|
Who else has devs freaking out about the .net upgrade to 4.7.2 in azure who had been notified but done nothing until today?
|
# ? Sep 7, 2018 16:54 |
|
|
# ? Jun 12, 2024 23:06 |
|
GreenNight posted:Our security team approved it. By which I mean me. By me I mean I don't care anymore. Yikes dude. Sickening posted:Who else has devs freaking out about the .net upgrade to 4.7.2 in azure who had been notified but done nothing until today? Was that the v2 function app thing they broke?
|
# ? Sep 7, 2018 17:06 |
|
CLAM DOWN posted:Lol fight me irl bitch, Everton sucks If you finish that thought by saying Chelsea owns, I’d agree with you.
|
# ? Sep 7, 2018 17:29 |
|
Thanks Ants posted:https://docs.microsoft.com/en-us/azure/active-directory/authentication/concept-password-ban-bad-on-premises I wonder what happens when their DC is on fire and the agent can't check in?
|
# ? Sep 7, 2018 17:47 |
|
Internet Explorer posted:NIST says no more frequently changed passwords, so I have been pushing back on our auditors that request that. I hope in 10 years that will filter down to them, but I'm not holding my breath. 1000x this. Whenever I feel like being an idiot, I try this fight again and fail because entrenched idiots can't see their way clear to such a "major" shift in password policy, even though it's an improvement in every possible way. Inspector_666 posted:Yeah, a lot of poo poo is because of PCI (and now I guess SOX) compliance checkboxes, our security people know what's theater and what's actually useful. SOX doesn't have any explicit password requirements. You could implement the referenced NIST recommendations wholesale, and while your external idiot auditors might poop themselves until you talk them around on it, you're fully compliant.
|
# ? Sep 7, 2018 17:58 |
|
Ugh, I just had a user put in a ticket that "wants his MacBook rebuilt." How bad must you have hosed up to feel you need your OS reloaded to fix it?!
|
# ? Sep 7, 2018 18:00 |
|
AlternateAccount posted:1000x this. Whenever I feel like being an idiot, I try this fight again and fail because entrenched idiots can't see their way clear to such a "major" shift in password policy, even though it's an improvement in every possible way. Luckily we've gone the route of less frequent password changes (I think it's quarterly now, maybe less) but more complex, also 2FA on anything accessed externally. It's a mix of SMS 2FA and real token 2FA, hopefully we'll get away from SMS at some point, but it's better than nothing for now.
|
# ? Sep 7, 2018 18:10 |
|
"When is a good time for me to come by and look at these computers?" "Oh, any time. Or we could set a time" ... ok I'll just show up whenever, thanks
|
# ? Sep 7, 2018 18:22 |
|
Member of a group supporting applications on thousands of linux machines, several minutes ago: "What is /etc ?"
|
# ? Sep 7, 2018 18:30 |
|
MF_James posted:Luckily we've gone the route of less frequent password changes (I think it's quarterly now, maybe less) but more complex, also 2FA on anything accessed externally. It's a mix of SMS 2FA and real token 2FA, hopefully we'll get away from SMS at some point, but it's better than nothing for now. The best is when you have a very low failed attempt lockout threshold of like... 3, so then they change their AD password on their computer, but dont change it on their phone fast enough and the Mail app hits the server 3 times and WELP. It's all so tiresome.
|
# ? Sep 7, 2018 19:20 |
|
:hmm: The Iron Rose fucked around with this message at 19:24 on Sep 7, 2018 |
# ? Sep 7, 2018 19:20 |
|
AlternateAccount posted:The best is when you have a very low failed attempt lockout threshold of like... 3, so then they change their AD password on their computer, but dont change it on their phone fast enough and the Mail app hits the server 3 times and WELP. AD has a feature where using your old password doesn't count towards lockout attempts. They should only be locked out if an even older password is cached.
|
# ? Sep 7, 2018 20:05 |
|
lampey posted:AD has a feature where using your old password doesn't count towards lockout attempts. They should only be locked out if an even older password is cached. I... did not know that. Clearly that's not working in our case, I'll investigate.
|
# ? Sep 7, 2018 20:14 |
|
Is that based on a domain function level? Cause I don't think that's the case in my environment either.
|
# ? Sep 7, 2018 21:31 |
|
mewse posted:"When is a good time for me to come by and look at these computers?" Check their calendar, show up when they're busy.
|
# ? Sep 7, 2018 21:36 |
|
CloFan posted:Is that based on a domain function level? Cause I don't think that's the case in my environment either. Not working in mine either. We enforce password history, but the attributes are empty. Interesting. Like this would legit make life easier for us if I can figure out why it isn't working. skipdogg fucked around with this message at 22:08 on Sep 7, 2018 |
# ? Sep 7, 2018 21:56 |
|
lampey posted:AD has a feature where using your old password doesn't count towards lockout attempts. They should only be locked out if an even older password is cached. Anyone have an article?
|
# ? Sep 7, 2018 23:27 |
|
quote:New Features in the Windows Server 2003 Family
|
# ? Sep 7, 2018 23:45 |
|
Thanatosian posted:For realsies? https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2003/cc775412(v%3dws.10)#ntpwdhistory https://social.technet.microsoft.co...rum=winserverDS http://virot.eu/finding-password-cheaters/ So if I run the powershell from the last link, the ntPwdHistory has a lastoriginatingchangetime value, but the attribute value itself is blank. Maybe that's normal....
|
# ? Sep 7, 2018 23:51 |
|
skipdogg posted:Not working in mine either. We enforce password history, but the attributes are empty. Interesting. Like this would legit make life easier for us if I can figure out why it isn't working.
|
# ? Sep 8, 2018 01:26 |
|
Nothing like walking in on a Monday morning to the offshore team telling me to reboot a device in the datacenter, going down, realizing it’s in the high security cage, locating the device, double checking all my notes, rebooting it, coming back upstairs only to find out they sent me to the wrong device. Hiding down in the datacenter racks right now.
|
# ? Sep 10, 2018 12:55 |
|
Krispy Wafer posted:Nothing like walking in on a Monday morning to the offshore team telling me to reboot a device in the datacenter, going down, realizing it’s in the high security cage, locating the device, double checking all my notes, rebooting it, coming back upstairs only to find out they sent me to the wrong device. You rebooted the correct server. They would also like you to reboot a second server.
|
# ? Sep 10, 2018 16:00 |
|
H110Hawk posted:You rebooted the correct server. They would also like you to reboot a second server. Keep rebooting until something stops alarming (or something else starts alarming).
|
# ? Sep 10, 2018 16:05 |
|
Krispy Wafer posted:Keep rebooting until something stops alarming (or something else starts alarming). 3rd reboot: the monitoring server
|
# ? Sep 10, 2018 16:09 |
|
Tell them to do it themselves with ipmi
|
# ? Sep 10, 2018 17:00 |
|
Methanar posted:Tell them to do it themselves with ipmi Didn't you read its the high security cage! Can't have people doing things willy-nilly with proper access control and logging, you send someone down there to hopefully push the button on hopefully the correct server!
|
# ? Sep 10, 2018 17:09 |
|
Something, something, arrange icons by penis.
|
# ? Sep 10, 2018 17:10 |
|
Internet Explorer posted:Something, something, arrange icons by penis. I somehow have an arrangebypenis program that I believe was written by some goon way back in 2010. I'd share it but, GnarlyCharlie4u fucked around with this message at 18:41 on Sep 10, 2018 |
# ? Sep 10, 2018 18:36 |
|
Blast from the past - https://www.youtube.com/watch?v=uRGljemfwUE
|
# ? Sep 10, 2018 19:08 |
|
GnarlyCharlie4u posted:I somehow have an arrangebypenis program that I believe was written by some goon way back in 2010. https://sourceforge.net/projects/arrangebypenis/
|
# ? Sep 10, 2018 19:08 |
|
yes! thank you.
|
# ? Sep 10, 2018 19:18 |
|
Oh good. This site is supposed to be all Torx drive M6 caged nuts and fasteners. In addition to the #2 philips floating around this is how one random rack is setup:
|
# ? Sep 10, 2018 19:44 |
|
Torx is a bit overkill for fixing stuff into racks, isn't it?
|
# ? Sep 10, 2018 20:14 |
|
Thanks Ants posted:Torx is a bit overkill for fixing stuff into racks, isn't it? Nope.
|
# ? Sep 10, 2018 20:30 |
|
H110Hawk posted:Nope. I was going to laugh at this, then I remembered the last time I did a lot of rack mounting (i.e. the physical task) and how little it took for the Phillips screws to strip. Granted, I think I prefer square to Torx, but yeah I don't disagree with this.
|
# ? Sep 10, 2018 20:36 |
|
I hate the Pozi bolts as well, but you can put so much force through a torx that I'd be concerned about people giving it the beans and damaging the equipment and/or stripping the threads out of the rack. When I racked a load of stuff a while ago I used hex head bolts, because people seem to always have allen keys, and they cam out before a torx would.
|
# ? Sep 10, 2018 20:44 |
|
Thanks Ants posted:I hate the Pozi bolts as well, but you can put so much force through a torx that I'd be concerned about people giving it the beans and damaging the equipment and/or stripping the threads out of the rack. That's why you use caged nuts and give people a slip clutch on the drill. I have nothing against posi, just I am having to slum it with a #3 philips because I don't have posi bits. I'm not even supposed to have philips bits. Super Soaker Party! posted:I was going to laugh at this, then I remembered the last time I did a lot of rack mounting (i.e. the physical task) and how little it took for the Phillips screws to strip. Or fall off the bit into the great beyond, or get overtorqued, or circle-bitted, or
|
# ? Sep 10, 2018 21:11 |
|
Just use a Phillips on those. Pozi is Japanese for Phillips.
|
# ? Sep 10, 2018 21:25 |
|
I haven't had an issue with the screws that have come with anything I have racked myself.
|
# ? Sep 10, 2018 21:45 |
|
|
# ? Jun 12, 2024 23:06 |
|
They're different heads and the reason every single one I am not the first person to get to is totally hosed up is because they are close enough that the wrong screwdriver works on them.
|
# ? Sep 10, 2018 21:45 |