Securing the MOF

Welcome Forums DSC (Desired State Configuration) Securing the MOF

Viewing 1 reply thread
  • Author
    Posts
    • #174853
      Participant
      Topics: 1
      Replies: 0
      Points: -1
      Rank: Member

      I would like to use credentials in a mof. After implementing the directions given here: https://docs.microsoft.com/en-us/powershell/dsc/pull-server/securemof, I am getting pushback from my organization for using the 'DataEncipherment' bit. Why isn't this just 'KeyEncipherment'?

    • #181524
      Participant
      Topics: 4
      Replies: 7
      Points: 46
      Rank: Member

      Because you are not just encrypting a key, but this certificate will be used to encrypt data as well.

      The public key will be available on your authoring computer, and when you create the MOF the password will be encrypted with the public key. The only device that can decrypt the password is the computer that has the private key which should be just the DSC target node.

      What sort of reason for "pushback" are you getting?

      Mike J

Viewing 1 reply thread
  • You must be logged in to reply to this topic.