|
That’s honestly the best you can hope for with an MSP.
|
# ? Aug 7, 2021 05:41 |
|
|
# ? May 18, 2024 03:10 |
|
Yeah, 50% working passwords? That’s a goldmine.
|
# ? Aug 10, 2021 20:04 |
|
I was internal IT for a small place where I wanted to leave and I advocated for having an MSP come take over. I handed them over a good 400+ passwords, detailed documentation, etc. Part of my criteria for helping hand off was that they had to change all of the passwords before my last day. I think they thought I was joking at first and then sheer dread set in. I've done work in the MSP world and I know that if I hadn't sat there and watched them do it, those passwords never would have been changed.
|
# ? Aug 10, 2021 20:14 |
|
I was working someplace where the internal IT lead got fired, and the msp changed her password, but not the password for the service account that they all (including the internal fired person) used for all their day-to-day dom admin level actions. So for like two weeks after the person got fired she still theoretically had dom admin. insane. "was that account accessible from the outside" what do you think
|
# ? Aug 11, 2021 01:26 |
|
wanna be clear it wasn't my MSP that hosed up when it's me I just change the password without writing it down. social-engineering proof.
|
# ? Aug 11, 2021 01:26 |
|
Internet Explorer posted:I was internal IT for a small place where I wanted to leave and I advocated for having an MSP come take over. I handed them over a good 400+ passwords, detailed documentation, etc. Part of my criteria for helping hand off was that they had to change all of the passwords before my last day. I think they thought I was joking at first and then sheer dread set in. I've done work in the MSP world and I know that if I hadn't sat there and watched them do it, those passwords never would have been changed. So did that company just not use any domain accounts whatsoever? How were there 400+ passwords to change?
|
# ? Aug 11, 2021 02:20 |
|
Lots of online services, service accounts, etc. It's pretty much on par with any other similarly sized company I've been at.
|
# ? Aug 11, 2021 02:59 |
|
I was going to say 400 seemed a lot, but the last place I was at that had reasonably active IT definitely had 250+ in the admin vault, so actually that seems only a little above par.
|
# ? Aug 11, 2021 04:46 |
|
It was also a few years ago, so my memory might be a bit fuzzy. Could have been closer to 300. I feel like the actual number isn't that important and if you're talking about all of the IT services for an entire company, that number can get up there pretty easily. At my new job I went through a OneNote that was used by 3 engineers over a few years and copied them into a password manager and I hit about 300. And that's only one department under the larger IT umbrella, and only for a few engineers. Lots and lots of passwords missing.
|
# ? Aug 11, 2021 05:32 |
|
Why in the gently caress is upgrading firmware on Dell OS10 switches such a loving ordeal? Three weeks in and I still can't download the image.
|
# ? Aug 11, 2021 09:10 |
|
I really like zoho assist. But is there an alternative that will help me remote assist chromebook users? I always end up having to steer them to a windows machine somewhere. I'm not worried about being able to make admin changes on those machines but we have a phone process that requires some fairly simple programming of of our phones that is best done in the user's home network but it requires editing the DSS keys and I'd just prefer to do that for someone who's scared of entering an IP address into their browser to begin with.
Rick fucked around with this message at 09:36 on Aug 11, 2021 |
# ? Aug 11, 2021 09:33 |
|
Rick posted:I really like zoho assist. But is there an alternative that will help me remote assist chromebook users? I always end up having to steer them to a windows machine somewhere. I'm not worried about being able to make admin changes on those machines but we have a phone process that requires some fairly simple programming of of our phones that is best done in the user's home network but it requires editing the DSS keys and I'd just prefer to do that for someone who's scared of entering an IP address into their browser to begin with. Chrome Remote Desktop?
|
# ? Aug 11, 2021 14:38 |
|
bolind posted:Why in the gently caress is upgrading firmware on Dell OS10 switches such a loving ordeal? I’m having this problem with UNIFI.
|
# ? Aug 11, 2021 16:24 |
|
Dell support is loving garbage. Got the run around between four different countries. I just want a firmware upgrade for my loving switch. Highlights:
gently caress you, Dell.
|
# ? Aug 13, 2021 12:05 |
|
GreatGreen posted:Chrome Remote Desktop? Oh yeah, I forgot about this. Is this as easy as click and join because Zoho has now failed for two users who thought having to go to the play store to add something was a pain in the rear end.
|
# ? Aug 13, 2021 20:28 |
|
bolind posted:Dell support is loving garbage. Got the run around between four different countries. I just want a firmware upgrade for my loving switch. Why are you talking to support? Just go to their support website and punch in the service tag. It'll let you download all of the firmware updates you want
|
# ? Aug 13, 2021 23:02 |
|
Rick posted:Oh yeah, I forgot about this. I believe it requires an installer but after that, you just log into the remote desktop website with the associated account and the page will simply present you with a list of all the associated desktops that account can access. Click computer name, enter PIN, and off you go. The tech is really good too. if you go fullscreen and your monitor matches the resolution of the source monitor, you get a sharp, 1:1 pixel representation of the source monitor with no blurring or anti-aliasing.
|
# ? Aug 14, 2021 02:34 |
|
MustardFacial posted:Why are you talking to support? Just go to their support website and punch in the service tag. It'll let you download all of the firmware updates you want Usually, yes, but this switch runs OS10, which is locked inside Dell Digital Locker. I think the problem is that the switch was formally not sold to us, but to our vendor, and that has not been fully corrected yet. It kinda shows up on our account, but nowhere to download firmware. Edit: PM'ed you the service tag, would love to be proven wrong.
|
# ? Aug 14, 2021 07:41 |
|
Yeah. The Dell digital locker for Force10 switches is bullshit. But if you don't have access to it, that's an account manager problem, not support.
|
# ? Aug 14, 2021 16:22 |
|
bolind posted:Usually, yes, but this switch runs OS10, which is locked inside Dell Digital Locker. I tried grabbing it with my Dell Digital Locker account but it wouldn't show up. Now whether that's because the switch doesn't actually belong to me is another matter. Ping your Dell account rep.
|
# ? Aug 16, 2021 22:18 |
|
MustardFacial posted:I tried grabbing it with my Dell Digital Locker account but it wouldn't show up. Now whether that's because the switch doesn't actually belong to me is another matter. Ping your Dell account rep. Thanks for the effort. I've finally managed to raise enough of a stink with the vendor to agitate the chain of like 6 persons to actually do something other than email the next, and I have hopes something's happening. What's so loving secret about OS10 that they can't just make it available for download.
|
# ? Aug 18, 2021 10:31 |
|
Got the firmware! (After having my vendor yell at Dell Customer Care.) It's a 752MB tar file. It should be noted that it upgraded real nice.
|
# ? Aug 19, 2021 12:34 |
|
What do non-MSP people use for endpoint management? Can you do basically everything with Intune (I mean Endpoint Manager) + some sort of screen sharing? 100 users, all-Windows 10, 100% remote environment. Is it worth it for them to look at something like ninjarmm, n-able, kaseya (lol probably can get at discount now)... or nah?
|
# ? Aug 19, 2021 13:23 |
|
No. Do it all with Intune. As long as you adapt your management to fit the MDM-style of doing things then you'll be fine. You can import Chrome ADMX templates now and I think that works for pretty much everything. As long as you're not trying to map drives (who cares, everybody is remote) or force a company wallpaper then Intune is pretty capable. Shift your licensing to M365 Business Premium and you get everything you need for a 100-seat org., with an easy upgrade path to M365 Enterprise if you need the compliance features. The only thing you might want to bring in from a 3rd party is a remote assistance type application that can get through UAC prompts.
|
# ? Aug 19, 2021 13:28 |
|
Blessed. I love it when it's that easy!
|
# ? Aug 19, 2021 15:53 |
|
The only time I might be inclined to try and do always-on VPN with Group Policy for remote workers is if the laptops I'm handing out need to be locked down heavily or they are going to people who will phone the helpdesk if the Outlook icon moves, maybe if you have people doing inbound call handling from home or something. Though in those sort of cases doing remote desktops is probably better as they are more suited to keeping everything identical across the entire user base.
|
# ? Aug 19, 2021 15:57 |
|
intune, jamf, im still iffy on recommending nix configuration management tools as much as I love sccm I wanna turn it off by 2025 Potato Salad fucked around with this message at 20:23 on Aug 19, 2021 |
# ? Aug 19, 2021 20:21 |
|
I'm a man of many hats here, being a small-medium-ish sized operation. That involves handling amazon orders on top of IT and everything else. We got some new credit cards because the old ones were compromised (keep reading). I needed to get the info to add to the amazon account, so I was told to ask this certain person who would get it from the finance director. HE EMAILED THE CC NUMBER. SECURITY CODE ON THE BACK AND ALL We got a really nice work environment here, lot of young people, most people have a good attitude. Meanwhile this guy's staff is ready to mutiny, his emails are a grammatical calamity, and now he is emailing CC info in broad day. Oy vey
|
# ? Aug 31, 2021 11:55 |
|
We have a rule in O365 that blocks all emails with cc numbers because that kept happening.
|
# ? Aug 31, 2021 16:42 |
|
codo27 posted:I'm a man of many hats here, being a small-medium-ish sized operation. That involves handling amazon orders on top of IT and everything else. This actually brings up a good question. How do most people share confidential information within an organization? My usual go to is https://transfer.pw/ but even though it's better than just sending that info in plain text through an email, I'm still iffy on the idea of just pumping that info into a webform and trusting them that it's going to get deleted or it's actually properly encrypted. Ideally I'd like to just encrypt it locally with like gpg and then send the data block over email, but good luck teaching end users how to reliably use gpg.
|
# ? Aug 31, 2021 17:20 |
|
MustardFacial posted:This actually brings up a good question. I really like a shared secrets system with access control & audit logs. Put the confidential information into the system, grant access to the people who should be able to see it. You could rig this up with any cloud provider's secrets storage, or use a password management tool like 1Password or Lastpass. I know that Lastpass hasn't had the cleanest security track record. I've had previous employers use some absolutely awful commercial offerings for this, and it was still better than emailing secrets around.
|
# ? Aug 31, 2021 17:44 |
|
Twerk from Home posted:I really like a shared secrets system with access control & audit logs. Put the confidential information into the system, grant access to the people who should be able to see it. That works for internal users (assuming your company isn't too cheap to pay the license for only IT), I'm talking about sharing like a temporary password with someone external.
|
# ? Aug 31, 2021 17:50 |
|
MustardFacial posted:That works for internal users (assuming your company isn't too cheap to pay the license for only IT), I'm talking about sharing like a temporary password with someone external. Oh. I've used GPG for that, but I'm also usually dealing with technical people. Password protected zip as a better-than-nothing option maybe? Send the zip through one channel and the password through another?
|
# ? Aug 31, 2021 17:52 |
|
CSV file shared with that specific user in SharePoint, if it's only a temporary credential then the job of storing them securely moves to the other company after not very long.
|
# ? Aug 31, 2021 18:32 |
|
I usually make it an easy password to read, like diceware words and call them. Other times I'll use onetimesecret.com.
|
# ? Aug 31, 2021 19:12 |
|
I put everything on a public FTP with no passwords. Good to go.
|
# ? Aug 31, 2021 19:56 |
|
I was unable to successfully convince my org to use a password manager, speaking of. I guess I'm just going to throw everything into Keep rear end and share the master password with my supervisor and call it a day.
|
# ? Aug 31, 2021 20:26 |
|
Rick posted:I was unable to successfully convince my org to use a password manager, speaking of. I guess I'm just going to throw everything into Keep rear end and share the master password with my supervisor and call it a day. Yup. And just answer every "what is the password for XYZ" with "it's in the password manager." I'd say see if you can get a 1 or 2 person subscription for 1Pass and use that, because inevitably you are going to end up getting more people onboard over time.
|
# ? Aug 31, 2021 21:10 |
|
GreenNight posted:I put everything on a public FTP with no passwords. Good to go.
|
# ? Sep 1, 2021 02:11 |
|
|
# ? May 18, 2024 03:10 |
|
MustardFacial posted:That works for internal users (assuming your company isn't too cheap to pay the license for only IT), I'm talking about sharing like a temporary password with someone external. Not everything has a "forgot your password?" feature implemented, but if it does, use it. It's nice to be able to tell people "Okay, your account is set up with username [whatever] and the email address that you gave me, so go to the login page, then forgot password, enter your username, and you'll get a password reset link in your inbox that's good for the next ten minutes."
|
# ? Sep 1, 2021 02:42 |