Working in IT 3.0: xp_cmdshell

The Something Awful Forums > Discussion > Serious Hardware/Software Crap > Working in IT 3.0: xp_cmdshell

George H.W. Cunt: Oct 6, 2010

Avenging_Mikon posted:

So, we're moving to Azure AD some time next year for user self-serve password resets. We're also going to slowly move everything to authenticate against AD instead of having separate accounts for everything. Cool. I like this plan, but I have a question that I don't want to ask the higher ups.

Someone forgets their account password and locks their account out... how do they reset their password? If they can't get on the computer, they can't reset their password, correct?

We're also going to be rolling out MFA, using tokens most likely. Might be Yubikey. Will that affect the situation?

Just general stuff, obviously some is going to differ based on specific implementation.

We used a 3rd party program from SpecsOps that gave us custom password rules. They have some other password policy things that I believe allow you to reset a password from the login screen in such a case so may look into them.

# ? Nov 7, 2017 13:37

Adbot: ADBOT LOVES YOU

# ? Jun 4, 2024 14:18

MF_James: May 8, 2008; I CANNOT HANDLE BEING CALLED OUT ON MY DUMBASS OPINIONS ABOUT ANTI-VIRUS AND SECURITY. I REALLY LIKE TO THINK THAT I KNOW THINGS HERE

INSTEAD I AM GOING TO WHINE ABOUT IT IN OTHER THREADS SO MY OPINION CAN FEEL VALIDATED IN AN ECHO CHAMBER I LIKE

MANime in the sheets posted:

qft

We rolled out Authanvil, then dropped it in less than six months for Centrify.

I like it to an extent, it works, does what it's supposed to and is fairly easy to manage, it's cheap too which is good for the bean counters. The big issue I have with it is that you can't loving reset passwords through RDP if they are expired and you are using authanvil to secure that remote connection, it's loving insane.

# ? Nov 7, 2017 16:50

The Fool: Oct 16, 2003

You can�t change expired passwords over RDP anyway?

At least in Server 2012 R2

# ? Nov 7, 2017 17:17

Irritated Goat: Mar 12, 2005; This post is pathetic.

The Fool posted:

You can�t change expired passwords over RDP anyway?

At least in Server 2012 R2

Some versions of Server just deny access rather than take you to a password change prompt. I'm not sure if it's a setting or not since I've never taken the time to check it.

# ? Nov 7, 2017 17:21

Kashuno: Oct 9, 2012; Where the hell is my SWORD?; Grimey Drawer

Exchange Online reporting some service outages right now :toot:

# ? Nov 7, 2017 17:24

MF_James: May 8, 2008; I CANNOT HANDLE BEING CALLED OUT ON MY DUMBASS OPINIONS ABOUT ANTI-VIRUS AND SECURITY. I REALLY LIKE TO THINK THAT I KNOW THINGS HERE

INSTEAD I AM GOING TO WHINE ABOUT IT IN OTHER THREADS SO MY OPINION CAN FEEL VALIDATED IN AN ECHO CHAMBER I LIKE

The Fool posted:

You can�t change expired passwords over RDP anyway?

At least in Server 2012 R2

You can, it requires a reg change but you can do it.

# ? Nov 7, 2017 17:31

orange sky: May 7, 2007

https://twitter.com/jeffmcjunkin/status/927971720899653632

Not in my computer, what's he talking about?

# ? Nov 7, 2017 19:56

Internet Explorer: Jun 1, 2005

orange sky posted:

https://twitter.com/jeffmcjunkin/status/927971720899653632

Not in my computer, what's he talking about?

I think he's just commenting on the size of the folder. Not running Linux, but on a Windows machine that is problematic because it's stored in AppData\Roaming.

# ? Nov 7, 2017 20:03

Sepist: Dec 26, 2005; FUCK BITCHES, ROUTE PACKETS; Gravy Boat 2k

I started replacing the word "cloud" with a small picture of a cloud in my internal emails. So far, so good

# ? Nov 7, 2017 20:03

CLAM DOWN: Feb 13, 2007

Sepist posted:

I started replacing the word "cloud" with a small picture of a cloud in my internal emails. So far, so good

# ? Nov 7, 2017 20:08

wolrah: May 8, 2006; what?

orange sky posted:

https://twitter.com/jeffmcjunkin/status/927971720899653632

Not in my computer, what's he talking about?

I'm guessing he had something go nuts and the Slack desktop client apparently doesn't rotate or trim its logs in any way.

My log directory is ~5.2M which seems reasonable after a few months of use.

# ? Nov 7, 2017 20:22

Dick Trauma: Nov 30, 2007; God damn it, you've got to be kind.

My Slack directory is fine but I noticed that my Spotify cache was pretty dumb. A little Notepad++ and now things are under control.

# ? Nov 7, 2017 20:24

Dr. Arbitrary: Mar 15, 2006; Bleak Gremlin

Mine is 2.7 GB.

# ? Nov 7, 2017 20:30

Zero VGS: Aug 16, 2002; ASK ME ABOUT HOW HUMAN LIVES THAT MADE VIDEO GAME CONTROLLERS ARE WORTH MORE; Lipstick Apathy

Our fleet of laptops are mostly HP Elitebook 840 G2, they are excellent laptops from a serviceability perspective and you can get to the battery/ram/ssd all from a single latch that lets you slide the whole bottom of the laptop open with no tools. You can pry the display bezel away and replace a cracked screen with 4 screws and a couple minutes time.

But, they're a few years behind, and they changed the design for the new G3/G4 revisions where it takes 10 screws and a spudger to get the thing open. Is there anything current from HP/Dell/Lenovo that is still super repair/upgrade friendly and isn't a giant brick?

# ? Nov 7, 2017 20:33

Judge Schnoopy: Nov 2, 2005; dont even TRY it, pal

Reply down the chain from Slack acknowledges the bug and said they've fixed it. Update slack if you have huge logs.

# ? Nov 7, 2017 20:35

GreenNight: Feb 19, 2006; Turning the light on the darkest places, you and I know we got to face this now. We got to face this now.

Zero VGS posted:

Our fleet of laptops are mostly HP Elitebook 840 G2, they are excellent laptops from a serviceability perspective and you can get to the battery/ram/ssd all from a single latch that lets you slide the whole bottom of the laptop open with no tools. You can pry the display bezel away and replace a cracked screen with 4 screws and a couple minutes time.

But, they're a few years behind, and they changed the design for the new G3/G4 revisions where it takes 10 screws and a spudger to get the thing open. Is there anything current from HP/Dell/Lenovo that is still super repair/upgrade friendly and isn't a giant brick?

Not really anymore. We're an HP shop and it's not fun repairing their new stuff. Maybe I'll see something better at tomorrows HP Fall Update event, but I doubt it. We get all 840 G3/4's.

# ? Nov 7, 2017 20:35

Peachfart: Jan 21, 2017

Sepist posted:

I started replacing the word "cloud" with a small picture of a cloud in my internal emails. So far, so good

- >

# ? Nov 7, 2017 20:45

Dr. Arbitrary: Mar 15, 2006; Bleak Gremlin

orange sky posted:

https://twitter.com/jeffmcjunkin/status/927971720899653632

Not in my computer, what's he talking about?

After the outage last week, logs got gigantic. It's safe to delete them and it's not typical behavior.

# ? Nov 7, 2017 21:33

Eletriarnation: Apr 6, 2005; People don't appreciate the substance of things...
objects in space.; Oven Wrangler

Zero VGS posted:

Our fleet of laptops are mostly HP Elitebook 840 G2, they are excellent laptops from a serviceability perspective and you can get to the battery/ram/ssd all from a single latch that lets you slide the whole bottom of the laptop open with no tools. You can pry the display bezel away and replace a cracked screen with 4 screws and a couple minutes time.

But, they're a few years behind, and they changed the design for the new G3/G4 revisions where it takes 10 screws and a spudger to get the thing open. Is there anything current from HP/Dell/Lenovo that is still super repair/upgrade friendly and isn't a giant brick?

I have a Latitude E7270 which is pretty recent (Skylake) and it takes 8 screws to open but no spudger or anything else specialized, which is not too bad in my opinion. My 4th gen/Skylake X1 Carbon work laptop appears similarly easy to open but apparently the keyboard goes in through the bottom, which means that if you have one bad key you have to completely gut the machine to replace it. Fortunately I got to learn that through my service contract.

# ? Nov 7, 2017 22:31

Super Slash: Feb 20, 2006; You rang ?

It's funny what kind of nuggets of information people can divulge.

Today some big wigs were coming in so a couple of us had to walk the floors and clean away any rogue IT equipment lying around, thrilling stuff but I happened across an unused IP phone and asked someone about it;

"Hey guy, is it fine if I take away this phone?"
"Yeah sure it isn't even connected, [ex IT Manager] was supposed to come and set it up for me"
"Oh?"
"Yeah but he said something about moving to a new phone system though"
"When was it he said this?"
"Ohh... about three years ago or so?"
"Well then..."

Sure explains a loving lot.

# ? Nov 8, 2017 00:03

The Fool: Oct 16, 2003

Today has been a slow day, so I made a Spiceworks docker image.

The four line long Dockerfile doesn't really convey the headache this project turned out to be.

code:

#start with Windows Server Core
FROM microsoft/windowsservercore

#download Spiceworks installer 
RUN powershell "Invoke-WebRequest https://download.spiceworks.com/Spiceworks/current/Spiceworks.exe -Outfile c:\\spiceworks.exe"

#install Spiceworks
RUN powershell "Start-Process -FilePath 'C:\spiceworks.exe' -ArgumentList '/S' -Wait"

#copy a good httpd.conf because the spiceworks installer breaks the conf file when using the silent install flag.
COPY ["./conf/httpd.conf", "C:/Program Files (x86)/Spiceworks/httpd/conf/httpd.conf"]

# ? Nov 8, 2017 02:14

ChubbyThePhat: Dec 22, 2006; Who nico nico needs anyone else

Bit of a slow day for me as well; I'm still messing with getting our new backup software 100% up to par. Staying late tonight to murder a host in about 5 minutes though; that should be fine.

(If everything goes according to plan it will just come back online and I can get out of here)

# ? Nov 8, 2017 02:27

CloFan: Nov 6, 2004

Lucky for you guys. I had a professor call in today saying that her monitor kept going into sleep mode and she couldn't use her computer. All of my techs were out on other jobs, so I walked across campus to troubleshoot. The computer was off :suicide:

# ? Nov 8, 2017 03:47

Vargatron: Apr 19, 2008; MRAZZLE DAZZLE

CloFan posted:

Lucky for you guys. I had a professor call in today saying that her monitor kept going into sleep mode and she couldn't use her computer. All of my techs were out on other jobs, so I walked across campus to troubleshoot. The computer was off

Easy fixes are the best. 70% of "computer won't turn on" issues have been a loose power cable to the monitor for me.

# ? Nov 8, 2017 04:13

CloFan: Nov 6, 2004

You know what, you're right. I got to get out of the office on a nice fall day, and got paid to push a button.

# ? Nov 8, 2017 04:16

Vulture Culture: Jul 14, 2003; I was never enjoying it. I only eat it for the nutrients.

Sepist posted:

I started replacing the word "cloud" with a small picture of a cloud in my internal emails. So far, so good

Great first step. Next step, replace it with a 1600x900 picture of a cloud

# ? Nov 8, 2017 05:10

Inspector_666: Oct 7, 2003; _{benny with the good hair}

Peachfart posted:

- >

Oh hey funny story, Kenji Lopez-Alt must have had that extension enabled when he originally posted his pressure-cooker risotto recipe, because when I first read it, step 3 read "(Rice grains should start to look like tiny ice cubes: translucent around the edges and butty in the center.)"

Also everybody who likes risotto should try that recipe it's so good and really easy.

# ? Nov 8, 2017 06:30

skooma512: Feb 8, 2012; You couldn't grok my race car, but you dug the roadside blur.

So the client wants to end the contract and suck us all in as in house employees. All well and good, I'm not really worried about having a job when they do it.

But the way they're handling it is seriously putting me off. First, nobody keeps their seniority. There's no law making them doing this, and most people have been here for an average of 10 years. Dick move. They're dropping our vacation to 10 days and that includes sick time, which we have separate now. The cherry on top is that the CIO said the COO of the company basically said we either like it or we can go somewhere else. Uh, that's the kind of poo poo you say when you're a big deal company like an Apple or an Amazon, not a tattered hospital system that can't keep their elevator working and has a major downtime every couple weeks. If I'm going to start at the bottom anyway, I'm going to do it somewhere else. Just arrogant behavior from the new management in general.

So I'm just applying to a bunch of places. I'm determined to get the gently caress out of here now. I was going to wait till I got my ICND1 sewed up, but if the attitude is literally love it or leave it, I'll leave it.

# ? Nov 8, 2017 06:42

Vulture Culture: Jul 14, 2003; I was never enjoying it. I only eat it for the nutrients.

Inspector_666 posted:

Oh hey funny story, Kenji Lopez-Alt must have had that extension enabled when he originally posted his pressure-cooker risotto recipe, because when I first read it, step 3 read "(Rice grains should start to look like tiny ice cubes: translucent around the edges and butty in the center.)"

Also everybody who likes risotto should try that recipe it's so good and really easy.

Everyone who likes food should try basically everything Kenji Lopez-Alt has ever written. Alton Brown's got nothing on the dude's food-scientist cred.

# ? Nov 8, 2017 08:27

LochNessMonster: Feb 3, 2005; I need about three fitty

skooma512 posted:

So I'm just applying to a bunch of places. I'm determined to get the gently caress out of here now. I was going to wait till I got my ICND1 sewed up, but if the attitude is literally love it or leave it, I'll leave it.

Good idea. They are already telling you how they will be treating you if you come aboard.

It�s a good thing they�re this transparent about it. Start looking and jump ship as soon as you find something better.

# ? Nov 8, 2017 09:36

Che Delilas: Nov 23, 2009; FREE TIBET WEED

skooma512 posted:

So the client wants to end the contract and suck us all in as in house employees.

Edit: Wow I totally misread that.

Could this be like, a really convoluted way of trying to end their contracts early without legal ramifications?

Che Delilas fucked around with this message at 09:59 on Nov 8, 2017

# ? Nov 8, 2017 09:56

Proteus Jones: Feb 28, 2013

Che Delilas posted:

Edit: Wow I totally misread that.

Could this be like, a really convoluted way of trying to end their contracts early without legal ramifications?

Nah, they've discovered that the contract rate is higher than in-house. This is also a way to wipe their seniority out so they save on benefits like Vacation/PTO.

# ? Nov 8, 2017 14:45

mllaneza: Apr 28, 2007; Veteran, Bermuda Triangle Expeditionary Force, 1993-1952

Vargatron posted:

Easy fixes are the best. 70% of "computer won't turn on" issues have been a loose power cable to the monitor for me.

I had one yesterday that was some weird version of that. One monitor wasn't working. After juggling cable I wound up with both monitors working... with the original cables swapped between monitors. I just rearranged them in Graphic Properties and wrote it off to "Windows Will Do That".

# ? Nov 8, 2017 15:26

Docjowles: Apr 9, 2009

Proteus Jones posted:

Nah, they've discovered that the contract rate is higher than in-house. This is also a way to wipe their seniority out so they save on benefits like Vacation/PTO.

It also seems like a way to wipe out having any IT staff, internal or external, because they've tipped their hands that they're utter shitlords and anyone decent will be moving on ASAP.

# ? Nov 8, 2017 15:53

Humbug Scoolbus: Apr 25, 2008; The scarlet letter was her passport into regions where other women dared not tread. Shame, Despair, Solitude! These had been her teachers, stern and wild ones, and they had made her strong, but taught her much amiss.; Clapping Larry

mllaneza posted:

I had one yesterday that was some weird version of that. One monitor wasn't working. After juggling cable I wound up with both monitors working... with the original cables swapped between monitors. I just rearranged them in Graphic Properties and wrote it off to "Windows Will Do That".

I have a portrait mode monitor I only use for reading pdfs that's plugged in through a USB adapter. It is the third monitor on this machine, and is not running through my regular video card but every time I update my graphics drivers, it somehow becomes the primary and resets itself to landscape mode. I I either have to rotate the monitor (which involves huggling a bunch of poo poo on my desk) or rotate my head like a deranged owl so I can actually figure out where the mouse cursor is.

It is the essence of "Windows Will Do That"

# ? Nov 8, 2017 17:49

LochNessMonster: Feb 3, 2005; I need about three fitty

skooma512 posted:

So the client wants to end the contract and suck us all in as in house employees. All well and good, I'm not really worried about having a job when they do it.

But the way they're handling it is seriously putting me off. First, nobody keeps their seniority. There's no law making them doing this, and most people have been here for an average of 10 years. Dick move. They're dropping our vacation to 10 days and that includes sick time, which we have separate now. The cherry on top is that the CIO said the COO of the company basically said we either like it or we can go somewhere else. Uh, that's the kind of poo poo you say when you're a big deal company like an Apple or an Amazon, not a tattered hospital system that can't keep their elevator working and has a major downtime every couple weeks. If I'm going to start at the bottom anyway, I'm going to do it somewhere else. Just arrogant behavior from the new management in general.

So I'm just applying to a bunch of places. I'm determined to get the gently caress out of here now. I was going to wait till I got my ICND1 sewed up, but if the attitude is literally love it or leave it, I'll leave it.

So they want to lure people in but are trying to do that by being obnoxious assholes who are openly telling you guys how you are all going to be off worse when you work for them directly?

Who the hell thinks that this kind of poo poo works?!

# ? Nov 8, 2017 18:12

skooma512: Feb 8, 2012; You couldn't grok my race car, but you dug the roadside blur.

Che Delilas posted:

Edit: Wow I totally misread that.

Could this be like, a really convoluted way of trying to end their contracts early without legal ramifications?

That�s probably exactly what it is.

And transparent is exactly what it is. It�s so blatant. I can�t imagine what they�ll be like without even a threat of not having enough personnel for a couple weeks (not that they really mind that).

The contract was up in June anyway, but they want it gone by February.

LochNessMonster posted:

So they want to lure people in but are trying to do that by being obnoxious assholes who are openly telling you guys how you are all going to be off worse when you work for them directly?

Who the hell thinks that this kind of poo poo works?!

Yeah, it�s baffling. They�re pretty much banking on people staying simply because it�s a job. They probably want to get old timers out anyway. Everything about this deal and their behaviour loving stinks. They made like 4 appointments with our account executive that they just flaked on. Just all kinds of unprofessional poo poo. Glassdoor shows that their other companies have similar issues with what we�re seeing here already, namely unrealistic deadlines and poor management style.

Like I said, I�d rather roll the dice somewhere else. They say they�re going to increase the pay to be competitive, but when one of your forums is half them loathing their new budget I can�t imagine it�s worth it, especially for desktop goons like me.

skooma512 fucked around with this message at 18:17 on Nov 8, 2017

# ? Nov 8, 2017 18:12

Mayne: Mar 22, 2008; To crooked eyes truth may wear a wry face.

Does anyone here have any tips on how we could protect sensitive data when users email it to external users? I was thinking of something like Azure RMS for the RMS but would need to encrypt the mail somehow as well.

# ? Nov 8, 2017 18:28

ChubbyThePhat: Dec 22, 2006; Who nico nico needs anyone else

skooma512 posted:

So the client wants to end the contract and suck us all in as in house employees. All well and good, I'm not really worried about having a job when they do it.

But the way they're handling it is seriously putting me off. First, nobody keeps their seniority. There's no law making them doing this, and most people have been here for an average of 10 years. Dick move. They're dropping our vacation to 10 days and that includes sick time, which we have separate now. The cherry on top is that the CIO said the COO of the company basically said we either like it or we can go somewhere else. Uh, that's the kind of poo poo you say when you're a big deal company like an Apple or an Amazon, not a tattered hospital system that can't keep their elevator working and has a major downtime every couple weeks. If I'm going to start at the bottom anyway, I'm going to do it somewhere else. Just arrogant behavior from the new management in general.

So I'm just applying to a bunch of places. I'm determined to get the gently caress out of here now. I was going to wait till I got my ICND1 sewed up, but if the attitude is literally love it or leave it, I'll leave it.

Jesus. gently caress them 15 ways to Sunday. Incinerate all the bridges on your way out.

Mayne posted:

Does anyone here have any tips on how we could protect sensitive data when users email it to external users? I was thinking of something like Azure RMS for the RMS but would need to encrypt the mail somehow as well.

Is signed email an acceptable solution?

# ? Nov 8, 2017 18:29

Adbot: ADBOT LOVES YOU

# ? Jun 4, 2024 14:18

CLAM DOWN: Feb 13, 2007

skooma512 posted:

They're dropping our vacation to 10 days and that includes sick time,

lol america

# ? Nov 8, 2017 18:33

The Something Awful Forums > Discussion > Serious Hardware/Software Crap > Working in IT 3.0: xp_cmdshell

«‹›2908 »