When you create an enterprise app in Azure AD and configure SAML-based single sign-on, Azure AD assumes that the application also supports SAML for sign-out – but as it turns out, not all apps do. Continue »
When working with cloud services, you occasionally encounter two APIs that essentially do the same thing, but require different authentication or permissions. Such cases tend to pique my interest. Continue »
Google Cloud provides public images for a range of Windows Server versions, but in some situations, it’s necessary to build your own image. In this second part of the series, let’s look at how the build process works. Continue »
Google Cloud provides public images for a range of Windows Server versions, but in some situations, it’s necessary to build your own image. In this first part of the series, let’s review of how Windows Setup works. Continue »
Release 2.16 is out, and it contains multiple improvements to the Project Explorer tool window as well as the ability to customize your SSH terminal better. Continue »
By default, access to the Compute Engine metadata server is not limited to specific processes or users on a VM, even low-privilege processes can request service account credentials. Can we limit metadata server access to specific Windows users or processes? Continue »
If you use GitHub releases to host download packages, then you’re probably interested in how often these packages are being downloaded. You’d expect that the GitHub website provided that information, but that’s not the case. Continue »
Service accounts play a key role in Google Cloud IAM, but they are easy to get wrong. If you’re not careful, you quickly end up with over-permissioned service accounts, accounts that are used across multiple applications, and service account keys being spread all across your environment. Continue »
Documentation is not where libssh2 shines most. Continue »
Libssh2 is written in plain C and runs on many platforms, including Windows. But to use the library on Windows, you have to build it first – and as it turns out, that is easier said than done. Continue »
IAP Desktop 2.13 now lets you connect to Linux instances by using SSH. You can run multiple SSH and Remote Desktop in parallel, all secured by Identity-Aware-Proxy. Continue »
Compute Engine uses googet to pre-install drivers and other critical system components on Windows VMs. But how do you update these packages if the VM does not have internet access?
Continue »
What happens if you use the “Set Windows password” function on a domain controller? Continue »
After creating a Windows VM on Google Cloud, users can use the Cloud Console or IAP Desktop to request login credentials. But what are the risks of letting users generate credentials, and is there a way to prevent them from doing so? Continue »
13 years ago, I wrote NTrace, a dynamic function boundary tracing toolkit for Windows NT inspired by DTrace. NTrace supported both user-mode and kernel mode tracing and, like DTrace, was able to instrument machine code on the fly. Continue »
If you frequently use Remote Desktop, then you might be used to creating .rdp files for the servers you connect to most often. IAP Desktop does not support .rdp files, but there is an alternative way to open IAP Desktop and connect to a server in a single click.
Continue »
When you authenticate a user by using OpenID Connect and request the email scope, most identity providers add two additional claims to the ID Token, email and email_verified. The email claim does not need much explanation – but what about email_verified, what does this claim indicate and how does Google populate it?
Continue »
Yesterday I released version 2.11 of IAP Desktop. This new version introduces multi-display support and more. Continue »
When you create a VM instance on Google Cloud, you can optionally specify instance metadata. Instance metadata is a list of key/value pairs and the most common use case for using metadata is passing a startup or shutdown script to a VM. But startup and shutdown scripts are not the only platform features that rely on metadata. Continue »
One of the less well known features of Google Cloud Shell is that it has PowerShell preinstalled. All it takes to convert your Cloud Shell session into a PowerShell session is to run a single command. Continue »