

© 2026 Michael Waterman

Theme by Anders NorenUp ↑