LAPS is easy to deploy and works great. The challenge comes in knowing if itās actually working. How do you know if your machines have ever set the password? Or maybe they set it once and havenāt updated it since even though itās past the designated expiration date? Itās definitely worth monitoring to ensure that your machines are operating as expected. Jiri Formacek (the creator of LAPS), threw together a small PowerShell script to provide that capability.
windows active directory securityBash is powerful, it is super permissive, and because of that, it is extremely easy to do something stupid with it. This blogpost is more about good conventions in bash, not it's syntax or how to do basic stuff with it.
bash shellLike programming in C or driving a car, contemporary shellscript languages require some knowledge and discipline to use safely, but that's not to say it can't be done. This guide is here to show that in bash, it can be done. Specifically, those systematic bugs that the language encourages can be eliminated by disciplines that are outlined here. Realize that Bash is not a language where the correct way to do something is also the easiest.
bash shellThis wiki is intended to provide human-readable documentation and information so users aren't forced to read every bit of the Bash manpage - which can be difficult to understand.
bash shellLocal Administrator Password Solution (LAPS) has been around for a while and last year it became an official supported tool by Microsoft. Since there are so many articles about it, I would likeĀ to share my tweaks.Ā I decided to create my own LDF file to extend the schema with this two attributes because I feel that a few things are missing.
active directory security windowsSome people prefer using tmux on the local machine only on top of their terminal emulator, supercharging it with multiplexing and window management in the first place. People who spent most of their time SSHāing on remote hosts, make use of persistent session nature and resistance to network disconnects.
tutorial tmux terminalIn this book, we will break down tmux by its objects, from servers down to panes. It also includes a rehash of terminal facilities we use every day to keep us autodidacts up to speed with what is what. Iāve included numerous examples of projects, permissively licensed source code, and workflows designed for efficiency in the world of the terminal.
reading terminal tmuxThis whitepaper presents a deep dive of the AWS Lambda service through a security lens. It provides a well-rounded picture of the service, which can be useful for new adopters, as well as deepening understanding of AWS Lambda for current users.
security aws lambdaPointers are real. Theyāre what the hardware understands. Somebody has to deal with them. You canāt just place a LISP book on top of an x86 chip and hope that the hardware learns about lambda calculus by osmosis. Denying the existence of pointers is like living in ancient Greece and denying the existence of Krackens and then being confused about why none of your ships ever make it to Morocco
funny programming pdfCynefin offers four decision-making contexts or "domains": simple, complicated, complex, chaotic, and a centre of disorder. The domains offer a "sense of place" from which to analyse behaviour and make decisions. The domains on the right, simple/obvious and complicated, are "ordered": cause and effect are known or can be discovered. The domains on the left, complex and chaotic, are "unordered": cause and effect can be deduced only with hindsight or not at all.
reading interestingThis local āuserā account is not an administrative account or domain account. This account is automatically created for you on each of the nodes when you create a cluster or on a new node being added to the existing Cluster. This account is completely self-managed by the Cluster Service and handles automatically rotating the password for the account and synchronising all the nodes for you. The CLIUSR password is rotated at the same frequency as the CNO, as defined by your domain policy.
windows sql serverStarting in Windows Server 2008 R2, Active Directory now implements a true recycle bin. No longer will you need an authoritative restore to recover deleted users, groups, OUās, or other objects. Instead, it is now possible to use PowerShell commands to bring back objects with all their attributes, backlinks, group memberships, and metadata.
active directory sysadminA Failover Cluster does not update the lastLogonTimeStamp the same way as a real computer. A cluster updates the lastLogonTimeStamp when it brings a clustered network name resource online. Once online, it caches the authentication token. Therefore, a clustered network named resource working in production for months will never update the lastLogonTimeStamp. This appears as a stale computer account to the AD administrator.
Global auditing lets you create System Access Control Lists (SACL) for the entire computer, based on file and registry. This means that instead of manually altering and maintaining SACLs on 10TB of shared files, you can instead define them implicitly and not actually modify the files at all. You can then troubleshoot an unexplained file deletion, see who keeps changing permissions on a folder, or satisfy an auditor.
active directory security windows group policyYou should not trust any of the Group Policy reporting tools when it comes to audit settings. Thereās only one safe bet and itās this command: auditpol.exe /get /category:*
Permissions can be applied to the current folder, sub folders or files within folders and sub folder, or any combination of these. For every access rule there are two flags (InheritanceFlags and PropagationFlags) which together supports all possibilities.
Start the capture with netsh trace start capture=yes tracefile=foo.etl Stop the capture with netsh trace stop. Two files are created: foo.cab and foo.etl. These files can be opened with Microsoft Message Analyzer. Once the file has been loaded into Message Analyzer you can export it to pcap to view in Wireshark.
Message Analyzer enables you to capture, display, and analyze protocol messaging traffic; and to trace and assess system events and other messages from Windows components.
windows toolsWith published settings (published: false), with future dated posts (jekyll serve --future), with drafts folder (jekyll serve --drafts).
Display all variables/facts known for a host
- name: Display all variables/facts known for a host
debug:
var: hostvars[inventory_hostname]
ansible
debugging