|
Bob Morales posted:Todays dumb decision...we want to allow computers on the guest network to connect to domain servers for intranet, RMM, and AV. At that point, isn't it easier to point out they basically have access to internal stuff so why not just put them on the LAN? I know it's ridiculous, which is why I am asking in that way. I had that conversation with someone once at a previous job and it managed to light the bulb for them that it was a terrible idea.
|
# ? Feb 8, 2021 18:53 |
|
|
# ? May 29, 2024 12:16 |
|
Yeah, that's beyond dumb. The real solution is getting your intranet, RMM, and AV working off the LAN because it's the year 2021 and what the gently caress
|
# ? Feb 8, 2021 19:07 |
|
Treat the guest network like any other non-corporate network and use something like DirectAccess if clients need to use services hosted internally.
|
# ? Feb 8, 2021 19:08 |
|
Internet Explorer posted:Yeah, that's beyond dumb. The real solution is getting your intranet, RMM, and AV working off the LAN because it's the year 2021 and what the gently caress That costs money so that's not going to happen until the subscriptions etc expire.
|
# ? Feb 8, 2021 19:33 |
|
Bob Morales posted:That costs money so that's not going to happen until the subscriptions etc expire. Then the answer is "sorry, our current products do not support that." You deal with mental healthcare poo poo. It's a serious security hole. Just tell them to gently caress off.
|
# ? Feb 8, 2021 19:58 |
|
Internet Explorer posted:Just tell them to gently caress off.
|
# ? Feb 8, 2021 20:36 |
|
Does anything go to poo poo faster than poorly documented ACL rules on L3 switches? Most of these hosts aren't even around, external IP's are from like 5 ISP's ago.... "Can do we just do this on the firewall....pleeeeaaase?"
|
# ? Feb 8, 2021 20:37 |
|
The problem with L3 switch ACLs is they might not be stateful, so you're now in the position of having to open a load of ephemeral ports from your LAN to your guest network.
|
# ? Feb 8, 2021 20:47 |
|
Thanks Ants posted:The problem with L3 switch ACLs is they might not be stateful, so you're now in the position of having to open a load of ephemeral ports from your LAN to your guest network. It looks like at one point in time they were plugging an ISP straight into the core switch and using it to do all the heavy lifting. Then we have a doctor who basically has our office inside our building, we give him internet so he's off on his own little vlan, and then a bunch of other poo poo that nobody knows what. Oh and then a bunch of guest IP address that we let just go on our network at some point in time. 95% of this poo poo doesn't even apply anymore. rule 50 permit ip source 172.27.130.43 0 destination 172.27.0.0 0.0.255.255 rule 60 permit ip source 172.27.130.44 0 destination 172.27.0.0 0.0.255.255 rule 70 permit ip source 172.27.130.56 0 destination 172.27.0.0 0.0.255.255 rule 80 permit ip source 172.27.130.45 0 destination 172.27.0.0 0.0.255.255 rule 100 permit tcp source 172.27.130.0 0.0.0.255 destination 172.27.18.29 0 destination-port eq 443
|
# ? Feb 8, 2021 20:54 |
|
Why is this an eye-roll? Do you not have any semblance of an infosec / risk management group? Are mental health patients not entitled to having their data secured in a relatively competent manner? Do you not have a mouth in which to speak? Or are you simply a machine that does poo poo tasks and makes poo poo posts?
|
# ? Feb 8, 2021 21:32 |
|
|
# ? Feb 8, 2021 22:06 |
|
e: nm. I'm not going to voluntarily get involved in this Yeah, that's a better attitude.
|
# ? Feb 9, 2021 03:29 |
|
SlowBloke posted:Use the occasion to set up a power automate flow to create a user and provision licenses(if it doesn't exist yet) from a microsoft forms page and stop caring? Good tip, but that doesn't address the problem of them just not giving a heads-up when people start. In this case, the user didn't even have a machine to read the mail on. Foxtrot_13 posted:As per SLAs there account will be created within 3-5 working days. If you need it quicker then it will be overtime on our part, what is your cost center so we can charge the OT to your budget? I agree that's how it should work but this a SME: no cost centers, no oversight, no planning, no care for procedures. Which is why I and resigned last week. This was just another confirmation they'll never change so I'll make the change I can control (getting the gently caress out).
|
# ? Feb 9, 2021 09:02 |
|
sixth and maimed posted:Good tip, but that doesn't address the problem of them just not giving a heads-up when people start. In this case, the user didn't even have a machine to read the mail on. Our next set of laptops are going to be 100% hands off autopilot so technically the laptop delivery could be delegated to the hr dept. Try offloading every step of on boarding to machines or other depts if you can. Our current policy for “no heads up” is having the user watch teams and outlook over the web with their phone/tablet/ laptop until the machines are purchased/enrolled in autopilot. SlowBloke fucked around with this message at 11:02 on Feb 9, 2021 |
# ? Feb 9, 2021 10:59 |
|
quote:We seem to be missing our laptop chargers from the geriatric unit for about 2 weeks now (no idea where they went). We have the laptops but just no chargers. Could we get replacements? I think we need to label them this time around so we don’t lose them. Doctors like...repel laptops or something.
|
# ? Feb 9, 2021 13:43 |
|
Bob Morales posted:Doctors like...repel laptops or something. My doctors love stealing dictation microphones. Like we probably have close to 100 of them around the hospital on various stations but we get tickets once or twice a week about missing mics.
|
# ? Feb 9, 2021 14:38 |
|
mattfl posted:My doctors love stealing dictation microphones. Like we probably have close to 100 of them around the hospital on various stations but we get tickets once or twice a week about missing mics. Given the quality of dictation in genral, they're probably eating them and don't want to fess up.
|
# ? Feb 9, 2021 15:02 |
|
Internet Explorer posted:Do you not have a mouth in which to speak? Or are you simply a machine that does poo poo tasks and makes poo poo posts? I have no mouth and I must post.
|
# ? Feb 9, 2021 16:01 |
|
One of the best things I did at my last job was build automation that toed the HR system to active directory. That way when HR set a new employee up, their accounts got automatically created and tickets were automatically generated for other onboarding tasks like laptop deployment. Did not stop some managers from constantly asking for next day or same day setups, but being able to tell that if they’re not in the hr system there was nothing I could do felt really good.
|
# ? Feb 9, 2021 16:24 |
|
https://www.wired.com/story/oldsmar-florida-water-utility-hack/ Why is this poo poo not loving air-gapped!?
|
# ? Feb 9, 2021 16:36 |
|
The Fool posted:One of the best things I did at my last job was build automation that toed the HR system to active directory. That way when HR set a new employee up, their accounts got automatically created and tickets were automatically generated for other onboarding tasks like laptop deployment. In our case, HR doesn't know which employees get computers or not. So we get an email like so: "The new nurse practitioner is in xxxxx, she needs a computer"
|
# ? Feb 9, 2021 16:48 |
|
Rorac posted:https://www.wired.com/story/oldsmar-florida-water-utility-hack/ Look, that would involve hiring people, and that means tax money. Why should we spend tax money protecting systems that nobody is ever going to hack? Better to cut more; we want a government small enough to drown in a bathtub.
|
# ? Feb 9, 2021 17:08 |
|
Bob Morales posted:In our case, HR doesn't know which employees get computers or not. HR doesn’t need to know The point is that you have an automated way for IT to get notified when someone is hired, and are not relying on the courtesy of hr or the hiring manager
|
# ? Feb 9, 2021 17:12 |
|
Meanwhile, my township doesn't even take electronic payments for water bills. So this means when you do a billpay from your bank, they have to print the checks and mail them, and because USPS is so delayed right now, you get a late payment notice on your bill! FUNNY HOW THE BILL GOT TO US ON TIME THOUGH
|
# ? Feb 9, 2021 17:13 |
|
The Fool posted:HR doesn’t need to know That doesn't make any sense. We get notified when someone is hired. We get a spreadsheet every week. We just don't know who gets a user account, laptop, phone, desk phone, desktop, email...HR has to tell us that, along with giving that person keys, a badge, whatever else they need.
|
# ? Feb 9, 2021 17:17 |
Rorac posted:https://www.wired.com/story/oldsmar-florida-water-utility-hack/ I dunno but after reading I bet this isn’t even a ‘hack’ as much as it is a disgruntled employee or a lie to cover incompetence.
|
|
# ? Feb 9, 2021 17:19 |
|
Pissing me off: It took a week to get the Cisco Ironport tech to agree to collaborate with a Microsoft 365 tech. It took another week to get the Microsoft 365 tech to agree to collaborate with the Cisco Ironport tech. Now I'm learning can't hold a remote meeting together to view the same problem because the Cisco tech is only allowed to use WebEx and the Microsoft 365 tech is only allowed to use Teams. Jesus loving Christ I just want to know why whenever we send a Cisco secure email to a mix of internal and external users, sometimes but not always the attachment shows up in the secure email as winmail.dat getting them to work together shouldn't take weeks of pushing and software barriers
|
# ? Feb 9, 2021 17:41 |
|
Bob Morales posted:That doesn't make any sense. HR decides who gets which IT resources? The gently caress?
|
# ? Feb 9, 2021 17:43 |
|
Yeah, that should be a conversation between the hiring manager and IT, HR doesn’t need to be a part of that. If you’re getting new hires from HR part of your process should be to make sure you’re coordinating the employees onboarding with their hiring manager, not waiting on anyone to deign to give you the information.
|
# ? Feb 9, 2021 17:59 |
|
dragonshardz posted:HR decides who gets which IT resources? The gently caress? The hiring manager would tell them. Same goes for pay, hours etc.
|
# ? Feb 9, 2021 18:15 |
|
You should be talking to the hiring manager as well, don’t rely on hr
|
# ? Feb 9, 2021 18:21 |
|
klosterdev posted:Pissing me off: It took a week to get the Cisco Ironport tech to agree to collaborate with a Microsoft 365 tech. It took another week to get the Microsoft 365 tech to agree to collaborate with the Cisco Ironport tech. Now I'm learning can't hold a remote meeting together to view the same problem because the Cisco tech is only allowed to use WebEx and the Microsoft 365 tech is only allowed to use Teams. Lol how do they have meetings with customers that don't use their lovely conference system?
|
# ? Feb 9, 2021 18:22 |
|
klosterdev posted:Pissing me off: It took a week to get the Cisco Ironport tech to agree to collaborate with a Microsoft 365 tech. It took another week to get the Microsoft 365 tech to agree to collaborate with the Cisco Ironport tech. Now I'm learning can't hold a remote meeting together to view the same problem because the Cisco tech is only allowed to use WebEx and the Microsoft 365 tech is only allowed to use Teams. Pissing me off: I have a meeting that's at 9:30am on Tuesdays. 9:30am is my start time, and people from the East Coast a) are inevitably morning people and b) as much as they may claim otherwise, do not understand how time zones work. Two weeks ago, the vendor who controls the meeting cancelled it at about 8:30am, so I'm logged in early to get prepped for a meeting that is cancelled. I send her an email "hey, this is my start time, and I get up early for this; if you're going to cancel this meeting, please do it on Monday, and don't wait until Tuesday morning." We have a back-and-forth where she thinks I'm trying to get it rescheduled, but I'm not asking her to go through the rigmarole of working through everyone's schedule again, just... if you're going to cancel it, let me know early enough that I don't set my alarm. Like, just some basic loving consideration. And then this morning at 9:25am she cancelled the meeting, so I just declined next week's, guess it must not be that important. Not pissing me off: Next week is my last week here, so I don't give a fuuuuuuuuuuuuuuuuuuuuuck.
|
# ? Feb 9, 2021 18:40 |
|
Rorac posted:https://www.wired.com/story/oldsmar-florida-water-utility-hack/ It probably was originally, and then some one-man computer toucher armed with five years on Spiceworks decides to become a consultant in how to work remotely.
|
# ? Feb 9, 2021 18:42 |
|
The Fool posted:You should be talking to the hiring manager as well, don’t rely on hr No, it's unsolvable. You don't understand.
|
# ? Feb 9, 2021 18:44 |
|
klosterdev posted:Jesus loving Christ I just want to know why whenever we send a Cisco secure email to a mix of internal and external users, sometimes but not always the attachment shows up in the secure email as winmail.dat getting them to work together shouldn't take weeks of pushing and software barriers Try this https://support.microsoft.com/en-us...72-91c5867afc11 Here's me working on a similar problem last year Thanks Ants posted:I have a corporate domain in an Office 365 tenant but we aren't using Exchange Online for email, a small team wants a domain adding to that tenant and they do want to use Exchange Online (as it's linked to using Teams for meetings with a certain set of clients). Is there any way to tell Office 365 that the corporate email needs to be sent over to Gmail, or is it always going to try delivering internally if the domain exists on the tenant? Thanks Ants fucked around with this message at 18:49 on Feb 9, 2021 |
# ? Feb 9, 2021 18:44 |
|
klosterdev posted:Jesus loving Christ I just want to know why whenever we send a Cisco secure email to a mix of internal and external users, sometimes but not always the attachment shows up in the secure email as winmail.dat getting them to work together shouldn't take weeks of pushing and software barriers Holy gently caress, Winmail.dat is still a problem in TYOL 2021
|
# ? Feb 9, 2021 19:10 |
|
The Fool posted:You should be talking to the hiring manager as well, don’t rely on hr We don't even get that information from HR. The way it works here is HR fills out a form saying what accounts they need. If they need hardware whether it's a phone, computer, cell phone, various badges... We give them what they ask for. It's not IT's job to figure out what an employee needs.
|
# ? Feb 9, 2021 19:10 |
|
Lum posted:Holy gently caress, Winmail.dat is still a problem in TYOL 2021 TNEF! I have a rule in Exchange to disable that on iCloud accounts.
|
# ? Feb 9, 2021 19:12 |
|
|
# ? May 29, 2024 12:16 |
|
Thing pissing me off: people who are a part of an obviously broken system and actively fight against fixing it
|
# ? Feb 9, 2021 19:14 |