BPuhl’s Blog

A little bit of everything without actually being much of anything

Archive for October, 2010

How to use ADFS for OWA access

Posted by BPuhl on October 15, 2010

Ken posted a great article about how to configure OWA for ADFS authentication:  http://www.theidentityguy.com/articles/2010/10/15/access-owa-with-adfs.html

Posted in ADFS, cloud, Digital Identity, Identity and Access, Random Tecnical Stuff | 1 Comment »

Overheard in a meeting (paraphrased)…

Posted by BPuhl on October 14, 2010

…the problem is, that instead of trying to make what we have work.  Every software architect believes that that their <widget> will be the solution that everyone adopts…

 

Typing this, reminded me of something else that I heard recently, which was along those same lines…

Of course my idea on the whiteboard is better than all the code that you’ve written!

Posted in Babbling and Blabbering, cloud, Quotes, Random Tecnical Stuff, Randomness, Rants | Leave a Comment »

Getting your Bitlocker keys out of AD

Posted by BPuhl on October 14, 2010

I often talk about my perspective that AD is a great publishing engine, but that it should not be authoritative for anything.  Any mission critical data should be mastered outside of AD, and then sync’d into the directory to be published/consumed.

The problem with this, is when you have services which source their information in AD directly, but that data is still mission critical.  One example of this, would be BitLocker Drive Encryption recovery keys.  The BDE service on clients will write it’s recovery keys directly into AD.

Before MSIT broadly deployed Bitlocker, we worked with an internal team to build a solution for finding new BDE recovery keys, and copying them out of AD into an external store.  We even went a step further, and put some self-service recovery options in front of that store.

I’m happy to see that MSIT was able to publish this solution out to Codeplex, so we can share it with everyone.

If you’ve got Bitlocker deployed in your environment, but are ONLY storing the recovery keys in AD – you may want to take a look.

http://keyrecoverytool.codeplex.com/

Posted in Active Directory, Identity and Access, Random Tecnical Stuff, Win 7 | Leave a Comment »