Simon Gill's questions -server

Simon Gill

Asked: 2015-03-19 07:38:26 +0800 CST

How risky is storing credentials on disk in a Powershell SecureString?

1

Basically, I want to cache the credentials needed for New-PSSession and make them available to scripts so they don't have to nag a human.

If I use export-clixml or similar to store a PSCredential on disk, how much of a risk of compromise does that add over keeping it in a session variable?

Simon Gill

Asked: 2014-10-01 03:02:40 +0800 CST

Protecting credentials in Desired State Configuration using certificates

8

I'm new to DSC and trying to figure out how to make it work for us.

What I'm stuck on is how the credentials are actually protected. My current understanding is that it isn't all that great.

The big three problems are these. How does using a public key as a decryption source really protect those credentials? Which computers need the certificate in push and pull scenarios? What are the best practices for dealing with credentials in light of these issues?

Using a public key of a certificate is good for authenticating the source of a transmission. But using it as a decryption key means that access to the public key of the certificate determines access to the password.

If you have to push the cert to every computer that needs to decrypt MOF files, what is there to stop average users from getting access to the cert and being able to decrypt the MOF? Saying active directory security means that you may as well leave it in plain text and just rely on AD security.

Can someone help me get my head around this?

Simon Gill

Asked: 2014-04-08 00:39:35 +0800 CST

Why might wsusutil export to a .xml.gz file produce a 0 byte output?

0

We're doing monthly updates to a disconnected network with Server 2012 installed on all servers.

Last month (February), the export created a 60 megabyte .xml.gz. Today, it creates a 0 byte file timestamped at the start of the export and the log's timestamp hits at the end of the process.

Any ideas where to look next? Google just returns results for the .cab 0 byte issue.

Simon Gill

Asked: 2013-10-11 07:43:15 +0800 CST

How to keep System Center Endpoint Protection 2012 updated on a disconnected network?

0

In the past, I've used WSUS 3 in disconnected mode by exporting updates from a server on the public internet and importing them to a server on a private totally disconnected network. Sophos has been used in the same way to provide anti-virus capabilities.

We're looking at a new Windows Server 2012 based network, but it isn't clear how to bring virus definitions for Endpoint Protection across to the offline network.

Are there any existing instructions available that I haven't been able to google up?

How risky is storing credentials on disk in a Powershell SecureString?

Protecting credentials in Desired State Configuration using certificates

Why might wsusutil export to a .xml.gz file produce a 0 byte output?

How to keep System Center Endpoint Protection 2012 updated on a disconnected network?

Can you pass user/pass for HTTP Basic Authentication in URL parameters?

Ping a Specific Port

Check if port is open or closed on a Linux server?

How to automate SSH login with password?

How do I tell Git for Windows where to find my private RSA key?

What's the default superuser username/password for postgres after a new install?

What port does SFTP use?

Command line to list users in a Windows Active Directory group?

What is a Pem file and how does it differ from other OpenSSL Generated Key File Formats?

How to determine if a bash variable is empty?