|
Considering we're in the middle of a pandemic, that's not as unlikely as you might think.
|
#
?
Nov 6, 2021 22:51
|
|
|
|
| # ? May 31, 2024 14:25 |
|
|
If I have a bitlocker encrypted disk and I take an image with dd and write that image back to another disk later. Will I be able to decrypt it normally? I'm pretty sure the answer is yes because I'm not storing anything in a TPM.
|
|
#
?
Nov 7, 2021 00:14
|
|
|
Tbh I’ve never tried, historically I’ve always unlocked the disk before cloning, then re-enabled bitlocker on the new disk after I was done
|
|
#
?
Nov 7, 2021 00:29
|
|
|
The Fool posted:Tbh I’ve never tried, historically I’ve always unlocked the disk before cloning, then re-enabled bitlocker on the new disk after I was done Honestly, if it uses the TPM for storing the keys, it should work if you clone the drive while encrypted. But as The Fools says, I have always decrypted before cloning as well. Edit: Methanar posted:If I have a bitlocker encrypted disk and I take an image with dd and write that image back to another disk later. Will I be able to decrypt it normally? I'm pretty sure the answer is yes because I'm not storing anything in a TPM. I imagine you'll be fine then.
|
|
#
?
Nov 7, 2021 01:05
|
|
|
Ugh quote is not edit.
|
|
#
?
Nov 7, 2021 01:06
|
|
|
tl;dr: Rambling bitching about Tier1/2 teams that aren't putting in the effort and having poor internal leadership. Also an idea on how to help, and wondering if I'm being too much of an rear end in a top hat. A couple months back, our "process and quality improvement team" found out that the Tier3 teams, ours included, had not attended a mandatory "ticket handling" training that the Tier1/2 teams had done the previous year. So they forced us all to sit through a 1 hour, pre-recorded, narrated powerpoint presentation about our SLAs, proper use on the On Hold reasons, etc. Which is all fine and good and when we went to ServiceNow I was a deskside team lead and helped build out our processes and did SLA reviews for like 1/3 of the Tier2 technicians and blah blah blah. Nothing new under the sun and based on the number of SLA reviews our boss has to do, we're all doing things right anyways. But training boxes must be ticked. Low and behold, there is an escalation matrix in there. Tier1/2 are not permitted to escalate tickets directly to Tier3 without working with their Team Lead on a resolution first. Which was how it worked when I was still a Tier2 Team Lead, but I thought that was just my then-boss being a hardass. I was told that the other deskside team lead and I under my former boss were "Tier 2.5." Looking back, I was pretty sure she was grooming the two of us for promotion (which did end up happening, I'm the EIAM/AD/GPO team lead and he's now in our former bosses position over all the non-HQ Tier2 teams). Being EIAM, we get a shitton of improperly escalated tickets from Tier1/2 for things like "please confirm this user is licensed for Acrobat Pro" (we use named user licensing and it's an AD group membership) or "User is requesting their job title be updated in their AD account" (user-facing AD attributes sync from either HR or the internal billing system and the user has to contact their direct manger to have it updated) or "User wants to install this Chrome extension" (We have an extension whitelist configured, additions require approvals that would make a Vogon blush in shame and the request process is in KBwhatever) and similar stuff that's basically "take 30 extra seconds and learn how to use ADUC or read a knowledge article or just search ServiceNow for a similar ticket for gods sake". Previously, we would check it for them, then return the ticket with the requested information and proper notes/instructions/KB article number on how to do it themselves next time. But we have our own tickets to work and projects to do, and having a tech or call center agent send me a Teams message to join their Bomgar session while I'm in a two full screens RDP session and teams call with a vendor trying to track down what the vendor assumed was a group policy issue with an RPA bot using a service account on a persistent Citrix VM that can successfully send email through Outlook Object Model access (WHY THE gently caress AREN'T YOU USING SMTP?) 30-60 seconds after login, but can't at any point after that, and then their lead making butthurt complaints about how we're "not responsive" to inquiries, is getting really goddamn old. (Spoiler: the Citrix VM AAD hybrid join was broken because our Citrix team accidentally hybrid joined their gold VM, so clones of that VM never ran the Automatic Workplace Join task, and Azure was soft locking the account for multiple failed authentication attempts from an unregistered device about 75 seconds after login. dsregcmd /leave /join to the rescue). Now, with the approval of our boss, his boss, AND our PMO, we are assigning those tickets directly to the escalating technician's team lead with instructions for followup and education. Which leads to this past Thursday. One of my guys was onsite in HQ for something, and got to talking with the deskside teams and their team lead there. He hit me up on Teams afterwards and told me he was getting mad on my behalf, and told them to go to his team lead (me) or their management if they had any complaints. The phrase "we're Tier2, not Tier2/Engineering" was thrown around, as well as the team lead there straight up saying that he doesn't read the emails that our team sends out since he "gets too much email." The emails that are sent to the Teams Leads distro and prefaced with "please distribute to your teams" that have documentation updates and troubleshooting/resolution steps for all sorts of stuff that has been escalated to Tier3 to figure out. Which explains almost 100% of the issues we have with the onsite teams there. Their management is aware, but they're so short staffed that cutting dead weight at either the tech or supervision level is pretty much impossible. There's only so many ways to tell someone, essentially, "The permissions to do X are delegated to all Tier1/2 technicians. We have done the requested thing. Here are instructions on how to do this yourself next time. Please reach out to your Team Lead if you have any questions." It's a great time to be in contract recompete, let me tell you. Thankfully if another company gets the contract award, close to 100% of the non-management staff gets carried over to the new company. Been through this twice before, not worried, but drat it makes that task order on the contract look like poo poo. So, bitching aside, I'm approaching my boss, in concert with one of the other EIAM engineers, to setup a "no questions are too stupid" style Q/A and training session for the Tier1/2 teams regarding AD/GPO and general identity management stuff. If it's well received, maybe doing it monthly or quarterly or something. We have a lot of new stuff in the pipeline that they need to be aware of, they don't understand how to use ADUC beyond password resets, and the communication between them and their supervisors/management is very obviously not cutting it. We're in the middle of migrating 7,000 devices from IBM to Intune for MDM, and about to turn on PHS to replace the ADFS infrastructure for all 30,000 users, and that's just in the next couple months.
|
|
#
?
Nov 7, 2021 17:16
|
|
|
SlowBloke posted:Isn’t that flat out sabotage? Legal is not going to like it. Putting everything on SAML/OIDC auth backed by your IdP is great, but not everything supports it. There’s also SaaS vendors that jack the price by a lot if you want to enable it - check out http://sso.tax/ for an idea. We’ve tried to put everything behind Okta - Security made Okta support very prominent in their vendor selection / onboarding checklist- but still have a bunch of passwords for stuff that doesn’t allow it
|
|
#
?
Nov 7, 2021 17:25
|
|
|
CommanderApaul posted:So, bitching aside, I'm approaching my boss, in concert with one of the other EIAM engineers, to setup a "no questions are too stupid" style Q/A and training session for the Tier1/2 teams regarding AD/GPO and general identity management stuff. If it's well received, maybe doing it monthly or quarterly or something. We have a lot of new stuff in the pipeline that they need to be aware of, they don't understand how to use ADUC beyond password resets, and the communication between them and their supervisors/management is very obviously not cutting it. We're in the middle of migrating 7,000 devices from IBM to Intune for MDM, and about to turn on PHS to replace the ADFS infrastructure for all 30,000 users, and that's just in the next couple months. This is great! It might help to identify some people to function as plants and ask some dumb questions in the beginning. Or have a mechanism for anonymous submission of questions ahead of time. BUT. If these teams, trained by their lead, have adopted a mindset of "if I don't know how to do it, throw it over the fence, learning isn't important to me/my job" then you've got an even steeper uphill battle.
|
|
#
?
Nov 7, 2021 17:36
|
|
|
Happiness Commando posted:This is great! It might help to identify some people to function as plants and ask some dumb questions in the beginning. Or have a mechanism for anonymous submission of questions ahead of time. BUT. If these teams, trained by their lead, have adopted a mindset of "if I don't know how to do it, throw it over the fence, learning isn't important to me/my job" then you've got an even steeper uphill battle. That last bit is one of my major concerns, especially with one specific team. But I'm hoping that it's more "we're too busy to devote extra brainpower to this" than actually apathy towards learning.
|
|
#
?
Nov 7, 2021 17:47
|
|
|
It's almost certainly that they don't feel they need to make a change because you'll do everything for them. This is bad for a number of reasons, but as you mentioned, being constantly interrupted and forced to task-switch is a huge problem for your own efficacy. Many of the things you're working on require focus, which is threatened big-time by interruptions, and other people's time, which is finite. My initial thought is to funnel everything through the team lead and only respond to requests from them. "We did this, this is how you do it for next time" is clearly not getting them to actually do it. The problem is that the team lead apparently also doesn't know how to do those things and doesn't read the emails you send them telling them how. That's a management issue, and if management can't or won't address it there's not a ton you can do. Still, a step in the right direction would be to only take those escalations directly from the lead, and make them come in via ticket unless they're deemed urgent. You would need to define what constitutes "urgent." If you think the lead is the problem, and the individual techs would do this stuff themselves if the lead had passed on your instructions, then yeah, your training session idea might work. Even if they don't have questions, holding quarterly (or whatever) inservices for them where you cover this stuff -- that they're required to attend -- would allow you to communicate that information directly to them and bypass the lead.
|
|
#
?
Nov 7, 2021 20:13
|
|
|
That's a really good point. If policy is that quote:Tier1/2 are not permitted to escalate tickets directly to Tier3 without working with their Team Lead on a resolution first Do you have buy-in from your and their managers? Or metrics on how much time you waste to get said buy-in?
|
|
#
?
Nov 7, 2021 20:35
|
|
|
CommanderApaul posted:That last bit is one of my major concerns, especially with one specific team. But I'm hoping that it's more "we're too busy to devote extra brainpower to this" than actually apathy towards learning. In my experience t1/2 helpdesk ppl get like that when they feel poo poo on too often which could be a team culture or management problem. Try and get helpdesk to want to do good work for you. Think about times you felt motivated to do the best job you could and find ways to provide that experience for the folks who dont seem motivated.
|
|
#
?
Nov 7, 2021 20:42
|
|
|
Like i'll ask a helpdesk member about weird tickets as they come up and say poo poo like ahh good thinking when they solve something they weren't explicitly trained to solve. People appreciate a little recognition
|
|
#
?
Nov 7, 2021 20:46
|
|
|
luminalflux posted:Putting everything on SAML/OIDC auth backed by your IdP is great, but not everything supports it. There’s also SaaS vendors that jack the price by a lot if you want to enable it - check out http://sso.tax/ for an idea. Who the hell doesn't support SAML or OIDC these days?
|
|
#
?
Nov 7, 2021 21:55
|
|
|
Every piece of poo poo app that HR want to use
|
|
#
?
Nov 7, 2021 22:07
|
|
|
Crosby B. Alfred posted:Who the hell doesn't support SAML or OIDC these days? A LOT of things, usually some industry-specific SaaS software or just smaller startups that haven't gotten word of our lord SAML yet. And as luminalflux said SSO tax is an extremely real and extremely lovely thing. Asana doubles in price if you want SAML. It's incredibly hosed up that one of the best things in the IT world, one of the very few things that is simultaneously a win for security/ease of management AND users, is gatekept behind Enterprise plans because rear end in a top hat companies think it's somehow still 2005 and only large corporations would want or need SSO. gently caress all of them and I hope the various O365 alternatives to Asana for instance get better and better and ultimately become a real replacement for it. Special shoutout to Adobe for not only hiding SSO behind enterprise, but also for their "team" product being a gigantic pile of poo poo where the administrator can't even reset user passwords.
|
|
#
?
Nov 7, 2021 22:07
|
|
|
Crosby B. Alfred posted:Who the hell doesn't support SAML or OIDC these days? Tons of poo poo doesn't.
|
|
#
?
Nov 7, 2021 22:15
|
|
|
Thanks Ants posted:Every piece of poo poo app that HR want to use At least one of the main players in Italy(zucchetti infinity) has saml support, it’s one of my main project to set it up on our tenant for next year.
|
|
#
?
Nov 7, 2021 22:24
|
|
|
Products should charge more to handle authentication locally. Start as SAML only and add $20/seat if you want them to manage users. But underneath it's just okta.
|
|
#
?
Nov 7, 2021 22:40
|
|
|
SyNack Sassimov posted:A LOT of things, usually some industry-specific SaaS software or just smaller startups that haven't gotten word of our lord SAML yet. And as luminalflux said SSO tax is an extremely real and extremely lovely thing. Asana doubles in price if you want SAML. Yea, I've seen the SSO Tax and I think it's a freaking huge ripoff but still at the end of the day completely worth it just from an employee productivity standpoint but why the in the hell would any developer not use OIDC in 2020 is 
|
|
#
?
Nov 7, 2021 22:41
|
|
|
Didn't answer work phone yesterday. Wasn't home, didn't have my phone on me. Looked at my work phone in the morning, saw I had a text from my boss and a missed call. Texted him asking if they still needed help. On Friday they let a Plant manager go, and at about 430 the IT person from that plant called me and we shut his accounts off, disabled his phone etc. I guess the CEO wanted access to his drives and email ASAP on Saturday. Boss texted me back an hour later saying they took care of it (he and the IT guy at that plant), wonder if it will get brought up on Monday
|
|
#
?
Nov 7, 2021 23:38
|
|
|
Bob Morales posted:wonder if it will get brought up on Monday Of course it will 
|
|
#
?
Nov 7, 2021 23:40
|
|
|
I spent most of this weekend cleaning up the password manager mess and working on the cyberinsurance renewal. The legal team is freaking out about it, but still neglected to tell me until Thursday that the application deadline is this Wednesday. I've been through this process many times and although it's alot of work if you're missing foundational items it's all do-able. We can say "yes" to all the questions as long as we're actively doing the work to support those answers. Policies, systems... whatever. We'll have it all in place, sooner if they would approve the quotes for the work! The insurance broker said that this might be the last year cyberinsurance is even available due to the pounding the industry has taken from so many breaches. If we can get it, good. If not, it will be because the option is not available to us, not because we didn't have everything in place.
|
|
#
?
Nov 7, 2021 23:49
|
|
|
Crosby B. Alfred posted:Yea, I've seen the SSO Tax and I think it's a freaking huge ripoff but still at the end of the day completely worth it just from an employee productivity standpoint but why the in the hell would any developer not use OIDC in 2020 is It’s non trivial to implement or costs money if you go the Auth0 route, and it doesn’t immediately result in more ARPDAU or MAU or whatever your KPI is. So it’ll get deprioritized by PMs over other features they think will drive more revenue, until they get a big contract for it. Hell, Databricks didn’t have it for the longest time iirc and they had like a billion in funding
|
|
#
?
Nov 8, 2021 00:38
|
|
|
Hopefully SSO pops up on a government procurement framework thing as a must-have and forces the industry to adopt it quicker
|
|
#
?
Nov 8, 2021 00:43
|
|
|
CommanderApaul posted:Tier1/2 are not permitted to escalate tickets directly to Tier3 without working with their Team Lead on a resolution first. RIP this workflow when a team lead goes on vacation, is in training, or is out sick.
|
|
#
?
Nov 8, 2021 03:34
|
|
|
Every member of the team is next in line for team lead going from longest term to shortest. Problem solved.
|
|
#
?
Nov 8, 2021 03:42
|
|
|
Is there something inherently broken with Windows? Why in the hell can't listen to music using my headset and Microphone on that headset at the same time unless I put in the stupid USB Dongle adapter? Why are there multiple devices for one actual physical device?
|
|
#
?
Nov 8, 2021 04:42
|
|
|
It’s not windows specifically, Bluetooth is historically bad and hard E: assuming Bluetooth, but even if not it’s still much more likely that it’s vendor drivers vs windows itself
|
|
#
?
Nov 8, 2021 05:05
|
|
|
Inner Light posted:Yes I've done this for years, keyboard navigation of MS Office products is a big time saver. Late to this chat but I just uninstalled 20-30 vari dual stands (both the $250 and $150 versions) and it really hurt that I couldn't take them with me because I was flying, totally would have taken a couple home with me.
|
|
#
?
Nov 8, 2021 05:57
|
|
|
CommanderApaul posted:tl;dr: Rambling bitching about Tier1/2 teams that aren't putting in the effort and having poor internal leadership. Also an idea on how to help, and wondering if I'm being too much of an rear end in a top hat. We are supposed to have a process of: 1. Tier 1: Gets the call, gets user info like name, location, call back and basic ticket info, and if it something they can't fix. Escalate to a person called the Incident Manager. 2. Incident Manager: Looks at ticket, checks to see if processes were followed, if so, sends up. 3. Tier 2. Does intermediate troubleshooting, gets more detail and makes decision on ticket. Sends back to Incident Manager with note on which group to escalate too. 4. Incident Manager forwards ticket on to Tier 3 group. 5. Tier 3 hopefully fixes problem, then resumes staring in the void. What actually happens: 1. Tier 1. Gets call, get the name, but often doesn't get contact info or check location. If ticket seems to fit certain keywords, they will escalate the ticket to the group. Sometimes they will IM people to let them know what is up, and if they are around. Other times will just transfer the person over. If they don't get a simple match, they will send to Incident Manager. 2. Incident Manager now blindly forwards ticket based on a keyword. Gets very salty if a ticket is immediately sent back because of lack of info. 3. Tier 2. Their department has been turned into a catch all department and now have people who are given the responsibility of admins, but not the pay. Department is stretched very thin, so if any tickets land on them to look at, they instantly forward it up. 4. Tier 3. Instead of doing admin and engineer duties, many of us are doing tier 1 tasks. The problem is, any attempt by someone above tier 2 to fix that is instantly shot down, as the manager of the Tier 1/2 groups will not listen to anything anyone says to him.
|
|
#
?
Nov 8, 2021 06:20
|
|
|
CitizenKain posted:We are supposed to have a process of: I see you work for the company I do, only 5 years in the past. Don’t worry, they will outsource T1/T2 soon, and then you will have a contracting company that won’t do anything not in the contract, with employees who leave the moment they get the tiniest skill set, because the front line job is hopelessly overworked and underpaid. Everything will get dumped on T3, who will get ruthlessly culled for underperforming in a downward spiral without end.
|
|
#
?
Nov 8, 2021 07:54
|
|
|
So ever since print nightmare came out all the ricoh printers in our region have been down. They tried to do a few things to get them up and running but not a lot helped, apparently they came out with a tool to mass upgrade the firmware for the devices and it ended up frying hard drives so now they have techs coming in to replace the drives from the dead machines. They brought in two new models for us to use at our place, first ones to try them out in the region. The tech was so relieved when they worked after we put in the domain info and root certs. All of this because of encryption, just a little toggle that says 3DES or AES256, bricked hundreds if not thousands of our printers.
|
|
#
?
Nov 8, 2021 13:39
|
|
|
The lesson today is Don't Trust Anyone In a Merger https://twitter.com/GergelyOrosz/status/1457446667523866637
|
|
#
?
Nov 8, 2021 14:51
|
|
|
Dick Trauma posted:I spent most of this weekend cleaning up the password manager mess and working on the cyberinsurance renewal. The legal team is freaking out about it, but still neglected to tell me until Thursday that the application deadline is this Wednesday. I've been through this process many times and although it's alot of work if you're missing foundational items it's all do-able. We can say "yes" to all the questions as long as we're actively doing the work to support those answers. Policies, systems... whatever. We'll have it all in place, sooner if they would approve the quotes for the work! I was speaking with an auditor for my current jobs cyberinsurance company a few weeks back. They are REALLY focusing on audits now, like actual real follow up not just checking to see if people are checking a box according to him. Who knows how thorough they really are or if its just a front to deny businesses down the road. But yeah, they paid out a ton it seems this past year.
|
|
#
?
Nov 8, 2021 15:54
|
|
|
Bonzo posted:The lesson today is Don't Trust Anyone In a Merger https://twitter.com/GergelyOrosz/status/1457449428873269253?s=20 lol. lmao. gullible loving people everywhere
|
|
#
?
Nov 8, 2021 19:34
|
|
|
Proud Christian Mom posted:https://twitter.com/GergelyOrosz/status/1457449428873269253?s=20 Whoever that person was that called me out for greedy, this is why I give no fucks.
|
|
#
?
Nov 8, 2021 19:39
|
|
|
Sickening posted:Whoever that person was that called me out for greedy, this is why I give no fucks. I don't know who it was but they're morons. Companies. Don't. Care. About. You. This is not the loving 1950s, there is no loyalty, there is only greed. Sure, you might work for a company that's nice and treats you well at the moment, but the second someone comes along and offers the people in charge a boatload of cash, guess what, now you work for a company that doesn't give a poo poo about you. (Or you ....are forcibly made to stop working for said company). That's why this whole remote thing is so good because even if not everyone is doing it, it finally gives workers SOME ability to level the playing field, reclaim their time, and only give the company the WORK they're paying the employee to do, instead of the employee's time.
|
|
#
?
Nov 8, 2021 19:46
|
|
|
SyNack Sassimov posted:I don't know who it was but they're morons. Companies. Don't. Care. About. You. This is not the loving 1950s, there is no loyalty, there is only greed. Sure, you might work for a company that's nice and treats you well at the moment, but the second someone comes along and offers the people in charge a boatload of cash, guess what, now you work for a company that doesn't give a poo poo about you. (Or you ....are forcibly made to stop working for said company). This is a very black and white view, and does not apply to all people and all situations. But this thread is probably tired of hearing from me, and I'm tired of the hive mind nature of this thread. So yeah, sure, whatever.
|
|
#
?
Nov 8, 2021 19:49
|
|
|
|
| # ? May 31, 2024 14:25 |
|
|
I think its safe to say that unless something is in writing, it's not a real thing. We all say, "If its not in a ticket then its not an issue" and that applies here. If a boss, manager, owner says, "I'll never sell and we'll all be rich!" get it in writing or its not happening. Once shareholders are involved, they are going to benefit the most, not the employees. There are exceptions, sure.
|
|
#
?
Nov 8, 2021 19:59
|
|