|
Hi, it's me, (probably a loving moron) who runs a server infrastructure for a tiny company that's basically me, my boss, and a ragtag offshore team. Unfortunately, someone decided to chown -R $user:$user /etc on one of my dev servers. I can thankfully just restore a backup from 4 days ago to fix the permissions, but what's a good way to prevent people from running commands like that again? Aside from smacking them upside the head...
|
# ? Feb 23, 2021 21:57 |
|
|
# ? Jun 8, 2024 07:12 |
|
You know that black mirror style phishing attack that claims they have you watching porn or something and you gotta bitcoin them or they'll tell all your contacts? I just got a new variant on that. It's a dynamic email - the contents are a tagged post in a google doc (your email is used as the tag) with the same style messaging. It managed to get around Google's own spam filter. Just something to keep your users abreast on.
|
# ? Feb 23, 2021 22:05 |
|
BonoMan posted:You know that black mirror style phishing attack that claims they have you watching porn or something and you gotta bitcoin them or they'll tell all your contacts? I was hoping this was a suggestion to help the previous poster with people abusing sudo. I have pictures of you jacking off, but as long as you don't do something stupid with sudo I will not release them.
|
# ? Feb 23, 2021 22:27 |
|
Guy Axlerod posted:I was hoping this was a suggestion to help the previous poster with people abusing sudo. I have pictures of you jacking off, but as long as you don't do something stupid with sudo I will not release them. Well I mean it would probably do the trick for that too tbh
|
# ? Feb 23, 2021 22:28 |
|
I just took over a sister site, and every domain-joined PC that RDCs into another domain-joined workstation or the DC, it makes me enter creds twice. I've done some quick reading, and the clues I got about GPO and reg entries don't seem to pan out, and a workstation that is not domain-joined can be remoted into normally. SO it's domain-based, but where is my best bet to start looking? I've checked that GPEdit Comp-AdminTemplate-WindowsComponents\RDS\Host\Security and set "Always prompt for password upon connection" to Disabled. Please help me find where to disable this behavior.
|
# ? Mar 1, 2021 23:33 |
|
Is the domain healthy? Start by running dcdiag and see if anything is borked
|
# ? Mar 2, 2021 03:17 |
|
Protocol7 posted:Hi, it's me, (probably a loving moron) who runs a server infrastructure for a tiny company that's basically me, my boss, and a ragtag offshore team. Smacking them over the head is a good start though.
|
# ? Mar 2, 2021 11:02 |
|
User complains about Linux desktop PC freezing, becoming unresponsive. I checked the service tag. Said desktop turned nine years old this January...
|
# ? Mar 2, 2021 19:02 |
|
We get that, companies assume that because they bought a Mac in 2015 that means it should still be capable of working on big Photoshop documents in 2021. Buy new hardware guys, it's time.
|
# ? Mar 2, 2021 19:15 |
|
Thanks Ants posted:We get that, companies assume that because they bought a Mac in 2015 that means it should still be capable of working on big Photoshop documents in 2021. Buy new hardware guys, it's time. God I deal with this poo poo *every day*. And I'm a creative professional who does some IT so I try to get hardware updates whenever I can but goddamn it's hard. We just had a graphic designer start and it was just "what do we have laying around?" She's literally on a 2015 iMac. Looks gorgeous... runs slow as poo poo now though.
|
# ? Mar 2, 2021 19:20 |
|
Recruit, hire, train and retain an employee: yeah we’ll blow six figgies. Actually giving them a tool that makes them more productive: nah we can’t spend 2% of their salary on that. Meanwhile, the hardware guys get labs and spectrum analyzers worth millions.
|
# ? Mar 2, 2021 19:24 |
|
bolind posted:Recruit, hire, train and retain an employee: yeah we’ll blow six figgies. Yeah this is what infuriates me. Like... hiring an employee is an investment. Please give them the right tools to succeed! No idea why hardware purchases are like pulling teeth. We do have some growth though. Our new financial manager is building budgets and we'll actually have real funds we can pull from and spend as we see fit without authorizing every single one. Imagine that! Like a real business!
|
# ? Mar 2, 2021 19:27 |
|
2-3k every few years on hardware for an employee who churns out billable creative work is such a ridiculous ROI that you'd think putting the numbers in front of people would make them see the obvious value.
|
# ? Mar 2, 2021 19:33 |
|
I am having a similar fight right now. Hardware lifecycle policies are so important to have in place. And not poo poo like "oh well these were leased so we'll need to return them" or any other one-off thing. It gets replaced every 3, 4, or 5 years and that's that. No other discussion. People seem to struggle with that concept, even in IT.
|
# ? Mar 2, 2021 19:39 |
|
Laptops absolutely, but we have 10 yr old computers on a factory floor running Windows 10 and an SSD drive and they run fine since all they do is Excel and a 5250 client.
|
# ? Mar 2, 2021 19:47 |
|
I'm not going to say I think a 10 year old computer is fine, but you can handle different needs with different hardware lifecycles. Factory floor computers might have a different lifecycle than laptops which might have a different lifecycle than servers.
|
# ? Mar 2, 2021 19:55 |
|
You guys want some deals on refurbished PC's? 3jobsago.jpg
|
# ? Mar 2, 2021 20:29 |
|
Honey Im Homme posted:Is the domain healthy? Start by running dcdiag and see if anything is borked All passes except the below, which I'm not sure how to read, but I'm looking into UmRdpService: Starting test: SysVolCheck [SERVER1] An net use or LsaPolicy operation failed with error 1208, An extended error has occurred.. ......................... SERVER1 failed test SysVolCheck and Starting test: SystemLog An error event occurred. EventID: 0x00009007 Time Generated: 03/02/2021 17:47:36 Event String: A fatal error occurred while creating an SSL server credential. The internal error state is 10013. An error event occurred. EventID: 0xC0001B63 Time Generated: 03/02/2021 17:48:36 Event String: A timeout (60000 milliseconds) was reached while waiting for a transaction response from the UmRdpService service. ......................... SERVER1 failed test SystemLog
|
# ? Mar 3, 2021 02:56 |
|
Thanks Ants posted:2-3k every few years on hardware for an employee who churns out billable creative work is such a ridiculous ROI that you'd think putting the numbers in front of people would make them see the obvious value. I've gotten pushback on "the new Creative Director needs $5k worth of software right now". My followup was "Then someone who isn't me can go down to Michaels and buy them a box of crayons." I don't think I've ever had a PO approved faster.
|
# ? Mar 3, 2021 03:33 |
|
We're an all MacOS shop, about 40 employees. We're also a startup, and have been able to use mostly cloud native stuff using Okta and 2fa which has been great. Zero trust and all that crap, we're all remote and no central office. However we have partners that are asking us to allow-list IP ranges of our users, which was OK when we were 3-4 people, but now is a burden and clearly not scalable. Some stuff I was looking at: - Zscaler, which is $$$$ but doable - Pritunl - Tailscale - Twingate and a few others. Wanted to get the Gooncensus on how to approach this - we don't need Deep packet inspection or anything like that, but my goal is to be able to have users toggle a connection (or just have it always-on) without degrading performance of their day to day activity. I'd also like to be able to have something turnkey, or if I have to launch it into Azure or something that is OK too.
|
# ? Mar 3, 2021 14:56 |
|
God drat I hate IP whitelists.
|
# ? Mar 3, 2021 15:01 |
|
OpenVPN Cloud with one of the nodes deployed in Azure behind a NAT gateway and all traffic routing out of that
|
# ? Mar 3, 2021 15:44 |
|
Thanks Ants posted:OpenVPN Cloud with one of the nodes deployed in Azure behind a NAT gateway and all traffic routing out of that This is interesting. I see they support Okta/SAML as well, so this is a pretty neat solution.
|
# ? Mar 4, 2021 03:49 |
|
Bob Morales posted:You guys want some deals on refurbished PC's? Retail store IT here.. This is exactly what we do. No point in buying brand new machines just to run Chrome, RemoteApp and a bit of LibreOffice. We will buy brand new for a new location if we get them cheap enough, but otherwise is refurbs with SSDs. For our workloads, a 6 year old PC with a SSD performs identically to a brand new machine with SSD. Floor machines are generally replaced when they start having problems, not on any particular cycle.
|
# ? Mar 4, 2021 15:38 |
|
stevewm posted:Retail store IT here.. This is exactly what we do. This was before there were SSD's (at least in $500 PC's)....and not saving much money. I could see using them for the factory floor too, where they are just going to get dirty etc. They bought refurbished servers, too
|
# ? Mar 4, 2021 15:42 |
|
Prob asked this here before, what are you guys using for tickets? Looking at Hubspot at the moment. Its just me and I only have maybe ~50 users so I dont need anything too elaborate. I would love if I could set it up so I dont have to create the tickets and if an email was sent to a certain address (365) if it would generate the ticket off of that codo27 fucked around with this message at 18:00 on Mar 9, 2021 |
# ? Mar 9, 2021 17:51 |
|
Freshdesk is good and doesn't have an SSO tax
|
# ? Mar 9, 2021 18:05 |
|
Hello everyone! Just a quick note to help out the folks who browse by bookmarks. We've started a SH/SC feedback thread and would love it if you stopped by to say hi and let us know what you think. https://forums.somethingawful.com/showthread.php?threadid=3961558
|
# ? Mar 9, 2021 18:31 |
|
Not sure if this is the right spot but I'm trying to get a handle on helping my father's business out. His IT guy retired and he never invested any time or money into things. Right now it's a bunch of Dell client computers running Windows 10 Pro (6 of them) with one of them acting as a "server" with a storage spaces mirror on it. There's a Synology NAS that back ups the client PCs and it backs up to the cloud as well. The backup strategy is at least OK but I really dislike a client PC being a single point of failure for his entire business and want to make some other improvements for him. I haven't worked in IT for a long time and we were mostly a BSD shop so I have little experience on the Windows side of things. AD seems like overkill for his business but I can't seem to find anything else that would fit the bill. My first idea was just setting up a proper server for SSO, centralized profiles and then using his NAS to serve files instead, I have no idea why it was offloaded to a client PC in the first place. I was just going to use SMB for this which would work fine but that doesn't solve the SSO issue. The clients don't roam much but enough that it would be nice. Then there's also the issue of migrating the existing local profiles to the server. Any ideas or recommendations appreciated. The Gunslinger fucked around with this message at 18:52 on Mar 10, 2021 |
# ? Mar 10, 2021 17:46 |
|
Unless you've got a good reason why it won't work then how ever many licenses of MS365 Business Premium as there are users, with Azure AD logins on the PCs, user folders copied to their personal OneDrive space, and some Intune policies to keep some sort of consistency between the PCs in terms of naming, update rings, software installs etc. Files in SharePoint. This assumes the types of files are suitable for SharePoint, the internet connection is acceptable, etc.
|
# ? Mar 10, 2021 19:23 |
|
If there's a budget, strongly recommend an MSP. If he's gotten by on this for this long, it probably wouldn't be too expensive, they'll help him figure out a good solution. If you want to be your dad's new IT guy, my suggestion would be to just bite the bullet and invest a couple thousand in windows licensing (a Windows Server license is $500, and an upgrade license from Home to Pro is $100) and maybe a new/refurbished small server to be a DC (I don't know whether or not you can use a SAN as a DC, but you probably shouldn't). Edit: ignore me, do what Thanks Ants suggests.
|
# ? Mar 10, 2021 19:30 |
|
Thanks Ants posted:Unless you've got a good reason why it won't work then how ever many licenses of MS365 Business Premium as there are users, with Azure AD logins on the PCs, user folders copied to their personal OneDrive space, and some Intune policies to keep some sort of consistency between the PCs in terms of naming, update rings, software installs etc. Files in SharePoint. Yeah a small company like that shouldn't have the maintenance hassle of on-site servers.
|
# ? Mar 10, 2021 19:49 |
|
Thanks Ants posted:Unless you've got a good reason why it won't work then how ever many licenses of MS365 Business Premium as there are users, with Azure AD logins on the PCs, user folders copied to their personal OneDrive space, and some Intune policies to keep some sort of consistency between the PCs in terms of naming, update rings, software installs etc. Files in SharePoint. This is the correct answer. And hire a company to come in and do it.
|
# ? Mar 10, 2021 21:06 |
|
Thanks Ants posted:Unless you've got a good reason why it won't work then how ever many licenses of MS365 Business Premium as there are users, with Azure AD logins on the PCs, user folders copied to their personal OneDrive space, and some Intune policies to keep some sort of consistency between the PCs in terms of naming, update rings, software installs etc. Files in SharePoint. Appreciate the responses guys, thank you. Unfortunately I'm not sure he could go the hosted route due to it being a rural area and the internet connection being an issue - they're working with Quickbooks files that are sometimes multiple gigabytes and other boring stuff like that. Downstream it can be OK, upstream is awful. I guess I should've said that right off the bat, my apologies. He's going to retire in 5 years so I just have to make sure he gets there. My full time job affords me a lot of free time if necessary and I'm willing to help but I don't want to be certified in AD or something. I guess I will look at talking to an MSP. Perhaps it was naive of me but I figured there would be some sort of small server solution to the issue that didn't dive into AD, Sharepoint and CALs.
|
# ? Mar 10, 2021 22:47 |
|
I would never normally recommend it, and I haven't used it so please do your research, but a Synology NAS claims to be able to be a directory server so that would give you a central store of user accounts and you can bind the Windows 10 Pro machines to that domain if you want people to log in using those credentials. That also sorts your file storage, and you can have a backup job copy files to a USB disk that gets taken offsite. It's far from ideal but an improvement on what you have now.
|
# ? Mar 10, 2021 22:52 |
|
The Gunslinger posted:Appreciate the responses guys, thank you. Unfortunately I'm not sure he could go the hosted route due to it being a rural area and the internet connection being an issue - they're working with Quickbooks files that are sometimes multiple gigabytes and other boring stuff like that. Downstream it can be OK, upstream is awful. I guess I should've said that right off the bat, my apologies. Everything is in the cloud now. No one really cares about "easy to use, cheap, on-prem" solutions.
|
# ? Mar 10, 2021 22:54 |
|
Internet Explorer posted:Everything is in the cloud now. No one really cares about "easy to use, cheap, on-prem" solutions. Fair enough, I'm really out of touch I guess. It doesn't even need to be cheap, just needs to be on-site and I could manage his backup stuff. But yeah looking at Google it seems like everything is "get hosted". quote:I would never normally recommend it, and I haven't used it so please do your research, but a Synology NAS claims to be able to be a directory server so that would give you a central store of user accounts and you can bind the Windows 10 Pro machines to that domain if you want people to log in using those credentials. That also sorts your file storage, and you can have a backup job copy files to a USB disk that gets taken offsite. Thanks, I'll look at that too. I have a new PowerEdge that I could give him to use as a backup server as well.
|
# ? Mar 10, 2021 23:02 |
|
I've got a dumb question I'm probably overthinking: We have an on-prem AD setup and use Azure AD Connect to sync it to our Office 365 tenancy (email is fully there, no Exchange). Now that everyone's working remotely, when users need to change their password, they connect to the VPN and then change it. But... most people forget to do that, of course. So they end up having a mismatch of passwords between their laptop and Office/VPN. What's the smoothest way to idiot-proof that process, or is the answer "migrate fully to Azure AD"?
|
# ? Mar 16, 2021 15:49 |
|
No. 1 Juicy Boi posted:I've got a dumb question I'm probably overthinking: Make sure AAD Connect is configured to sync passwords back to on-prem, then enable Self-Service Password Reset in AAD. aka.ms/sspr and aka.ms/ssprsetup
|
# ? Mar 16, 2021 15:53 |
|
|
# ? Jun 8, 2024 07:12 |
|
Wizard of the Deep posted:Make sure AAD Connect is configured to sync passwords back to on-prem, then enable Self-Service Password Reset in AAD. aka.ms/sspr and aka.ms/ssprsetup Would that change the laptop's login password though? Or would they still need to connect to the VPN to sync that part?
|
# ? Mar 16, 2021 15:58 |