|
I think VMware is going gangbusters on companies who are cloud adverse. I swear, I think we have every VMware product known it man. We're super excited about Tanzu for some reason. We don't even use containers in prod yet.
|
# ? Jun 30, 2021 17:18 |
|
|
# ? May 13, 2024 03:25 |
|
Internet Explorer posted:I mean, I don't know about forcing, but you can set registry keys to both hide and block local drives from Explorer. You can still access via command line or something like \\localhost\c$, but I guess that depends on how technical your users are. My point was that there isn't a reasonable way to do this. My CISO think that its a small thing to require people to save everything to one drive. Just a total misunderstanding of the how technology works.
|
# ? Jun 30, 2021 17:20 |
|
But I think you could do what I said? Use OneDrive with Known Folder Move and then the Explorer policies I mentioned. Yes, users can get around it, so it depends on your requirements, but it will guide the vast, vast majority of users to the right place.
|
# ? Jun 30, 2021 17:23 |
|
Sprechensiesexy posted:What was the goon hivemind approved software for password storage again? We don't have any and I would like to make some suggestions to change that. Money is not an objection since we are a relatively small team. Bitwarden?
|
# ? Jun 30, 2021 17:29 |
|
HashiCorp Vault is free and has a key:value secrets database. You don't get a nice app though. Have to go through the webUI or use the API.
|
# ? Jun 30, 2021 17:40 |
|
Redirect Desktop and My Documents to OneDrive and you've captured like 95% of what people are doing.
|
# ? Jun 30, 2021 17:44 |
Internet Explorer posted:I think VMware is going gangbusters on companies who are cloud adverse. I swear, I think we have every VMware product known it man. We're super excited about Tanzu for some reason. We don't even use containers in prod yet. loving barf, the crap side of my company that does ‘private cloud’ won’t shut up about this poo poo and vRealize but as far as I can tell it’s all trash
|
|
# ? Jun 30, 2021 17:49 |
|
i am a moron posted:loving barf, the crap side of my company that does ‘private cloud’ won’t shut up about this poo poo and vRealize but as far as I can tell it’s all trash Yeah. It's all trash. I'm trying to work myself up to tell them that doing things the hard way does not make them "real engineers."
|
# ? Jun 30, 2021 17:53 |
|
We use lastpass for user credential storage and hashicorp vault for infrastructure secrets
|
# ? Jun 30, 2021 17:58 |
|
Sprechensiesexy posted:What was the goon hivemind approved software for password storage again? We don't have any and I would like to make some suggestions to change that. Money is not an objection since we are a relatively small team. It's going to depend on your specific requirements. If you're just talking about sharing secrets, I like 1Password, I don't like LastPass, and something like BitWarden or KeePass will probably be functional. If you want to expand the scope and talk about secret management and auditing, I can say that Thycotic Secret Server is good and relatively affordable. It will let you do some pretty comprehensive auditing/reporting, as well as rotating service account passwords. There's also CyberArk, which I have less experience with. I know 1Password is moving into that space as well, but they're still in relatively early beta. I know you can implement Thycotic and CyberArk on-premises or in the cloud. I think 1Password can still do Local Vaults, but I haven't looked too closely at that recently.
|
# ? Jun 30, 2021 18:34 |
|
uhhhhahhhhohahhh posted:HashiCorp Vault is free and has a key:value secrets database. You don't get a nice app though. Have to go through the webUI or use the API. Vault is fun because you can use a Shamir seal to break the master key into multiple shards that can be buried in hidden caches around the globe.
|
# ? Jun 30, 2021 18:55 |
|
Dr. Arbitrary posted:Vault is fun because you can use a Shamir seal to break the master key into multiple shards that can be buried in hidden caches around the globe. Speaking of this... What do people actually do with their unseal keys? I know the recommendation is to split them up physically, but what did you/would you do practically? The best I could come up with is splitting the keys between managers/oncall escalations and putting it on their OneDrive that doesn't depend on our on-prem infrastructure.
|
# ? Jun 30, 2021 19:05 |
|
uhhhhahhhhohahhh posted:Speaking of this... What do people actually do with their unseal keys? I know the recommendation is to split them up physically, but what did you/would you do practically? The best I could come up with is splitting the keys between managers/oncall escalations and putting it on their OneDrive that doesn't depend on our on-prem infrastructure. If I recall, the main point is that you can make sealed backups and store them wherever, and in the case of a catastrophe, you can unseal a backup with the cooperation of multiple remote sites or persons.
|
# ? Jun 30, 2021 19:32 |
|
Internet Explorer posted:But I think you could do what I said? Use OneDrive with Known Folder Move and then the Explorer policies I mentioned. Yes, users can get around it, so it depends on your requirements, but it will guide the vast, vast majority of users to the right place. The explorer policy you mention is no small feat. This means cleaning up items in pinned access, messing with desktop folder stuff, its a total mess.
|
# ? Jun 30, 2021 19:54 |
|
I've done it almost everywhere I've been.
|
# ? Jun 30, 2021 19:58 |
I don’t know how good their enterprise/multiuser support is but I migrated from LP to Bitwarden. The transition was smooth, it has good support on PC and IOS, and generally doesn’t get in my way or piss me off. I pay for subscription and I feel it’s worth it
|
|
# ? Jun 30, 2021 20:49 |
|
Wizard of the Deep posted:"Why are all these attractive young women from up and down the east coast who just graduated college and that I definitely don't know showing up in my LinkedIn feed?" Can I tell my LinkedIn creep story? I used to work with this degenerate (he was eventually fired for going though clients desks and stealing money) but he used to come back from lunch and talk about all the hot women he was getting lunch with. He was married, and it was really in-appropriate how he was talking. I would shut him down since I didn't think it was appropriate work discussion. I found out later that he was just finding attractive recruiters on linkedin, and getting them to buy him lunch to recruit him, but he'd brag to us all that was lunch dates. He was a huge jack rear end.
|
# ? Jun 30, 2021 21:49 |
|
e: I'll make this post in Corporate America megathread instead since it's more widely applicable than IT.Inner Light posted:Apple and Chase Bank in the news for pushing back against WFH.
|
# ? Jun 30, 2021 22:07 |
|
Jerk McJerkface posted:I found out later that he was just finding attractive recruiters on linkedin, and getting them to buy him lunch to recruit him, but he'd brag to us all that was lunch dates. He was a huge jack rear end. lmao, for sure. Ngl I may have taken a recruiter lunch or two in the past because they were attractive but I’m also happily married with 3 kids and not gonna gently caress that up. Nowadays you couldn’t get me to a recruiter lunch period, gently caress that noise. I have better things to do with my lunch hour.
|
# ? Jun 30, 2021 22:49 |
|
Never ever been on a recruiter lunch. Not too many in this city apparently
|
# ? Jun 30, 2021 22:54 |
Man, woman, I don’t care pay for my coffee or lunch and once you whip that Corp card out I’m telling you to gently caress off thanks for the free poo poo tho
|
|
# ? Jun 30, 2021 22:55 |
|
I went 7 months at the new job not needing domain admin, that changed today and I’m sad
|
# ? Jul 1, 2021 00:21 |
|
George H.W. oval office posted:Redirect Desktop and My Documents to OneDrive and you've captured like 95% of what people are doing. Onedrive already does this natively if you just activate backup in it! somehow the users will still end up saving directly to the c: drive
|
# ? Jul 1, 2021 14:57 |
What's a good AD audit tool for an enterprise environment of like 20000+ users? The pre-existing got axed and I do not really want to write a bunch of custom scripts. Does not need to be free.
|
|
# ? Jul 1, 2021 15:02 |
|
Whats a good device management solution. Ideally windows and mac but def windows, environment about 125 unmanaged pcs. Need remote access and package management. I saw JAMF Pro for apple and looking into smart deploy for PC. Microsoft/GSuite shop, with Gsuite as primary login. Also re WFH, I'm one of the wierdos who likes the office and the hiring manager said that was a huge reason I got the gig. LionYeti fucked around with this message at 15:17 on Jul 1, 2021 |
# ? Jul 1, 2021 15:13 |
|
Submarine Sandpaper posted:What's a good AD audit tool for an enterprise environment of like 20000+ users? The pre-existing got axed and I do not really want to write a bunch of custom scripts. Does not need to be free. What do you need to audit? Quest Change Auditor is one of the best tools I've used, but their business practices since being bought by private equity loving suck so bad I can't recommend someone go with them. It's a shame though, the software is good. They destroyed the relationship at my last company, and my new org got rid of them last year as well. Manage Engine AD Audit is a budget option. I haven't used it in a long time, but their main selling point was 90% functionality of the big players, at 10% of the cost. I will say I used some of their products a long time ago, and the support was good, and they were fast to implement additional features. This was 10+ years ago though, so no idea if this has changed. There's some other options out there that might work depending on what you need to do. Netwrix comes to mind. Lepide has a solution. Stealthbits Stealth Intercept is another option, but honestly I'm not impressed with it at all. I can't tell if it's our install of it, or if the software just isn't that good. Stealthbits also just merged with Netwrix so not sure whats going to happen with their solutions. Cygna labs is something I haven't looked at before, and looks promising. It might not be written on 20+ year old code, claims to be next gen, but who knows.
|
# ? Jul 1, 2021 15:28 |
skipdogg posted:What do you need to audit? Mostly IAM. Company is newly public and gotta dot some i's that have not been. Very broad right now. Shame about quest.
|
|
# ? Jul 1, 2021 15:31 |
|
Submarine Sandpaper posted:Mostly IAM. Company is newly public and gotta dot some i's that have not been. Very broad right now. The product is still good, but we were audited 4 different times in less than 36 months at my last job. That's with us spending more than 500K in new licenses and pro services with them last year, and another 100K in maintenance renewals. I straight up told my sales rep they were going to lose our business because of all the audit nonsense, but it was coming down from on high. You can google Quest Software Lawsuits and see the crap they've been pulling. edit: Another option is to just ship all your AD logs off to a SIEM of some sort. I stopped using Change Auditor on a regular basis at my last job because it was faster to just find the event in LogRhythm. CA was still good for running reports, but for one offs, LR was faster and easier to use if you knew exactly what you were looking for. Just depends on what you need it to do. If I needed something stood up quickly, and relatively inexpensively I'd probably go back to Manage Engine AD Audit Plus. It's priced per DC, not enabled user account, so if you're environment isn't huge the savings could be significant. skipdogg fucked around with this message at 15:51 on Jul 1, 2021 |
# ? Jul 1, 2021 15:42 |
Submarine Sandpaper posted:What's a good AD audit tool for an enterprise environment of like 20000+ users? The pre-existing got axed and I do not really want to write a bunch of custom scripts. Does not need to be free. Delete AD
|
|
# ? Jul 1, 2021 17:12 |
|
skipdogg posted:What do you need to audit? Varonis can also do this kind of AD auditing, but I don't know if I've ever heard of anyone using it *just* for AD so it might be overkill in this case.
|
# ? Jul 1, 2021 17:46 |
|
You could technically buy just the ad license, but it is such a heavy application and soooo expensive that I wouldn’t recommend it
|
# ? Jul 1, 2021 17:50 |
|
lolquote:Financial services giant Intuit this week informed 1.4 million small businesses using its QuickBooks Online Payroll and Intuit Online Payroll products that their payroll information will be shared with big-three consumer credit bureau Equifax starting later this year unless customers opt out by the end of this month.
|
# ? Jul 1, 2021 20:13 |
|
As someone that works for Intuit’s competition : Double lol
|
# ? Jul 1, 2021 20:47 |
|
What orgs out there provision a 2nd azure ad tenant just for your privledged user accounts? If so, who started this trend so I know who to dissolve in acid.
|
# ? Jul 2, 2021 00:28 |
|
Sickening posted:What orgs out there provision a 2nd azure ad tenant just for your privledged user accounts? If so, who started this trend so I know who to dissolve in acid. LOL sorry bud. How the hell does that even work? Sounds like something infosec dreamt up while trying to justify their existence.
|
# ? Jul 2, 2021 00:51 |
That is bar none the stupidest poo poo Ive ever heard and as a serial azure consultant Ive never even heard that suggested let alone implemented.
|
|
# ? Jul 2, 2021 01:07 |
|
Sickening posted:What orgs out there provision a 2nd azure ad tenant just for your privledged user accounts? If so, who started this trend so I know who to dissolve in acid. That's an interesting way to imitate a bastion... or perhaps take it to the extreme?
|
# ? Jul 2, 2021 01:19 |
It’s not a bastion though, it’s just a bunch of cloud only accounts that are functionally no different except you now have to manage governance and settings and poo poo in two places. Like you gain nothing except a bigger attack surface
|
|
# ? Jul 2, 2021 01:33 |
|
i am a moron posted:It’s not a bastion though, it’s just a bunch of cloud only accounts that are functionally no different except you now have to manage governance and settings and poo poo in two places. Like you gain nothing except a bigger attack surface Ding ding ding. You duplicate your costs as you want to monitor your privledged accounts just as much more than your non-privledged accounts. You double your administrative efforts. You make your environment more complex. I can't see how this has a single benefit.
|
# ? Jul 2, 2021 01:37 |
|
|
# ? May 13, 2024 03:25 |
|
Sickening posted:What orgs out there provision a 2nd azure ad tenant just for your privledged user accounts? If so, who started this trend so I know who to dissolve in acid. I'm sorry but what the gently caress? How is this even supposed to work and what problem is this meant to achieve other than "too much budget, must spend money"?
|
# ? Jul 2, 2021 02:21 |