when relevant content is
added and updated.
Tobias Weltner started the last part of the Summit with a session on AST – Abstract Syntax Tree – and the PowerShell parser.
You can access the tokens used by the parser for instance to create a variable inventory.
AST takes you beyond the parser tokens and enables to do wonderful things to your scripts such as applying code formatting standards and expanding alias to the full
cmdlet and parameter names.
The second session was delivered by Jeff Wouters – Securing Remoting. How do you secure remoting across the Internet? How do you authenticate users?
Jeff showed us the issues around credentials and how to manage authentication – especially how to manage passwords.
The third session was a Best Practice discussion lead by Don Jones.
Code – If you don’t understand it don’t run it
PowerShell gallery – trusting the code? Who wrote it? Feedback on code. Code should have ratings.
Module storage – where and why?
What are your thoughts?
Jeffrey Snover closed the Summit with a look at Just Enough Admin – RBAC through PowerShell.
Admins are part of the attack surface.
Need to Incrementally reduce admin exposure
JEA controls admin actions through PowerShell constrained endpoints and proxy functions.
JEA toolkit available for download through DSC resource kit
Use DSC for endpoint configuration – makes it simpler and easier
Example – allow access to manage file system but not view contents of files