|
Sepist posted:If you have enough APs and client support to disable 2.4 that's a good idea. Ideally you would :files: ekahau to do a predictive site survey and have some spare APs for post deployment active survey. Thanks--that seems like a solid strategy for channel usage. Dropping data rates I understand, but I was going to let the APs dynamically adjust transmit power. What's the purpose of these limits, to stop an AP from boosting power to keep a user leaving the coverage area connected? Not familiar with RX-SOP, but it looks like what I was trying to accomplish with dropping lower data rates. I'll have to check worst-case connectivity for our environment when we put the APs up, but definitely something to consider. Thanks!
|
# ? Dec 5, 2018 04:10 |
|
|
# ? May 25, 2024 22:41 |
|
Wizard of the Deep posted:You should quit being so awesome in your first few months, and save some of the miracles for right before your annual review. The trick is to keep a C-Level's offenses on the back-burner for review time. Let them stew as everything else gets exposed.
|
# ? Dec 5, 2018 07:51 |
|
The industry needs to work on a universally accepted email header entry that identifies the message as being sent from a helpdesk. Bonus points if it includes an HTTPS endpoint that the receiving mail server can POST to in the event of hitting a mailbox with an out-of-office set, rather than having to either parse the message and suspend the ticket until that date, or fill the timeline up with crap.
|
# ? Dec 5, 2018 12:19 |
|
Contingency posted:Thanks--that seems like a solid strategy for channel usage. Dropping data rates I understand, but I was going to let the APs dynamically adjust transmit power. What's the purpose of these limits, to stop an AP from boosting power to keep a user leaving the coverage area connected? Your audience (mobile devices) have nowhere near the transmit power of an AP. By keeping 5ghz down to 17dBm you're ensuring both the AP to client and client to AP communication continue to be bi-directional and if it exceeds that the client will roam appropriately.
|
# ? Dec 5, 2018 13:04 |
|
If you're using a Cisco WLC I'd let it do whatever it needs to automatically. Unless you're super high density and you've had a survey done with specific power settings, they should give you the settings they used and you can make a profile for that on the controller. I don't have the good links on me at the moment but there are loads of guides for the basic best config/best practices if you do some Googles. There's a couple of good ccie wireless blogs and a Cisco presentation on slide share.
|
# ? Dec 5, 2018 13:24 |
|
He really cant trust RRM to do everything automatically, there have been RRM bugs in every version of converged/unified wireless code. He definitely needs surveys since they have committed to a wireless office. I did mention that you can't just go and deploy all these settings without knowing what the RF landscape is
|
# ? Dec 5, 2018 14:19 |
|
Sepist posted:He really cant trust RRM to do everything automatically, there have been RRM bugs in every version of converged/unified wireless code. He definitely needs surveys since they have committed to a wireless office. I did mention that you can't just go and deploy all these settings without knowing what the RF landscape is This. Controllers can also only do so much, I had previously contracted for a client that had manufacturing in one part, a warehouse, offices & a storefront in the same facilities which as much as groups and profiles help can't rely on the controller to regulate. And the power level design advice is spot on. All environments are different. Warehouses will have different challenges than storefronts, office buildings etc. Building materials affect this as well. Brick walls vs drywall etc. Which ekahau is great for predictive modeling if you can import a cad drawing and know/fill in what the materials are made of can help.(still needs sanity checking by a person) but works very well. Scanners, phones, laptops or the "weakest link" device is what he should hopefully be designing for.
|
# ? Dec 5, 2018 14:39 |
|
At my last job, we had to relocate a series of WAPs which the previous IT team put in a virtual Faraday cage of warehouse racks for some reason.
|
# ? Dec 5, 2018 14:49 |
|
This Cisco live presentation has some funny AP deployment photos. As a bonus it includes a lot of great wifi info https://ciscolive.cisco.com/on-demand-library/?search=Wireless#/session/1506627285894001xvgc
|
# ? Dec 5, 2018 15:55 |
|
I know there is good reason to maintain old user accounts in AD in a separate OU, but is there a good reason to maintain old computers?
|
# ? Dec 5, 2018 17:00 |
|
Kashuno posted:I know there is good reason to maintain old user accounts in AD in a separate OU, but is there a good reason to maintain old computers? None
|
# ? Dec 5, 2018 17:01 |
|
Sickening posted:No admins with power to look gave a poo poo about the waste or simply did not look. Every single time the topic of disabling users/accounts comes up everyone squabbles about not understanding a thing about how the licensing/user system works, so they just end up churning more and more new accounts and leave everything as is (via a half finished script some ex-staff made time ago). So it gets treated like yet another mysterious tech monolith that everyone is scared to touch and just to leave it alone, seriously guys it's not that hard.
|
# ? Dec 5, 2018 17:02 |
|
Kashuno posted:I know there is good reason to maintain old user accounts in AD in a separate OU, but is there a good reason to maintain old computers? They're perfect for 5250 sessions.
|
# ? Dec 5, 2018 17:03 |
|
Sickening posted:None That's what I thought. I've kept them forever because when I started in IT my boss kept them because...I don't know? Probably because his boss before him kept them? Going through our AD to clean it out a bit and wondered if I was missing some super obvious use case.
|
# ? Dec 5, 2018 17:05 |
|
Kashuno posted:I know there is good reason to maintain old user accounts in AD in a separate OU, but is there a good reason to maintain old computers?
|
# ? Dec 5, 2018 17:36 |
|
MC Fruit Stripe posted:I still don't agree there's a good reason to maintain old user accounts! I'm inclined to agree with this. If there is some good edge case, I am yet to run into it.
|
# ? Dec 5, 2018 17:38 |
|
MC Fruit Stripe posted:I still don't agree there's a good reason to maintain old user accounts! Auditing/tracing. Say you have a breach 6 months after an employee leaves, and you have to trace their AD permissions, events in your SIEM, etc. You would just have a useless SID remaining and no way to tie that to an account. Always disable and keep old user accounts until your legal/security advises it's safe to get rid of. My old company we kept them 5 years as per regulations.
|
# ? Dec 5, 2018 17:41 |
|
CLAM DOWN posted:Auditing/tracing. Say you have a breach 6 months after an employee leaves, and you have to trace their AD permissions, events in your SIEM, etc. You would just have a useless SID remaining and no way to tie that to an account. Always disable and keep old user accounts until your legal/security advises it's safe to get rid of. My old company we kept them 5 years as per regulations. Just had a discussion about this with our security team yesterday. Our AD environment is 3/4 machines that haven't been seen for at least a month, 1/4 active machines.
|
# ? Dec 5, 2018 17:45 |
|
CLAM DOWN posted:Auditing/tracing. Say you have a breach 6 months after an employee leaves, and you have to trace their AD permissions, events in your SIEM, etc. You would just have a useless SID remaining and no way to tie that to an account. Always disable and keep old user accounts until your legal/security advises it's safe to get rid of. My old company we kept them 5 years as per regulations. I was assuming maintain to indicate 'keep active'. Disabling accounts is good.
|
# ? Dec 5, 2018 17:47 |
|
Oh yeah sorry, maintaining disabled accounts. People who leave are disabled and moved to an 'audit only' OU. Powershell good
|
# ? Dec 5, 2018 18:05 |
|
ChubbyThePhat posted:I was assuming maintain to indicate 'keep active'. Disabling accounts is good. Oh sorry, I possibly misunderstood too. The accounts I'm talking about keeping should definitely be disabled or you're hosed haha
|
# ? Dec 5, 2018 19:11 |
|
My org has a lot of seasonal/re-hired employees, so maintaining their disabled account ensures that all the AD-integrated services like our records management, financial, etc systems will all maintain full continuity of their activities.
|
# ? Dec 5, 2018 19:14 |
|
Man I miss working for small companies. I had to submit a security review in order to run a proof of concept of a product, but the security review required a financial feasibility study to be submitted which itself required a security review. Its security reviews all the way down. Security reviews take at least a month so I guess I can order the product in....march. lol
|
# ? Dec 5, 2018 20:22 |
|
My boss is worried our new director is pushing him out. I’m inclined to agree. We’re trying to hire a network admin with junior voice experience to help backfill and the director comes in wanting some guy he worked with who’s a manager and former system/network/security Superman. Dude would be bored as gently caress. Surprise, after the interview the requisition is changing into a senior network admin. Something ain’t right here and it kinda sucks.
|
# ? Dec 5, 2018 20:25 |
|
Kashuno posted:Quick sanity check: we have a Florida branch office. They have their only file server that has very little maintained on it, and most of what they do now is either cloud based via SharePoint or Teams, in a network drive in Boston, or based inside of our ERP which is in Boston anyway. Rather than having this office have it’s own physical infrastructure and servers I’m considering moving their small amount of files to our Boston office or even something cloud based (azure or AWS). Does that seem reasonable? Azure Files is pretty nice imho. Basically just can mount it as a network drive.
|
# ? Dec 5, 2018 20:57 |
|
CLAM DOWN posted:Auditing/tracing. Say you have a breach 6 months after an employee leaves, and you have to trace their AD permissions, events in your SIEM, etc. You would just have a useless SID remaining and no way to tie that to an account. Always disable and keep old user accounts until your legal/security advises it's safe to get rid of. My old company we kept them 5 years as per regulations. You can not take it as a given that the AD permissions for a disabled had not changed since the account was disabled. You can always restore the AD account from the last backup before it was deleted if you need to see what the permissions actually were when it was deleted.
|
# ? Dec 5, 2018 21:38 |
|
high six posted:Azure Files is pretty nice imho. Basically just can mount it as a network drive. Yeah I'm trying to migrate some of what we can to Azure as well. I know normally you don't migrate to the cloud to save money, but being able to remove all my infrastructure from a hurricane zone seems like it may save some money also?
|
# ? Dec 5, 2018 21:41 |
|
My company’s handed out awards this morning during a company wide meeting. None of the rewards were given to an employee under SVP in title despite it being advertised for everyone. Being a new employee this doesn’t paint a very good picture of the social awareness of the executive staff.
|
# ? Dec 6, 2018 14:48 |
|
Yikes yeah, it is not a good look for the org when it's like "wow everyone at the top is amazing and everyone below that is OK I guess"
|
# ? Dec 6, 2018 14:55 |
|
Kashuno posted:Yikes yeah, it is not a good look for the org when it's like "wow everyone at the top is amazing and everyone below that is OK I guess" Yes, it’s pretty bizarre. As if the 2nd highest paid employees in the company aren’t feeling valued enough.
|
# ? Dec 6, 2018 14:59 |
|
Yeah, the powershell script I wrote moves and disables the account after x amount of time of inactivity. No deletion. There was one thing that kinda hosed with it a couple of years ago. Since i used the whenchanged attribute turns out exchange uses the account even though it hasn't been logged in for 9 months. So for a while it didn't disable anyone. That was a fun one to find out.
|
# ? Dec 6, 2018 15:01 |
|
Sickening posted:Yes, it’s pretty bizarre. As if the 2nd highest paid employees in the company aren’t feeling valued enough. Yeah, having a public circle jerk among the execs seems amazingly tone deaf. How loving insecure are you that as an SVP you need a round of applause and an Amazon gift card or whatever for results your subordinates delivered in the first place? We do quarterly awards for various things and I can't think of a time one was given out above the line manager level, tops.
|
# ? Dec 6, 2018 16:19 |
|
Sepist posted:Man I miss working for small companies. Granted our boss has a lot of clout and will be cutting a lot of their control, I do yearn for the day of a small business where I can set things straight instead of being a peon.
|
# ? Dec 6, 2018 16:26 |
|
Super Slash posted:The mega media conglomerate we're a part of is having major problems at the moment (of which our side of the pond have been completely unscathed) and pretty much running around with their hair on fire throwing out hip fire solutions, one of their proposed solutions was to prevent the use of Powershell altogether. I live in a megacorp that has powershell disabled for all but the chosen few. They also dont like that I'm using PDQ in my backwater arm of the org because it "used to scan a PC to find out what software is installed and used to install new software on PCs" you can run powershell through PSEXEC dont tell them.
|
# ? Dec 6, 2018 16:50 |
|
I am currently going through our IT processes and trying to tighten things up and cut down on wasted time and I had an email question. Any one got any good recommendations for dealing with password protected attachments in emails? As a password protected file is encrypted our mail system can’t scan it for malicious content. We get a fair number of password protected PDF files and the like sent to us that our mail system can’t properly scan. The current work flow: Email is quarantined. Support guy checks with the user to find out the password for the attachment They open the attachment on isolated VM and scan it. They email an unencrypted version of the PDF through the mail system so it gets scanned (we use Mimecast for our mail filtering). Assuming there are no flags they release it. This process seems incurably time consuming for our support staff and I am not comfortable with them viewing these emails unless they have to. On the other hand I would rather not let attachments through unscanned as it effectively bypasses one layer of security. Just wondering how other people deal with this kind of thing.
|
# ? Dec 6, 2018 17:11 |
|
We are interviewing for a new director of our college division and apparently they have not been made aware of the fact that IT reports to them. Also they're now talking about putting the IT group under a different person who actually has a vested interest in IT affairs here at the college.
|
# ? Dec 6, 2018 18:36 |
|
I've been down at the main office this week. Theres way way too much god drat food. I actually can't eat as often as everyone else tries to. Help.
|
# ? Dec 6, 2018 20:05 |
|
Vargatron posted:We are interviewing for a new director of our college division and apparently they have not been made aware of the fact that IT reports to them. Hope this round of candidates all fall through and they can re-org before they hire your new Athletics Director, because higher ed leadership are literal toddlers who will throw a tantrum if anyone tries to touch their toys even if they didn't know they had them, how to use them, or any interest in managing them.
|
# ? Dec 6, 2018 20:06 |
|
Methanar posted:I've been down at the main office this week. Why isn't my office like this wtf
|
# ? Dec 6, 2018 20:08 |
|
|
# ? May 25, 2024 22:41 |
|
Kashuno posted:Yeah I'm trying to migrate some of what we can to Azure as well. I know normally you don't migrate to the cloud to save money, but being able to remove all my infrastructure from a hurricane zone seems like it may save some money also? Might want to look into Azure Site Recovery if you want to move entire VMs up to Azure. As long as you're careful and set it up correctly (Follow the documentation) it works pretty well. Can use it to either migrate entirely to Azure or set up DR so if Florida gets hit by a megastorm, can just run it in Azure temporarily until your offices aren't flooded anymore.
|
# ? Dec 6, 2018 21:01 |