PowerShell Remoting and Kerberos Double Hop: Old Problem – New Secure Solution

PshSummit2017_thumb.jpg
PshSummit2017_thumb.jpg

PowerShell and DevOps Global Summit 2017 This week I enjoyed presenting at the PowerShell and DevOps Global Summit 2017. If you have not attended, I highly encourage it. You will get to meet PowerShell team members from Microsoft, MVPs, and the people you follow on Twitter! Follow @PshSummit on Twitter to get the alerts for registration….

2

Practical PowerShell Security: Enable Auditing and Logging with DSC

Ninjacat
Ninjacat

PowerShell Security Almost two years ago Lee Holmes released his famous PowerShell ♥ the Blue Team whitepaper. This is required reading for anyone who works with PowerShell at all in their job or who is concerned about the security of PowerShell in their environment. I outlined a number of PowerShell security-related resources in this previous…

2

Compare Group Policy (GPO) and PowerShell Desired State Configuration (DSC)

14_floppy.gif
14_floppy.gif

What is the difference between Group Policy (GPO) and PowerShell Desired State Configuration (DSC)? Why would I use one over the other? I hear these questions frequently. Today we are going to fully explore the pros and cons of each. Is GPO going the way of the floppy disk? Let’s find out. The Contenders Group…

4

Pro Tip: PowerShell DSC Events to Monitor

blivit
blivit

The Problem I need to monitor PowerShell DSC health on all of my nodes. But I do not want to wait for every possible event to happen in production to catch it and add it to my monitoring event list. The Options There are many options for monitoring PowerShell Desired State Configuration (DSC) status on…

0

2017 New Years PowerShell DevOps Study List

Geek Mug
Geek Mug

Microsoft: from “know-it-all” to “learn-it-all” In a recent interview Satya Nadella mentioned the learn-it-all mindset. This is certainly true in the world of PowerShell. We are so far beyond “just a scripting language” now. Wow! Have you been paying attention to PowerShell this year? So many big announcements! Today’s post is a crazy link list…

1

How to run a PowerShell script against multiple Active Directory domains with different credentials

collage
collage

I was working with a customer recently who needed to execute the same script against servers in different Active Directory domains. They had administrative privileges in each domain, but each domain used a different account. You could apply this same scenario to running one query against domain controllers in different domains. Today we’ll explore one…

2

Gnarly Innards: How to live debug PowerShell DSC configurations without using Enable-DSCDebug

CTRL ALT DEL
CTRL ALT DEL

The Problem Have you ever needed to debug a PowerShell Desired State Configuration that appeared to be hanging when it was applying? At that point it’s a little too late to run Enable-DscDebug. Here’s how to debug it anyway… The Solution On the box applying the active configuration you can see the LCM is busy….

0

Use the new PowerShell cmdlet ConvertFrom-String to parse KLIST Kerberos ticket output

NinjaParser
NinjaParser

Tired of hacking away at RegEx and string functions to parse text? This post is for you! ConvertFrom-String In yesterday’s post we reviewed a simple example of the new PowerShell 5.x Convert-String cmdlet. Today we are going to study a complex example with ConvertFrom-String. This cmdlet was first documented here in a PowerShell team blog…

7

Use the new PowerShell cmdlet Convert-String to parse email addresses

NinjaParser
NinjaParser

Tired of hacking away at RegEx and string functions to parse text? This post is for you! New toys PowerShell 5.x includes a number of new features. One of the lesser-known and incredibly powerful is the string conversion set of cmdlets. The names are very similar. Check out how Get-Help describes them: PS C:\> Get-Help…

2

PowerShell Remoting Kerberos Double Hop Solved Securely

ServerA
ServerA

The struggle is real. Are you facing issues with PowerShell remoting and credentials? You remote into your jump box, but then any remoting beyond there gets a big red ACCESS DENIED. Maybe you’ve tried CredSSP, but people say that isn’t safe. Read today’s post for a completely legit, secure, safe, and easy way to enable…

32