|
An apprentice came in: Or at least that's the idea. As a 1 man sysadmin/devops/Cloud wrangler/desktop support department at a small startup, how do I make my case that an apprentice is unlikely to have the skills to be much use and I don't have the time to spend giving them the mentoring that they deserve
|
# ? Apr 4, 2018 21:06 |
|
|
# ? Mar 29, 2024 00:10 |
|
What city if you don't mind doxing yourself?
|
# ? Apr 4, 2018 21:10 |
|
96 Port Hub posted:What city if you don't mind doxing yourself? Leeds
|
# ? Apr 4, 2018 22:15 |
|
Oh god. A request came in, pre-approved by our supervisor. They want us to make folders for a project. One main folder for each leader, named for their position. There's about 120. And then make it so that only that person, and their supervisor, can access the folder. So manually, create about 120 folders and security groups, each with unique names. I feel like there should be a way to automate this. I have two months to get it accomplished. Powershell AHOY!
|
# ? Apr 4, 2018 22:31 |
|
Avenging_Mikon posted:Oh god. If your AD has the manager field populated, and you have a CSV listing the 120 people, it could be done very quickly.
|
# ? Apr 4, 2018 22:38 |
|
Avenging_Mikon posted:Oh god. You posted this about 10 minutes ago. In that time, you should have googled creating an ACLs with powershell, and started writing the script. You should be done in about 20 minutes. Remember to give some sort of administrative access to the folder level, at least at first, so you have access to delete your first bad attempt. What are you going to do with your two month vacation?
|
# ? Apr 4, 2018 22:49 |
|
The Fool posted:If your AD has the manager field populated, and you have a CSV listing the 120 people, it could be done very quickly. I didn't think of that. I'm going to assume it is not the case though.
|
# ? Apr 4, 2018 22:50 |
|
The Fool posted:If your AD has the manager field populated, and you have a CSV listing the 120 people, it could be done very quickly. Sadly it’s not quite that simple. They want the title as the name of the folder, so "Manager of EC & CC Dept” and the title fields in AD aren’t that in-depth. already talked them out of position coding as the names because that isn’t anywhere in AD. We were brought in at the absolute end of this and presented with a lot of gibberish, so I’m hoping I can further talk them around to naming the folders [department], [title]. At that point I’d just need to find a way to convert the names to a usable format, and tell the script to make the folder, create a security grouping with the same name, then add the relevant person to the group, each part of which isn’t that difficult. This is in addition to my normal helpdesk duties, so sloshmonger posted:What are you going to do with your two month vacation? No vacation, sadly.
|
# ? Apr 4, 2018 23:23 |
|
sloshmonger posted:You posted this about 10 minutes ago. In that time, you should have googled creating an ACLs with powershell, and started writing the script. You should be done in about 20 minutes. Remember to give some sort of administrative access to the folder level, at least at first, so you have access to delete your first bad attempt. Real talk is the only way to do ACLs in Powershell by creating new objects? I feel like MS could make that whole process so much smoother (just like how it handles distinguished names for AD stuff.)
|
# ? Apr 5, 2018 01:53 |
|
Inspector_666 posted:Real talk is the only way to do ACLs in Powershell by creating new objects? I feel like MS could make that whole process so much smoother (just like how it handles distinguished names for AD stuff.) I don't know if it's the only way, just the only way I've done before, so reused a lot of that code.. It's a weird space of powershell and .Net that only led to madness. code:
|
# ? Apr 5, 2018 02:25 |
|
I just got back from doing a bunch of out of town network jobs at sites I'd never been to before, and it never ceases to amaze me how people who don't know anything about who you are and why you're there will just give you keys and point you to network closets in important government buildings as long as you walk in with a clipboard and a lanyard and look lost.
|
# ? Apr 5, 2018 02:28 |
|
The Macaroni posted:Re: Phishing Six pages into the PDF that I downloaded later, I got bored and stopped reading. It was just. So. Long. A non-technical user, of which we had lots, would just have stopped caring on page one. Also the SOC went nuts because they couldn't work out who on the non-SOC security team opened the link and why it was being accessed from outside the company since I was running all my poo poo through our team's shared testing SSH tunnel due to firewall issues that ServiceNow was preventing the helpdesk even noticing existed and turned out to be due to group policy poo poo which wasn't fixed until a week before I left all while everyone else was using the SSH tunnel just because gently caress the web filter when you literally need to look up "blocked: hacking" content basically every ten minutes
|
# ? Apr 5, 2018 02:48 |
|
I got an email linking to a google form with no other information than the subject ("Company Apparel size survey") and reported it to the cybersecurity department per procedure for reporting suspicious activity. Never got a response. A month later I got a company windbreaker 2 sizes too small.
|
# ? Apr 5, 2018 05:13 |
|
Arquinsiel posted:I had one of those pop up and after checking all the gubbinz realised that it was a legit email sent from a domain we owned but which was defunct due to branding, but maintained to prevent exactly this poo poo happening. There was literally nothing in it to suggest it was suspicious at all, except the CEO never bothers with the level of poo poo the email suggested. So I figured out what it was and opened the link in a VM to see what we were doing to educate users, as a good and curious new security dude. Holy run on sentence Batman
|
# ? Apr 5, 2018 05:25 |
|
A client just insisted on installing a switch themselves. Client stayed late and replaced two temporary 24 port switches with a new 48 port. Client just sent in a picture. Both 24s are gone, there are *two* cables plugged into the new switch, and the patch panels have about 30 new cables plugged into them. I am so glad this isn't directly my problem.
|
# ? Apr 5, 2018 05:48 |
|
Client doesn't know what a VLAN is either I'm guessing?
|
# ? Apr 5, 2018 12:31 |
|
Renegret posted:Client doesn't know what a VLAN is either I'm guessing? That's assuming that vlans are used. My old boss never used them because the contractor at the company said they didn't work well. I think it's because he didn't know how to use them but I'm just guessing.
|
# ? Apr 5, 2018 15:56 |
|
blackswordca posted:That's assuming that vlans are used. My old boss never used them because the contractor at the company said they didn't work well. I think it's because he didn't know how to use them but I'm just guessing. In my heart I know this is true, for as funny as it would be for the client to actually plug everything in correctly and have it still not work. So that switching loop that took down the internal network last night? I got paid 5 hours of overtime to listen to IT spin their wheels trying to figure it out. Turns out a switch poo poo the bed and started happily forwarding broadcasts out of all of it's blocking ports, while reporting that the blocking ports were perfectly fine.
|
# ? Apr 5, 2018 16:07 |
|
blackswordca posted:That's assuming that vlans are used. My old boss never used them because the contractor at the company said they didn't work well. I think it's because he didn't know how to use them but I'm just guessing. "This Netgear switch doesn't route between VLANs and figuring out security zones on my firewall is too hard. Of course we don't have a dedicated router why would we. A flat network works just fine!"
|
# ? Apr 5, 2018 16:07 |
|
Judge Schnoopy posted:"This Netgear switch doesn't route between VLANs and figuring out security zones on my firewall is too hard. Of course we don't have a dedicated router why would we. A flat network works just fine!" Replace 'dont have a dedicated router' with 'Cheapest fortigate possible' and you are right.
|
# ? Apr 5, 2018 16:10 |
|
RFC2324 posted:Holy run on sentence Batman
|
# ? Apr 5, 2018 16:55 |
|
Renegret posted:Client doesn't know what a VLAN is either I'm guessing?
|
# ? Apr 5, 2018 18:47 |
|
I always like apps that can't communicate across vlans. Oh the server is in VLAN100 but your clients are in VLAN102? gently caress it, doesn't work.
|
# ? Apr 5, 2018 18:56 |
|
isn't that one of the points of a vlan? no communication between them unless it is routed as a separate network? because if not I'm back to completely not understanding the point of them. or are you complaining about apps that won't route between networks, because that is a whole separate issue
|
# ? Apr 5, 2018 19:16 |
|
The apps most likely use multicast broadcasts which are never* routed. Vlans stop poo poo from broadcasting to the entire network.
|
# ? Apr 5, 2018 19:38 |
|
Judge Schnoopy posted:The apps most likely use multicast broadcasts which are never* routed. Yeah, this, we have 1 customer with their core business application that does multicast to connect to the software on client devices.
|
# ? Apr 5, 2018 19:40 |
|
While gearing up for an unrelated project, we discovered that we don't actually own a large number of business-critical phone numbers. We disconnected them after a move about 2 years ago, and apparently the whole thing just fell through the cracks. They continue to work because the provider didn't disconnect them properly, but we don't pay for them and they may stop working at any moment. This is not a priority, of course.
|
# ? Apr 5, 2018 19:53 |
|
RFC2324 posted:or are you complaining about apps that won't route between networks, because that is a whole separate issue This, yes.
|
# ? Apr 5, 2018 20:02 |
|
GreenNight posted:This, yes. looks like other people already gave what to google to get it working, which a little googling narrowed down to IGMP and IP Multicast routing. same google did make it appear that it might be a bit of a PITA in practice tho these forums are too helpful sometimes, and always educational
|
# ? Apr 5, 2018 20:10 |
|
Ask me about getting iOS display mirroring working across network segments. It's actually just a checkbox in the meraki dashboard
|
# ? Apr 5, 2018 20:13 |
|
you ate my cat posted:While gearing up for an unrelated project, we discovered that we don't actually own a large number of business-critical phone numbers. We disconnected them after a move about 2 years ago, and apparently the whole thing just fell through the cracks. They continue to work because the provider didn't disconnect them properly, but we don't pay for them and they may stop working at any moment. Sounds like you found a way to make some money on the side.
|
# ? Apr 5, 2018 20:29 |
|
The Fool posted:Ask me about getting iOS display mirroring working across network segments. Meraki's implementation of that is infuriating because for whatever reason it doesn't consider the native VLAN to be one that you'd want to listen for Bonjour services on or advertise Bonjour services to. As far as I can tell this isn't a protocol limitation, it just means I sometimes need to make a weird choice of what VLAN the APs use for management.
|
# ? Apr 6, 2018 00:19 |
|
Judge Schnoopy posted:The apps most likely use multicast broadcasts which are never* routed. One word: Chromecasts. More words: An ex-cow-orker of mine laughed at me for buying NUCs to power TV displays and instead spent a week developing a "proof of concept" with Chromecasts. Then laughed at me again when the bosses loved that solution and told me to return the NUCs. Then the Chromecasts sat there happily broadcasting out over the wireless VLAN trying to find someone to talk to while my cow orker screamed at me for setting up VLANs and I sat there wondering if Google eats their own dogfood.
|
# ? Apr 6, 2018 02:50 |
|
sfwarlock posted:One word: Chromecasts. It would work fine if you put the signal feeder devices on that same wireless vlan. The signaller will tell the Chromecast what to pull, and the Chromecast will use regular packets to retrieve the content from the internet / internal server. I set up an audio system for a fitness center that uses multicast on wifi to communicate with end user devices. It wasn't too hard to throw the broadcasters on that vlan while also giving everybody access to the internet AND segmenting it off of internal traffic.
|
# ? Apr 6, 2018 04:55 |
|
Renegret posted:In my heart I know this is true, for as funny as it would be for the client to actually plug everything in correctly and have it still not work. Why did it take them five hours? O_O I've got a spare switch in every building just because its a very quick way to check a thing that's common enough for me to warrant a spare switch in each building. I may not be a great IT dude, but i'm lazy enough that i'm not spending 5 hours straight actively working on a thing if i can avoid it.
|
# ? Apr 6, 2018 11:00 |
|
dogstile posted:Why did it take them five hours? O_O To be fair, 3 hours of that was working on the switch. The last 2 were hammering out some residual DHCP issues, and the first hour was spent troubleshooting the wrong thing because the issue was being misreported by users. Because of the potential impact they didn't want to pull poo poo randomly, especially when the issue looked like a spanning tree problem. Even Cisco was at a loss.
|
# ? Apr 6, 2018 12:25 |
|
Office365 is down for large parts of the world. My work's ground to a halt. Good luck to any IT person that has to deal with it.
|
# ? Apr 6, 2018 12:26 |
|
Geemer posted:Office365 is down for large parts of the world. My work's ground to a halt. Good luck to any IT person that has to deal with it. I've been out of the office for 11 days, and this is the disaster I am walking in to. At least I just have to hang a sign that says "Microsoft is working on it."
|
# ? Apr 6, 2018 12:30 |
|
It's fine, stuff still works if you're authenticated. I was out the office but my phone never noticed any issues.
|
# ? Apr 6, 2018 13:51 |
|
|
# ? Mar 29, 2024 00:10 |
|
It appears to be resolved now. Thankfully.
|
# ? Apr 6, 2018 14:39 |