|
Leave monitoring software open on it, 1FPS don't matter if you just keeping a visual on uptime
|
# ? Oct 28, 2019 15:52 |
|
|
# ? Jun 4, 2024 10:53 |
|
ChubbyThePhat posted:Completely unrelated to his situation, I have seen this happen with incredibly contrived routing policies that require some, not all, internet access to go through the hub (as in hub and spoke). Okay, I guess this makes sense in that, yes, I guess you could route some sites one way and other sites another. I'm not sure why you would do this, but presumably in some cases maybe this makes sense. I can definitely see it for specific sites, but not sure why "two subdomains" or whatever would be important. But devil's in the details, so alright.
|
# ? Oct 28, 2019 15:54 |
|
klosterdev posted:Leave monitoring software open on it, 1FPS don't matter if you just keeping a visual on uptime I put e-mail there for now. The resolution is too low for monitoring software. I have a poo poo ton of monitoring open. If anything, I'll double up and put the lesser used boards up there and dedicate two monitors to monitoring.
|
# ? Oct 28, 2019 16:10 |
|
larchesdanrew posted:The only thing I can come up with is something screwy going on with redirects. Our web filter kinda shits the bed if there are too many redirects. But the web filter and firewall aren't even showing traffic being passed when these pages are accessed. They just don't exist as far as our network is concerned. But you can open them on your phone. But if you use your phone as a hotspot and try to use one of our computers, they don't exist again. It's the weirdest fuckin thing. That absolutely sounds like DNS. totalnewbie posted:Okay, I guess this makes sense in that, yes, I guess you could route some sites one way and other sites another. I'm not sure why you would do this, but presumably in some cases maybe this makes sense. I can definitely see it for specific sites, but not sure why "two subdomains" or whatever would be important. You would very likely never do this; you are correct. It was an absolute garbage fire that I was responsible for during less enthralling times of my life.
|
# ? Oct 28, 2019 16:34 |
|
RFC2324 posted:You missed the fact that they are refusing to let IT address it as a tech issue It's not a tech issue, it's a policy issue. And I assume IT didn't implement the policy. I mean by all means get mad at them because that's what everybody at my job does because of some policy that the Systems or Security people implemented without telling anybody (including us, the helpdesk.)
|
# ? Oct 28, 2019 17:22 |
|
The fix for the policy issue is "use OneDrive" too. I would put money on it being accessible to both.
|
# ? Oct 28, 2019 20:59 |
|
klosterdev posted:Is gonna be DNS Its all DNS, including the rain
|
# ? Oct 29, 2019 03:27 |
|
Someone post the DNS haiku.
|
# ? Oct 29, 2019 15:14 |
|
iospace posted:Someone post the DNS haiku. Are you even an admin if you don't have it on a t-shirt
|
# ? Oct 29, 2019 15:20 |
|
Really, DNS? Again?
|
# ? Oct 29, 2019 15:59 |
|
iospace posted:Someone post the DNS haiku.
|
# ? Oct 29, 2019 16:48 |
|
iospace posted:Someone post the DNS haiku. It's not DNS. There's no way it's DNS. It was DNS.
|
# ? Oct 29, 2019 19:04 |
|
Inspector_666 posted:It's not a tech issue, it's a policy issue. And I assume IT didn't implement the policy. It's even better when they don't tell the client endpoint teams what they've done
|
# ? Oct 30, 2019 06:15 |
|
InfoSec, the most useless group in our entire company posted:Hey, I see your request to open the firewall to connect to Satellite. Why does it need all these ports? Because that's what Satellite needs. If you have questions on the 'why' for that, I suppose you should talk to loving RedHat. Otherwise, I'm not going to spend time justifying the operation of one of our core systems to an intern that walked in knowing gently caress-all about our environment. xsf, apologies for the barrage of loving stupid questions you're going to get hit with. AlexDeGruven fucked around with this message at 16:43 on Oct 30, 2019 |
# ? Oct 30, 2019 16:40 |
|
Fuuuuck that is bad SecOps. If you've got your source, dest, ports and "because Satellite" then that should be good enough to rubberstamp it.
|
# ? Oct 30, 2019 17:10 |
|
AlexDeGruven posted:Because that's what Satellite needs. If you have questions on the 'why' for that, I suppose you should talk to loving RedHat. Otherwise, I'm not going to spend time justifying the operation of one of our core systems to an intern that walked in knowing gently caress-all about our environment. I don’t own any on-prem resources, so I just don’t ask infosec before I do anything. It’s a great relationship.
|
# ? Oct 30, 2019 17:12 |
|
xsf421 posted:I don’t own any on-prem resources, so I just don’t ask infosec before I do anything. It’s a great relationship. Well, you're not who I thought you were, then, lol. This poo poo is just loving stupid, though. I'm at the point in my career that I have no fucks to give, so I threw down the gauntlet of "This is what I need, this is what they told me to request. If you can't get the approval by the end of the day, let me know so I can escalate. (unsaid: Because gently caress you if you hold up progress on our core business system)"
|
# ? Oct 30, 2019 17:17 |
|
As a security puke himself, just email back with this link (with no explanation) and escalate if they don't agree: https://access.redhat.com/documentation/en-us/red_hat_satellite/5.6/html/installation_guide/sect-installation_guide-additional_requirements
|
# ? Oct 30, 2019 18:08 |
|
What ports are the CDN urls connecting on? That's the only thing I can think he'd push back on if he wants to dig in.
|
# ? Oct 30, 2019 18:21 |
|
Here's my thing to InfoSec: Satellite does thing. I have servers on a DMZ that need thing Satellite does. Satellite has a capsule specifically for servicing DMZs. Make work pls. I don't give a gently caress WHY Satellite needs those ports. That's for people to yell at RedHat about. The fact that they're yelling "security!" while blocking the main thing I need for additional security is pretty par for the course. I just said gently caress it and looped in my TL to escalate because I ran out of fucks years ago.
|
# ? Oct 30, 2019 18:52 |
|
AlexDeGruven posted:Here's my thing to InfoSec: Set up netcat to bind to all those ports and dump the traffic into a socks proxy, which is wrapped by stunnel, to shuttle the traffic from a jump box on a random VPS. Do it right and he will only see 443 traffic on his network going to your jump box. Methanar fucked around with this message at 19:37 on Oct 30, 2019 |
# ? Oct 30, 2019 19:35 |
|
"We're decomming Tel Aviv site 1 in December, so we need to make sure Tel Aviv site 2 is able to image now, because we're about to also open Tel Aviv site 3 about the same time as we decomm site 1." "Okay, put a server up in the site 2 data center and let me know when I can configure it." It's now been 3 days of getting on a call at 8am my time (the first call, on Monday, lasted until 12:30pm), only to find out someone has turbofucked the network or the server config on some level and nothing boots. Today's fresh, hot fuckery: I asked them to clone site 1's known-good server to site 2's data center. I then found out that the file transfer stalled at 46%, so the guy doing the cloning...decided to just clone it onto the site 1 data center to save time. He's currently moving it to site 2, and I just had to take a walk because I was halfway to the window with my laptop before my better judgement kicked in and told me, no dude, don't huck your Surface down 5 stories onto the pavement, that's not gonna help things. When my colleague tried to talk the on-site analyst thru using an offline imaging via USB method, on-site analyst basically responded with this: (Which, incidentally, is also printed out on my boss's cube wall, next to a stuffed KC Green dog.) Oh, and site 1 tried to image today. Turns out the network guy failed to turn their server back on after he took it down to clone it. They did the same thing a couple weeks ago when they had to clone Singapore over to Banagalore. Bangaluru? Is that officially changed yet? Also got 3 hours of overtime last week when a guy in Sydney frantically called me about a laptop that wouldn't PXE boot. Turns out he forgot to do the part of his job where he makes sure it's whitelisted to connect to the network before imaging. Send help, I'm within a few more headaches of emptying my apartment's contents onto the lawn and moving to Montana to raise sheep in the mountains.
|
# ? Oct 30, 2019 21:25 |
|
e; drat empyquote button
|
# ? Nov 1, 2019 22:23 |
|
An email came in from one of my colleagues, asking for help deleting a computer object from AD. We told him to run ADUC as admin; the error he was getting was because he'd opened ADUC with his normal account He replied that to do that, he has to reboot his computer (what), and then log in as his admin account (WHAT). I told him to hold CTRL+SHIFT when clicking on the icon for ADUC, or right-click and run as admin. He asked if he had to do that all the time...yes. Yes you do.
|
# ? Nov 6, 2019 01:17 |
|
dragonshardz posted:An email came in from one of my colleagues, asking for help deleting a computer object from AD. We told him to run ADUC as admin; the error he was getting was because he'd opened ADUC with his normal account No, you can change the shortcut properties to always elevate.
|
# ? Nov 6, 2019 01:43 |
|
The Fool posted:No, you can change the shortcut properties to always elevate. Are we talking a separate privileged account? Because then your’d need to do the ‘run as other user’ option.
|
# ? Nov 6, 2019 02:10 |
|
Or just select 'Switch User' from the Start Menu, admin login, run ADUC then switch back without interruption to whatever he has open.
|
# ? Nov 6, 2019 02:19 |
Spring Heeled Jack posted:Are we talking a separate privileged account? Because then your’d need to do the ‘run as other user’ option. Having it run as admin will prompt to enter admin creds, or another user that has admin creds. I do the exact thing opening up AD apps every day. Our department has 2 domain accounts, one being an admin but lol at having to switch users to just use AD
|
|
# ? Nov 6, 2019 03:03 |
|
Spring Heeled Jack posted:Are we talking a separate privileged account? Because then your’d need to do the ‘run as other user’ option. I am, and you don’t. If you are running as an unprivileged account you will get prompted for a username and password for a privileged account. cage-free egghead posted:lol at having to switch users to just use AD This
|
# ? Nov 6, 2019 03:13 |
|
I can think of multiple workarounds that don't involve just giving his normal account the permissionsof the adming account and they are all varying levels of stupid. The least stupid is probably having a VM somewhere that you login to as an admin via RDP session which everyone uses for AD admin tasks.
|
# ? Nov 6, 2019 03:40 |
|
Arquinsiel posted:I can think of multiple workarounds that don't involve just giving his normal account the permissionsof the adming account and they are all varying levels of stupid. The least stupid is probably having a VM somewhere that you login to as an admin via RDP session which everyone uses for AD admin tasks.
|
# ? Nov 6, 2019 03:47 |
Arquinsiel posted:I can think of multiple workarounds that don't involve just giving his normal account the permissionsof the adming account and they are all varying levels of stupid. The least stupid is probably having a VM somewhere that you login to as an admin via RDP session which everyone uses for AD admin tasks. Or you can just use your domain admin credentials because it's not ridiculous to have both a user account and admin account for each IT staff.
|
|
# ? Nov 6, 2019 04:06 |
|
I set up our service desk with the proper delegated access to our employee OU, and they run-as mmc with their admin accounts to do what they need to do. After talking to some of the ignite tech people, I’m very interested in switching their processes to use the window admin center gateway, there is definitely some opportunity there to streamline their work.
|
# ? Nov 6, 2019 04:06 |
|
cage-free egghead posted:lol at having to switch users to just use AD I have a separate account and card just for logging in to Solarwinds and Ansible Tower. It's beyond dumb.
|
# ? Nov 6, 2019 04:43 |
|
We have a domain admin account for each tech in addition to our normal non-admin accounts. I'm telling him to launch ADUC with elevation, which lets him gently caress about in AD without swapping accounts or apparently loving rebooting every time he's switched accounts today.
|
# ? Nov 6, 2019 05:10 |
|
cage-free egghead posted:Or you can just use your domain admin credentials because it's not ridiculous to have both a user account and admin account for each IT staff.
|
# ? Nov 6, 2019 11:01 |
|
Ugh, technology solutions for policy problems piss me off to no end. Especially because most of the time, those technology solutions require policies. Ex: We all have 5 accounts. Our main one, three others that are variations, and the old standard elevation account. There's one for non-prod, prod, read-only, and prod. Prod has essentially admin everywhere we need to log in, so outside of our normal login, guess which one everyone uses everywhere (whether it's prod or non-prod)? The read-only one is the one that cracks me up the most. The person who created it literally said "You can log in to see what's going on with that account. And if you need to fix something, you can log out and back in with your elevated privileges".
|
# ? Nov 6, 2019 13:03 |
|
Someone e-mailed me a screenshot of an expired SSL cert. I sat there clicking the "close" button in the screenshot and wondered why it wasn't closing. It's me. I'm the idiot user.
|
# ? Nov 6, 2019 17:50 |
|
Renegret posted:Someone e-mailed me a screenshot of an expired SSL cert. I sat there clicking the "close" button in the screenshot and wondered why it wasn't closing. I've caught myself watching LPs of games I've played personally and trying to change the camera angle.
|
# ? Nov 6, 2019 18:59 |
|
|
# ? Jun 4, 2024 10:53 |
|
iospace posted:I've caught myself watching LPs of games I've played personally and trying to change the camera angle. My most embarrassing LP moment was a video game that used a stock alarm sound that happened to be the same sound effect for some poo poo rear end MMO I was playing at the time. It made me jump up and slam the self heal button on my keyboard before I could register what happened.
|
# ? Nov 6, 2019 19:17 |