Evgenij Smirnov
Senior Solutions Architect @ Semperis
Senior Solutions Architect @ Semperis
Berlin, Germany
Actions
Evgenij has been working with computers since the age of 5 and delivering IT solutions for over 25 years. His Active Directory and Exchange background naturally led to PowerShell, of which he's been an avid user and proponent since its first release.
Evgenij is an active community lead at home in Berlin, a leading contributor to the German self-help forums and an experienced user group and conference speaker. He is a Cloud and Datacenter Management MVP since 2020. He is the author of "Building Modern Active Directory", released by Apress in 2024.
Evgenij ist ein IT-Industrie-Veteran mit mehr als 25 Jahren Erfahrung im Gepäck. Seine Expertise liegt primär in den Microsoft- und VMware-Technologien. Die Beschäftigung mit Active Directory und Exchange führte zu PowerShell, und diese Technologie ist aus Evgenijs Blogbeiträgen, Artikeln und Konferenz-Vorträgen seit vielen Jahren nicht mehr wegzudenken.
Evgenij ist aktiv in Online- wie Offline-Communities: Er ist Group Lead für drei offizielle Microsoft User Groups in Berlin. Er ist Microsoft MVP für Cloud and Datacenter Management seit 2020 und Autor von "Building Modern Active Directory", erschienen im Apress-Verlag in 2024.
Links
Awards
Area of Expertise
Topics
Domain Join revisited: The good, the bad and the juicy bits en
All your machines are joined to Entra ID exclusively? Then this session is not for you. But if you are still joining clients and servers to Active Directory, then the domain join is an area that deserves CISO attention and highest priority.
The operation of assigning an identity to a computer involves several moving parts to work together, and all of them carry security risks - from credentials exposure through privilege escalation and in some cases all the way up to domain dominance, In this session, we will look at several typical domain join scenarios for the endpoints and discuss hardening and securing this operation.
Practical Linux automation with PowerShell en
PowerShell is cross-platform, right? So you can automate your Linux boxes the same way you've been able to manipulate your Windows ecosystem for the last 18 years, right?
Well, sort of.
In this session, we will look at typical automation tasks, both mundane and complex, and see what solution approaches exist to peforming them "in" PowerShell on Linux or "via" PowerShell using combinations of PowerShell and SSH remoting and native Linux tools.
Tier 0 überwachen - Wie binde ich die Kronjuwelen in meine Ops ein? de en
Kaum eine IT-Organisation kommt ohne Monitoring aus, und die entsprechenden Lösungen werden immer komfortabler, intelligenter, mächtiger... jedoch kaum sicherer! Meist nimmt das Monitoring sehr hohe Privilegien für sich in Anspruch, die ihm erlauben, den Betriebszustand aller Systeme lückenlos zu überwachen.
Doch spätestens wenn es um die Kronjuwelen, also Tier 0-Systeme, geht, stellt sich die Frage, wie man die aus Sicherheitssicht unabdingbare Trennung mit der aus Betriebssicht wünschenswerten Verknüpfung der Zustandsdaten zwischen Tier 0 und Tier 1 hinbekommen soll. In dieser Session schauen wir uns kurz die allgemeinen Prinzipien und Ansätze an und untersuchen dann anhand von Demos einige Beispiele erfolgreicher Tier 0-Überwachung.
Monitoring Tier Zero: Operationalizing the Crown Jewels de en
Monitoring solutions how come a long way towards delivering insights into IT infrastructure health, resource usage and consolidation and overall operational fidelity. However, most infrastructure components have not evollved in a way that would make monitoring them more secure, still mostly requiring privileged access in order to obtain operational parameters.
This becomes especially critical when it comes to monitoring Tier 0 assets. Not all is lost, though. In this session, you will learn about some architectural concepts for securely monitoring Tier 0 applications and also get technical implementation advice to take home.
Write cross-platform PowerShell, they said... en
PowerShell 6 was cross-platform from its inception, and version 7 is continuing its success story. It is no wonder that platform portability is a big part of pwsh's value proposition as compared to Windows PowerShell.
Not all is bright and shiny though. The non-windows machines are even less homogenous and predictable than the Windows ones are, some important namespaces have only been ported partially or not at all, and some of the techniques we know and love behave differently on different platforms.
In this session, we will look at typical use cases and try implementing them in a way that allows script/module portability.
PowerShell: Helping a CISO see the light en
"Disabling PowerShell is high on our list of priorities in securing our environment ." Everyone who participated in a security assessment in recent years, especially in a Windows-heavy organization, probably heard this being said by a security officer.
In this session, we will debunk some misconceptions about the viability of this measure and look at the vast gray zone that remains after all that is achievable by supported methods has been done. Then we will pivot to the possibilities to move not to a "PowerShell-free" environment but to a regulated one, where PowerShell usage is controlled and logged to enable both manageability AND visibility. Because, dear CISO, PowerShell is not your enemy!
Creating a PowerShell executor - a non-dev's tale en
Sometimes, an enterprise scripter is forced to leave their comfort zone and create a binary executable, a windows service or a web application. Having the ability to execute PowerShell code from that application opens many possibilities like reusing script code one already has in form of scripts, modules and snippets. It also provides countless ways to lower your security posture, impact performance and degrade the overall usefulness of your application.
In this session, we will look at two typical use cases and the facepalm moments you are likely to encounter along the way. But I will also provide hard-earned integration advice so that you, as a non-developer, at least do not have to repeat the mistakes I already made for you.
Basic Toolmaking - The road to extensibility en
The best indication that you've made a great tool that solves a real problem is that people actually start using it. But once they do, improvement suggestions and feature requests are sure to start rolling in. Some of them are trivial to implement. Others, however, may send you down the rabbit hole of refactoring the complete code very quickly.
In this session I will demonstrate some techniques that saved me from the refactoring hell more than once and allowed me to incorporate incoming feature requests in record time.
Good planning is key, of course - but what exactly should you plan for? And what criteria should you set for declining a request? Because some of your (internal) customers will not take a simple 'no' for an answer!
Putting JEA to good use on Hyper-V clusters en
This may come as a surprise to some, but organisations are actually using Hyper-V in production! There is, however, one area where it absolutely does not shine, and this is delegating permissions!
With the old AzMan-based engine gone from Hyper-V, the obvious choice is to use PowerShell for delegation. Luckily for us, Just Enough Administration (JEA) goes a long way towards our objective, only permitting certain operations on certain objects to our designated management groups and then invoking the permitted operations with a highly privileged virtual account! However, there are limitations to what "pure JEA" can do, so we'll have to improve on that.
We will discuss what's in the box, take a look at how Windows Admin Center does it, and then create a JEA endpoint that is even more 'private cloud' than that. Lots of demo and some gotchas along the way!
Maintaining code quality with a bunch of non-developers en
With the advent of open-source PowerShell, the Dev-minded part of the community more or less assumed power over (and, to a slightly lesser extent, responsibility for) best practices of writing and maintaining PowerShell code.
Yet a significant portion, if not the majority, of PowerShell script code that gets executed every day, is being produced not by devs but by "enterprise scripters", i.e. persons who may know how to code but are otherwise not dev-minded. It gets worse if scripts and modules have to be maintained by a whole team of ops people.
Having spent lots of time among both groups, I will present some challenges ops-minded scripting teams are facing and solutions to at least a part of those challenges. Not all of them are of technical nature, but you can still take them home and implement in your organization!
Keeping Secrets: State of the Union en
For some time it seemed that with the Secret Management module in PowerShell and service principals in Azure AD most of the questions around credentials persistence in PowerShell code have been answered. Yet we're still seeing plaintext credentials in scripts, GitHub repositories and code examples on the Internet. It may be worth the while to revisit this topic after all.
After a brief discussion of the requirements, posiibilities and impossibilities of credential management in script code, I will showcase some of the techniques you can use today to store and access credentials in your scripts in a secure manner without having to visit each endpoint if one of the secrets changes.
And yes, there are possibilities beyond Secret Management and Secret Vault!
Basic Toolmaking - strategies for storing persistent data in PowerShell scripts en
The cases for persisting data after your script has finished executing are legion. Logs, execution stats, configuration settings, sometimes even credentials - all of these need to be persisted to storage and retrieved later, either by the next instance of the same script or by some other system.
In this talk I will showcase some strategies for persisting data in PowerShell in a compatible and performant manner.
Basic Toolmaking - robust scripting for unattended execution en
In this talk, we will look at the challenges of scripting where the user in front of the console cannot react to unforeseen events such as exceptions or systems being unreachable at execution time. As an enterprise scripter, it's your responsibility to make your script robust enough that they execute correctly every time and do not wreak havoc if some of the conditions at execution time are not as you (and everybody else) assumed they would be.
Basic Toolmaking - reducing dependencies for portable scripting en
In this Level 200 talk I will demonstrate several techniques to make your scripts 'drop & run' by reducing dependencies both on external code and on the environment the scripts run in.
Connecting to systems in a trustless world en
No, it's not about Zero Trust :-) Even in 2024, there is still work to be done on premises. However, due to the rapidly evolving threat landscape, not everything is integrated in Active Directory, and even trusts between different AD forests within one and the same organization are not the norm anymore.
In this session, we will explore different possibilities of connecting to remote (Windows) systems using PowerShell on a local (Windows) system in scenarios where there is no common authentication basis between the two. We'll be looking at the functionality, security, performance, ease of use - but also at the operational cost involved in order to make each particular method work.
This session concentrates on scripting rather than on interactive CLI administration, but of course, most remoting methods are applicable to one-line-at-a-time tasks as well.
How Hard is Hardening? en
In the world of Windows, Active Directory and Microsoft applications in general, hardening recommendations and frameworks are legion. They all share a common Achilles heel though - the consequences of implementing a certain security control are hard to predict, That has kept many organization from consistently hardening their systems in the past and is continuing to do so in spite of the cyber threat ravaging the modern world.
In this session I will present a typical on-premises environment that is 100% functional, yet very resilient against a wide variety of typical attack techniques, along with the simple yet effective hardening measures that make this level of resilience possible.
PowerShelling Active Directory - far and wide en
Everybody knows Get-ADUser -Filter * -Properties *, and in a lab or a small(ish) production environment, you can even get by using the built-functionality, not caring about filtering or your scripts' execution time. The situation changes dramatically if your Active Directory landscape is big - be it in terms of object count, group nesting depth, domain topology, number of forests or all of the above!
In this session, we will look at proven techniques for successfully using PowerShell with sizeable Active Directory environments, explore several everyday use cases and, if time permits, even one or two exotic ones.
Strong (typed) opinions - is typing worth the hassle? en
From its inception, PowerShell has gone out of its way to shield the scripters and operators from having to know and understand the underlying .NET structures. Implicit conversion, on-the-fly type changes, output formatting buried deep in .ps1xml files help with that - you can spend a decade scripting and be successful in automating your IT processes without knowing much about the objects and data types being used under the hood.
There are, however, developers coming to PowerShell not from operations but from strongly typed languages like C++, C# or Delphi. These folks are very vocal about typing everything, even in PowerShell, and often push for declaring explicit type declarations "best practice". PowerShell, being what it is, is happy to oblige. Or is it?
In this session, we will explore the most prominent use cases that seem to call for strong typing, the benefits, caveats and idiosyncracies that go with them. We will ask ourselves whether the perceived benefits are worth the reduced readability and increased file size. We will also examine the performance aspect of strong typing at scale.
psconf.eu 2024 Sessionize Event
PowerShell + DevOps Global Summit 2024 Sessionize Event
psconf.eu 2023 Sessionize Event
psconf.eu 2022 Sessionize Event
Scottish Summit 2022 Sessionize Event
psconf.eu 2020 Sessionize Event
Evgenij Smirnov
Senior Solutions Architect @ Semperis
Berlin, Germany
Links
Actions
Please note that Sessionize is not responsible for the accuracy or validity of the data provided by speakers. If you suspect this profile to be fake or spam, please let us know.
Jump to top