|
AAB posted:god damnit. I forgot how to audit login/logouts for accounts that validate against AD since I haven't done it in 2 years. Any suggestions? Looks like I'm starting to move into the "ok whats going on, but set up easy reports" action for my supervisors. Enable Account Logon and Logon success and failure auditing on your machines using a GPO. Collect somewhere (the ACS Collector in SCOM is great at the collection part of this), report against events 4624 for logons. Logoff auditing is terrible because there are cases where logging off doesn't generate a logoff event. Better reports are around Group Membership changes because these are typically changes in security access as well as Account Create, Delete, Enable/Disable.
|
# ? Jun 17, 2015 17:58 |
|
|
# ? Apr 24, 2024 14:16 |
|
Nintendo Kid posted:H1B's don't have to be paid equal to the same job title worked by native workers, they just can't be paid less than the minimum wage plus a bit honestly. Interesting, but not even remotely true: Dredd posted:The law establishes certain standards in order to protect similarly employed U.S. workers from being adversely affected by the employment of the nonimmigrant workers, as well as to protect the H-1B nonimmigrant workers. Employers must attest to the Department of Labor that they will pay wages to the H-1B nonimmigrant workers that are at least equal to the actual wage paid by the employer to other workers with similar experience and qualifications for the job in question, or the prevailing wage for the occupation in the area of intended employment – whichever is greater. Tab8715 posted:We've all heard about American workers being replaced by H1Bs however what I don't understand how does this benefit the company? In general, thought, H1Bs aren't a short-term cost savings measure, and they're not intended to be, except in the same way contract workers vs FTEs are. You have a short-term need for skills you don't have and can't find in your market.
|
# ? Jun 17, 2015 18:08 |
|
There are some software vendors doing some interesting things with privileged account management, authorization, and monitoring. CyberArk, ObserveIT, Centrify, Osirium, and I'm sure others. Solutions like this aren't more popular due to cost, complexity, and overhead. Imagine every time you needed to perform an administrative task you had to request permission for access to the appropriate account or resource, wait for that permission to be approved by someone in the approval chain, and then make the change. I don't remember which one I was looking at, but one or more of them had some nifty high security setups where Admin A and Admin B only knew half of the password, and they both had to enter their half for the authorization to go through.
|
# ? Jun 17, 2015 18:11 |
|
syg posted:So how do you deal with this at smaller companies though where you often have one engineer who knows everything and everyone relies on. Even in medium companies. Usually these IT departments are too small for real silos or separation of duties. Most basic steps for smaller companies: 1. Make sure everyone has individual admin logins rather than a shared logon so that one person is accountable for the actions of an account. 2. If on AD, stop using domain admin as an easy way out. Delegate permissions to a group for admin access and use non-priviledged service accounts for apps. 2. Seriously, figure out a way that one person can't delete both the live data and the backups. Have a MSP do the backups, or go with a cloud solution, and control access to it.
|
# ? Jun 17, 2015 18:16 |
|
Does anyone have any good websites/books to recommend for getting to know Confluence better besides the official documentation? I want to work on making a better dashboard see how I can organize things better.
|
# ? Jun 17, 2015 18:16 |
|
Truga posted:I work for a smallish web/pr agency of just under 30 people. I'm the only sysa/helpdesk/whatnot there, and thus obviously simply have access to *everything* that ever existed. It's just something your boss has to be comfortable trusting you with. Sounds like it would be a good idea to shell out for key man insurance, they can use the proceeds for consultants to get things in order if you get hit by a truck. skipdogg posted:There are some software vendors doing some interesting things with privileged account management, authorization, and monitoring. CyberArk, ObserveIT, Centrify, Osirium, and I'm sure others. Some of these options have the authorization done automatically. Like most things, it won't help against a rogue sysadmin who just wants to break things, but it's still a good security measure. Admin requests permission to X, the system generates credentials that expire in 6 hours or so. Everything is logged and can be audited, and you don't have critical credentials just floating around.
|
# ? Jun 17, 2015 18:34 |
|
Nice timing on the H1B discussion, Disney just cancelled their tech worker layoffs (probably due to the Times picking up the story) http://www.nytimes.com/2015/06/17/us/in-turnabout-disney-cancels-tech-worker-layoffs.html When the laid off workers are training the H1Bs on how to do their job for less, it's obvious that the program is not being used as intended
|
# ? Jun 17, 2015 18:51 |
|
Roargasm posted:Nice timing on the H1B discussion, Disney just cancelled their tech worker layoffs (probably due to the Times picking up the story)
|
# ? Jun 17, 2015 18:57 |
|
"gpupdate /force" is non consensual. stop perpetuating the rape culture.
|
# ? Jun 17, 2015 19:01 |
|
ZetsurinPower posted:"gpupdate /force" is non consensual. Did I miss something?
|
# ? Jun 17, 2015 19:09 |
|
One of the only glaring errors I encountered at the new place was that they allowed non-complex AD passwords that never expire. Terrible. In order to dull the pain of switching them to a sensible standard I suggested investing a hefty $10 in Secret Server Express, particularly because we use so many web-based services and I expect users are using similarly poor password hygiene for those as well. I'll let you know if I wind up with villagers at my door wielding torches and pitchforks.
|
# ? Jun 17, 2015 19:10 |
|
ZetsurinPower posted:"gpupdate /force" is non consensual. Classy post, IT thread.
|
# ? Jun 17, 2015 19:31 |
|
The Assistant Director of a department I haven't really dealt with before just replied to someone's (fairly serious, though not especially critical) emailed question with (basically) "Lol, I don't know. lol." The lol's were there.
|
# ? Jun 17, 2015 19:32 |
|
We have a pretty decent security awareness where I work. Passwords for key systems are separated and placed in a vault, with a combination that requires two people. There's decent auditing, although I want more. We don't use a password manager for privileged access yet, but we're putting together a project to get CyberArk in place. And then there's the board, who took one look at our password policy, said "Yeah we're not following that" and threw enough of a hissyfit that the CEO instructed us to set their passwords to never expire, and exempt them from the password requirements. At least I got them to use VPN rather than just plaintext email. Although I have no doubts that every document in the secure VPN area has just been downloaded to their tablets. That aren't domain joined and have no password policy. Again due to hissyfits. People. People have always and will always be the problem with security. It doesn't matter how much technology you put together, someone with too much power and not enough smarts will just say "Nah, don't wanna" and there goes your whole system.
|
# ? Jun 17, 2015 19:33 |
|
Antioch posted:We have a pretty decent security awareness where I work. Passwords for key systems are separated and placed in a vault, with a combination that requires two people. There's decent auditing, although I want more. We don't use a password manager for privileged access yet, but we're putting together a project to get CyberArk in place. Ugh. Preaching to the choir. I don't want to post too many specifics, but over the last couple of years we've really improved overall security, management of corporate data and devices, etc, except the very top echelons of the company don't want to play by the same rules. The people with the most important access exempt themselves from everything. It's beyond frustrating, but there's not poo poo you can do about it, so I just say gently caress it now. Here's a fun example Policy: ONLY CORPORATE OWNED, DOMAIN JOINED WINDOWS MACHINES CAN ACCESS INTERNAL COMPANY WIRELESS NETWORKS. Period. 802.1X certificate authentication only. Mac and Linux users are SOL. reality: stumble across AD group one day named Corporate_Wireless_Exception that contains most high ranking folks in the company and allows simple username/password authentication to the corporate internal wireless network Yes, most of those high ranking folks use non domain joined computers or Macs. I support a large contingent of developers that use Mac and Linux. I have to tell them to use the Guest WiFi and VPN to access corporate resources.
|
# ? Jun 17, 2015 19:54 |
|
ZetsurinPower posted:"gpupdate /force" is non consensual. TRIGGER WARNING: GPO published deskjet printer
|
# ? Jun 17, 2015 21:40 |
|
evol262 posted:Interesting, but not even remotely true: I assume most places that want to use H1B or any other sort of inexpensive staff to replace existing employees structure it the way Disney did. Nobody gets fired and replaced by someone cheaper. You get RIF'd and the entire class of job you did is replaced by a contract with a service provider, who happens to be able to provide the service cheaply because they use cheap labor of debatable quality. The company realizes short term savings and acts very surprised when the service provider sucks.
|
# ? Jun 17, 2015 21:42 |
hihifellow posted:TRIGGER WARNING: GPO published deskjet printer I am printgender, my pronouns are pri/pre/prim check your printvilege
|
|
# ? Jun 17, 2015 21:55 |
|
skipdogg posted:Ugh. Preaching to the choir. I don't want to post too many specifics, but over the last couple of years we've really improved overall security, management of corporate data and devices, etc, except the very top echelons of the company don't want to play by the same rules. The people with the most important access exempt themselves from everything. It's beyond frustrating, but there's not poo poo you can do about it, so I just say gently caress it now. Do you apply more strict policy to VPN users as compared to the internal wireless users?
|
# ? Jun 18, 2015 00:09 |
|
evol262 posted:In general, thought, H1Bs aren't a short-term cost savings measure, and they're not intended to be, except in the same way contract workers vs FTEs are. You have a short-term need for skills you don't have and can't find in your market. If the intention is to find talent that doesn't exist in the Country then why in the Visa Worker program is it that they don't have to look for local talent first? And aside from that, don't contract workers save companies money in the long-run? You pay straight-up cash, no benefits and even less labor rights. Granted, this is now changing but the point still stands.
|
# ? Jun 18, 2015 00:52 |
|
Any suggestions on how to handle career growth in a flat organization? I had to quit my last job because of doing too much generalist-type stuff, and not having a focus for a career path. Switched jobs, ended up being a lot better. However, management has started to flatten our department and merging some of the roles together. This also gave other departments the idea to dump some of their work onto us, permanently, and our department is gladly accepting these new responsibilities. Problem is, my team and I are at 100% utilization, and there is no talk of hiring new people to handle the additional work. I've voiced all these concerns to my manager, but he's new here and doesn't have the knowledge to say No to any of these requests. End of the day, we're getting additional work and taking on responsibilities out of our comfort zone (handling more long-term project work, and account management type things). I, hired into an escalated support role, have started to cover some of the Tier 1 stuff on a rotating basis which is not at all why I took this job in the first place. My VP is calling this an "upskilling" effort but from my perspective it looks like "let's just dump all this work onto the Support department and let them figure it out." There is a position above me, a much more highly technical position that doesn't really fit into the realm of Support that will still take me a year or two to reach. I've made my career path clear to get into this role, but now I don't even see myself having time to study or earn that position. I'm just hoping this job doesn't turn out to be like the last one. Aside from these recent changes, otherwise I like the work and can't really complain.
|
# ? Jun 18, 2015 01:38 |
|
H1bs are just another chapter in the book of Outsource Everything
|
# ? Jun 18, 2015 01:58 |
Server guy let me rack a server and configure it It was fairly basic and nothing I wouldn't have done on a desktop, but hopefully this leads to big show. I'm studying for MCSA, still deciding on whether to do 2012 or 2008.
|
|
# ? Jun 18, 2015 02:52 |
|
Roargasm posted:Nice timing on the H1B discussion, Disney just cancelled their tech worker layoffs (probably due to the Times picking up the story) 10% of base salary is loving insulting as severance pay.
|
# ? Jun 18, 2015 05:04 |
|
skooma512 posted:Server guy let me rack a server and configure it If you're starting from scratch, do 2012. All the higher concepts are pretty much the same, so differences are either in implantation, or new features.
|
# ? Jun 18, 2015 07:54 |
|
Tab8715 posted:If the intention is to find talent that doesn't exist in the Country then why in the Visa Worker program is it that they don't have to look for local talent first? Since H1Bs incur a significant cost to companies (lots of fees in sponsoring, travel costs, etc), and even filing to sponsor requires a job offer and a wage deemed to be market rate, there aren't good reasons why you'd want an H1B over a local worker if you could find one. But for highly paid positions (like anything in IT), the provisions are weaker. Largely driven by the idea that wages beyond a certain point are market driven. Tab8715 posted:And aside from that, don't contract workers save companies money in the long-run? You pay straight-up cash, no benefits and even less labor rights. Granted, this is now changing but the point still stands. The labor rights of W2 contractors (most contract workers) are pretty much the same as a regular employee. And yes, you pay straight cash. At a much higher rate than you would to actually retain that worker as an FTE, with provisions in the contract against hiring without paying the firm a finder's fee. Because it's hard to find qualified people. Dark Helmut can give a far more complete answer, but I know what companies were paying the firm to retain me when I was contracting, and it would have been cheaper to outright hire me. Additionally, there are intangibles (tangible for labor economists) like loss of business knowledge and process knowledge, lost productivity in replacing the worker and retraining the replacement (or waiting for them to come up to speed in their role) every 6-18 months, etc. But it's easier accounting for some places without an ongoing business need for services (or a position) to contract "support for project foobar" then it is to fight for internal resources to fill that need against other business constraints and other teams competing for the same resources.
|
# ? Jun 18, 2015 15:15 |
|
Two weeks into my new job as a systems admin, loving it.
|
# ? Jun 18, 2015 17:50 |
|
Vintimus Prime posted:Two weeks into my new job as a systems admin, loving it. Give it time.
|
# ? Jun 18, 2015 18:22 |
|
skooma512 posted:Server guy let me rack a server and configure it The first 5 or so are fun and exciting, now I look for guys like you to rack servers for me, cause I sure as poo poo don't want to do it Enjoy while it lasts
|
# ? Jun 18, 2015 19:40 |
|
Password-chat: SAS Edition http://espn.go.com/mlb/story/_/id/13105463/jeff-luhnow-denies-using-old-passwords-left-st-louis-cardinals-houston-astros
|
# ? Jun 18, 2015 19:47 |
|
skipdogg posted:The first 5 or so are fun and exciting, now I look for guys like you to rack servers for me, cause I sure as poo poo don't want to do it Enjoy while it lasts Every time I open a server box that doesn't have HP quick rails I die a little bit inside.
|
# ? Jun 18, 2015 19:52 |
|
Toshimo posted:Password-chat: SAS Edition I really push for 2FA for any super important systems these days.
|
# ? Jun 18, 2015 20:07 |
Tailored Sauce posted:Any suggestions on how to handle career growth in a flat organization? I had to quit my last job because of doing too much generalist-type stuff, and not having a focus for a career path. Switched jobs, ended up being a lot better. However, management has started to flatten our department and merging some of the roles together. This also gave other departments the idea to dump some of their work onto us, permanently, and our department is gladly accepting these new responsibilities. Problem is, my team and I are at 100% utilization, and there is no talk of hiring new people to handle the additional work. I've voiced all these concerns to my manager, but he's new here and doesn't have the knowledge to say No to any of these requests. End of the day, we're getting additional work and taking on responsibilities out of our comfort zone (handling more long-term project work, and account management type things). I'm in a company that's likely infinitesimal in size compared to yours and after our helpdesk guy got fired, am now doing helpdesk. He got canned in April, they're only now looking at hiring someone part-time. I hate helpdesk and joined with the understanding that I'd be OK doing occasional cover if he was sick, not two jobs. Volume is down but that won't last, and to be honest, it's an emotional kick in the teeth whenever I have to reset another drat password. There is no handling of vertical growth if your manager doesn't back you up already. You could always try talking to the people in that group, assuming the position is an open one or in the process of being created, but you'll probably end up having to do the work of the role before they promote you into it. Your best bet is to into the role you want, but I won't lie, having certs are a huge way to get yourself into the position. HR and recruiters love 'em, and you do learn a lot while prepping for them. skooma512 posted:I'm studying for MCSA, still deciding on whether to do 2012 or 2008. Get 2k8, take the 2012 upgrade, and when available take the 2016 upgrade. You will have so much more leverage if you can walk in saying "I am certified in all current versions of Windows Server." It's a lot to do - maybe doable in a year if you study hard/often and lab up a lot, but it's five exams to freedom.
|
|
# ? Jun 18, 2015 21:52 |
|
One week in and I feel like a huge idiot for not knowing ccnp-level material. Long road ahead!
|
# ? Jun 19, 2015 01:07 |
What? You're not intimately familiar with frame relay?! Shame on you.
|
|
# ? Jun 19, 2015 01:11 |
|
Actually I've been doing ccnp security stuff without ever having studied it at all. I would be all over a frame relay ticket right now instead of router certs.
|
# ? Jun 19, 2015 01:13 |
|
Vulture Culture posted:This is the story of corporate America, H1B or not. My dad had the same situation with his adjuster job at Travelers, except instead of H1B employees, it was 24-year-olds that cost a lot less than a senior adjuster with 40 years experience in the auto industry. If we provide those kinds of worker protections, we shouldn't focus too hard on the H1B side of things -- xenophobia is distracting us from who the problem is. The H1B visa program exists to allow skilled workers to fulfill a shortage after many requirements are met. If this program is causing tax payers to lose jobs it is not an issue of xenophobia. If the program is causing more hard than good it is not going to be supported as a policy.
|
# ? Jun 19, 2015 02:16 |
|
lampey posted:The H1B visa program exists to allow skilled workers to fulfill a shortage after many requirements are met. If this program is causing tax payers to lose jobs it is not an issue of xenophobia. If the program is causing more hard than good it is not going to be supported as a policy. lol oh if only
|
# ? Jun 19, 2015 02:21 |
|
Today someone didn't believe that I could change their desktop backgrounds. So a few hours later they got a nice greasy picture of shia lebeouf locked on their screen. I didn't know how to remotely force a gp update without powershell.
|
# ? Jun 19, 2015 02:42 |
|
|
# ? Apr 24, 2024 14:16 |
|
Any commvault to swift backup guys here? Can you shed some light on this mystical error code. Press '1' to continue or '0' to back to the previous menu [1]: Failed to check Container [CommVault] status, error: Error = 44088
|
# ? Jun 19, 2015 03:59 |