On a flash drive over usb2 you could probably still get full speed even if the fs driver was a userspace one. Hell, on windows the usb drivers themselves are userspace, aren't they?
USB drivers are generally kernel. Win7 was the first os to even support user space ones
The actual usb device drivers are, but aren't the 'generic mass storage device' ones userspace? I could have sworn I learned that somewhere, but I could be wrong.
On a flash drive over usb2 you could probably still get full speed even if the fs driver was a userspace one. Hell, on windows the usb drivers themselves are userspace, aren't they?
USB drivers are generally kernel. Win7 was the first os to even support user space ones
The actual usb device drivers are, but aren't the 'generic mass storage device' ones userspace? I could have sworn I learned that somewhere, but I could be wrong.
Nope, unless that was a very recent change (like win 8.1 recent . Mass storage device *is* the USB device driver
The kernel stack generally looks like USB host device -> (potentially) usb composite device -> mass storage class driver -> generic disk device
And here I was lied to and told that userspace usb drivers were what made NT a hybrid kernel. In any case, I still think user mode file system drivers for legacy stuff is a good idea.
0
Options
lwt1973King of ThievesSyndicationRegistered Userregular
Exchange 2013 now requires a domain during the config for the iPhone.
Amusing, as now I can tell who checks their email during the weekend and who doesn't.
"He's sulking in his tent like Achilles! It's the Iliad?...from Homer?! READ A BOOK!!" -Handy
And here I was lied to and told that userspace usb drivers were what made NT a hybrid kernel. In any case, I still think user mode file system drivers for legacy stuff is a good idea.
That's an odd definition of hybrid kernel - http://en.wikipedia.org/wiki/Hybrid_kernel is the usual one. If you push everything into userspace and IPC messages you're a micokernel. If you don't even provide basic system services you're an exokernel. A mono kernel builds everything in and a hybrid uses well-defined APIs to let pluggable components talk to each other
Usermode filesystem drivers are actually impossible* due to the various interactions of kernel components. The same reasons generally prevent anything that a filesystem can be mounted on top of from being usermode drivers either.
*
The issue is paging and pageability. By definition a usermode driver is entirely pageable, because it is usermode. However, there is a hard requirement that no code that is on the pagefault path can be paged, otherwise you encouter a pagefault while handling a pagefault. It could be done by a special kernel-mode driver that delegates to userspace via a special interface, but would be flaky. AFAIK there's no way for a filesystem to disallow pagefiles from being present on them, other than marking them as network mounted, but that would be a way to do it too. So, you can do it, but it would not necessarily always work and someone will do something stupid. There are usermode filesystem drivers, but they are very rudimentary
The particular way windows does its filesystem API is also pretty bad. Ponder why this is a required function
The NT kernel's handling of pageable memory and interrupt priorities is not my favourite design, but it is sensible at least. Linux gets around this by having paging partitions, not files
It is, yes. Linux also has a simpler setup I think, less integration of the FS directly into the cache? Or something like that. And they have partitions for swap, so they avoid the whole swapping issue
Apothe0sisHave you ever questioned the nature of your reality?Registered Userregular
Yesterday: I AM A FUCKING ROCKSTARA
Today: Lose whole morning in testing due to the fact that I mistyped a domain in a script.
0
Options
lwt1973King of ThievesSyndicationRegistered Userregular
Exchange is up and running which is good.
The annoying thing is that if a mailbox fails migration halfway through then Exchange thinks it has migrated even though it isn't. You run the command to move the mailbox and Exchange says, "Why would I do that? It's already there. Ok, fine, I'll give you a complete notice just because."
I had to save all his mail, delete the mailbox, create the mailbox, and then import all his mail. This is the person who had a mailbox of over 7 gig and 1K unread emails in his inbox. I pointed out that he should go through his unread emails and he tried to pull the "I read them on my phone" card. Yeah, no. It turns read after you read them on your phone.
"He's sulking in his tent like Achilles! It's the Iliad?...from Homer?! READ A BOOK!!" -Handy
So this lady at work was looking through pictures of dogs yesterday, because HR is so busy they can't answer questions that you have about work and passes her work on to you because she's trying to decide which type of dog they want to get next. Anywho, she's browsing through this whole list of dogs and such. Then my boss sends out information to staff regarding the whole POODLE vulnerabilities. She apparently panicked like crazy thinking she just infected the entire network.
...it made me laugh quite a lot
Le_Goat on
While I agree that being insensitive is an issue, so is being oversensitive.
+8
Options
Mr_Rose83 Blue Ridge Protects the HolyRegistered Userregular
So that networked imaging we were trying to set up never went anywhere, and the client needed one machine immediately so we're hand-imaging each machine using Macrium because it works dammit!
Anyway, anyone know how any good network-based image management tools?
Customer calls, cannot open their check imaging application. This is a simple application that our (ex)developer wrote that writes to an SDF file. Usually we drop this out on a mapped drive. I check and, sure enough, it cannot connect, giving an error that the database may be corrupted. I check out the mapped drive and find just about the worst possible thing:
Cryptowall.
I hate giving people bad news and that is really bad news. Hope they have good backups.
Not sure but I know that it wasn't from the computer our application was running from. Nothing local was encrypted, only the network drive, so it had to come from someone else's machine.
Hello Sysadmin thread, I think I've posted once in here before and just been lurking since then. I'm currently studying to take a test for an Associate Information Systems Analyst, which translates to basic IT in California state work, and I was wondering if any of you had some advice on what areas to focus on before I take the exam, which is online, that you think are especially important to know.
I have basic knowledge of how a computer works, and self-educate myself as much as I can to the point where I was able to keep my previous computer running for ten years, Googling for answers to problems I hadn't encountered. I'm also finishing a Bachelors in Systems Security, which is what's making me eligible to take this exam in the first place, but that's pretty much just theory at the moment since I have very minimal hands-on experience. I intend to purchase some A+ Certification books to take that test as well, but that's in a month or two.
I was wondering if any of you had some advice on what areas to focus on before I take the exam, which is online, that you think are especially important to know.
Ok but seriously though, without being hugely familiar with that specific cert, off the top of my head it sounds like your experience might leave you a bit thin on knowledge working with Active Directory, or at least workstations joined to a domain, and some TCP/IP principals and some of the ways they tie into windows (DHCP/DNS servers).
@Madican A+ is always a good start, same with Network+. From there, you can also check out MCP for Windows 7/8. All of those will help with general help desk type stuff.
After that, certifications are really then about what you want to specialize in. I think almost every major specialization is covered by at least one person in this thread.
While I agree that being insensitive is an issue, so is being oversensitive.
Ok but seriously though, without being hugely familiar with that specific cert, off the top of my head it sounds like your experience might leave you a bit thin on knowledge working with Active Directory, or at least workstations joined to a domain, and some TCP/IP principals and some of the ways they tie into windows (DHCP/DNS servers).
Thanks! Would you happen to have some resources you'd recommend to study up on those, such as websites/articles/books you've found helpful or informative? I'll go poking around Amazon later to see what I can find.
@Madican A+ is always a good start, same with Network+. From there, you can also check out MCP for Windows 7/8. All of those will help with general help desk type stuff.
After that, certifications are really then about what you want to specialize in. I think almost every major specialization is covered by at least one person in this thread.
Thanks for the information, I'll prioritize getting my A+ Certification then, following with Network+. I think if I swing the job they'll help pay for some of my certs, I'll have to ask around but won't bank on it.
Do not open Microsoft PowerPoint files, or other files, from untrusted sources
But Susie in Accounting sent it to me! What? We don't have a Susie? What? We don't have an accounting department? Well, how was I supposed to know that!?
DisruptedCapitalist on
"Simple, real stupidity beats artificial intelligence every time." -Mustrum Ridcully in Terry Pratchett's Hogfather p. 142 (HarperPrism 1996)
Ok but seriously though, without being hugely familiar with that specific cert, off the top of my head it sounds like your experience might leave you a bit thin on knowledge working with Active Directory, or at least workstations joined to a domain, and some TCP/IP principals and some of the ways they tie into windows (DHCP/DNS servers).
Thanks! Would you happen to have some resources you'd recommend to study up on those, such as websites/articles/books you've found helpful or informative? I'll go poking around Amazon later to see what I can find.
@Madican A+ is always a good start, same with Network+. From there, you can also check out MCP for Windows 7/8. All of those will help with general help desk type stuff.
After that, certifications are really then about what you want to specialize in. I think almost every major specialization is covered by at least one person in this thread.
Thanks for the information, I'll prioritize getting my A+ Certification then, following with Network+. I think if I swing the job they'll help pay for some of my certs, I'll have to ask around but won't bank on it.
If you get a job that will cover the expenses for professional training like that, definitely bank on it. Those test can be expensive, especially if you mess one up.
While I agree that being insensitive is an issue, so is being oversensitive.
Ok but seriously though, without being hugely familiar with that specific cert, off the top of my head it sounds like your experience might leave you a bit thin on knowledge working with Active Directory, or at least workstations joined to a domain, and some TCP/IP principals and some of the ways they tie into windows (DHCP/DNS servers).
Thanks! Would you happen to have some resources you'd recommend to study up on those, such as websites/articles/books you've found helpful or informative? I'll go poking around Amazon later to see what I can find.
@Madican A+ is always a good start, same with Network+. From there, you can also check out MCP for Windows 7/8. All of those will help with general help desk type stuff.
After that, certifications are really then about what you want to specialize in. I think almost every major specialization is covered by at least one person in this thread.
Thanks for the information, I'll prioritize getting my A+ Certification then, following with Network+. I think if I swing the job they'll help pay for some of my certs, I'll have to ask around but won't bank on it.
If you get a job that will cover the expenses for professional training like that, definitely bank on it. Those test can be expensive, especially if you mess one up.
They are expensive, yeah, but I'm going to at least need to take the A+ test on my own to have a chance at getting the job. After that they might foot the bill but don't know for certain. IT didn't get back to me today to clarify.
In my experience with most cert tests you get a free retake or two.
I looked on CompTIA's website and they definitely say that I'd need to pay for each retake. I don't plan on failing the exams though, that's what studying's for.
0
Options
Apothe0sisHave you ever questioned the nature of your reality?Registered Userregular
Do not open Microsoft PowerPoint files, or other files, from untrusted sources
But Susie in Accounting sent it to me! What? We don't have a Susie? What? We don't have an accounting department? Well, how was I supposed to know that!?
It said my parcel was going to be delivered. No, I didn't order anything. No, I use my personal email when I do. I,m not expecting any parcels. No, I've never been contacted this way before when I do. I thought it might have been a handbag and got excited.
So that networked imaging we were trying to set up never went anywhere, and the client needed one machine immediately so we're hand-imaging each machine using Macrium because it works dammit!
Anyway, anyone know how any good network-based image management tools?
I haven't had any issues using the Windows Server 2008 image deployment, the only issue would be if you are doing non-Windows images, I don't think they are supported but I haven't tried.
Because if you're going to attempt to squeeze that big black monster into your slot you will need to be able to take at least 12 inches or else you're going to have a bad time...
ARGLE-BARGLE. Fuck you, Symantec. You should not be deleting/quarantining a binary because you're not sure what it is. 99.9% sure I've bitched about this in here before. It's like Symantec's not ever heard of small developers/ISV's.
GRUMP GRUMP GRUMP, I did not want to walk in this morning to find an angry email from a client about why their backup failed.
Quick question, a factory restore works on Cryptowall, right?
One of our highly skilled employees managed to get themselves infected yesterday.
Probably, but I can't say with certainty as we've been able to restore afflicted folders from shadow copies when we've been hit by ransomware (including Cryptowall 2.0) due to user lack of knowledge of proper end user security practices.
Quick question, a factory restore works on Cryptowall, right?
One of our highly skilled employees managed to get themselves infected yesterday.
It should. A factory restore effectively formats the drive then uses the restore partition to put it back to "like new" status. Still, it's a pain in the ass.
While I agree that being insensitive is an issue, so is being oversensitive.
You could harden the computers by preventing users from running executables in attachments. Or if you are up to it, stop them from running anything in appdata entirely. If you block all of appdata be prepared to make a lot of exceptions for any proprietary or common application as nearly every application puts its downloaded updates in appdata and executes them from there.
Now it wont stop them from lets say extracting it to their desktop and then running it...
As an aside I have seen encrypted files on factory restore partitions, I have not seen any cases of reinfection after using a factory restore.
That is comforting.
Thinking about that particular virus causes me to grab a stack of backup tapes and hide in the corner of the server room. They're safe. Everything is safe. Everything is fine.
The other IT guy here, the desktop guy, is turning 40. I'm building him a custom OU to drop him into on his birthday to turn on all the accessability features like huge fonts and high contrast colors.
I'm tempted to go to my boss and propose company-wide email and web safety training after users got us infected on two consecutive Thursdays... both likely from links in emails that look legitimate. Yesterday's was a "Voicemail" one that looks nothing like our voicemail system's automated ones. Not sure what last week's ended up being, as I wasn't the one investigating that.
And maybe it's time to investigate new external mail filtering services. As far as I can tell, they've been using the current mail filter service for at least 7 years.
The other IT guy here, the desktop guy, is turning 40. I'm building him a custom OU to drop him into on his birthday to turn on all the accessability features like huge fonts and high contrast colors.
I wish I had thought of this for my boss's 40th. Oh well, his next birthday's coming soon enough...
Posts
The actual usb device drivers are, but aren't the 'generic mass storage device' ones userspace? I could have sworn I learned that somewhere, but I could be wrong.
Not supposed to be but they never changed my job code
Nope, unless that was a very recent change (like win 8.1 recent . Mass storage device *is* the USB device driver
The kernel stack generally looks like USB host device -> (potentially) usb composite device -> mass storage class driver -> generic disk device
Amusing, as now I can tell who checks their email during the weekend and who doesn't.
That's an odd definition of hybrid kernel - http://en.wikipedia.org/wiki/Hybrid_kernel is the usual one. If you push everything into userspace and IPC messages you're a micokernel. If you don't even provide basic system services you're an exokernel. A mono kernel builds everything in and a hybrid uses well-defined APIs to let pluggable components talk to each other
Usermode filesystem drivers are actually impossible* due to the various interactions of kernel components. The same reasons generally prevent anything that a filesystem can be mounted on top of from being usermode drivers either.
*
The particular way windows does its filesystem API is also pretty bad. Ponder why this is a required function
The NT kernel's handling of pageable memory and interrupt priorities is not my favourite design, but it is sensible at least. Linux gets around this by having paging partitions, not files
That's how Linux runs FUSE, right? I was thinking of something like that.
Today: Lose whole morning in testing due to the fact that I mistyped a domain in a script.
The annoying thing is that if a mailbox fails migration halfway through then Exchange thinks it has migrated even though it isn't. You run the command to move the mailbox and Exchange says, "Why would I do that? It's already there. Ok, fine, I'll give you a complete notice just because."
I had to save all his mail, delete the mailbox, create the mailbox, and then import all his mail. This is the person who had a mailbox of over 7 gig and 1K unread emails in his inbox. I pointed out that he should go through his unread emails and he tried to pull the "I read them on my phone" card. Yeah, no. It turns read after you read them on your phone.
...it made me laugh quite a lot
Anyway, anyone know how any good network-based image management tools?
Nintendo Network ID: AzraelRose
DropBox invite link - get 500MB extra free.
Cryptowall.
I hate giving people bad news and that is really bad news. Hope they have good backups.
I have basic knowledge of how a computer works, and self-educate myself as much as I can to the point where I was able to keep my previous computer running for ten years, Googling for answers to problems I hadn't encountered. I'm also finishing a Bachelors in Systems Security, which is what's making me eligible to take this exam in the first place, but that's pretty much just theory at the moment since I have very minimal hands-on experience. I intend to purchase some A+ Certification books to take that test as well, but that's in a month or two.
Google?
After that, certifications are really then about what you want to specialize in. I think almost every major specialization is covered by at least one person in this thread.
Thanks! Would you happen to have some resources you'd recommend to study up on those, such as websites/articles/books you've found helpful or informative? I'll go poking around Amazon later to see what I can find.
Thanks for the information, I'll prioritize getting my A+ Certification then, following with Network+. I think if I swing the job they'll help pay for some of my certs, I'll have to ask around but won't bank on it.
I love the warning:
But Susie in Accounting sent it to me! What? We don't have a Susie? What? We don't have an accounting department? Well, how was I supposed to know that!?
@Madican This is a great page to get started on.
This looks like exactly what I was looking for, thanks.
They are expensive, yeah, but I'm going to at least need to take the A+ test on my own to have a chance at getting the job. After that they might foot the bill but don't know for certain. IT didn't get back to me today to clarify.
I looked on CompTIA's website and they definitely say that I'd need to pay for each retake. I don't plan on failing the exams though, that's what studying's for.
BAM CRYPTOLOCKER
I haven't had any issues using the Windows Server 2008 image deployment, the only issue would be if you are doing non-Windows images, I don't think they are supported but I haven't tried.
GRUMP GRUMP GRUMP, I did not want to walk in this morning to find an angry email from a client about why their backup failed.
One of our highly skilled employees managed to get themselves infected yesterday.
Probably, but I can't say with certainty as we've been able to restore afflicted folders from shadow copies when we've been hit by ransomware (including Cryptowall 2.0) due to user lack of knowledge of proper end user security practices.
The user asked me what happened to the files they were storing on their desktop and c drive. (against policy)
'Gone forever' I replied, and mentioned that I have web logs which would show where they were on the web just before getting the virus.
They stopped complaining. :>
Now it wont stop them from lets say extracting it to their desktop and then running it...
As an aside I have seen encrypted files on factory restore partitions, I have not seen any cases of reinfection after using a factory restore.
Thinking about that particular virus causes me to grab a stack of backup tapes and hide in the corner of the server room. They're safe. Everything is safe. Everything is fine.
And maybe it's time to investigate new external mail filtering services. As far as I can tell, they've been using the current mail filter service for at least 7 years.
I wish I had thought of this for my boss's 40th. Oh well, his next birthday's coming soon enough...