|
BaseballPCHiker posted:I just got reamed out for Cisco not having a fix for a bug that they told us would take weeks to months to fix. I am glad I have never had one of those kind of meetings because it would be hard for me to hold back. You have just as much control of what cisco does as your boss, so your boss telling you that he is bringing someone else in is kind of insulting. I would understand more if this wasn't a known bug and you were trying to argue your case about it being an undocumented bug. Considering its already a known bug, you only have the option to deal with it, try to work around it, or loving wait. JFC
|
#
?
Jun 10, 2021 21:57
|
|
|
|
| # ? Jun 5, 2024 19:49 |
|
|
Sickening posted:I am glad I have never had one of those kind of meetings because it would be hard for me to hold back. You have just as much control of what cisco does as your boss, so your boss telling you that he is bringing someone else in is kind of insulting. I was fuming, and glad to be working remotely so no one saw my body language. Cisco flat out told us they have it roadmapped for their next interim code release which will be "weeks to months". There is literally nothing else for us to do! I am calling my boss tomorrow and attempting to convince her, someone who is always talks about efficiency, that this is a waste of my time, and the other persons she wants to bring in.
|
|
#
?
Jun 10, 2021 22:18
|
|
|
All you need is two numbers -- your company's market cap (A) and Cisco's market cap (B). If A !> say, 0.75B at a bare minimum, Cisco dgaf about your company, or how much you're "holding their feet to the fire". I mean, I know you know this but your boss probably has that dumb as donkey dick notion that the customer is always right. Of course, if you're the CTO for Amazon or something, disregard everything above and listen to your boss cause Cisco should be fellating you on the daily.
|
|
#
?
Jun 10, 2021 22:31
|
|
|
BaseballPCHiker posted:I just got reamed out for Cisco not having a fix for a bug that they told us would take weeks to months to fix. I have much experience with TAC , but it won’t get you anything. If you have all the time in the world you get your account team tagged in, and move the case to a sev 2. You’ll have to be online. If it requires development or BU then odds are you won’t reach a resolution then but you can keep the screws on - unless you’re the only person reporting the bug. TAC has become much worse in the last 6 months about responsiveness or producing satisfactory answers - best I can do now is juggle time zones and try to get someone in one where they want to try. Lately that hasn’t been TAC in RTP.
|
|
#
?
Jun 10, 2021 23:16
|
|
|
Also ask if development would be willing to share a nightly or friendly build for you to test. You could be inviting more pain for yourself with that but if you get them to share a test build maybe it gets you past yourself current issue.
|
|
#
?
Jun 10, 2021 23:17
|
|
|
Reading the above I'm so happy I no longer work at the MSP/VAR I used to be at. Half my day was spent babysitting TAC cases with Cisco/Aruba/Juniper/F5 and clients or their account managers would flip their poo poo if they hit a known bug with fix 5 months away in a new software version and no workaround. I can still feel my bloodpressure rise when I heard the word "escalate".
|
|
#
?
Jun 10, 2021 23:28
|
|
|
I keep telling my TAC and account contacts that I am okay if I get communications for something that isn’t business critical. Tell me they’re working on it, where it is in the log, etc . poo poo, at least tell me anything instead of radio silence for a week cause my agent is out of the office and they never said . Communication goes a long way. I understand I’m a little fish, just let me feel I’m still in the pond.
|
|
#
?
Jun 10, 2021 23:30
|
|
|
Wibla posted:Post one-on-one update: getting more support, re-established boundaries about communication, postponing other projects to get my stress levels down, so overall pretty good outcome Do you use Ignition or something else?
|
|
#
?
Jun 11, 2021 05:08
|
|
|
new client we took on with <60 users has Citrix infrastructure with 24 servers Twenty Four
|
|
#
?
Jun 11, 2021 14:25
|
|
|
joebuddah posted:Do you use Ignition or something else? Did you quote the right post there? 
|
|
#
?
Jun 11, 2021 14:38
|
|
|
Unexpected Raw Anime posted:new client we took on with <60 users has Citrix infrastructure with 24 servers what the gently caress I would love to hear more about this.
|
|
#
?
Jun 11, 2021 15:22
|
|
|
diremonk posted:This might be one of the last straws before I really don't care about this job and start actively looking for another. I dont know American labour law but you have to be allowed to take your leave here in UK (although, must fit around 'business needs' that lovely grey area...anyway). To me, that means if you are not available because you need to use your leave, then really it's your managers responsibility to cover something relatively trivial such as applying what sounds like a well known work around to some meeting equipment which shouldnt really be a big ask. If I was in your shoes, I'd be laying the groundwork by saying to your boss, I've tried to replace the faulty equipment to stop this from happening permanently, but finance said no, therefore, I've created a cheat sheet so if someone follows it they can sort this issue for their own meeting without any help, I also totally accept the C-Levels dont want to get their hands dirty so I've also trained the local admin who sits next door, so when I'm not around call admin and they know what to do - this is highlighted on the cheat sheet. (obviously adjust to suit your situation, e.g. no admins willing to learn to help? Tell your boss you need support in getting someone to take this on) Obviously, your boss sounds a bit crazy and might not be down for that - if that's the case that is probably the point where you can say to Boss^2 - I've tried to fully solve this issue by replacing parts but couldnt because of ~reasons~ - I've also advised of plan B so anyone can make the equipment work which i think is a sufficient contingency for the occasions when I'm not here. Given the processes I've put in place, I'd like to discuss with you, Boss^2 and Boss why my leave is being denied. I'd be slightly wary of any advice that suggests saying gently caress the employer, I'll take my leave without at least suggesting, in writing, a way your boss can get through the specific problem - without that I would anticipate a boss using that as leverage to say you being difficult by not helping - I mean, I am making the assumption here that your boss is not an IT/technical person where Boss^2 can just say 'erm boss, why is this drama at my door, you do it'
|
|
#
?
Jun 11, 2021 15:43
|
|
|
our cyber-insurance provider has informed us that we are now required to have 2fa on all user accounts. still trying to find out whether they mean all faculty & staff accounts (which we should have been doing already) or all accounts, period, including those of students as young as 3 (a bit much imo). anyway, i would like to take this opportunity to hassle my boss about fixing some long-standing issues in our environment. our current situation is that we have a password-protected excel spreadsheet with everyone's account passwords in it, and the password to this spreadsheet is known by my boss, me, and the two other techs. if we need to install or fix something on a user's machine we just look up their password and log in as them. my boss asked us to "brainstorm alternative solutions" and it seems obvious to me that we should just be using endpoint configuration manager to deploy apps, updates and policy changes remotely without needing to know the user's password or log into their profile ever. when i proposed this my boss seemed surprised and told me it had not occurred to her, which makes me worry that left to her own devices she's going to come up with some sort of even worse and more inefficient process than we already have in conclusion i am just wondering whether i have the right idea or if there's a better way of managing end user machines in an environment with universal 2fa. every time i have to spend hours clonezillaing kid laptops or manually updating faculty desktops my mind drifts wistfully to a radiant vision of the endpoint manager admin center and i think this might be an opportunity to make the benefits impossible to ignore. i'm also pretty stupid though and i have brainworms from working here for so long and i want to make sure i'm not barking up the wrong tree
|
|
#
?
Jun 11, 2021 16:32
|
|
|
Weedle posted:our cyber-insurance provider has informed us that we are now required to have 2fa on all user accounts. still trying to find out whether they mean all faculty & staff accounts (which we should have been doing already) or all accounts, period, including those of students as young as 3 (a bit much imo). anyway, i would like to take this opportunity to hassle my boss about fixing some long-standing issues in our environment. our current situation is that we have a password-protected excel spreadsheet with everyone's account passwords in it, and the password to this spreadsheet is known by my boss, me, and the two other techs. if we need to install or fix something on a user's machine we just look up their password and log in as them. my boss asked us to "brainstorm alternative solutions" and it seems obvious to me that we should just be using endpoint configuration manager to deploy apps, updates and policy changes remotely without needing to know the user's password or log into their profile ever. when i proposed this my boss seemed surprised and told me it had not occurred to her, which makes me worry that left to her own devices she's going to come up with some sort of even worse and more inefficient process than we already have Oh hey, I have quite a few clients like this, are you using travelers or someone else? At the moment what has satisfied the Traveler's requirements have been the following: 1) Admin access to servers be protected by 2FA 2) VPN/remote access protected by 2FA 3) O365 access protected by 2FA What this means in practice has been that we've used Duo +E1/E3+P1 licenses at non-cheap clients, so that Duo can be the 2FA for all 3; at cheap clients we've done Microsoft's built-in MFA for O365 and then Duo for the others. ----I believe E1/E3 are a requirement, I forget exactly how the microsoft licensing works, but you definitely need P1 to get the conditional access policies in O365 Also, yeah you should be using some sort of endpoint management, the above does not discount that! *edit* but yeah you should look at the rider on the insurance policy because that should lay it out fairly well and worst case you can probably setup a call with the carrier to get it figured out. MF_James fucked around with this message at 16:43 on Jun 11, 2021 |
|
#
?
Jun 11, 2021 16:41
|
|
|
Oof. Yes, you are on the right track. Get rid of that password spreadsheet right away and make everyone change their passwords. No one should know someone else's password, not IT, no one. And it sure as poo poo should not be in a spreadsheet. You're right that you'll need to adjust your policies and procedures around that topic. It will certainly take some effort, but how you are saying things are today is absolutely against best practices for a whole host of reasons. I agree that MFA for 3 year old kids may be a bit much and the proper answer may be to limit their accounts to almost nothing and require a parent/guardian to approve whatever changes they need with their own MFAed account.
|
|
#
?
Jun 11, 2021 16:41
|
|
|
BaseballPCHiker posted:I was fuming, and glad to be working remotely so no one saw my body language. Cisco flat out told us they have it roadmapped for their next interim code release which will be "weeks to months". There is literally nothing else for us to do! This is the sort of situation where I'd try the "do nothing and see if the other person forgets" approach, though I don't know what your boss is like when they get into an I Can Add Value Here mode.
|
|
#
?
Jun 11, 2021 16:57
|
|
|
If you have to log in as the user to install software on the system, sounds like your users also have local admin on their machines, yikes
|
|
#
?
Jun 11, 2021 21:21
|
|
|
Weedle posted:our cyber-insurance provider has informed us that we are now required to have 2fa on all user accounts. still trying to find out whether they mean all faculty & staff accounts (which we should have been doing already) or all accounts, period, including those of students as young as 3 (a bit much imo). anyway, i would like to take this opportunity to hassle my boss about fixing some long-standing issues in You can attach yubikeys to children via bracelet or necklace. It'll keep them secure. They can also securely reuse the same yubikey for U2F/FIDO elsewhere
|
|
#
?
Jun 11, 2021 22:38
|
|
|
Just whitelist your network for students so they don't get an MFA prompt, I'm assuming these 3 year olds aren't home workers.
|
|
#
?
Jun 11, 2021 22:43
|
|
|
Biowarfare posted:You can attach yubikeys to children via bracelet or necklace. It'll keep them secure. They can also securely reuse the same yubikey for U2F/FIDO elsewhere Lmao is this a real post
|
|
#
?
Jun 11, 2021 22:56
|
|
Cat Army
|
I thought we were just implanting this poo poo in children at this point.
|
|
#
?
Jun 11, 2021 23:09
|
|
|
thank you for the responses, it helps me feel like i'm not the crazy one for thinking this is importantMF_James posted:Oh hey, I have quite a few clients like this, are you using travelers or someone else? i actually don't know who the insurance provider is and it turns out the only person who does has left for the day. i guess she just sort of breezed by my boss and let her know of this significant new expectation with no other details. i would definitely categorize us as a "cheap" organization, and our servers are also windows and nobody uses a vpn, so hopefully the microsoft authenticator will be all anyone needs to clarify, accounts with admin access are already 2fa'ed and have been for a while. we're not completely hopeless, just almost Internet Explorer posted:Oof. Yes, you are on the right track. Get rid of that password spreadsheet right away and make everyone change their passwords. No one should know someone else's password, not IT, no one. And it sure as poo poo should not be in a spreadsheet. Thanks Ants posted:Just whitelist your network for students so they don't get an MFA prompt, I'm assuming these 3 year olds aren't home workers. over the past year they actually were at times due to covid. if their class had to be quarantined or something they did daily zoom calls instead. my kid was in one of those classes and he loved it, he was bummed out whenever we had to stay home but loved seeing his friends and teachers on teams. i didn't know disabling mfa for just the campus network was an option but if it's insurance-compliant that would be a huge help. i was actually half-considering handing a ring of yubikeys to every homeroom teacher. "lol" klosterdev posted:If you have to log in as the user to install software on the system, sounds like your users also have local admin on their machines, yikes they mostly don't, but i still have to log in for some stuff that has to be installed per-profile, like teams for example. ms offers a "teams machine-wide installer" msi that will automatically install teams on the first login, but as far as i can tell you have to use configmgr to keep the msi updated, and for as long as i've been here we have never had sccm in a usable state, and if the msi isn't updated, you have to just manually reinstall teams on the profile anyway to make it keep working (it won't let you connect without updating if the build is too old) we also have lots of 365 credential problems with locally-installed office apps. they will demand re-authentication to open a onedrive doc or connect to exchange or whatever but either won't give you the password dialog or just asks again after you enter it. it's worse on 2019/click-to-run so most folks are still on 2016. i mention this because one of the reasons i log in as the user is to authenticate all their 365 apps and make sure their credentials work because there's a not-insignificant chance something won't
|
|
#
?
Jun 11, 2021 23:15
|
|
|
I have a Yubikey 4 and it doesn't work with fricken anything lmao. Windows Hello is janky, Chrome is janky, I don't think Firefox implemented it yet, MacOS supported it until they didn't, Veracrypt doesn't have a plugin for it at all. Waste of 40bux.
|
|
#
?
Jun 11, 2021 23:18
|
|
|
Thanks Ants posted:Just whitelist your network for students so they don't get an MFA prompt, I'm assuming these 3 year olds aren't home workers. Well you do give them home work
|
|
#
?
Jun 11, 2021 23:25
|
|
|
Weedle posted:they mostly don't, but i still have to log in for some stuff that has to be installed per-profile, like teams for example. ms offers a "teams machine-wide installer" msi that will automatically install teams on the first login, but as far as i can tell you have to use configmgr to keep the msi updated, and for as long as i've been here we have never had sccm in a usable state, and if the msi isn't updated, you have to just manually reinstall teams on the profile anyway to make it keep working (it won't let you connect without updating if the build is too old) If you're running AD and the laptops all at least occasionally connect to the organization's network you can probably solve a lot of the mass-configuration issues with GPOs. Anything that's an MSI, including the mass Teams installer you can deploy in a managed context (every 60-90 days change the MSI package then "Redeploy application") and you can install a lot of other software with batch scripts or PowerShell, eg for Office 2019 code:
|
|
#
?
Jun 11, 2021 23:43
|
|
|
This is the kind of problem that PDW was tailor made to solve. It kind of falls short in today’s primarily remote workplace but is still quite powerful when you have reliably on premise clients.
|
|
#
?
Jun 11, 2021 23:47
|
|
|
Confluence is loving garbage.
|
|
#
?
Jun 12, 2021 00:16
|
|
|
MustardFacial posted:Confluence is loving garbage. Yep. Good thing they stopped letting us have a small lovely fire in our networks and instead we would have to pay for an intense massive tire fire in their cloud so we just stopped using them.
|
|
#
?
Jun 12, 2021 00:26
|
|
|
klosterdev posted:If you're running AD and the laptops all at least occasionally connect to the organization's network you can probably solve a lot of the mass-configuration issues with GPOs. Anything that's an MSI, including the mass Teams installer you can deploy in a managed context (every 60-90 days change the MSI package then "Redeploy application") and you can install a lot of other software with batch scripts or PowerShell, eg for Office 2019 would that ‘twere so simple. i first became aware of these problems like five years ago when i started looking into group policy to automate brain-dead stuff like creating web app shortcuts. it turns out that whatever mechanism by which AD deploys GPOs is hosed up to the point of nonfunctionality. i don’t know how this happened and have no visibility into our server (not that i’d be able to identify the problem if i did), but the impression i’ve gotten is that it stopped working and fixing it was going to be a huge hassle, so it never got fixed and the workarounds became the accepted process
|
|
#
?
Jun 12, 2021 00:54
|
|
|
skooma512 posted:I have a Yubikey 4 and it doesn't work with fricken anything lmao. Windows Hello is janky, Chrome is janky, I don't think Firefox implemented it yet, MacOS supported it until they didn't, Veracrypt doesn't have a plugin for it at all. ummmm I've been trying to sell Yubikeys for replacing passwords to my boss for a while now, so, uh, is this the case for all Yubikeys or just the 4 series? Has anyone actually gone the Google route and replaced passwords with Yubikeys or equivalent, and if not Yubikeys, what was the token you used?
|
|
#
?
Jun 12, 2021 01:34
|
|
|
Hardware tokens are usually additional, not the only factor
|
|
#
?
Jun 12, 2021 01:49
|
|
|
What's better than Confluence?
|
|
#
?
Jun 12, 2021 02:23
|
|
|
Sharepoint
|
|
#
?
Jun 12, 2021 02:29
|
|
|
Internet Explorer posted:What's better than Confluence? Screaming into the void.
|
|
#
?
Jun 12, 2021 02:44
|
|
|
Mediawiki
|
|
#
?
Jun 12, 2021 04:06
|
|
|
The Fool posted:Sharepoint Biowarfare posted:Mediawiki lol stop trolling me
|
|
#
?
Jun 12, 2021 04:55
|
|
|
more people use mediawiki than any other wiki semi seriously it's not terrible, albeit php, but it doesn't cost $stupid/month/user, doesn't randomly get the pricing rug pulled out from under you like atlassian, has excellent caching, pages that load in milliseconds and not whatever abomination of a speed sharepoint does
|
|
#
?
Jun 12, 2021 05:20
|
|
|
Updating mediawiki sucks, you end up having to do each point release in sequence because the migration scripts can't handle large jumps and there's know way to know which ones you can or can't skip.
|
|
#
?
Jun 12, 2021 08:14
|
|
|
i was going to make a comment about staying extremely up to date every time a new release appears with any web based php application but then i remember the amount of companies using java 6 to 8
|
|
#
?
Jun 12, 2021 08:22
|
|
|
|
| # ? Jun 5, 2024 19:49 |
|
|
SyNack Sassimov posted:ummmm Cause the four series is obsolete and yubikey don’t get firmware updates to avoid possible compromise by software. I got a 5ci and everything works smooth as butter (beside the touch confirm as the ci variant touch points are a bit cramped to fit both connectors).
|
|
#
?
Jun 12, 2021 13:27
|
|
