Wow, I didn't ever think about using expandproperty that way or didn't know. Forever, I've been putting () around the object like (command).property to get just the property out. Of course, you can also do that with any command that outputs an object without having to use the | select. But, I appreciate knowing both ways.
I'm going to echo the other comments but still had to share my 'much wow' sentiment towards you. Fantastic content! Thank you for being so generous with your time, effort, and knowledge/wisdom. It is very much appreciated and I aim to play it forward. Cheers from LA/SF.
12:25 really glad you covered this, Jon: this is just moving the problem sideways in many cases. My background is penetration testing, so breaking more than making 😏 but the use case for this approach seems to be: when you *can* use an MSI to execute your script, but the target resource does not support using an MSI for access. Or perhaps just where you are running interactively as a given identity, which can be granted access to a Key Vault, but cannot be granted access to one ore more of those target resources.
Great vid again John! Loved the treatise on hashtable to objects. I will try to use more PSObjects going fwd. Didn't know you could so easily cast a hashtable to a PSObject! A trick I have found useful when examining what's in the content of complex objects when returned from some other call, is doing a ConvertTo-Json on the returned object. Example ... If I want to find out which property lets me see NetworkInterface ids of VMs in Azure.. Doing a ConvertTo-JSON(Get-AzVm) -Depth 3 .. lets me see it where that property is hiding. Powershell is so powerful ;-) I am trying to learn Bash too, but keep coming back to PowerShell as it feels so much easier and natural to work with. Now only I need to convince my client to install PowershellCore in DevOps pipeline tasks so that I can write powershell as tasks.lol.
@John Savill: Thank you so much for creating and posting these great course videos! I love PowerShell, and always looking to learn something new. Hopefully you will also dive into API's, web scraping and html-parsing (which is quite difficult with with PS Core 6.x). How to use Selenium/PhantomJS in PS; or Lucene in PS; meta/proxy-programming (ie. wrapping cmdlets and executables); creating DSL's with PS and LINQ in PS would also be great (specialized) courses. That would be pretty advanced stuff, but that's what interests me... and there aren't many (if any) PS courses yet for that.
That's a good idea. I was focused on getting everything recorded but now I'm done I'll try and go back through and add more detail with the timings like you say. Thanks!
@John Savill Hello John, I really appreciate your videos, i have learned a lot through them. i have just one question about the credential store. maybe i understood it the wrong way. If you store your password encrypted in a file like this: "P@ssword1" | ConvertTo-SecureString -AsPlainText -Force | ConvertFrom-SecureString | out-file C:\admin\pw.txt If i do the line above, i get a file with the encrypted Password. I can import the password like this: $pass = Get-Content "C:\admin\pw.txt" | ConvertTo-SecureString The thing is, i can only import the password with user i created the file. so it is only working in the usercontext. That means storing the password in a file is still a safe way, am i right? Best Regards
Yes I think working with just native Windows capabilities, the Data Protection API (DPAPI) is the safest way to store a credentials since it can only be decrypted by the user who encrypted it and also only on the machine which it was encrypted on.
I feel ashamed I should have learnt Powershell 5 years ago.... A better time to start I guess. As for passwords credential in code ... one of our devs followed this bad practice last year.
Knew a lot of this but held on with it because the quirks you showed were great. You've got a great style to explaining. Thanks John.
Thank you, glad it was useful
Wow, I didn't ever think about using expandproperty that way or didn't know. Forever, I've been putting () around the object like (command).property to get just the property out. Of course, you can also do that with any command that outputs an object without having to use the | select. But, I appreciate knowing both ways.
I'm going to echo the other comments but still had to share my 'much wow' sentiment towards you. Fantastic content! Thank you for being so generous with your time, effort, and knowledge/wisdom. It is very much appreciated and I aim to play it forward. Cheers from LA/SF.
Glad you enjoyed it! Thanks for the note!
12:25 really glad you covered this, Jon: this is just moving the problem sideways in many cases.
My background is penetration testing, so breaking more than making 😏 but the use case for this approach seems to be:
when you *can* use an MSI to execute your script, but the target resource does not support using an MSI for access.
Or perhaps just where you are running interactively as a given identity, which can be granted access to a Key Vault, but cannot be granted access to one ore more of those target resources.
Great vid again John! Loved the treatise on hashtable to objects. I will try to use more PSObjects going fwd. Didn't know you could so easily cast a hashtable to a PSObject!
A trick I have found useful when examining what's in the content of complex objects when returned from some other call, is doing a ConvertTo-Json on the returned object.
Example ... If I want to find out which property lets me see NetworkInterface ids of VMs in Azure..
Doing a ConvertTo-JSON(Get-AzVm) -Depth 3 .. lets me see it where that property is hiding.
Powershell is so powerful ;-)
I am trying to learn Bash too, but keep coming back to PowerShell as it feels so much easier and natural to work with.
Now only I need to convince my client to install PowershellCore in DevOps pipeline tasks so that I can write powershell as tasks.lol.
Excellent as always
Thank you! Very kind.
Awesome - Big thank you!
@John Savill: Thank you so much for creating and posting these great course videos! I love PowerShell, and always looking to learn something new. Hopefully you will also dive into API's, web scraping and html-parsing (which is quite difficult with with PS Core 6.x). How to use Selenium/PhantomJS in PS; or Lucene in PS; meta/proxy-programming (ie. wrapping cmdlets and executables); creating DSL's with PS and LINQ in PS would also be great (specialized) courses. That would be pretty advanced stuff, but that's what interests me... and there aren't many (if any) PS courses yet for that.
Very descriptive video.. Excellent work
Thank you
20:40 - So we're not going to talk about John going to the gym for 6 hours at 3AM? :D
Lol, ironman training :)
@@NTFAQGuy #machine ;D
Not surprised. He's a beast. The godly kind.
It would be nice to include what each section is in the RUclips Description section and add times for reference back to the specific section/topics?
That's a good idea. I was focused on getting everything recorded but now I'm done I'll try and go back through and add more detail with the timings like you say. Thanks!
really good stuff !!
Thank you!
Super! Thanks so much
So are $global:x, $script:y, $private:z the only way to manually specify what scope I want a variable to use?
Those are typical scope modifiers. Read the docs on scope of looking for more
Excellent video. Thanks!!
$username =(Get-AzKeyVaultSecret -VaultName -Name samplepassword).SecretValueText isn't supporting now @John
they change things. docs has a new example. docs.microsoft.com/en-us/azure/key-vault/secrets/quick-create-powershell
@@NTFAQGuy Okay sir, thank you very much
@John Savill
Hello John,
I really appreciate your videos, i have learned a lot through them.
i have just one question about the credential store.
maybe i understood it the wrong way.
If you store your password encrypted in a file like this:
"P@ssword1" | ConvertTo-SecureString -AsPlainText -Force | ConvertFrom-SecureString | out-file C:\admin\pw.txt
If i do the line above, i get a file with the encrypted Password.
I can import the password like this:
$pass = Get-Content "C:\admin\pw.txt" | ConvertTo-SecureString
The thing is, i can only import the password with user i created the file.
so it is only working in the usercontext.
That means storing the password in a file is still a safe way, am i right?
Best Regards
Anyone with rights on the file would be able to get the content so its really not that secure but better than nothing.
Yes I think working with just native Windows capabilities, the Data Protection API (DPAPI) is the safest way to store a credentials since it can only be decrypted by the user who encrypted it and also only on the machine which it was encrypted on.
I feel ashamed I should have learnt Powershell 5 years ago.... A better time to start I guess.
As for passwords credential in code ... one of our devs followed this bad practice last year.
It happens a lot :-)