Maintaining code quality with a bunch of non-developers en

With the advent of open-source PowerShell, the Dev-minded part of the community more or less assumed power over (and, to a slightly lesser extent, responsibility for) best practices of writing and maintaining PowerShell code.
Yet a significant portion, if not the majority, of PowerShell script code that gets executed every day, is being produced not by devs but by "enterprise scripters", i.e. persons who may know how to code but are otherwise not dev-minded. It get worse if scripts and modules have to be maintained by a whole team of ops people.
Having spent lots of time among both groups, I will present some challenges ops-minded scripting teams are facing and solutions to at least a part of those challenges. Not all of them are of technical nature, but you can still take them home and implement in your organization!

Keeping Secrets: State of the Union en

For some time it seemed that with the Secret Management module in PowerShell and service principals in Azure AD most of the questions around credentials persistence in PowerShell code have been answered. Yet we're still seeing plaintext credentials in scripts, GitHub repositories and code examples on the Internet. It may be worth the while to revisit this topic after all.
After a brief discussion of the requirements, posiibilities and impossibilities of credential management in script code, I will showcase some of the techniques you can use today to store and access credentials in your scripts in a secure manner without having to visit each endpoint if one of the secrets changes.
And yes, there are possibilities beyond Secret Management and Secret Vault!

Active Directory: Will PowerShell save us? en

With the inclusion of ADWS and the PowerShell AD module in the Windows Server OS scripting Active Directory with PowerShell instead of arcane tools like dsget or dsacls became mainstream for many, if not most, AD admins and security professionals.

But is PowerShell the answer to all AD-related questions, especially where maintaining AD security is concerned?

After a brief discussion about the possibilities, the limits and the perils of PowerShell in regard to AD management, we will dig in and showcase some advanced scripting practices that will help you streamline your AD management even further.
And coming from me, performance considerations will definitely play a part.

Bye Bye NTLM en

After 30+years of serving authentication needs in the Windows world and beyond, NTLM has deserved to be finally put out to pasture. Yet this is way easier said than done. The old protocol has been hardwired in may areas of Widows, Active Directory and even its Kerberos implementation!
If you're responsible for Windows security in your organisation (or consult on the subject), this session is for you. After a brief recap of why NTLM is bad for your health, I will present an action plan of getting rid of NTLM authentication in a controlled manner and without breaking too much in the process.

Auditing a hybrid Active Directory environment en

Running a hybrid Microsoft identity, while fairly straightforward on the surface, is much more involved when it comes to security. Insecure configurations on premises enable attacks on your Cloud services, while a too lax cloud security policy (or no policy at all) will open your on-premises environments up to attacks.
In this talk, I will demonstrate a present-day approach to security auditing taking into account Cloud and on-prem security and their various interdependencies.

Basic Toolmaking - strategies for storing persistent data in PowerShell scripts en

The cases for persisting data after your script has finished executing are legion. Logs, execution stats, configuration settings, sometimes even credentials - all of these need to be persisted to storage and retrieved later, either by the next instance of the same script or by some other system.
In this talk I will showcase some strategies for persisting data in PowerShell in a compatible and performant manner.

How (and why) I built a VDI image factory from scratch en

The client wanted a VDI solution based on non-presistent desktops. However, regulation dictated a release cycle-driven maintenance of the software and rigorous testing and approval procedures. With these constraints in place and given the scarcity of qualified IT staff, manual image management was out of the question so we automated it.
Follow me on this journey and you will probably learn a couple of things along the way. I will present some of the design decisions we had to make and some of the obstacles we had to overcome.

Disposable IT - radically prepared for the next attack en de

In this our age of ransomware and advanced persistent threats, the conventional disaster recovery plans based on backup and restore often fall short of the expectations. At the end of the (very disastrous) day, many organisations are forced to rebuild from scratch.
In this talk, I will introduce a concept of "disposable IT" which helps rethink disaster recovery and make your IT processes and infrastructure more resilient against disasters both natural and digital.

Die Wegwerf-IT - die radikale Vorbereitung auf den nächsten Angriff en de

In unserem von Ransomware und Advanced Persistent Threats geprägten Zeitalter sind herkömmliche Disaster Recovery-Pläne, die auf Backup-Techniken basieren, oft nicht gut genug. An Ende des Tages sind Organisationen doch gezwungen, ihre Infrastrukturen neu aufzubauen - unter Verlust von Zeit, Arbeitsleistung und Zustimmung der Nutzer.
Ich werde in diesem Talk das Konzept der "Wegwerf-IT" vorstellen, welches hilft, Disaster Recovery neu zu denken und die IT widerstandsfähiger zu gestalten - sei es gegen natürliche oder digitale Bedrohungen.

Revenge of the Devs - The operational ROI of moving to PowerShell 7 en

PowerShell 6 and 7, a.k.a. PowerShell Core, has introduced many exciting features - from the developers' point of view - while still lagging behind Windows PowerShell's in terms of maintainability and security, at least in the Windows part of the world. The latter concerns are often brushed aside in community discussions in spite of being still valid, operations-wise.
In this talk I will identify some of the use cases where moving to PowerShell vNext "all the way" is indeed feasible. For the rest, I will offer an estimate of "operational ROI" of such an initiative and also some practical advice on peaceful coexistence between PowerShell and Windows PowerShell in a common DevOps environment.

Basic Toolmaking - robust scripting for unattended execution en

In this talk, we will look at the challenges of scripting where the user in front of the console cannot react to unforeseen events such as exceptions or systems being unreachable at execution time. As an enterprise scripter, it's your responsibility to make your script robust enough that they execute correctly every time and do not wreak havoc if some of the conditions at execution time are not as you (and everybody else) assumed they would be.

Basic Toolmaking - reducing dependencies for portable scripting en

In this Level 200 talk I will demonstrate several techniques to make your scripts 'drop & run' by reducing dependencies both on external code and on the environment the scripts run in.

Beyond lab: Gathering data from real-world scale sources (Short Version) en

This is a compressed version of the two-part real-world data gathering workshop. We will look at some epic failures of scripts that look OK and work well in a small environment, then explore some routes of action to deal with huge amounts of data coming in from real-world scale sources like Active Directory, SQL or log stash.

This is not (primarily) about PowerShell multi-threading but rather about really knowing the idiosyncrasies of data sources like Active Directory or IoT streams and scripting practices that allow for mitigating those from the very beginning.

Beyond lab: Gathering data from real-world scale sources (Part 1) en

Scripts that access external data sources - flat files, Active Directory, IoT streams or relational databases - usually do so very well in the lab but will fail or take aeons to complete when facing real world scale. In this session, we explore information gathering techniques for large scale infrastructure data and produce recipes for your everyday automation.
In Part One we shall look at Active Directory, VMware vSphere and SQL, with an aside to SQLite.

This is a more workshoppy version of the Real-World Scale talk, with much more audience interaction intended.

Beyond lab: Gathering data from real-world scale sources (Part 2) en

Scripts that access external data sources - flat files, directories, databases or the Internet - usually do so very well in the lab but will often fail or take aeons to complete when facing real world scale. In this session, we explore information gathering techniques for large scale infrastructure data and produce recipes for your everyday automation.
In Part Two, we shall look more closely at file systems and flat structured data files, Internet resources, Event Logs and IoT data streams.

Part Two can, but need not necessarily be scheduled after Part One, should the selection committee decide to accept both parts. There is a compressed version of this talk which I also submitted.