Oh, hm. As long as you set it up it should. Windows 10 is really good about working with 3rd party VPNs. Windows 7... not so much.
lol ain't no company has win 10 machines
but yeah the windows VPN thing fails out... I'm not surprised, we have extra layers on security on the vpn where network connect will check and make sure the PC you're using is domain-joined and active and all that, too.
is there a clean solution for the other half? getting a user's creds cached while logged in as a different user?
life's a game that you're bound to lose / like using a hammer to pound in screws
fuck up once and you break your thumb / if you're happy at all then you're god damn dumb
that's right we're on a fucked up cruise / God is dead but at least we have booze
bad things happen, no one knows why / the sun burns out and everyone dies
Oh, hm. As long as you set it up it should. Windows 10 is really good about working with 3rd party VPNs. Windows 7... not so much.
lol ain't no company has win 10 machines
but yeah the windows VPN thing fails out... I'm not surprised, we have extra layers on security on the vpn where network connect will check and make sure the PC you're using is domain-joined and active and all that, too.
is there a clean solution for the other half? getting a user's creds cached while logged in as a different user?
Ok, so, anyone know the good and/or proper way to do this thing:
I have a ton of remote users. In fact, supporting them is my whole job.
They need laptops, and those laptops need to be domain-joined. They need to log into those laptops with their AD creds.
They're not able to come to corp and plug into a wire, so what is the right way to get a user's creds cached on a laptop, so they can log into the damn things in the field?
They do have VPN access, but they need to be logged into an account to launch the VPN.
The process I inherited when I got this job is to ask the user for their password then do a 'runas /user:domain\username cmd' while it's connected to the domain. I hate this solution for a few obvious reason.
Have them login as the local admin, connect to VPN, switch user, login with current domain creds?
hmm just tested user switching and that worked, might be the way I do it then
have generic locked-down guest account that can only connect to the VPN
the CAD, switch user... I wonder if I can script kicking off the user switch
EDIT: ha! tsdiscon.exe does the trick, this is beautiful
Aioua on
life's a game that you're bound to lose / like using a hammer to pound in screws
fuck up once and you break your thumb / if you're happy at all then you're god damn dumb
that's right we're on a fucked up cruise / God is dead but at least we have booze
bad things happen, no one knows why / the sun burns out and everyone dies
hmm just tested user switching and that worked, might be the way I do it then
have generic locked-down guest account that can only connect to the VPN
the CAD, switch user... I wonder if I can script kicking off the user switch
Nope.
You can 'impersonate' users depending on what needs to be done. But, GINA locks down any programmatic/scripting interface for logging in and out.
I don't want to log out, I just want to disconnect so tsdiscon does exactly what I want.
so I could have my users log in as localGenericUser
connect to VPN
run a script that checks to make sure the VPN's actually up, then disconnects the localGenericUser session with tsdiscon sending them back to login,
then they can log in with their AD account and the VPN stays open
n.o.i.c.e.
Aioua on
life's a game that you're bound to lose / like using a hammer to pound in screws
fuck up once and you break your thumb / if you're happy at all then you're god damn dumb
that's right we're on a fucked up cruise / God is dead but at least we have booze
bad things happen, no one knows why / the sun burns out and everyone dies
tsdiscon actually disconnects the session in windows with FUS?
yup! at least on win7sp1
EDIT: whether or not FUS is enabled, as well
Aioua on
life's a game that you're bound to lose / like using a hammer to pound in screws
fuck up once and you break your thumb / if you're happy at all then you're god damn dumb
that's right we're on a fucked up cruise / God is dead but at least we have booze
bad things happen, no one knows why / the sun burns out and everyone dies
nah, that's not necessary. I only need the VPN first for their initial login or if the helpdesk fucks up their password so badly they can't log in anymore.
life's a game that you're bound to lose / like using a hammer to pound in screws
fuck up once and you break your thumb / if you're happy at all then you're god damn dumb
that's right we're on a fucked up cruise / God is dead but at least we have booze
bad things happen, no one knows why / the sun burns out and everyone dies
Now some of our printers are shitting out random ascii and Windows updates is pulling drivers with corrupt certificates. I wonder if this is a problem yet!
Really curious as to if this is resolved yet or if the ghost in the machines has taken you, too.
Still alive, I think they restarted the firewall server yesterday because the printers and downloads are all working properly, and no user cred issues since Tuesday. Woohoo!
0
lwt1973King of ThievesSyndicationRegistered Userregular
So it's "What if the building was leveled by a tornado?" week. I've been tasked with coming up with a plan that allows the company to continue even if the building and servers are destroyed. (Whether or not they'll spend the money is another story...) Anyone have experience with AWS or something similar? Currently we backup offsite but they want the ability to run the servers in the cloud if need be.
"He's sulking in his tent like Achilles! It's the Iliad?...from Homer?! READ A BOOK!!" -Handy
So it's "What if the building was leveled by a tornado?" week. I've been tasked with coming up with a plan that allows the company to continue even if the building and servers are destroyed. (Whether or not they'll spend the money is another story...) Anyone have experience with AWS or something similar? Currently we backup offsite but they want the ability to run the servers in the cloud if need be.
The big thing you really need to drive home is "downtime is an inevitability, if our building is leveled by a tornado, it might take a few days to get into a usable working state".
You also need to take into account transitioning back from emergency mode.
But anyways, once you've done that you've got a few options -
AWS -
If you're on a linux based stack. It's not a clear 1-1 between physically hosted machines and AWS, so you'd need a really good disaster recovery policy.
Azure -
If you're on a windows stack. It's also not a clear 1-1 between physically hosted and azure's services. (They do offer virtual servers though, kinda)
Virtual Hosted Servers-
This is the closest analog to physically hosted you can get, it's pretty much the same thing. If you're not hardware locked, you could even roll something from rackspace on the lowest plan and have the emergency plan ready to go from backups and then ramp/scale it up as needed for the demand.
TBH, AWS and Azure aren't great unless you're designing from the get go to utilize them. If you're coming in from an "oh shit" moment, you're better off with a hosted server solution like linode/rackspace/digitalocean.
bowen on
not a doctor, not a lawyer, examples I use may not be fully researched so don't take out of context plz, don't @ me
So it's "What if the building was leveled by a tornado?" week. I've been tasked with coming up with a plan that allows the company to continue even if the building and servers are destroyed. (Whether or not they'll spend the money is another story...) Anyone have experience with AWS or something similar? Currently we backup offsite but they want the ability to run the servers in the cloud if need be.
The big thing you really need to drive home is "downtime is an inevitability, if our building is leveled by a tornado, it might take a few days to get into a usable working state".
You also need to take into account transitioning back from emergency mode.
But anyways, once you've done that you've got a few options -
AWS -
If you're on a linux based stack. It's not a clear 1-1 between physically hosted machines and AWS, so you'd need a really good disaster recovery policy.
Azure -
If you're on a windows stack. It's also not a clear 1-1 between physically hosted and azure's services. (They do offer virtual servers though, kinda)
Virtual Hosted Servers-
This is the closest analog to physically hosted you can get, it's pretty much the same thing. If you're not hardware locked, you could even roll something from rackspace on the lowest plan and have the emergency plan ready to go from backups and then ramp/scale it up as needed for the demand.
TBH, AWS and Azure aren't great unless you're designing from the get go to utilize them. If you're coming in from an "oh shit" moment, you're better off with a hosted server solution like linode/rackspace/digitalocean.
Way back in the day, when I worked for another company, they hired a group to come out with a trailer and a bunch of servers, and had us simulate a complete restore of our datacenter. We did this every 1.5 years. An expensive service, and annoying to deal with when you're waist-deep in projects, but it was always an eye-opener for backups and owner expectations.
"We failed this part of the test."
"Why?"
"Because you vetoed off-site backups, and the scenario is that the site doesn't exist."
Plus, as we all know, backups aren't worth a shit until you test the restore, and this kinda took things to another level. I miss those exercises, actually, they were kinda fun, in retrospect.
EDIT: Shit, get to the point, Thawmus! Where I was going with all this, is that it usually took us 3 days to do it.
That's actually a great idea to truly do a DR restore every so often, way beyond even testing to see if things work ad hoc. I love it. But I kind of never want to do actually do it. :rotate:
Is there a decent way to do generic command line aliases in Powershell? I want to do something like "foo --bar --baz --poopypants" etc and Set-Alias seems kinda clunky.
Is there a decent way to do generic command line aliases in Powershell? I want to do something like "foo --bar --baz --poopypants" etc and Set-Alias seems kinda clunky.
do you mean you want to alias a command and arguments? You could do a function
function MyFunction
{
somecmd.exe -option1 "value" -option2 "value"
}
life's a game that you're bound to lose / like using a hammer to pound in screws
fuck up once and you break your thumb / if you're happy at all then you're god damn dumb
that's right we're on a fucked up cruise / God is dead but at least we have booze
bad things happen, no one knows why / the sun burns out and everyone dies
life's a game that you're bound to lose / like using a hammer to pound in screws
fuck up once and you break your thumb / if you're happy at all then you're god damn dumb
that's right we're on a fucked up cruise / God is dead but at least we have booze
bad things happen, no one knows why / the sun burns out and everyone dies
look just because this is the sysadmins thread doesn't mean I know how to use a computer.
>_<
life's a game that you're bound to lose / like using a hammer to pound in screws
fuck up once and you break your thumb / if you're happy at all then you're god damn dumb
that's right we're on a fucked up cruise / God is dead but at least we have booze
bad things happen, no one knows why / the sun burns out and everyone dies
It's time for another round of, "I had two weeks warning to change my password but left it to the last minute and now I am locked out, and going to OWA doesn't work, because I am not smart enough to follow simple prompts!" Whelp, your password is now an entire line from Moby Dick. Have fun typing '"Ah! poor fellow! he'll have to die now," ejaculated the Long Island sailor.' for the rest of the day you lazy stupid prick.
Bonus: One of our users says that their banking site requires Flash. A bank that requires Flash, seriously?
Nosf on
0
KakodaimonosCode fondlerHelping the 1% get richerRegistered Userregular
Whoops. Always make sure you're not flipping the display card driving the monitors to TCC mode.
It's time for another round of, "I had two weeks warning to change my password but left it to the last minute and now I am locked out, and going to OWA doesn't work, because I am not smart enough to follow simple prompts!" Whelp, your password is now an entire line from Moby Dick. Have fun typing '"Ah! poor fellow! he'll have to die now," ejaculated the Long Island sailor.' for the rest of the day you lazy stupid prick.
Bonus: One of our users says that their banking site requires Flash. A bank that requires Flash, seriously?
We have banks in the EU and Korea that require Flash, Java, and proprietary software (that needs local admin), and manual installation of unverified certificates just to log on. Needless to say, those boxes get isolated.
It's time for another round of, "I had two weeks warning to change my password but left it to the last minute and now I am locked out, and going to OWA doesn't work, because I am not smart enough to follow simple prompts!" Whelp, your password is now an entire line from Moby Dick. Have fun typing '"Ah! poor fellow! he'll have to die now," ejaculated the Long Island sailor.' for the rest of the day you lazy stupid prick.
Bonus: One of our users says that their banking site requires Flash. A bank that requires Flash, seriously?
We have banks in the EU and Korea that require Flash, Java, and proprietary software (that needs local admin), and manual installation of unverified certificates just to log on. Needless to say, those boxes get isolated.
Local admin is usually okay. I just give the domain user local admin to the box and then lock that box the fuck down. Seems to work okay for people who suck at developing software.
not a doctor, not a lawyer, examples I use may not be fully researched so don't take out of context plz, don't @ me
So it's "What if the building was leveled by a tornado?" week. I've been tasked with coming up with a plan that allows the company to continue even if the building and servers are destroyed. (Whether or not they'll spend the money is another story...) Anyone have experience with AWS or something similar? Currently we backup offsite but they want the ability to run the servers in the cloud if need be.
If you've got more than a couple hundred gigs of data I don't think cloud recovery is realistic for most organizations. It's expensive, finicky, and technically challenging to duplicate even simple infrastructures.
A more realistic option is off-site server hosting so you just pay someone to have a rack of your boxes somewhere and make that rack into a little branch office. You can use it to restore off-site backups to if a couple/few days of downtime is OK, or keep things hot and available if you have the money to spend. Backup Exec/Veeam/etc can all do WAN replication nowadays and there are tons of appliances if you want to spend some extra money. MS/VMware have built in stuff, too.
If you're too big though it's still hard to manage just because the data you need to move can be significant. Hot recovery sites are difficult for SMBs who may not have multiple locations to use as fail-over sites just because of the expense.
Someday we'll be able to use things like Azure cloud with SCCM (or whatever) to just click a button and have everything be replicated into the cloud but right now if you can afford that you're either really tiny or you can afford to do co-located infrastructure or something and it'll be better.
It's time for another round of, "I had two weeks warning to change my password but left it to the last minute and now I am locked out, and going to OWA doesn't work, because I am not smart enough to follow simple prompts!" Whelp, your password is now an entire line from Moby Dick. Have fun typing '"Ah! poor fellow! he'll have to die now," ejaculated the Long Island sailor.' for the rest of the day you lazy stupid prick.
Bonus: One of our users says that their banking site requires Flash. A bank that requires Flash, seriously?
We have banks in the EU and Korea that require Flash, Java, and proprietary software (that needs local admin), and manual installation of unverified certificates just to log on. Needless to say, those boxes get isolated.
Nigerian princes pay them a kickback to keep their shit running on java and flash.
We run Appassure with an offsite repo. We have two sites on fibre and the main just replicates to the secondary. The secondary replication core in theory could be a host to our exchange, SQL and services box if it had it to. I'm not saying it would be pretty, but shit would work. I don't replicate our terminal setup, I feel like I could rebuild that a whole lost faster than I could restore it. We use our older (still under warranty) VM Host/SAN as our replication boxes. My former employer has rackspace somewhere that they use for smaller clients who want to replicate offsite to, if shit happens they have a decent little box that acts as a host, they just copy the most recent replicas to it and drive that machine to the affected site to get them back up.
Appassure runs pretty great, our file server got hit by crypto (thanks dumbass user) and we just rolled back an hour on the files affected (after shadowcopy totally shit the bed and deleted itself).
Nosf on
0
TL DRNot at all confident in his reflexive opinions of thingsRegistered Userregular
hmm just tested user switching and that worked, might be the way I do it then
have generic locked-down guest account that can only connect to the VPN
the CAD, switch user... I wonder if I can script kicking off the user switch
Nope.
You can 'impersonate' users depending on what needs to be done. But, GINA locks down any programmatic/scripting interface for logging in and out.
+2
TL DRNot at all confident in his reflexive opinions of thingsRegistered Userregular
Yesterday I was filling in for one of our guys at a client for whom I don't usually work. Their in-house helpdesk guy explained that their remote location (90 minutes away) had some PCs that were decommissioned but were going to be used as demo boxes for students to take apart and reassemble, and he wanted me to block their MAC addresses on the firewall such that he didn't find himself having to support them later on. "Sure", I thought, "no problem."
Pulled up the Dell documentation on how to do this in a SonicWall, tick the appropriate box, click OK, and get the list of MAC addresses ready so I can configure my blacklist.
My RDP connection drops. Ok, minor oops, didn't think there would be a drop in connectivity but hopefully nobody at the remote site noticed.
A minute goes by.
Single bead of sweat.
Check in Kaseya, all the agents are offline. Heck.
Ok, no problem, I'll just revert the change. Punch the remote office's WAN IP into my browser - nothing. Figures, security best practices and all. I'll just manage it over the VPN.
Whoooooops, the project manager who rolled this device hasn't enabled management over the VPN.
By the grace of God, I was able to get someone on the phone (at 4:55 PM) and walk them through reverting the change. Then I just had to change the password for all the firewalls -_-'
the best time for momentary downtime to replace a 48 port switch that services, well, 48 connections including most of the building's wifi was 6:15am, before people start coming in at 6:30. Weekends are less good because it's the start of peak season and there are often people working on weekends.
if you need me, I'll be taking coffee by IV the rest of the day.
I put them in the rack above and below each other, then unplug each connection one by one (TCP has a 7 second timeout in most OS's). As long as you're really quick and your rack's organization is top notch it should take maybe 5 or so minutes to do everyone with 0 downtime.
not a doctor, not a lawyer, examples I use may not be fully researched so don't take out of context plz, don't @ me
What do you guys use for cataloging software and managing versions? The current system here is "dump them all in a series of folders and maybe write cryptic notes in the file name" and to tell you the truth it's caused me a lot of grief. I don't think it's being managed very well. So we have programs that needs to be run with Power Broker but I didn't learn that the version that power broker elevates is not saved in our catalog and actually the one in our catalog will crash because power broker isn't configured with it properly. I figured this out after about 4 hours of trouble shooting the 5 machines I deployed the software on.
And don't get me started on deploying new devices to employees. It's basically "get software list through SCCM, hunt and peck through the catalog until all 18 pages of software is installed, I hope you packed a lunch".
When I asked if version control the response I got was "If that's something you want to do then go ahead and get started."
What do you guys use for cataloging software and managing versions? The current system here is "dump them all in a series of folders and maybe write cryptic notes in the file name" and to tell you the truth it's caused me a lot of grief. I don't think it's being managed very well. So we have programs that needs to be run with Power Broker but I didn't learn that the version that power broker elevates is not saved in our catalog and actually the one in our catalog will crash because power broker isn't configured with it properly. I figured this out after about 4 hours of trouble shooting the 5 machines I deployed the software on.
And don't get me started on deploying new devices to employees. It's basically "get software list through SCCM, hunt and peck through the catalog until all 18 pages of software is installed, I hope you packed a lunch".
When I asked if version control the response I got was "If that's something you want to do then go ahead and get started."
It's an absolute shitshow for us. Since I've started with this company, all our client documentation has resided on at least 2 platforms at a given time. Currently, we're on ConnectWise and Sharepoint and the specifics are left up to the primary tech (assuming there is one for a given client).
We do have Kaseya, though, meaning that the Add/Remove Programs list is available even for an offline agent. For clients with really lengthy workstation setup processes, we take Acronis images or at least make a checklist.
I was teaching a class late last night and my phone went nuts--high temperature alarms in our main server room. Fine--the college is only 15 minutes away from the site. I walk in, ready to get the HVAC guys out and have a long night.
The temperature sensor had fallen off the wall and landed behind a server rack, right in the exhaust stream.
Posts
lol ain't no company has win 10 machines
but yeah the windows VPN thing fails out... I'm not surprised, we have extra layers on security on the vpn where network connect will check and make sure the PC you're using is domain-joined and active and all that, too.
is there a clean solution for the other half? getting a user's creds cached while logged in as a different user?
fuck up once and you break your thumb / if you're happy at all then you're god damn dumb
that's right we're on a fucked up cruise / God is dead but at least we have booze
bad things happen, no one knows why / the sun burns out and everyone dies
nope.
This is a clickable link to my Steam Profile.
There's no good way to do this, doubly so unless you're using MS' VPN solutions.
"Extra security" sounds a lot like "shitty security that doesn't really do anything anyways".
have generic locked-down guest account that can only connect to the VPN
the CAD, switch user... I wonder if I can script kicking off the user switch
EDIT: ha! tsdiscon.exe does the trick, this is beautiful
fuck up once and you break your thumb / if you're happy at all then you're god damn dumb
that's right we're on a fucked up cruise / God is dead but at least we have booze
bad things happen, no one knows why / the sun burns out and everyone dies
Nope.
You can 'impersonate' users depending on what needs to be done. But, GINA locks down any programmatic/scripting interface for logging in and out.
http://www.codeproject.com/Questions/664253/How-to-lock-screen-of-computer-using-csharp-net-in
Maybe do something like that, then they can just pick the other user since the lock screen should let you switch users? I dunno.
I don't want to log out, I just want to disconnect so tsdiscon does exactly what I want.
so I could have my users log in as localGenericUser
connect to VPN
run a script that checks to make sure the VPN's actually up, then disconnects the localGenericUser session with tsdiscon sending them back to login,
then they can log in with their AD account and the VPN stays open
n.o.i.c.e.
fuck up once and you break your thumb / if you're happy at all then you're god damn dumb
that's right we're on a fucked up cruise / God is dead but at least we have booze
bad things happen, no one knows why / the sun burns out and everyone dies
yup! at least on win7sp1
EDIT: whether or not FUS is enabled, as well
fuck up once and you break your thumb / if you're happy at all then you're god damn dumb
that's right we're on a fucked up cruise / God is dead but at least we have booze
bad things happen, no one knows why / the sun burns out and everyone dies
http://stackoverflow.com/questions/11522336/enable-or-disable-a-user-on-local-computer
You could even have the account be disabled every computer power up/etc so that they have to use the lowbie account to establish the VPN.
fuck up once and you break your thumb / if you're happy at all then you're god damn dumb
that's right we're on a fucked up cruise / God is dead but at least we have booze
bad things happen, no one knows why / the sun burns out and everyone dies
Still alive, I think they restarted the firewall server yesterday because the printers and downloads are all working properly, and no user cred issues since Tuesday. Woohoo!
The big thing you really need to drive home is "downtime is an inevitability, if our building is leveled by a tornado, it might take a few days to get into a usable working state".
You also need to take into account transitioning back from emergency mode.
But anyways, once you've done that you've got a few options -
AWS -
If you're on a linux based stack. It's not a clear 1-1 between physically hosted machines and AWS, so you'd need a really good disaster recovery policy.
Azure -
If you're on a windows stack. It's also not a clear 1-1 between physically hosted and azure's services. (They do offer virtual servers though, kinda)
Virtual Hosted Servers-
This is the closest analog to physically hosted you can get, it's pretty much the same thing. If you're not hardware locked, you could even roll something from rackspace on the lowest plan and have the emergency plan ready to go from backups and then ramp/scale it up as needed for the demand.
TBH, AWS and Azure aren't great unless you're designing from the get go to utilize them. If you're coming in from an "oh shit" moment, you're better off with a hosted server solution like linode/rackspace/digitalocean.
Way back in the day, when I worked for another company, they hired a group to come out with a trailer and a bunch of servers, and had us simulate a complete restore of our datacenter. We did this every 1.5 years. An expensive service, and annoying to deal with when you're waist-deep in projects, but it was always an eye-opener for backups and owner expectations.
"We failed this part of the test."
"Why?"
"Because you vetoed off-site backups, and the scenario is that the site doesn't exist."
Plus, as we all know, backups aren't worth a shit until you test the restore, and this kinda took things to another level. I miss those exercises, actually, they were kinda fun, in retrospect.
EDIT: Shit, get to the point, Thawmus! Where I was going with all this, is that it usually took us 3 days to do it.
do you mean you want to alias a command and arguments? You could do a function
function MyFunction { somecmd.exe -option1 "value" -option2 "value" }fuck up once and you break your thumb / if you're happy at all then you're god damn dumb
that's right we're on a fucked up cruise / God is dead but at least we have booze
bad things happen, no one knows why / the sun burns out and everyone dies
fuck up once and you break your thumb / if you're happy at all then you're god damn dumb
that's right we're on a fucked up cruise / God is dead but at least we have booze
bad things happen, no one knows why / the sun burns out and everyone dies
>_<
fuck up once and you break your thumb / if you're happy at all then you're god damn dumb
that's right we're on a fucked up cruise / God is dead but at least we have booze
bad things happen, no one knows why / the sun burns out and everyone dies
Bonus: One of our users says that their banking site requires Flash. A bank that requires Flash, seriously?
We have banks in the EU and Korea that require Flash, Java, and proprietary software (that needs local admin), and manual installation of unverified certificates just to log on. Needless to say, those boxes get isolated.
Local admin is usually okay. I just give the domain user local admin to the box and then lock that box the fuck down. Seems to work okay for people who suck at developing software.
If you've got more than a couple hundred gigs of data I don't think cloud recovery is realistic for most organizations. It's expensive, finicky, and technically challenging to duplicate even simple infrastructures.
A more realistic option is off-site server hosting so you just pay someone to have a rack of your boxes somewhere and make that rack into a little branch office. You can use it to restore off-site backups to if a couple/few days of downtime is OK, or keep things hot and available if you have the money to spend. Backup Exec/Veeam/etc can all do WAN replication nowadays and there are tons of appliances if you want to spend some extra money. MS/VMware have built in stuff, too.
If you're too big though it's still hard to manage just because the data you need to move can be significant. Hot recovery sites are difficult for SMBs who may not have multiple locations to use as fail-over sites just because of the expense.
Someday we'll be able to use things like Azure cloud with SCCM (or whatever) to just click a button and have everything be replicated into the cloud but right now if you can afford that you're either really tiny or you can afford to do co-located infrastructure or something and it'll be better.
Nigerian princes pay them a kickback to keep their shit running on java and flash.
Appassure runs pretty great, our file server got hit by crypto (thanks dumbass user) and we just rolled back an hour on the files affected (after shadowcopy totally shit the bed and deleted itself).
Pulled up the Dell documentation on how to do this in a SonicWall, tick the appropriate box, click OK, and get the list of MAC addresses ready so I can configure my blacklist.
My RDP connection drops. Ok, minor oops, didn't think there would be a drop in connectivity but hopefully nobody at the remote site noticed.
A minute goes by.
Single bead of sweat.
Check in Kaseya, all the agents are offline. Heck.
Ok, no problem, I'll just revert the change. Punch the remote office's WAN IP into my browser - nothing. Figures, security best practices and all. I'll just manage it over the VPN.
Whoooooops, the project manager who rolled this device hasn't enabled management over the VPN.
By the grace of God, I was able to get someone on the phone (at 4:55 PM) and walk them through reverting the change. Then I just had to change the password for all the firewalls -_-'
if you need me, I'll be taking coffee by IV the rest of the day.
And don't get me started on deploying new devices to employees. It's basically "get software list through SCCM, hunt and peck through the catalog until all 18 pages of software is installed, I hope you packed a lunch".
When I asked if version control the response I got was "If that's something you want to do then go ahead and get started."
It's an absolute shitshow for us. Since I've started with this company, all our client documentation has resided on at least 2 platforms at a given time. Currently, we're on ConnectWise and Sharepoint and the specifics are left up to the primary tech (assuming there is one for a given client).
We do have Kaseya, though, meaning that the Add/Remove Programs list is available even for an offline agent. For clients with really lengthy workstation setup processes, we take Acronis images or at least make a checklist.
The temperature sensor had fallen off the wall and landed behind a server rack, right in the exhaust stream.
At least it didn't happen at 2AM.