|
Dandywalken posted:Thats awesome news! Glad your luck turned around tell me then when i actually get the offer.
|
#
?
Feb 4, 2022 21:55
|
|
|
|
| # ? May 28, 2024 23:09 |
|
|
I got involved in a 1.5 hour conversation today at why we are so granular with ticket routing where I work. I checked and we have 461 different ticket codes which are grouped into about 30 different subcategories. I basically spend more time trying to find the correct ticket category and routing than it does to actually input the ticket information. I swear, I feel like ITIL/ITSM systems are designed to break down IT jobs in to discreet tasks and just optimize based on tasks instead of helping people do their jobs. Is it really helping our business to show that we have 1000 requests for printer installations a month? I'm just burnt out on treating everything like a metric we have to optimize instead of actually focusing on customer satisfaction. To me, I'd rather focus on customers being happy with their IT support interactions than knowing we serviced discreet requests of a certain type every month.
|
|
#
?
Feb 4, 2022 22:00
|
|
|
In our case the service desk manager uses the trends/percentages/etc to see if there are opportunities for heading issues off at the pass. For example, a certain model in our laptop fleet is having battery swelling issues AND is coming up on end of warranty, so they are aggressively communicating to people who have that model to submit issues before the warranty runs out. And yeah I hate itil/agile/etc with a passion too, I put up with it because I have to.
|
|
#
?
Feb 4, 2022 22:28
|
|
|
KillHour posted:The $500 is for the stressful day you get when you're not brunching and you don't get paid extra for. I'm having one of those days. Yeah, this was me, twice, last week so I don’t feel at all bad about this week. Counterpoint to my wife who is doing some crazy poo poo in the not-for-profit education-startup space and it is grinding her to dust. She is one of those people who genuinely cares about under served children and every day not pushing for improvement is another day squandered and another day that kids are getting hosed over for not being lucky to be born into a good situation. She comes home after sixty-eighty hour weeks just wrecked and my role is to take care of all the poo poo at home and put her back together every Sunday night so she can get back to making the world a better place. She cares so much and I love her for it but knowing her for 35 years I still dont understand it. Edit: in regards to tickets and categories, if you have access to category creation you might wanna try putting in a category called “can’t be bothered to select the right category. “ That would be an interesting metric for managers to see. Agrikk fucked around with this message at 00:26 on Feb 5, 2022 |
|
#
?
Feb 4, 2022 23:59
|
|
|
Vargatron posted:I got involved in a 1.5 hour conversation today at why we are so granular with ticket routing where I work. I checked and we have 461 different ticket codes which are grouped into about 30 different subcategories. I basically spend more time trying to find the correct ticket category and routing than it does to actually input the ticket information. We just finished redoing our ticket categories, and this was a conversation I kept having with other teams who we needed categories from. People seem to assume that there should be a category for every task that they do, regardless of whether it brings value or not. We just don't need "SQL Server - Update", "SQL Server - Maintenance", and "SQL Server - Reboot" to cover the ten times a month you're going to make a change request. We do have a category for printer installs (home) and one for printer installs (office), but that's something we want to be able to report against because we're arguing for better in-office printer installation options. Knowing that we burned 50 tickets worth of time a month helping someone double click on a printer in a print server and waiting to enter admin creds is helpful in that case. It's also customer-oriented, because it's a bad experience for them also, and if we build a case for a better system then everybody wins. ITSM tools really trigger the "NUMBERS GO UP" urge in people, though, and they just go wild on stuff.
|
|
#
?
Feb 5, 2022 00:53
|
|
|
Basically had to tell the new girl she was in no way taking a 5:00 call with a support vendor on a Friday GO HOME
|
|
#
?
Feb 5, 2022 01:28
|
|
|
My rule has always been the less an admin appears to be doing anything, the better at their job they are. I've distilled all the busywork of my job to a couple dozen automated processes, so I can sit around and chill or do side projects until a ticket comes in.
|
|
#
?
Feb 5, 2022 03:24
|
|
|
From a leadership standpoint, I try to quantify everything and have good discrete categories so that I can take actual numbers and hard data to the accountants for why we need to pay people more and why we need more headcount. I tell my team as much - I understand that it takes a lot of time and feels like busy work - but it's the information I need to talk to the people in charge of the money in a language they understand.
|
|
#
?
Feb 5, 2022 05:33
|
|
|
Ugh, I have this problem that keeps coming up in my IT Career despite working with AD, ADFS, Azure AD, SharePoint, SANs, Networking Devices and even printers. I need to learn how to administrate Exchange Online... How annoying is this going to be? How long will it take to go from zero to hero?
|
|
#
?
Feb 6, 2022 04:05
|
|
|
It’s not hard. I can do like 95% of it and I don’t know poo poo about anything. Everything you need to know you can Google.
|
|
#
?
Feb 6, 2022 04:13
|
|
|
Exchange Online just works. Easy peasy.
|
|
#
?
Feb 6, 2022 04:19
|
|
|
Crosby B. Alfred posted:Ugh, I do this as one of my three jobs for a very large company. Going from zero to hero is actually really simple. Doing everything in powershell is just what you do. Going the route of the gui is just going to be confusing, its going to take a long time, and its going to build bad habits. https://admin.exchange.microsoft.com/ --> top right hand corner--> open up cloud shell. You can also directly connect to exchange online through powershell, but i figured I would start the easiest way first. The next thing is just make a repo of every day scripts. What you do in a normal day can vary. Having individual saved scripts for all your tasks mean that anything you do is just going to take a minute. So just make a script for each of these. Remember that microsoft is very good about making example scripts in their wikis for anything you want to do. Thats really it.
|
|
#
?
Feb 6, 2022 04:24
|
|
|
Lol yeah I'm in the middle of an on prem to EXO migration and my god I can't wait to stop administering exchange 2016. I'll never have to worry about my exchange server ever again.
|
|
#
?
Feb 6, 2022 04:34
|
|
|
I've been administering EO for years, so everyone can do it. I've been saving scripts for all the annoying stuff. I can pop into PS and right back out and I'm done. M365's web-based interface has been broken into a bunch of pieces and they keep rearranging those goddamn pieces. If you can handle your work through PS all the better.
|
|
#
?
Feb 6, 2022 04:54
|
|
|
Nothing like having to make a new room and the settings are in 3 different GUI's. Saving that poo poo in Powershell is the way to go. I do still admin an on prem Exchange server though. I think if you have AD that is still required by MS.
|
|
#
?
Feb 6, 2022 04:56
|
|
|
GreenNight posted:Nothing like having to make a new room and the settings are in 3 different GUI's. Saving that poo poo in Powershell is the way to go. You can have a fully online exchange with local ad if it’s a greenfield deployment. (never had exchange before) Otherwise you’re looking at hybrid exchange purgatory. That being said, it’s entirely possible to decommission your last on prem exchange server and fill the gap with powershell
|
|
#
?
Feb 6, 2022 05:13
|
|
|
Yeah we’re hybrid. It seems to work fine except having to patch a god drat exchange server. At least it has no OWA and isn’t public facing.
|
|
#
?
Feb 6, 2022 05:16
|
|
|
GreenNight posted:Nothing like having to make a new room and the settings are in 3 different GUI's. Saving that poo poo in Powershell is the way to go. Wait what? No, having active directory doesn't mandate that you have on prem exchange, dirsync came out in like 2003. Hybrid is rear end, and the only good use case I've seen for having on prem exchange in the last ten years has been weird regulatory poo poo.
|
|
#
?
Feb 6, 2022 05:36
|
|
|
Silly Newbie posted:Wait what? No, having active directory doesn't mandate that you have on prem exchange, dirsync came out in like 2003. This isn’t aimed at you, but I so wish that when people justified poor technical decision making on compliance requirements they pointed out the exact compliance citation that they are alleging you need to comply with. Too often we assume that our compliance folks know what they’re doing - we barely know what we’re doing, why assume anyone else does? on multiple occasions now I’ve shot down stupid poo poo by actually reading the relevant PCI-DSS subsection!
|
|
#
?
Feb 6, 2022 05:54
|
|
Cat Army
|
Silly Newbie posted:Hybrid is rear end, and the only good use case I've seen for having on prem exchange in the last ten years has been weird regulatory poo poo. Hybrid is only for migrations IMO, then it should be shut off as soon as all mailboxes are in the cloud. At this point I prefer to use full classic hybrid for most of the migrations to 365 from on-prem that I do, and it sucks to setup due to the various states of our clients' directories. But being able to see free/busy information on shared calendars between mailboxes that have been moved to the cloud and those that have not is, apparently, a big loving deal for a lot of people and cutover migrations suck rear end for mid-sized orgs so you're forced to do staged migrations, which necessitates hybrid mode. Azure AD Connect of course sticks around after the migration if the client still has AD on-prem for the foreseeable future, and most of the time I spin up a new Exchange VM so that management of users is easier for our support team, because they require a GUI to do their jobs. Additionally, Microsoft considers an environment without an on-prem Exchange server that still uses Azure AD Connect to sync users and their attributes to Azure AD / Exchange Online to be unsupported, so keeping an Exchange server around in these scenarios is required, unfortunately.
|
|
#
?
Feb 6, 2022 06:09
|
|
|
One other use case for keeping an on-prem exchange server is using it for smtp relay for on-prem applications/devices that still need to email for alerting or whatever. Especially with the upcoming death of basic auth.
|
|
#
?
Feb 6, 2022 10:52
|
|
|
That's one thing we have, as a manufacturing company. A fuckload of SMTP devices that we send to our on prem exchange for emailing out. We have basic auth disabled in 365, but old rear end PLC poo poo doesn't support anything but basic auth.
|
|
#
?
Feb 6, 2022 16:07
|
|
|
devmd01 posted:One other use case for keeping an on-prem exchange server is using it for smtp relay for on-prem applications/devices that still need to email for alerting or whatever. Especially with the upcoming death of basic auth. I wonder how hard this suggestion will be shot down at my org considering how badly we have been screwed by our vendors when trying to use basic auth. Hmmmm
|
|
#
?
Feb 6, 2022 16:13
|
|
|
Coolnezzz posted:Additionally, Microsoft considers an environment without an on-prem Exchange server that still uses Azure AD Connect to sync users and their attributes to Azure AD / Exchange Online to be unsupported, so keeping an Exchange server around in these scenarios is required, unfortunately. Really? I had no idea. Good to know it's unsupported but super weird because it works just fine in our env without. For on premise smtp we just have a Linux server that's authorized to send from our domain. I'd hate to keep an EX server around just for that
|
|
#
?
Feb 6, 2022 16:25
|
|
|
CloFan posted:Really? I had no idea. Good to know it's unsupported but super weird because it works just fine in our env without. When Exchange is initially installed it prepares AD by creating all Exchange related attributes, when it's uninstalled it does not remove those attributes from AD. They can still be manipulated via ADSIEdit, the Attribute tab in ADUC, via powershell, etc. If an org wants to sync their on-prem AD to AAD and have never had an Exchange server, they can run the Exchange installer with the /PrepareAD flag which will add the Exchange related attributes to AD but not install Exchange itself. devmd01 posted:One other use case for keeping an on-prem exchange server is using it for smtp relay for on-prem applications/devices that still need to email for alerting or whatever. Especially with the upcoming death of basic auth. Indeed, the SMTP engine is already there in Exchange so it works out well. Installing the IIS role and SMTP feature on any other Windows server would also work but if you already have that feature available in Exchange may as well use it! Edit: yeah I can't wait for basic auth to go away, we recently had a client get exploited through SMTP basic auth and ended up wiring a ton of money to some bank in China. Until then MS does allow individual mailbox exemptions for SMTP auth to ease the transition, so with that exception + conditional access policies we can keep using older scanners (fairly securely) that can't use modern auth until they finally do away with it completely. Shartweek fucked around with this message at 17:44 on Feb 6, 2022 |
|
#
?
Feb 6, 2022 16:52
|
|
|
Coolnezzz posted:When Exchange is initially installed it prepares AD by creating all Exchange related attributes, when it's uninstalled it does not remove those attributes from AD. They can still be manipulated via ADSIEdit, the Attribute tab in ADUC, via powershell, etc. If an org wants to sync their on-prem AD to AAD and have never had an Exchange server, they can run the Exchange installer with the /PrepareAD flag which will add the Exchange related attributes to AD but not install Exchange itself. For what it's worth, about 50% of our clients (the ones that still have AD) are now on greenfield AD with no Exchange schema, and the only attribute I've found is a regular problem is HideFromGAL (or whatever the actual attribute name is), to mark a mailbox hidden, because obviously that attribute doesn't exist and with dirsync on you can't of course change it on the 365 end. You can get around that by setting up a custom attribute mapping - there are 15 custom attributes available and you simply set up a rule to use one of them as a boolean for whether to hide a mailbox from the GAL. Don't get wrong, this is not how Microsoft says Things Should Be Done, but if you have a nice clean AD and you don't want to poo poo up its attribute list with all the Exchange attributes for no reason (gently caress all that msDS stuff), it works fine. And I should say this isn't a big deal for us because we're not doing that often - if you're regularly hiding mailboxes it might be worth just installing the schema to get the actual attribute.
|
|
#
?
Feb 6, 2022 18:16
|
|
|
The place I work now used to have on-prem Exchange, and then their old MSP got infected with a cryptolocker that spread to them. The MSP convinced them to to switch to Exchange Online immediately, which they did. After that they had no on-prem Exchange at all, and no sync from on-site AD to Azure. That's what I inherited. The current MSP is almost ready to get the sync in place, but we still won't have on-prem Exchange so I guess that means we'll have an unsupported implementation. But it has to be better than what we have now, and they said that it's the first step to migrating completely to Azure AD.
|
|
#
?
Feb 6, 2022 18:27
|
|
|
Dick Trauma posted:The place I work now used to have on-prem Exchange, and then their old MSP got infected with a cryptolocker that spread to them. The MSP convinced them to to switch to Exchange Online immediately, which they did. After that they had no on-prem Exchange at all, and no sync from on-site AD to Azure. That's what I inherited. If the mailboxes are already there and working, you could go full chaos route and not set ad sync, moving every system to native aad. It’s technically less unsupported but it will be challenging if you have lot of legacy resources.
|
|
#
?
Feb 6, 2022 21:21
|
|
|
Looks like I'm about to be moved into a Project/Program Manager role. Nice change from over a decade of being in Support/Consult/SME type roles.
|
|
#
?
Feb 6, 2022 22:32
|
|
|
Edit: beaten into the ground with exchange chat.
ptier fucked around with this message at 03:48 on Feb 7, 2022 |
|
#
?
Feb 7, 2022 03:45
|
|
|
The Iron Rose posted:This isn’t aimed at you, but I so wish that when people justified poor technical decision making on compliance requirements they pointed out the exact compliance citation that they are alleging you need to comply with. You're entirely right. The one guy I know with the good use case works in Energy, and has some strict requirements about where the data can go. My company reached out to me to rubber stamp a bid they were trying to put in that referenced some government protected data requirements (which we don't normally do). I went and actually read the DSS documentation, which included that we were basically saying that we had been reviewed and audited by a sponsored body and were in compliance. I let them know that we were in no way compliant and would be opening ourselves to a massive shitstorm if we even thought about contracts like or adjacent to this. I never heard back. devmd01 posted:One other use case for keeping an on-prem exchange server is using it for smtp relay for on-prem applications/devices that still need to email for alerting or whatever. Especially with the upcoming death of basic auth. Do you all not just use your unauthenticated O365 smtp address and whitelist the local IP?
|
|
#
?
Feb 7, 2022 06:35
|
|
|
devmd01 posted:And yeah I hate itil/agile/etc with a passion too, I put up with it because I have to. Weirdly enough, i've been referencing the ITIL Continual Improvement principles a lot recently, and having people go "Ohhh yeah, that makes a lot of sense and we should consider something like that". Like, projects will go straight into "let's do a bunch of poo poo" without considering stuff like "What is the vision", "where are now", "where do we want to be" et c. For all the flak that they get, there's some real good stuff there that can be applied with a soft touch and get some loving results, esp if there's total anarchy in project management.
|
|
#
?
Feb 7, 2022 06:58
|
|
|
Silly Newbie posted:Do you all not just use your unauthenticated O365 smtp address and whitelist the local IP? We created a connector for each site and added every site gw ip to the spf rules, direct send tends to self block rather easily.
|
|
#
?
Feb 7, 2022 08:51
|
|
|
Silly Newbie posted:Do you all not just use your unauthenticated O365 smtp address and whitelist the local IP? More of a “path of least resistance/ease of maintenance” choice that hasn’t been revisited. When I came onboard five years ago they were just finishing up their migration to 365 but still had a ton of legacy applications on-prem, including home-grown. I wasn’t about to tackle updating smtp configs in everything, no thanks. On-prem sends only to proofpoint which handles it from there. This gives us the benefit of knowing that it is using starttls/587 all the way through to EXO and doesn’t expose our building’s public IP ranges so easily with an spf lookup. luminalflux posted:For all the flak that they get, there's some real good stuff there that can be applied with a soft touch and get some loving results, esp if there's total anarchy in project management. Oh I don’t disagree, I can’t argue with the itil/agile results at my company. We (IT) have an extremely good relationship with the business because they know we can deliver what they need. I just despise all the bullshit paperwork. I’m in infra, gently caress your sprint because our team’s work is mostly outside of them. Part of my issues with it stem from my personality, really, so I am at least self aware enough to shut up and play ball. devmd01 fucked around with this message at 11:41 on Feb 7, 2022 |
|
#
?
Feb 7, 2022 11:38
|
|
|
The problem with itil isn't itil, it has some great concepts to help you do your job better. The problem is higher management only uses it as a way to collect metrics about who's doing what and it basically exchanges talking about progress for looking at a graph. They don't care if there's a backstory or justification for a tend, they just mad that the graph that goes into the weekly status has a dip in the wrong spot.
|
|
#
?
Feb 7, 2022 12:08
|
|
|
I know this is from a billion pages back, but I wanted to bring one more dimension in to the discussion of local admin, computers and layers of security. My current place is a state university. We are treated like an executive agency and have to abide by all the oversight therein. For example. The state has adopted a modified NIST standard to be their information security standard. We can choose to use our own, but it is one of those "same or better than" kind of deals. So, we have to apply the standard. In the standard, we have to remove admin access unless the correct incantations and forms are used, among MANY other things that try to bring us into "mostly good" land. It sucks, because in a lot of ways we (IT) are between a rock and a hard place. Everyone wants everything, and politically they can push, but on the other we have our standard we must follow and will fail audits and risk BAD THINGS if we don't do it right. We get blamed for being jerks about X, but in reality we have the standard we have to enforce.
|
|
#
?
Feb 7, 2022 18:24
|
|
|
This morning has been a cavalcade of stupid and weird problems and I want a do-over.
|
|
#
?
Feb 7, 2022 19:55
|
|
|
I got asked to push down a shortcut to every desktop in the organization via GPO.
|
|
#
?
Feb 7, 2022 19:55
|
|
|
ptier posted:I know this is from a billion pages back, but I wanted to bring one more dimension in to the discussion of local admin, computers and layers of security. My current place is a state university. We are treated like an executive agency and have to abide by all the oversight therein. For example. The state has adopted a modified NIST standard to be their information security standard. We can choose to use our own, but it is one of those "same or better than" kind of deals. So, we have to apply the standard. In the standard, we have to remove admin access unless the correct incantations and forms are used, among MANY other things that try to bring us into "mostly good" land. It sucks, because in a lot of ways we (IT) are between a rock and a hard place. Everyone wants everything, and politically they can push, but on the other we have our standard we must follow and will fail audits and risk BAD THINGS if we don't do it right. We get blamed for being jerks about X, but in reality we have the standard we have to enforce. Ah yes, "we have a policy, but the department chair got upset and called the CIO so now we have to put local admin on all lab machines". I live in that reality.
|
|
#
?
Feb 7, 2022 19:56
|
|
|
|
| # ? May 28, 2024 23:09 |
|
|
GreenNight posted:I got asked to push down a shortcut to every desktop in the organization via GPO. HEY WE GOT THIS NEW SHAREPOINT SITE
|
|
#
?
Feb 7, 2022 20:04
|
|