LAPS presentation

Last December I was presenting at Moscow IT Pro UG about Microsoft LAPS. Finally, the record of the presentation is processed and available at YouTube:

Do not forget to enable English subtitles (they are NOT auto-translated :D)

You may find PPTX-file here.

After the presentation, I was asked a couple of questions:
Q: Does the GUI tool send the password in plain text over the network?
A: No, LDAP connection is encrypted with SASL. But if you are going to access the password attribute in your own scripts/tools, you may accidentally expose the password if you set LDAP_OPT_ENCRYPT = 0 or will use ldap_simple_bind w/o TLS/SSL.

Q: Why do we even need those local accounts? Why not to disable them completely?
A: In case a machine has lost its connection to AD (due to network configuration change, for example), you may want to bring it back on line w/o disruptive actions such as reboot, offline password reset etc. In case if you hope that the machine keeps your offline password hash, you may find yourself in a stressful situation, when you find out that it, in fact, does not.

Google Glazier

WOW, Google has just released a tool to automate the installation of the Microsoft Windows. The tool is written in Python and is called Glazier. OS images are built using text-based YAML config files which are easy to store in a source control system — in that case you can easily review change history and comments, rollback, compare etc.

All data are transferred via HTTPS, which enables you to deliver them anywhere, utilize CDN caches etc.

The tool is distributed by Apache 2.0 license, pull requests are welcome.