good news: I can force-override $Env:PSModulePath with a startup hook in #PowerShell
bad news: PowerShellGet is a separate powershell module that doesn't care and does its own detection anyway
I am π I found a way to do it without changing the sources or making my own distribution
for various reasons, this is hard to do in my case. I've got a native .NET host loading PowerShell and then calling the pwsh.dll entry point, but I can't easily insert more code into it. However, I found out about .NET startup hooks, and it looks like it works... bsky.app/profile/awak...
well, I think we've got something here. let's startup hook PowerShell to get stuff everyone wanted for years:
I'm considering trying things I wish I didn't have to: github.com/dotnet/runti...
Why can't PowerShell have nice things? this is not going to be easy to work around
Argh. how can I prevent PowerShell from automatically adding more paths to PSModulePath, and just accept the one I'm setting in the PSModulePath environment variable before launching the process?
π₯ dotnet tool install -g Devolutions.Cirup.Tool π οΈ
cirup, a Rust tool to perform operations on resource files (.resx, .json, .restext) using SQLite virtual tables, is now prebuilt and published as a dotnet tool with RID-specific packaging!
github.com/Devolutions/...
Just PER will suffice. There's a bit of it in RDP for absolutely no good reason
You know what? PKU2U works. I give up. awakecoding.com/posts/rdp-nl...
Hum... the RDP server is hybrid joined, no I'd need to figure out how to unjoin it from the domain to make it pure Entra ID joined
I've got a pretty decent analysis into what's possible based on the actual decompiled code. It's complicated, as usual, but at least I don't have to trust the docs this time: bsky.app/profile/awak...
Thanks, it'll take some time before I can confirm that configuring it locally works with the customer, but if it does, then this group policy would be the best way to deploy it at scale
Confirmed by Wireshark, I'm getting STATUS_NO_LOGON_SERVERS (0xD000005E) "No domain controllers are available to service the authentication request." back from the RDP server. It's RDP Entra ID, where are the domain controllers? Azure? Thanks for the unhelpful error code
Is there a group policy for this instead? bsky.app/profile/awak...
There's no group policy, we're injecting the KDC proxy dynamically inside the RDP client through the SSPI APIs
ksetup /AddHostToRealmMap .ad.it-help.ninja AD.IT-HELP.NINJA
+ reboot
It's not my own environment, but what I understood is this is a standardized "red forest" environment where machines are joined to the red domain, but the machines you're connecting to are in separate forests with no trust in between. It's not a concept I'm familiar, I probably got it wrong
When the docs don't exist, you generate your own docs
ksetup /addhosttorealm never did anything useful in my testing: learn.microsoft.com/en-us/window...
So, what's the proper way to do this? DNS from the domain the machine is connected to has forward zones to the other domains, so technically DNS SRV detection *should* work, but we can't contact the domain controllers from anything other than the KDC proxy.
ksetup commands to force a domain mapping aren't helpful, I never managed to make any of them force a realm name for specific hosts, and even if it did, those are commands that require elevation and a full system reboot to see the effect because they're used by lsass.exe
ksetup /dumpstate reports the domain to which the machine is joined to as the default realm. I do not want that Kerberos realm to be used by default when connecting to other domains, but that's what happens. The target domain is only reachable through the KDC proxy.
Sysadmins, I need help: a domain-joined machine is consistently picking up the default Kerberos realm from that same domain when connecting to other domains through a KDC proxy. I cannot for the life of me figure out how to get Kerberos in Windows *not* to use that realm name
To be fair the only times I managed to extract the data I wanted from WinDBG was by copy/pasting into ChatGPT such that it would tell me the commands to dump parameters from the x64 registers as I was stepping through a breakpoint on a function for which I gave the C signature from IDA
Also, there is a vast pool of developers that would heavily benefit from time travel debugging but can't do much with the WinDBG command-line window, and have no clue how to dump parameters passed to a function, or navigate their way around. It's arcane knowledge I don't have myself
The reason I feel TTD is due for a comeback with AI agents is because it becomes much easier to live analysis as if it were static analysis. Record once, load as a file, analyse at your own pace. No complexity of the AI agent having to attach to a live process, set breakpoints, restart process, etc
I've never used the CDB command-line but it looks like it doesn't support TTD? learn.microsoft.com/en-us/window...
