PowerShell automation Security scripting Microsoft Exchange Active Directory Migration VMware
Evgenij has been working with computers since the age of 5 and delivering IT solutions for the best part of the last 25 years. His Active Directory and Exchange background naturally led to PowerShell, of which he's been an avid user and proponent since its first release.
Evgenij is an active community lead at home in Berlin, a leading contributor to the German TechNet forum and an experienced user group and conference speaker. He is a Cloud and Datacenter Management MVP since 2020.
Evgenij ist ein IT-Industrie-Veteran mit mehr als 25 Jahren Erfahrung im Gepäck. Seine Expertise liegt primär in den Microsoft- und VMware-Technologien. Die Beschäftigung mit Active Directory und Exchange führte zu PowerShell, und diese Technologie ist aus Evgenijs Blogbeiträgen, Artikeln und Konferenz-Vorträgen seit vielen Jahren nicht mehr wegzudenken.
Evgenij ist aktiv im TechNet-Forum sowie in den Offline-Communities: Er ist Group Lead für drei offizielle Microsoft User Groups in Berlin. Er ist Microsoft MVP für Cloud and Datacenter Management seit 2020.
After 30+years of serving authentication needs in the Windows world and beyond, NTLM has deserved to be finally put out to pasture. Yet this is way easier said than done. The old protocol has been hardwired in may areas of Widows, Active Directory and even its Kerberos implementation!
If you're responsible for Windows security in your organisation (or consult on the subject), this session is for you. After a brief recap of why NTLM is bad for your health, I will present an action plan of getting rid of NTLM authentication in a controlled manner and without breaking too much in the process.
Running a hybrid Microsoft identity, while fairly straightforward on the surface, is much more involved when it comes to security. Insecure configurations on premises enable attacks on your Cloud services, while a too lax cloud security policy (or no policy at all) will open your on-premises environments up to attacks.
In this talk, I will demonstrate a present-day approach to security auditing taking into account Cloud and on-prem security and their various interdependencies.
The cases for persisting data after your script has finished executing are legion. Logs, execution stats, configuration settings, sometimes even credentials - all of these need to be persisted to storage and retrieved later, either by the next instance of the same script or by some other system.
In this talk I will showcase some strategies for persisting data in PowerShell in a compatible and performant manner.
The client wanted a VDI solution based on non-presistent desktops. However, regulation dictated a release cycle-driven maintenance of the software and rigorous testing and approval procedures. With these constraints in place and given the scarcity of qualified IT staff, manual image management was out of the question so we automated it.
Follow me on this journey and you will probably learn a couple of things along the way. I will present some of the design decisions we had to make and some of the obstacles we had to overcome.
In this our age of ransomware and advanced persistent threats, the conventional disaster recovery plans based on backup and restore often fall short of the expectations. At the end of the (very disastrous) day, many organisations are forced to rebuild from scratch.
In this talk, I will introduce a concept of "disposable IT" which helps rethink disaster recovery and make your IT processes and infrastructure more resilient against disasters both natural and digital.
In unserem von Ransomware und Advanced Persistent Threats geprägten Zeitalter sind herkömmliche Disaster Recovery-Pläne, die auf Backup-Techniken basieren, oft nicht gut genug. An Ende des Tages sind Organisationen doch gezwungen, ihre Infrastrukturen neu aufzubauen - unter Verlust von Zeit, Arbeitsleistung und Zustimmung der Nutzer.
Ich werde in diesem Talk das Konzept der "Wegwerf-IT" vorstellen, welches hilft, Disaster Recovery neu zu denken und die IT widerstandsfähiger zu gestalten - sei es gegen natürliche oder digitale Bedrohungen.
PowerShell 6 and 7, a.k.a. PowerShell Core, has introduced many exciting features - from the developers' point of view - while still lagging behind Windows PowerShell's in terms of maintainability and security, at least in the Windows part of the world. The latter concerns are often brushed aside in community discussions in spite of being still valid, operations-wise.
In this talk I will identify some of the use cases where moving to PowerShell vNext "all the way" is indeed feasible. For the rest, I will offer an estimate of "operational ROI" of such an initiative and also some practical advice on peaceful coexistence between PowerShell and Windows PowerShell in a common DevOps environment.
In this talk, we will look at the challenges of scripting where the user in front of the console cannot react to unforeseen events such as exceptions or systems being unreachable at execution time. As an enterprise scripter, it's your responsibility to make your script robust enough that they execute correctly every time and do not wreak havoc if some of the conditions at execution time are not as you (and everybody else) assumed they would be.
In this Level 200 talk I will demonstrate several techniques to make your scripts 'drop & run' by reducing dependencies both on external code and on the environment the scripts run in.
This is a compressed version of the two-part real-world data gathering workshop. We will look at some epic failures of scripts that look OK and work well in a small environment, then explore some routes of action to deal with huge amounts of data coming in from real-world scale sources like Active Directory, SQL or log stash.
This is not (primarily) about PowerShell multi-threading but rather about really knowing the idiosyncrasies of data sources like Active Directory or IoT streams and scripting practices that allow for mitigating those from the very beginning.
Scripts that access external data sources - flat files, Active Directory, IoT streams or relational databases - usually do so very well in the lab but will fail or take aeons to complete when facing real world scale. In this session, we explore information gathering techniques for large scale infrastructure data and produce recipes for your everyday automation.
In Part One we shall look at Active Directory, VMware vSphere and SQL, with an aside to SQLite.
This is a more workshoppy version of the Real-World Scale talk, with much more audience interaction intended.
Scripts that access external data sources - flat files, directories, databases or the Internet - usually do so very well in the lab but will often fail or take aeons to complete when facing real world scale. In this session, we explore information gathering techniques for large scale infrastructure data and produce recipes for your everyday automation.
In Part Two, we shall look more closely at file systems and flat structured data files, Internet resources, Event Logs and IoT data streams.
Part Two can, but need not necessarily be scheduled after Part One, should the selection committee decide to accept both parts. There is a compressed version of this talk which I also submitted.
Everybody will agree that any script worth executing needs logging of some kind. In fact, many organisations require that logging be implemented in any script that gets to run in production.
This session is not going to be about *how* script logging can and should be done. Instead, we will look at what the logging is supposed to be for and how to actually extract the most value from it.
The answers to those questions will naturally lead to reevaluating some of the logging practices that have been common among us scripters for a very long time. Or maybe they won't, but the decision to keep things as they are will be a better-informed one.
Secure secret management is great, and with the advent of the SecretManagement module it got even better. However, when it comes to delivering secrets like connection strings and API keys to machines and users at scale, secret management can entail an enormous overhead and thus not fit the bill all that well.
In this session, I will present what started as an attempt at cross platform credential management and has now matured to a zero-touch cross platform secret distribution solution. While targeted at PowerShell, the central secret storage facility can be used by any system that adheres to cryptographic standards.