We use keepass to keep track of the oddball software we have, like Acrobat Pro etc. All the keys and such are in there, whose machine its on. Thanfully, we don't have a lot of that to manage.
0
KakodaimonosCode fondlerHelping the 1% get richerRegistered Userregular
So what would be a reasonable amount of user storage in Outlook. The admins are grumbling at me and I really dont want to sort through 500K emails.
IMO mailboxes shouldn't have a size limit, and Outlook should take a shot at being not shit at handling large mailboxes.
Newer versions of exchange/exchange are pretty good at it actually, they don't try and load your whole mailbox all the time.
life's a game that you're bound to lose / like using a hammer to pound in screws
fuck up once and you break your thumb / if you're happy at all then you're god damn dumb
that's right we're on a fucked up cruise / God is dead but at least we have booze
bad things happen, no one knows why / the sun burns out and everyone dies
To give you a better non-answer: My understanding is that it's not actually the size of the mailbox that is the problem, but the number if items in it. How large is acceptable will depend a lot on what kinds of things are getting shoved in there.
0
KakodaimonosCode fondlerHelping the 1% get richerRegistered Userregular
Ah. After a little chat it turns out that someone set up Nagios alerts to go to our main contact address (cs@contoso.com). So we have a pile of alerts mixed on with the actual client emails making it impossible to figure out which is which.
When I asked why we didn't have an alerts@ email address.
"That's a really good idea."
+3
lwt1973King of ThievesSyndicationRegistered Userregular
To give you a better non-answer: My understanding is that it's not actually the size of the mailbox that is the problem, but the number if items in it. How large is acceptable will depend a lot on what kinds of things are getting shoved in there.
Everything gets shoved in there. I have a person who doesn't do folders and just has thousands of emails in his inbox. He just searches for senders or subjects. When I switched to a new server and had to migrate his email, lots came up corrupt because it was just stuck in the inbox.
I had a person who used the trash as storage. Without limits, some people just won't go through and organize/delete.
"He's sulking in his tent like Achilles! It's the Iliad?...from Homer?! READ A BOOK!!" -Handy
To give you a better non-answer: My understanding is that it's not actually the size of the mailbox that is the problem, but the number if items in it. How large is acceptable will depend a lot on what kinds of things are getting shoved in there.
Everything gets shoved in there. I have a person who doesn't do folders and just has thousands of emails in his inbox. He just searches for senders or subjects. When I switched to a new server and had to migrate his email, lots came up corrupt because it was just stuck in the inbox.
I had a person who used the trash as storage. Without limits, some people just won't go through and organize/delete.
WHY IS THIS A THING EVERYWHERE?
DID THEY HAVE A CLASS AT SOME COLLEGE SOMEWHERE THAT WAS TITLED "STORE THINGS IN YOUR RECYCLE BIN BECAUSE NO ONE WILL LOOK THERE"
not a doctor, not a lawyer, examples I use may not be fully researched so don't take out of context plz, don't @ me
To give you a better non-answer: My understanding is that it's not actually the size of the mailbox that is the problem, but the number if items in it. How large is acceptable will depend a lot on what kinds of things are getting shoved in there.
Everything gets shoved in there. I have a person who doesn't do folders and just has thousands of emails in his inbox. He just searches for senders or subjects. When I switched to a new server and had to migrate his email, lots came up corrupt because it was just stuck in the inbox.
I had a person who used the trash as storage. Without limits, some people just won't go through and organize/delete.
WHY IS THIS A THING EVERYWHERE?
DID THEY HAVE A CLASS AT SOME COLLEGE SOMEWHERE THAT WAS TITLED "STORE THINGS IN YOUR RECYCLE BIN BECAUSE NO ONE WILL LOOK THERE"
If I had to guess, it's because you can move things to the trash with a single keystroke.
Also I'm totally guilty of keeping every mail ever in my inbox. I read them all, and the search is good enough, who cares?
life's a game that you're bound to lose / like using a hammer to pound in screws
fuck up once and you break your thumb / if you're happy at all then you're god damn dumb
that's right we're on a fucked up cruise / God is dead but at least we have booze
bad things happen, no one knows why / the sun burns out and everyone dies
+2
lwt1973King of ThievesSyndicationRegistered Userregular
A person has been gone for 3 years. You should be able to talk to the companies that still send reports to that email address and not say it's impossible.
"He's sulking in his tent like Achilles! It's the Iliad?...from Homer?! READ A BOOK!!" -Handy
To give you a better non-answer: My understanding is that it's not actually the size of the mailbox that is the problem, but the number if items in it. How large is acceptable will depend a lot on what kinds of things are getting shoved in there.
Everything gets shoved in there. I have a person who doesn't do folders and just has thousands of emails in his inbox. He just searches for senders or subjects. When I switched to a new server and had to migrate his email, lots came up corrupt because it was just stuck in the inbox.
I had a person who used the trash as storage. Without limits, some people just won't go through and organize/delete.
WHY IS THIS A THING EVERYWHERE?
DID THEY HAVE A CLASS AT SOME COLLEGE SOMEWHERE THAT WAS TITLED "STORE THINGS IN YOUR RECYCLE BIN BECAUSE NO ONE WILL LOOK THERE"
If I had to guess, it's because you can move things to the trash with a single keystroke.
Also I'm totally guilty of keeping every mail ever in my inbox. I read them all, and the search is good enough, who cares?
Yeah I'm less caring about the inbox thing, I do that too, because I am great at search engines.
But the recycle bin irks me to no end.
not a doctor, not a lawyer, examples I use may not be fully researched so don't take out of context plz, don't @ me
I too am one of those people that just has everything in the inbox because search is that good. I tried organizing stuff into folders a while back but found it was actually slower to do that than just search.
Outlook/exchange doesn't begin to choke until you get to mailbox sizes above 40GB or so. the documentation says that problems *can* arise at 25GB but I have first hand experience saying that 40 is about where things start to go bad.
And how it goes bad is actually hilarious. It's less that there are issues with the mail itself, but what happens is on the client side the indexing breaks. Basically it can't index the inbox fast enough so it's still trying to index when the timer resets and tells is to run a new index. New mail won't be indexed because the indexer can't actually index all of the contents before it starts over.
Dealing with an Exchange 2010 RTM server (don't ask, I have no idea). To bring it up to the latest version can I just install the latest service pack and such, or do I need to serially install each pack, roll-up package, etc.?
@wunderbar that indexing issue sounds interesting. Is the only way to deal with it to purge mail items?
Dealing with an Exchange 2010 RTM server (don't ask, I have no idea). To bring it up to the latest version can I just install the latest service pack and such, or do I need to serially install each pack, roll-up package, etc.?
@wunderbar that indexing issue sounds interesting. Is the only way to deal with it to purge mail items?
you don't have to install each update, but what you do have to do is the latest full service pack, then the latest CU rollup.
and for the indexing thing, yea that's the only way we found was to remove mail items from the mailbox. in this specific case we did an online archive of a bunch of it so the user can still access it, it's just not in their mailbox specifically anymore.
we have a specialized piece of equipment at a worksite that's approximately 300km (185 or so miles for you americans) away. this thing has a PC for it that has 2 NIC's. one plugs directly into the piece of equipment, one that plugs into the network.
for whatever reason, the vendor assigned the same static IP to both connections instead of just the one for the piece of equipment, which isn't even a normal private address, it was a 128.x.x.x address that doesn't go out to the internet. So neither the connectivity to the equipment was working because of the IP conficlict, nor normal networking because of the nonsense address.
Try toubleshooting that over the phone with a guy who's primary job is to load sand into trucks.
we have a specialized piece of equipment at a worksite that's approximately 300km (185 or so miles for you americans) away. this thing has a PC for it that has 2 NIC's. one plugs directly into the piece of equipment, one that plugs into the network.
for whatever reason, the vendor assigned the same static IP to both connections instead of just the one for the piece of equipment, which isn't even a normal private address, it was a 128.x.x.x address that doesn't go out to the internet. So neither the connectivity to the equipment was working because of the IP conficlict, nor normal networking because of the nonsense address.
Try toubleshooting that over the phone with a guy who's primary job is to load sand into trucks.
Why would you do that? That's gotta fuck with routing on some level.
Idiots.
not a doctor, not a lawyer, examples I use may not be fully researched so don't take out of context plz, don't @ me
0
Mr_Rose83 Blue Ridge Protects the HolyRegistered Userregular
Well, technically you could use NAT at the borders of the subnet and have whatever address space you wanted internally, but if you do use a public range IP you will, eventually, run into an issue where requests for ftp.charlie.horse or whatever through DNS gives you your own IP back and weird shit starts to go down.
I know this because my work involves juggling a half a dozen VPNs to connect to customer sites that all use the 192.168.xxx.xxx/24 address space and accidentally requesting things that are on one network when another (or several) is connected, at best, causes timeouts, sometimes takes you to a server with the same IP, and occasionally just breaks the Windows IP stack to the point of requiring a reboot.
today bitlocker is deciding to chew up the entire HDD while encrypting, instead of leaving a rolling 6GB free like it's supposed to (and has done every time before)
microsoft :rotate:
EDIT: and for some reason loggin in as the local administrator account fixes it?
Aioua on
life's a game that you're bound to lose / like using a hammer to pound in screws
fuck up once and you break your thumb / if you're happy at all then you're god damn dumb
that's right we're on a fucked up cruise / God is dead but at least we have booze
bad things happen, no one knows why / the sun burns out and everyone dies
Well, technically you could use NAT at the borders of the subnet and have whatever address space you wanted internally, but if you do use a public range IP you will, eventually, run into an issue where requests for ftp.charlie.horse or whatever through DNS gives you your own IP back and weird shit starts to go down.
I know this because my work involves juggling a half a dozen VPNs to connect to customer sites that all use the 192.168.xxx.xxx/24 address space and accidentally requesting things that are on one network when another (or several) is connected, at best, causes timeouts, sometimes takes you to a server with the same IP, and occasionally just breaks the Windows IP stack to the point of requiring a reboot.
NAT's irrelevant here. The PC had identical subnets on two different interfaces. The computer can't tell which interface to send local network traffic to and that includes outbound traffic to the gateway address which is why all network traffic broke on both sides.
Just remember that half the people you meet are below average intelligence.
0
RandomHajileNot actually a SnatcherThe New KremlinRegistered Userregular
So what would be a reasonable amount of user storage in Outlook. The admins are grumbling at me and I really dont want to sort through 500K emails.
We only get 1.4 GB with no option for PST's.
It's actually rare that you need to save all your emails AND all the attachments. If you do, it's easy enough to save them off locally.
And our users are freaking the hell out about my upcoming 10GB quota that I'll be instituting. As I've said before, one dude was at 32GB until fairly recently.
The next time anyone has a problem with their password I am just going to send them here to be lectured to by Betty White on password security: https://passwordday.org/
Seidkona on
Mostly just huntin' monsters.
XBL:Phenyhelm - 3DS:Phenyhelm
So what would be a reasonable amount of user storage in Outlook. The admins are grumbling at me and I really dont want to sort through 500K emails.
We only get 1.4 GB with no option for PST's.
It's actually rare that you need to save all your emails AND all the attachments. If you do, it's easy enough to save them off locally.
And our users are freaking the hell out about my upcoming 10GB quota that I'll be instituting. As I've said before, one dude was at 32GB until fairly recently.
We freaked out too (about the no PST's thing). A good hammer to use is engage your legal team around exposure from items kept past retention, as that's been one of the big drivers for us. We have policies available to retain up to 10 years, but default delete is 90 days. Thankfully, you can set folder policies and just dump stuff in there.
I thought I'd hate it, but it's not so bad, just forces you to be at least SOMEWHAT on top of your game email organization wise.
So what would be a reasonable amount of user storage in Outlook. The admins are grumbling at me and I really dont want to sort through 500K emails.
We only get 1.4 GB with no option for PST's.
It's actually rare that you need to save all your emails AND all the attachments. If you do, it's easy enough to save them off locally.
And our users are freaking the hell out about my upcoming 10GB quota that I'll be instituting. As I've said before, one dude was at 32GB until fairly recently.
We freaked out too (about the no PST's thing). A good hammer to use is engage your legal team around exposure from items kept past retention, as that's been one of the big drivers for us. We have policies available to retain up to 10 years, but default delete is 90 days. Thankfully, you can set folder policies and just dump stuff in there.
I thought I'd hate it, but it's not so bad, just forces you to be at least SOMEWHAT on top of your game email organization wise.
not really.
Step 1: create folder
Step 2: name it "all my mail"
Step 3: give it the longest retention allowed
Step 4: move everything there.
There. I have just basically gotten around the entire point of what you were trying to do.
So what would be a reasonable amount of user storage in Outlook. The admins are grumbling at me and I really dont want to sort through 500K emails.
We only get 1.4 GB with no option for PST's.
It's actually rare that you need to save all your emails AND all the attachments. If you do, it's easy enough to save them off locally.
And our users are freaking the hell out about my upcoming 10GB quota that I'll be instituting. As I've said before, one dude was at 32GB until fairly recently.
We freaked out too (about the no PST's thing). A good hammer to use is engage your legal team around exposure from items kept past retention, as that's been one of the big drivers for us. We have policies available to retain up to 10 years, but default delete is 90 days. Thankfully, you can set folder policies and just dump stuff in there.
I thought I'd hate it, but it's not so bad, just forces you to be at least SOMEWHAT on top of your game email organization wise.
not really.
Step 1: create folder
Step 2: name it "all my mail"
Step 3: give it the longest retention allowed
Step 4: move everything there.
There. I have just basically gotten around the entire point of what you were trying to do.
There's always a way to get around system logic unless you make it incredibly locked down and harder to work with, but you shouldn't build your policies to the exception, but the rule. I've found that if you spend ALL your time addressing the potential logic holes or exploits, rather than setting high level policies that will catch them eventually (see small inbox size limitation), you end up with a lot of effort for not much value or content.
If they do that, they'll eventually hit the size limiter, at which point you make sure there's a hard line of "you do not get more space", and it's up to them to solve the problem, not you.
Also - I believe once you're close to the limit or at it, you can receive more emails, but never send any out, so there's a REALLY compelling reason for people to clean their crap up.
+1
RandomHajileNot actually a SnatcherThe New KremlinRegistered Userregular
So what would be a reasonable amount of user storage in Outlook. The admins are grumbling at me and I really dont want to sort through 500K emails.
We only get 1.4 GB with no option for PST's.
It's actually rare that you need to save all your emails AND all the attachments. If you do, it's easy enough to save them off locally.
And our users are freaking the hell out about my upcoming 10GB quota that I'll be instituting. As I've said before, one dude was at 32GB until fairly recently.
We freaked out too (about the no PST's thing). A good hammer to use is engage your legal team around exposure from items kept past retention, as that's been one of the big drivers for us. We have policies available to retain up to 10 years, but default delete is 90 days. Thankfully, you can set folder policies and just dump stuff in there.
I thought I'd hate it, but it's not so bad, just forces you to be at least SOMEWHAT on top of your game email organization wise.
So what would be a reasonable amount of user storage in Outlook. The admins are grumbling at me and I really dont want to sort through 500K emails.
We only get 1.4 GB with no option for PST's.
It's actually rare that you need to save all your emails AND all the attachments. If you do, it's easy enough to save them off locally.
And our users are freaking the hell out about my upcoming 10GB quota that I'll be instituting. As I've said before, one dude was at 32GB until fairly recently.
We freaked out too (about the no PST's thing). A good hammer to use is engage your legal team around exposure from items kept past retention, as that's been one of the big drivers for us. We have policies available to retain up to 10 years, but default delete is 90 days. Thankfully, you can set folder policies and just dump stuff in there.
I thought I'd hate it, but it's not so bad, just forces you to be at least SOMEWHAT on top of your game email organization wise.
not really.
Step 1: create folder
Step 2: name it "all my mail"
Step 3: give it the longest retention allowed
Step 4: move everything there.
There. I have just basically gotten around the entire point of what you were trying to do.
There's always a way to get around system logic unless you make it incredibly locked down and harder to work with, but you shouldn't build your policies to the exception, but the rule. I've found that if you spend ALL your time addressing the potential logic holes or exploits, rather than setting high level policies that will catch them eventually (see small inbox size limitation), you end up with a lot of effort for not much value or content.
If they do that, they'll eventually hit the size limiter, at which point you make sure there's a hard line of "you do not get more space", and it's up to them to solve the problem, not you.
Also - I believe once you're close to the limit or at it, you can receive more emails, but never send any out, so there's a REALLY compelling reason for people to clean their crap up.
I don't disagree with any of that, but I've always chosen to take a more consumer centric view of IT, since that's where the industry is going. I don't want to lock something down unless I have to, and imo locking things down hurts the legit power users and hampers efforts to support the "normal" users. And personally, over 10 years I've found that the more things are locked down, the more work it actually becomes for IT. That's of course a general statement and also abides by the "look at the rule and not the exception." But I've found it to be generally true.
I'm also firmly in the belief that an issue with an employee abusing technology is a HR problem and not a technology problem and that if someone can't get their shit done becuase they're spending all day on facebook that's not the computer's fault and the employee needs to be dealt with.
RandomHajileNot actually a SnatcherThe New KremlinRegistered Userregular
I've always been pretty laissez-faire about where our users can surf and what they can install on their PCs, until about 11 months ago when a user got a Crypto virus while I was on a cruise in the middle of the ocean. It encrypted 1/3 of our files because this person had access to HR, Payroll, and Accounting folders, on top of all of the shared folder access and whatnot. I've been moving towards taking away admin rights over the past few months, and the end result will probably be Software Restriction Policies put in place.
Yeah, surfing and not getting work done is an HR problem, but taking out a huge number of files takes up a day or more of my time of watching file restores and writing scripts to remove files, etc. I'd rather ten people call me about not being able to install Firefox, than to have to clean up after one of those.
I've always been pretty laissez-faire about where our users can surf and what they can install on their PCs, until about 11 months ago when a user got a Crypto virus while I was on a cruise in the middle of the ocean. It encrypted 1/3 of our files because this person had access to HR, Payroll, and Accounting folders, on top of all of the shared folder access and whatnot. I've been moving towards taking away admin rights over the past few months, and the end result will probably be Software Restriction Policies put in place.
Yeah, surfing and not getting work done is an HR problem, but taking out a huge number of files takes up a day or more of my time of watching file restores and writing scripts to remove files, etc. I'd rather ten people call me about not being able to install Firefox, than to have to clean up after one of those.
That is why you keep the FSRM Cryptolocker filter up to date and let it worry about that.
Cryptolocker hits, they disconnect from the network and only their local machine is hosed. If they did something stupid and locked themselves from the network until you get back tough.
Mostly just huntin' monsters.
XBL:Phenyhelm - 3DS:Phenyhelm
0
RandomHajileNot actually a SnatcherThe New KremlinRegistered Userregular
I've always been pretty laissez-faire about where our users can surf and what they can install on their PCs, until about 11 months ago when a user got a Crypto virus while I was on a cruise in the middle of the ocean. It encrypted 1/3 of our files because this person had access to HR, Payroll, and Accounting folders, on top of all of the shared folder access and whatnot. I've been moving towards taking away admin rights over the past few months, and the end result will probably be Software Restriction Policies put in place.
Yeah, surfing and not getting work done is an HR problem, but taking out a huge number of files takes up a day or more of my time of watching file restores and writing scripts to remove files, etc. I'd rather ten people call me about not being able to install Firefox, than to have to clean up after one of those.
That is why you keep the FSRM Cryptolocker filter up to date and let it worry about that.
Cryptolocker hits, they disconnect from the network and only their local machine is hosed. If they did something stupid and locked themselves from the network until you get back tough.
Remember, I was the one who talked up the FSRM thing.
Until you get one that encrypts filenames in place or uses a random extension. Got hit with the first one there a couple months back, but the user caught it before it hit network drives.
We just got one earlier this week that I didn't have on the list (that I should have), though, but that user didn't have much access to stuff. The thing that FSRM caught was a ransom file that I missed in the last cleanup, because it was in a folder with a too-long path name for my script to deal with at the time.
But what's really scary is the hypothetical one that runs from PowerShell AND encrypts in place without dropping easily identifiable ransom files everywhere.
I'm also moving toward keeping Java (and Flash and Acro Reader) updated more regularly, but we have a Java app that has to have lessened security, and we only just got it working on a newer version of Java.
I've always been pretty laissez-faire about where our users can surf and what they can install on their PCs, until about 11 months ago when a user got a Crypto virus while I was on a cruise in the middle of the ocean. It encrypted 1/3 of our files because this person had access to HR, Payroll, and Accounting folders, on top of all of the shared folder access and whatnot. I've been moving towards taking away admin rights over the past few months, and the end result will probably be Software Restriction Policies put in place.
Yeah, surfing and not getting work done is an HR problem, but taking out a huge number of files takes up a day or more of my time of watching file restores and writing scripts to remove files, etc. I'd rather ten people call me about not being able to install Firefox, than to have to clean up after one of those.
That is why you keep the FSRM Cryptolocker filter up to date and let it worry about that.
Cryptolocker hits, they disconnect from the network and only their local machine is hosed. If they did something stupid and locked themselves from the network until you get back tough.
Remember, I was the one who talked up the FSRM thing.
Until you get one that encrypts filenames in place or uses a random extension. Got hit with the first one there a couple months back, but the user caught it before it hit network drives.
We just got one earlier this week that I didn't have on the list (that I should have), though, but that user didn't have much access to stuff. The thing that FSRM caught was a ransom file that I missed in the last cleanup, because it was in a folder with a too-long path name for my script to deal with at the time.
But what's really scary is the hypothetical one that runs from PowerShell AND encrypts in place without dropping easily identifiable ransom files everywhere.
I'm also moving toward keeping Java (and Flash and Acro Reader) updated more regularly, but we have a Java app that has to have lessened security, and we only just got it working on a newer version of Java.
Fair point. I need to do some tightening of security around here but they want me to be more and more of a bookkeeper daily and I feel like its a losing battle.
Edit: I guess what I am saying is my advice may not be the best because I am approaching peak burnout and most of what I have to do in IT needs to be automated so I can do other shit they should really hire someone else for but won't because they devalue my main services.
Once my wife gets out of the hospital I am restarting my job search.
Seidkona on
Mostly just huntin' monsters.
XBL:Phenyhelm - 3DS:Phenyhelm
0
RandomHajileNot actually a SnatcherThe New KremlinRegistered Userregular
I've always been pretty laissez-faire about where our users can surf and what they can install on their PCs, until about 11 months ago when a user got a Crypto virus while I was on a cruise in the middle of the ocean. It encrypted 1/3 of our files because this person had access to HR, Payroll, and Accounting folders, on top of all of the shared folder access and whatnot. I've been moving towards taking away admin rights over the past few months, and the end result will probably be Software Restriction Policies put in place.
Yeah, surfing and not getting work done is an HR problem, but taking out a huge number of files takes up a day or more of my time of watching file restores and writing scripts to remove files, etc. I'd rather ten people call me about not being able to install Firefox, than to have to clean up after one of those.
That is why you keep the FSRM Cryptolocker filter up to date and let it worry about that.
Cryptolocker hits, they disconnect from the network and only their local machine is hosed. If they did something stupid and locked themselves from the network until you get back tough.
Remember, I was the one who talked up the FSRM thing.
Until you get one that encrypts filenames in place or uses a random extension. Got hit with the first one there a couple months back, but the user caught it before it hit network drives.
We just got one earlier this week that I didn't have on the list (that I should have), though, but that user didn't have much access to stuff. The thing that FSRM caught was a ransom file that I missed in the last cleanup, because it was in a folder with a too-long path name for my script to deal with at the time.
But what's really scary is the hypothetical one that runs from PowerShell AND encrypts in place without dropping easily identifiable ransom files everywhere.
I'm also moving toward keeping Java (and Flash and Acro Reader) updated more regularly, but we have a Java app that has to have lessened security, and we only just got it working on a newer version of Java.
Fair point. I need to do some tightening of security around here but they want me to be more and more of a bookkeeper daily and I feel like its a losing battle.
Edit: I guess what I am saying is my advice may not be the best because I am approaching peak burnout and most of what I have to do in IT needs to be automated so I can do other shit they should really hire someone else for but won't because they devalue my main services.
Once my wife gets out of the hospital I am restarting my job search.
Yeah, on the whole I think we're on the same page here. I spent a few days last week combing through Group Policy to make things a tiny bit more secure and easier to deal with, which is something I've been meaning to do for 10 years or so. I still have a whole page of more drastic GP stuff I want to force out at some point, but now it's back to stupid corporate projects that pull me away from server/VM management.
This type of stuff is why we have had a couple major outages in the past year or so. Myself and my colleague can't fix every little thing before they turn into big things, because we're always getting pulled away on "projects with management visibility."
What do you guys use for cataloging software and managing versions? The current system here is "dump them all in a series of folders and maybe write cryptic notes in the file name" and to tell you the truth it's caused me a lot of grief. I don't think it's being managed very well. So we have programs that needs to be run with Power Broker but I didn't learn that the version that power broker elevates is not saved in our catalog and actually the one in our catalog will crash because power broker isn't configured with it properly. I figured this out after about 4 hours of trouble shooting the 5 machines I deployed the software on.
And don't get me started on deploying new devices to employees. It's basically "get software list through SCCM, hunt and peck through the catalog until all 18 pages of software is installed, I hope you packed a lunch".
When I asked if version control the response I got was "If that's something you want to do then go ahead and get started."
It's an absolute shitshow for us. Since I've started with this company, all our client documentation has resided on at least 2 platforms at a given time. Currently, we're on ConnectWise and Sharepoint and the specifics are left up to the primary tech (assuming there is one for a given client).
We do have Kaseya, though, meaning that the Add/Remove Programs list is available even for an offline agent. For clients with really lengthy workstation setup processes, we take Acronis images or at least make a checklist.
I'm moving toward a system that instead of having a million unique snowflake requests files all computers under function. At least this is how it's going to work for one of our engineering teams.
Folder Layout being something like:
Base-Image
Function 1 function 2 function 3 function 4
so I take all the common software and place them in the base image, then any deviation is only because the computers are used in different equipment. So they can say "Its for testing this which is function 3" and I just install all the junk under function 3 folder.
Which is better than "Yeah I need computer with this software on it"
"Okay here you go"
"Why doesn't it have the software computer B has on it!"
"Okay here you go!"
"But I need x software too how did you miss that!"
"It's not on computer B, computer D runs that program"
HR person went to login to our insurance provider's portal. Said they had some problem, couldn't get in. Have a look, cert is revoked. Advise they email their rep, see what's going on. Rep mails back, "Just click past it...". Apparently they're working on a new site, and the old one's cert was revoked...6 months ago. The Qualys SSL test actually gives the site an F - I have never seen that before. Usually they manage to score at least...1 out of 10 on a test.
HR person went to login to our insurance provider's portal. Said they had some problem, couldn't get in. Have a look, cert is revoked. Advise they email their rep, see what's going on. Rep mails back, "Just click past it...". Apparently they're working on a new site, and the old one's cert was revoked...6 months ago. The Qualys SSL test actually gives the site an F - I have never seen that before. Usually they manage to score at least...1 out of 10 on a test.
So when will you be switching insurance providers?
Coming home from an 8 hour operation of changing a stack of 5, 48 port switches. This included removing all cables in the closet and redoing it because it was ugly and... Non-functional.
I was in charge of configuration (some fun changing between two different switch models) and re-assigning ports, had some other 7 guys help with the physical stuff and validation.
The result was not quite IT porn, but maybe it was some softcore.
Posts
Newer versions of exchange/exchange are pretty good at it actually, they don't try and load your whole mailbox all the time.
fuck up once and you break your thumb / if you're happy at all then you're god damn dumb
that's right we're on a fucked up cruise / God is dead but at least we have booze
bad things happen, no one knows why / the sun burns out and everyone dies
When I asked why we didn't have an alerts@ email address.
"That's a really good idea."
Everything gets shoved in there. I have a person who doesn't do folders and just has thousands of emails in his inbox. He just searches for senders or subjects. When I switched to a new server and had to migrate his email, lots came up corrupt because it was just stuck in the inbox.
I had a person who used the trash as storage. Without limits, some people just won't go through and organize/delete.
WHY IS THIS A THING EVERYWHERE?
DID THEY HAVE A CLASS AT SOME COLLEGE SOMEWHERE THAT WAS TITLED "STORE THINGS IN YOUR RECYCLE BIN BECAUSE NO ONE WILL LOOK THERE"
If I had to guess, it's because you can move things to the trash with a single keystroke.
Also I'm totally guilty of keeping every mail ever in my inbox. I read them all, and the search is good enough, who cares?
fuck up once and you break your thumb / if you're happy at all then you're god damn dumb
that's right we're on a fucked up cruise / God is dead but at least we have booze
bad things happen, no one knows why / the sun burns out and everyone dies
Yeah I'm less caring about the inbox thing, I do that too, because I am great at search engines.
But the recycle bin irks me to no end.
Outlook/exchange doesn't begin to choke until you get to mailbox sizes above 40GB or so. the documentation says that problems *can* arise at 25GB but I have first hand experience saying that 40 is about where things start to go bad.
And how it goes bad is actually hilarious. It's less that there are issues with the mail itself, but what happens is on the client side the indexing breaks. Basically it can't index the inbox fast enough so it's still trying to index when the timer resets and tells is to run a new index. New mail won't be indexed because the indexer can't actually index all of the contents before it starts over.
@wunderbar that indexing issue sounds interesting. Is the only way to deal with it to purge mail items?
you don't have to install each update, but what you do have to do is the latest full service pack, then the latest CU rollup.
and for the indexing thing, yea that's the only way we found was to remove mail items from the mailbox. in this specific case we did an online archive of a bunch of it so the user can still access it, it's just not in their mailbox specifically anymore.
for whatever reason, the vendor assigned the same static IP to both connections instead of just the one for the piece of equipment, which isn't even a normal private address, it was a 128.x.x.x address that doesn't go out to the internet. So neither the connectivity to the equipment was working because of the IP conficlict, nor normal networking because of the nonsense address.
Try toubleshooting that over the phone with a guy who's primary job is to load sand into trucks.
Why would you do that? That's gotta fuck with routing on some level.
Idiots.
I know this because my work involves juggling a half a dozen VPNs to connect to customer sites that all use the 192.168.xxx.xxx/24 address space and accidentally requesting things that are on one network when another (or several) is connected, at best, causes timeouts, sometimes takes you to a server with the same IP, and occasionally just breaks the Windows IP stack to the point of requiring a reboot.
Nintendo Network ID: AzraelRose
DropBox invite link - get 500MB extra free.
We only get 1.4 GB with no option for PST's.
It's actually rare that you need to save all your emails AND all the attachments. If you do, it's easy enough to save them off locally.
today bitlocker is deciding to chew up the entire HDD while encrypting, instead of leaving a rolling 6GB free like it's supposed to (and has done every time before)
microsoft :rotate:
EDIT: and for some reason loggin in as the local administrator account fixes it?
fuck up once and you break your thumb / if you're happy at all then you're god damn dumb
that's right we're on a fucked up cruise / God is dead but at least we have booze
bad things happen, no one knows why / the sun burns out and everyone dies
NAT's irrelevant here. The PC had identical subnets on two different interfaces. The computer can't tell which interface to send local network traffic to and that includes outbound traffic to the gateway address which is why all network traffic broke on both sides.
This is a clickable link to my Steam Profile.
XBL:Phenyhelm - 3DS:Phenyhelm
We freaked out too (about the no PST's thing). A good hammer to use is engage your legal team around exposure from items kept past retention, as that's been one of the big drivers for us. We have policies available to retain up to 10 years, but default delete is 90 days. Thankfully, you can set folder policies and just dump stuff in there.
I thought I'd hate it, but it's not so bad, just forces you to be at least SOMEWHAT on top of your game email organization wise.
not really.
Step 1: create folder
Step 2: name it "all my mail"
Step 3: give it the longest retention allowed
Step 4: move everything there.
There. I have just basically gotten around the entire point of what you were trying to do.
There's always a way to get around system logic unless you make it incredibly locked down and harder to work with, but you shouldn't build your policies to the exception, but the rule. I've found that if you spend ALL your time addressing the potential logic holes or exploits, rather than setting high level policies that will catch them eventually (see small inbox size limitation), you end up with a lot of effort for not much value or content.
If they do that, they'll eventually hit the size limiter, at which point you make sure there's a hard line of "you do not get more space", and it's up to them to solve the problem, not you.
Also - I believe once you're close to the limit or at it, you can receive more emails, but never send any out, so there's a REALLY compelling reason for people to clean their crap up.
This is a clickable link to my Steam Profile.
I don't disagree with any of that, but I've always chosen to take a more consumer centric view of IT, since that's where the industry is going. I don't want to lock something down unless I have to, and imo locking things down hurts the legit power users and hampers efforts to support the "normal" users. And personally, over 10 years I've found that the more things are locked down, the more work it actually becomes for IT. That's of course a general statement and also abides by the "look at the rule and not the exception." But I've found it to be generally true.
I'm also firmly in the belief that an issue with an employee abusing technology is a HR problem and not a technology problem and that if someone can't get their shit done becuase they're spending all day on facebook that's not the computer's fault and the employee needs to be dealt with.
Yeah, surfing and not getting work done is an HR problem, but taking out a huge number of files takes up a day or more of my time of watching file restores and writing scripts to remove files, etc. I'd rather ten people call me about not being able to install Firefox, than to have to clean up after one of those.
This is a clickable link to my Steam Profile.
That is why you keep the FSRM Cryptolocker filter up to date and let it worry about that.
Cryptolocker hits, they disconnect from the network and only their local machine is hosed. If they did something stupid and locked themselves from the network until you get back tough.
XBL:Phenyhelm - 3DS:Phenyhelm
Until you get one that encrypts filenames in place or uses a random extension. Got hit with the first one there a couple months back, but the user caught it before it hit network drives.
We just got one earlier this week that I didn't have on the list (that I should have), though, but that user didn't have much access to stuff. The thing that FSRM caught was a ransom file that I missed in the last cleanup, because it was in a folder with a too-long path name for my script to deal with at the time.
But what's really scary is the hypothetical one that runs from PowerShell AND encrypts in place without dropping easily identifiable ransom files everywhere.
I'm also moving toward keeping Java (and Flash and Acro Reader) updated more regularly, but we have a Java app that has to have lessened security, and we only just got it working on a newer version of Java.
This is a clickable link to my Steam Profile.
Fair point. I need to do some tightening of security around here but they want me to be more and more of a bookkeeper daily and I feel like its a losing battle.
Edit: I guess what I am saying is my advice may not be the best because I am approaching peak burnout and most of what I have to do in IT needs to be automated so I can do other shit they should really hire someone else for but won't because they devalue my main services.
Once my wife gets out of the hospital I am restarting my job search.
XBL:Phenyhelm - 3DS:Phenyhelm
This type of stuff is why we have had a couple major outages in the past year or so. Myself and my colleague can't fix every little thing before they turn into big things, because we're always getting pulled away on "projects with management visibility."
This is a clickable link to my Steam Profile.
I'm moving toward a system that instead of having a million unique snowflake requests files all computers under function. At least this is how it's going to work for one of our engineering teams.
Folder Layout being something like:
Base-Image
Function 1 function 2 function 3 function 4
so I take all the common software and place them in the base image, then any deviation is only because the computers are used in different equipment. So they can say "Its for testing this which is function 3" and I just install all the junk under function 3 folder.
Which is better than "Yeah I need computer with this software on it"
"Okay here you go"
"Why doesn't it have the software computer B has on it!"
"Okay here you go!"
"But I need x software too how did you miss that!"
"It's not on computer B, computer D runs that program"
So when will you be switching insurance providers?
The Qualys test is 0 across the board, amazing.
I was in charge of configuration (some fun changing between two different switch models) and re-assigning ports, had some other 7 guys help with the physical stuff and validation.
The result was not quite IT porn, but maybe it was some softcore.
/itshappening.gif