|
Is it even worth the cost to go Azure for everything? I don't know what the cost is, but per-minute billing just sounds like the final amount will be astronomical. I recall Amazon doing that with EC2 although I haven't used that in at least a year or so.
|
#
?
Nov 15, 2014 18:14
|
|
|
|
| # ? May 13, 2024 22:16 |
|
|
It depends what the alternatives are. If you have a boss that doesn't want to give up any space for IT at all then you don't have a huge amount of choice. I'd rather have services in Azure than under someone's desk.
|
|
#
?
Nov 15, 2014 19:06
|
|
|
It's per hour but they count by the minute, so if you spin up a machine for a minute one day, then spin it up for 35 minutes next ween and 5 the week after that, you only get billed for one hour, instead of 3 hours. A 1cpu, 1.75gb ram server with 50GB bandwidth comes out to about $60/mo. Compare to a $3000 dell server (cost, taxes, shipping, support, spares, rack mounting, electricity etc) spread out over three years is about $83/mo. Thanks Ants posted:I'd rather have services in Azure than under someone's desk. We used to run an SEO suite of services off of an old headless P4 desktop that lived under a desk plugged in to the wall that just kind of scanned the web through a bunch of proxy IPs. This was back in 2010. For anything more legit/mission critical Azure might be worthwhile until your boss can scrape together the funds for a real server.
|
|
#
?
Nov 15, 2014 21:27
|
|
|
YOU GUYS REMEMBER THAT PATCH LAST WEEK THAT WOULD PREVENT THE MURDER OF YOUR FAMILY AND YOU JUST ****HAD**** TO PATCH OUT OF BAND? http://www.zdnet.com/microsoft-warns-of-problems-with-schannel-security-update-7000035835/ incoherent fucked around with this message at 19:55 on Nov 17, 2014 |
|
#
?
Nov 17, 2014 19:52
|
|
|
quote:To work around this issue, delete the following cipher entries in the registry: 
|
|
#
?
Nov 17, 2014 20:28
|
|
|
Probably not a big deal to most people unless your app or clients are using GCM ciphers, for what that is worth. I haven't seen any issues with the patch since applying to a few hundred systems.
|
|
#
?
Nov 17, 2014 20:56
|
|
|
incoherent posted:YOU GUYS REMEMBER THAT PATCH LAST WEEK THAT WOULD PREVENT THE MURDER OF YOUR FAMILY AND YOU JUST ****HAD**** TO PATCH OUT OF BAND? Oh finally someone at Microsoft got those one-off endpoint errors filling up their event log. In the past they told you to ignore those silly things.
|
|
#
?
Nov 18, 2014 16:36
|
|
|
Out of band Microsoft patch is hitting today - http://www.zdnet.com/microsoft-to-release-windows-security-fix-today-7000035914/
|
|
#
?
Nov 18, 2014 16:45
|
|
|
Crossbar posted:Out of band Microsoft patch is hitting today -  I'm so excited.
|
|
#
?
Nov 18, 2014 17:16
|
|
|
Crossbar posted:Out of band Microsoft patch is hitting today - Whew, good thing we still haven't finished patching from the last one!
|
|
#
?
Nov 18, 2014 17:54
|
|
|
https://technet.microsoft.com/library/security/ms14-068 posted:This security update resolves a privately reported vulnerability in Microsoft Windows Kerberos KDC that could allow an attacker to elevate unprivileged domain user account privileges to those of the domain administrator account. An attacker could use these elevated privileges to compromise any computer in the domain, including domain controllers. An attacker must have valid domain credentials to exploit this vulnerability. The affected component is available remotely to users who have standard user accounts with domain credentials; this is not the case for users with local account credentials only. When this security bulletin was issued, Microsoft was aware of limited, targeted attacks that attempt to exploit this vulnerability.  Kill me now.
|
|
#
?
Nov 18, 2014 19:13
|
|
|
Holy poo poo  BRB, buying some more scotch.
|
|
#
?
Nov 18, 2014 19:21
|
|
|
Wow, that is hosed.
|
|
#
?
Nov 18, 2014 19:25
|
|
|
The SChannel update also got reissued to disable the new ciphers that were causing problems. You might want to patch that in while you're at it.
|
|
#
?
Nov 18, 2014 19:45
|
|
|
CLAM DOWN posted:
Well to be fair, they did say privilege escalation, just normally that doesn't mean "LOL DOMAIN ADMIN FOR EVERYONE" 
|
|
#
?
Nov 18, 2014 19:49
|
|
|
As per this link: http://blogs.technet.com/b/srd/archive/2014/11/18/additional-information-about-cve-2014-6324.aspx You only need to patch domain controllers immediately. The rest of the updates are just for completeness and can be patched normally.
|
|
#
?
Nov 18, 2014 19:52
|
|
|
lol. This one is going to suck.quote:Remediation
|
|
#
?
Nov 18, 2014 20:04
|
|
|
Holy poo poo I loving hate windows right now.
|
|
#
?
Nov 18, 2014 20:28
|
|
|
Number19 posted:As per this link: Seriously though, patch DCs immediately, this is a gross one.
|
|
#
?
Nov 18, 2014 20:29
|
|
|
Yay. 2 DC's patched, 20 left to go. Jesus this one is nasty
|
|
#
?
Nov 18, 2014 20:48
|
|
|
Suddenly I don't feel so bad about 200 users being on a workgroup at my new place.
|
|
#
?
Nov 18, 2014 20:48
|
|
|
Whew. All 5 DCs patched.
|
|
#
?
Nov 18, 2014 20:50
|
|
|
I think our DC admin just looked at the KB article and his list of DCs then went to lunch.
|
|
#
?
Nov 18, 2014 20:51
|
|
|
It's time for the Microsoft theme https://www.youtube.com/watch?v=1D5Sa2Yq-2g
|
|
#
?
Nov 18, 2014 21:30
|
|
|
Number19 posted:As per this link: What do they mean "significantly more difficult to exploit"? All my DC's are 2012 r2 so do I patch tomorrow evening when we normally do or ASAP? Goddammit Microsoft...
|
|
#
?
Nov 18, 2014 23:06
|
|
|
One of those "find the answer in your heart, and your SLA" answers.
|
|
#
?
Nov 18, 2014 23:53
|
|
|
hihifellow posted:What do they mean "significantly more difficult to exploit"? All my DC's are 2012 r2 so do I patch tomorrow evening when we normally do or ASAP? Goddammit Microsoft... That's a judgement call on your environment. If you're pretty locked down you'd probably be ok. My poo poo is not locked down on the client side at all. Rebooting a DC though shouldn't be a huge deal though, everything should just find the next one available. We have a couple of small offices where the DC's run DHCP and act as a Print Server, the end users there might see a blip in availability.
|
|
#
?
Nov 19, 2014 00:30
|
|
|
Anyone having issues with the rerelease of MS14-066 via WSUS?
CLAM DOWN fucked around with this message at 00:48 on Nov 19, 2014 |
|
#
?
Nov 19, 2014 00:43
|
|
|
skipdogg posted:That's a judgement call on your environment. If you're pretty locked down you'd probably be ok. My poo poo is not locked down on the client side at all. Probably just let it go till tomorrow evening. My PDC is the target of choice for everything that needs an LDAP server and even though it would only take 30 seconds to reboot the thing the bosslady would have a nervous breakdown if I did it during production.
|
|
#
?
Nov 19, 2014 01:21
|
|
|
I think i'd have a nervous breakdown at the thought of rebuilding a domain. A 15 year old domain at that.
|
|
#
?
Nov 19, 2014 01:25
|
|
|
CLAM DOWN posted:Anyone having issues with the rerelease of MS14-066 via WSUS? Yes. It's not in my list. I'm rerunning a sync now to see if it gets picked up. I have a DC that is also a file server for 40 people. Kill me now.
|
|
#
?
Nov 19, 2014 02:05
|
|
|
Is it true that every workstation on a domain must be rebooted with-in 90 days if all dcs are rebooted?
|
|
#
?
Nov 19, 2014 02:07
|
|
|
Tab8715 posted:Is it true that every workstation on a domain must be rebooted with-in 90 days if all dcs are rebooted? I've never noticed that.
|
|
#
?
Nov 19, 2014 02:09
|
|
|
Tab8715 posted:Is it true that every workstation on a domain must be rebooted with-in 90 days if all dcs are rebooted? Why are you not rebooting your workstations at least once a month for Windows Updates anyways?
|
|
#
?
Nov 19, 2014 02:18
|
|
|
Has anyone successfully setup SCCM with Bitlocker on a task sequence? From my understanding so far, you need to add a script which configures the BIOS? correct? Just wondering if this hassle is worth it for 40 users. Also, I assume there won't be an issue with TPM if I don't set a bios password correct?incoherent posted:I think i'd have a nervous breakdown at the thought of rebuilding a domain. Rebuilding is probably easier then migrating.
|
|
#
?
Nov 19, 2014 15:36
|
|
|
hihifellow posted:What do they mean "significantly more difficult to exploit"? All my DC's are 2012 r2 so do I patch tomorrow evening when we normally do or ASAP? Goddammit Microsoft... This is the kind of patch I don't gently caress around with. I'm not in the business of rebuilding domains, partner.
|
|
#
?
Nov 19, 2014 15:46
|
|
|
We patched all our client domains last night.
|
|
#
?
Nov 19, 2014 15:47
|
|
|
lol internet. posted:Has anyone successfully setup SCCM with Bitlocker on a task sequence? From my understanding so far, you need to add a script which configures the BIOS? correct? Just wondering if this hassle is worth it for 40 users. Also, I assume there won't be an issue with TPM if I don't set a bios password correct? Does your licensing give you MDOP? If it does, deploy MBAM, it makes it much easier to manage stuff even though it can be a bit tricky to deploy sometimes. Also, yes you need to activate the TPM module in the BIOS. I don't understand your last question though.
|
|
#
?
Nov 19, 2014 15:58
|
|
|
orange sky posted:Does your licensing give you MDOP? If it does, deploy MBAM, it makes it much easier to manage stuff even though it can be a bit tricky to deploy sometimes. Also, yes you need to activate the TPM module in the BIOS. I don't understand your last question though. No MDOP so I probably will just enable it manually after OS builds. In regards to the last question, I don't have a full understanding how TPM works but I was just wondering if the user has access to the BIOS (No password,) do they have access to the encryption keys or anything in any sort of way.
|
|
#
?
Nov 19, 2014 17:45
|
|
|
|
| # ? May 13, 2024 22:16 |
|
|
Anyone noticing any weird behavior on the client side after patching their DCs with the OMG CHINESE HACKERZ patch from yesterday? Our users who actually listened to the notice and logged out had to manually reauth today with both on-prem Exchange & Lync, but anyone who was lazy just kept on truckin. Maneki Neko fucked around with this message at 18:53 on Nov 19, 2014 |
|
#
?
Nov 19, 2014 18:50
|
|