Register a SA Forums Account here!
JOINING THE SA FORUMS WILL REMOVE THIS BIG AD, THE ANNOYING UNDERLINED ADS, AND STUPID INTERSTITIAL ADS!!!

You can: log in, read the tech support FAQ, or request your lost password. This dumb message (and those ads) will appear on every screen until you register! Get rid of this crap by registering your own SA Forums Account and joining roughly 150,000 Goons, for the one-time price of $9.95! We charge money because it costs us $3,400 per month for bandwidth bills alone, and since we don't believe in shoving popup ads to our registered users, we try to make the money back through forum registrations.
  • Post
  • Reply
Wizard of the Deep
Sep 25, 2005


klosterdev posted:

information on upgrading the jump client MSI without causing a whole bunch of duplicate jump clients to install.

Even with GPOs, you can just item-level targeting to filter out clients the GPO shouldn't push the MSI to. Off the top my head, you could have the MSI not apply to machines where a certain service or file is present.

SCCM and InTune should have similar filtering options.

Adbot
ADBOT LOVES YOU

myron cope
Apr 21, 2009



I updated PDQ Inventory without really paying attention that it requires .NET 4.8, so now about half of my servers won't scan. But my real question is how does WSUS decide when a computer gets an update or not? Of the half that still work (because they have .NET 4.8 already) I can't tell how they got it--like some are 2012R2, some are 2019, some have SQL...there's no common thread that I see. It looks like it should just come from WSUS?

And the other thing I'm wondering is if I just push it out to everything (PDQ Deploy still works fine) is that bad?

The Fool
Oct 16, 2003



As long as you aren't running any applications that rely on a language feature that is being depreciated.

Agrikk
Oct 17, 2003

Take care with that! We have not fully ascertained its function, and the ticking is accelerating.


capitalcomma posted:

and don't start fires when the fire risk level is literally "EXTREME"! in all caps! That's not an ambiguous reading!

Lightning canít read.

xzzy
Mar 5, 2009

wakey wakey to
this bowl of tasty


Yams Fan

Agrikk posted:

Lightning canít read.

Neither could the idiots that started a fire with a firework at a gender reveal party.

Which didn't happen in Washington, but the whole west coast is a campfire right now. So there's lots of lessons to be learned.

The Fool
Oct 16, 2003



I have no idea what the gently caress right now

The Iron Rose
May 12, 2012

Cat Army


just found out today that 2fa was turned off for our organization, some senior people on my team knew about it and thought it was OK because once upon a time we didn't give out MFA to everyone.



we setup MFA as a mandatory part of their onboarding, and then don't require it?? And worse, now that I discovered this was turned off, I'm getting hella pushback about turning it on till we do some all-hands announcement. Which, fair that we need comms, but this is a really gaping security hole and there is absolutely 0 urgency from anyone about fixing it.


it's so loving frustrating that basic security items like 2fa and patching are consistently deprioritized. We're just talking now about updating people to Catalina, and we don't even have any policy setup to do automated security patches. I've been pushing this for literally a year now and every single time I've been told "not right now." At this point it's just gross managerial incompetence and it's going to bite us in the rear end.

capitalcomma
Sep 9, 2001

A grim bloody fable, with an unhappy bloody end.

Agrikk posted:

Lightning canít read.

At least according to local news stations, all of yesterday's fires were started by humans.

EDIT:

quote:

2FA

Resistance to 2FA always baffles me. It's a < 10-second task you do once at the start of your work day, and then once after you come back from lunch, what's the big inconvenience?

capitalcomma fucked around with this message at 19:16 on Sep 8, 2020

The Fool
Oct 16, 2003



The Fool posted:

I have no idea what the gently caress right now



Now I do have an idea, but I want to see some guesses before I spoil it.

context: users were reporting a cert error when trying to view a site hosted with azure app service

hint: it is dns related

capitalcomma
Sep 9, 2001

A grim bloody fable, with an unhappy bloody end.

The Fool posted:

Now I do have an idea, but I want to see some guesses before I spoil it.

context: users were reporting a cert error when trying to view a site hosted with azure app service

hint: it is dns related

no SANs?
the resource is being accessed by a different hostname/by FQDN?

Kyrosiris
May 24, 2006

You try to be happy when everyone is summoning you everywhere to "be their friend".



The Fool posted:

hint: it is dns related

Some sort of intentional MITM cert for inspecting encrypted traffic?

The Fool
Oct 16, 2003



It's dumber than all of that.



my boss let his cc expire in network solutions and the domain expired.
everyone was trying to go to portal.contoso.com and no-one thought to check contoso.com
so the cert error was being caused by network solutions redirect to the expired domain landing page

Whipstickagostop
Apr 30, 2006

Planet: Xeno Prime


Been WfH now since just before the UK lockdown. Clinically vulnerable, so it was agreed with the Directors that I would stay home until flu season has ripped through the office like usual, so most likely March 2021.
Decided to move house to a bigger place so I can have a home office, which was encouraged by said Directors.

Just got back to work after the move, and find out they have demolished part of one office and made it into 3 small ones. They realised last minute that they needed to redo all the network drops, so they are trying to organise that while moving people around and running temporary cables everywhere.

They keep trying to get me to come in during the day to "sort out" the cables. I keep telling them I will come in during the evening to do it, when the electrician has finished. They tell me yesterday that they need it done urgently this morning and will open the side door so I do not have to go near anyone.

Arrive there this morning, and nothing has been terminated in the server room. Go to find the Directors and they tell me "Oh we thought he had finished. But while you are here, close the door as we need to talk to you about coming back to the office".

They then proceed to basically ambush me with an unprepared meeting about how they desperatley need me to come back in the office. How COVID rates are going down (they arent), and how people need to be able to speak to me about things that need doing (they dont).
But it is okay! they will give me a water tank thing, a fridge and a microwave, so I don't even need to leave my office!
Didn't give me a chance to explain why I didn't want to come back yet, just kept talking over me.

Head home in an absolute rage with no cabling done. Get a phonecall on the drive asking if we can move a couple of staff into a spare office like I originally suggested, was ready to set up but was told no. Hang up and turn off phone.
Composed a rather large email voicing how displeased I am with how they handled that meeting, and how they encouraged me to move only to remove WfH a week after moving. No response.

So now I am sitting here, wondering if I should even bother logging on tomorrow morning. I know for sure now though that I do not want to work there any more.

Agrikk
Oct 17, 2003

Take care with that! We have not fully ascertained its function, and the ticking is accelerating.


capitalcomma posted:

At least according to local news stations, all of yesterday's fires were started by humans.

No poo poo? drat. Humans suck.


e: ^^^ drat that sucks. How can people be so loving callous?

Agrikk fucked around with this message at 20:22 on Sep 8, 2020

Thanks Ants
May 21, 2004

Bless You Ants, Blants



Fun Shoe

Whipstickagostop posted:

So now I am sitting here, wondering if I should even bother logging on tomorrow morning. I know for sure now though that I do not want to work there any more.

Good job standing up for yourself, gently caress them putting you at risk like that and not being able to think more than five minutes ahead.

You may want to grab an hour with a solicitor though because if they've been encouraging you to move house to continue to WFH and are now trying to pressure you into returning to the office and keep being unreasonable about it you might have grounds for constructive dismissal.

tactlessbastard
Feb 4, 2001

Godspeed, post


Fun Shoe

Training period is over at the new job and I'm now flying solo running the ~nite crew~ with all the wierdness that always entails multiplied by the fact I'm now in the hard liquor bottling game.

Tonight I observed one machine operator pull a 1.75L bottle off the line because it had no cap. The inspector across from her started laughing and said 'you snatched at that thing like it was the last pecker in town' and the operator retorted 'no, that would be more like this' and picked another bottle up and really went after it with both her hands.

Roghie
Aug 11, 2012
yeah.
I don't know what to put here.

myron cope posted:

I updated PDQ Inventory without really paying attention that it requires .NET 4.8, so now about half of my servers won't scan. But my real question is how does WSUS decide when a computer gets an update or not? Of the half that still work (because they have .NET 4.8 already) I can't tell how they got it--like some are 2012R2, some are 2019, some have SQL...there's no common thread that I see. It looks like it should just come from WSUS?

And the other thing I'm wondering is if I just push it out to everything (PDQ Deploy still works fine) is that bad?

Isn't Windows Update mainly updates to .NET?

iirc you usually manually install it from Server Manager.

Dont really see why pushing .NET 4.8 would be bad.

SlowBloke
Aug 14, 2017


Roghie posted:

Isn't Windows Update mainly updates to .NET?

iirc you usually manually install it from Server Manager.

Dont really see why pushing .NET 4.8 would be bad.

Some poo poo apps (i'm looking at you autodesk installers) are hardcoded to search for a 4.5.x version of .NET, with a bigger number they won't work. It's rare but it happens

skooma512
Feb 8, 2012

You couldn't grok my race car, but you dug the roadside blur.


Every ticket no matter what it is takes like half my day, and I got assigned to a project all last week. I can't keep up. Users are hounding me and I'm probably going to piss one of them off eventually since I can only be in one place at a time. One of them is already basically threatening to escalate because it's taking too long and I'm almost to the point of just letting him do whatever the gently caress he wants because I don't know how to set this up or whether I need 2 tickets or 15 to get every last thing ready for it. It being a printer, it's own config software doesn't work, the instructions I got were wrong, and Windows refuses to let me set it to Print Directly.

For every 5 tickets I get 3 are sticky and will take forever to clear, multiply that by a 5 day work week. Maybe I wasn't ever supposed to make it.

Oh and arguing with a user that yes, you do need to provide me an installer for your precious software because we do not loving have it available no matter how many stories you have about it totally being in SCCM 3 years ago.

skooma512 fucked around with this message at 18:14 on Sep 9, 2020

RoboBoogie
Sep 18, 2008


one of my projects got delayed for 3 months and they want to extend our contract. i am already done with all my work but they want to keep me around.

capitalcomma
Sep 9, 2001

A grim bloody fable, with an unhappy bloody end.

Another day, another vendor who doesn't understand SPF records demanding changes to our SPF records.

RoboBoogie posted:

one of my projects got delayed for 3 months and they want to extend our contract. i am already done with all my work but they want to keep me around.

so, free money? what am I missing?

kensei
Dec 27, 2007

He has come home, where he belongs. The Ancient Mariner returns to lead his first team to glory, forever and ever. Amen!



capitalcomma posted:

Another day, another vendor who doesn't understand SPF records demanding changes to our SPF records.

Being able to implement and describe how SPF works puts you above a great many of the IT people I've had the joy of working with.

Johnny Aztec
Jan 29, 2005

Set Phasers to FUN!

RoboBoogie posted:

one of my projects got delayed for 3 months and they want to extend our contract. i am already done with all my work but they want to keep me around.

Consider it getting paid to study for a cert (or something)

Thanatosian
Apr 16, 2013

Angrier, Bitterer Man


Grimey Drawer

Pissing me off: an enormous multi-billion-dollar software vendor's implementation of ServiceNow's search doesn't loving work.

Is search in ServiceNow in general bad, or is it just bad when bad people implement it?

devmd01
Mar 7, 2006

Elektronik
Supersonik


Yes.

Volguus
Mar 3, 2009


Thanatosian posted:

Pissing me off: an enormous multi-billion-dollar software vendor's implementation of ServiceNow's search doesn't loving work.

Is search in ServiceNow in general bad, or is it just bad when bad people implement it?

Search is hard. In general. There's a good reason why a little startup that provided people with a better way to search the internet became a trillion $ company.

Thomamelas
Mar 11, 2009


At my previous employer, they built a ticketing system in house. It was done by one of the support guys who was learning PHP. Apparently the whole thing was done as a single threaded instance. It wasn't a big issue for most ticketing things. Except the search. Attempting to use the search would basically lock up the whole thing for everyone. When management needed to look up a ticket for something they had to tell all of the support people because it meant they couldn't enter tickets for a few minutes.

cage-free egghead
Mar 8, 2004

Ready to eat me, sir!


Thanatosian posted:

Pissing me off: an enormous multi-billion-dollar software vendor's implementation of ServiceNow's search doesn't loving work.

Is search in ServiceNow in general bad, or is it just bad when bad people implement it?

SNOW is bad unless you hired a person or company to manage it. It's great and powerful if you've got someone who knows how to put it altogether for an enterprise but lol if you don't and want anything basic to work.

dragonshardz
May 2, 2017




cage-free egghead posted:

SNOW is bad unless you hired a person or company to manage it. It's great and powerful if you've got someone who knows how to put it altogether for an enterprise but lol if you don't and want anything basic to work.

In a similar vein, work just hired 3 (!) contractors to unfuck their implementation of Ivanti Service Manager.

Agrikk
Oct 17, 2003

Take care with that! We have not fully ascertained its function, and the ticking is accelerating.


Thomamelas posted:

Apparently the whole thing was done as a single threaded instance.

How do you even do that in PHP? I mean, simply talking to a database in PHP is a concurrent operation capable of multiple simultaneous connections.

Unless there isnít a database involved...?

Jeoh
Jul 20, 2010




kensei posted:

Being able to implement and describe how SPF works puts you above a great many of the IT people I've had the joy of working with.

Being able to successfully implement DMARC p=reject turns you into some kind of unicorn.

Bob Morales
Aug 18, 2006

I love the succulent taste of cop boots

Agrikk posted:

How do you even do that in PHP? I mean, simply talking to a database in PHP is a concurrent operation capable of multiple simultaneous connections.

Unless there isnít a database involved...?

Sounds like the developer ďdidnít believe in databasesĒ and used _____

Thomamelas
Mar 11, 2009


Agrikk posted:

How do you even do that in PHP? I mean, simply talking to a database in PHP is a concurrent operation capable of multiple simultaneous connections.

Unless there isnít a database involved...?

I honestly don't know. I kinda glanced at PHP but I couldn't make anything in it. I can tell you it was done in a LAMP environment and MySQL was installed and running. He built the machine himself so I'm inclined to think he used MySQL if was on the machine. And it was the support guy's first crack at writing code. It was also over a decade ago, so it's possible it was something to do with older versions of PHP. I do know it's single threaded because that's what he said when asked about it. And it was the last coding project he worked on at least in the time I knew him. The support manager was a loving moron, so it's also possible he gave his input. During the build. The system also had some fun features. You could set a priority for a ticket, 1-5. But it was never defined which one was actually the greater priority. So crisis tickets could be one or five. And tickets that were busywork could also be one or five. I know that bit was definitely the support manager. When someone asked him which should be the highest priority, his response was "People should loving know".

Also ticket numbers could be edited and doing so would overwrite another ticket. The one with a number two greater. So edit your ticket to be 69 and it would show up as 69 but overwrite 71. The support guy was fairly competent as a phone support guy, I think maybe a ticketing system fell under things that were maybe a little more advanced than your first coding project should be.

Bob Morales
Aug 18, 2006

I love the succulent taste of cop boots

Better than a homemade ticket system I used at my last job...

Tickets didn't have owners
They didn't have priorities
They weren't linked to users or assets
Nobody was notified when they were updated
You couldn't copy/paste anything with non-ascii into it (curly quotes or em dashes or anything) or it'd crash
It also had a 'passwords' page that wasn't https and had a password list

XYZ Corp banner at the top of the page was like 400 pixels tall
I scaled it down by 10 px every couple days. Nobody noticed and when it got to 120px I brought it up

Bob Morales
Aug 18, 2006

I love the succulent taste of cop boots

Here's my gripe about my current job. It's not a big deal, just annoying. My manager does this so often:

Hey can you get X working?
Sure. (gets X working)
Hey, how come feature Y doesn't work?
It's not supported.
Sure it is. Sales guy said it was.
(goes back and looks) nope, it definitely isn't according to the documentation
Try to get it working anyway!
uhh....i did...and it didn't work....so try again now that I know for sure it doesn't?
Did you get it working yet?
No...?
Open a ticket with them and see if they can get it to work
(opens ticket...feels stupid) Indian guy: Sorry it doesn't work I apologize
Did you get them to fix it yet?
No...?
Call the sales guy tell them to fix it
....

I spend 1 day getting something working and 2 weeks to convince him that it won't work....

ConfusedUs
Feb 24, 2004

Bees?
You want fucking bees?
Here you go!
ROLL INITIATIVE!!


I don't think I could ever, in any capacity, take "the sales guy said" seriously. I'd have a hard time not laughing out loud.

xzzy
Mar 5, 2009

wakey wakey to
this bowl of tasty


Yams Fan

"The two factor auth requires a specific app for smartphones, distributed over google play, microsoft store, and apple store only. I don't have access to these three stores, so I don't think I cat get in"

So you don't have a smartphone? Or maybe this person is one of those blackberry holdouts.

Bob Morales
Aug 18, 2006

I love the succulent taste of cop boots

xzzy posted:

"The two factor auth requires a specific app for smartphones, distributed over google play, microsoft store, and apple store only. I don't have access to these three stores, so I don't think I cat get in"

So you don't have a smartphone? Or maybe this person is one of those blackberry holdouts.

grillster
Dec 25, 2004



xzzy posted:

"The two factor auth requires a specific app for smartphones, distributed over google play, microsoft store, and apple store only. I don't have access to these three stores, so I don't think I cat get in"

So you don't have a smartphone? Or maybe this person is one of those blackberry holdouts.

Is this a standard one time password protocol or something proprietary? Assuming standard, there are other solutions for rolling six digit TOTP codes. If the person has an Android device but no commercial stores, then they can find an APK of either AndOTP or FreeOTP, or use a hardware key if a mobile device isn't ideal.

Adbot
ADBOT LOVES YOU

Che Delilas
Nov 23, 2009
FREE TIBET WEED

Pissing me off: my state is burning to the ground and I might as well be breathing through a car's exhaust pipe.

Not pissing me off: My company just announced they will cover the cost of hotels if any of us need to evacuate (because we're told to or because the air quality is hurting us and we want to get away from it). It's a small thing, at least compared to the impact of losing your home, but this is something the leadership didn't need to do and they're doing it anyway.

Small but meaningful gestures like this (as opposed to say a $10 starbucks card at christmas) are how you make your employees into active advocates of your company.

  • 1
  • 2
  • 3
  • 4
  • 5
  • Post
  • Reply