[SYSTEMS ADMINS & IT MONKEYS] ...maybe they should have hired a professional

TL DR

This thread is for those of us who watch progress bars all day to talk shop. Discuss how much you love and appreciate your users. Wax poetic about how understanding management is of IT's budgetary requirements. Express gratitude that you never inherit a situation like this

TL DR

My first ticket this morning is a user whose workstation's User Agent registry key keeps changing from (Default) - (Value not set) to (Default) - Opera/9.80 with a bunch of other DWORD entries. (HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent)

She doesn't have Opera installed. I can change it, after which IE will display pages again, but it reverts after a reboot. Fun!

urahonky

Hmm. Check if there is an add-on installed in IE. I'm willing to bet it is something like that.

bowen

Yeah probably a toolbar.

TL DR

Hmm, deleted a bunch of startup entries, one of which included an AVG search plugin, and that seems to have resolved the issue.

lwt1973

Seems someone got infected by something nasty and now all attempts to go to our banks website get redirected to a similar site in all appearances:

85.143.166.90

Checked malware and av and they found something so I cleaned. I tried it again with no hits and it's still banging up against that site once more. I checked the hosts file and it's fine as well.

TL DR

DNS?

I haven't seen this in awhile, but try "IE -> Tools -> Internet Options -> Connections -> LAN settings" and make sure there's no proxy set.

Also you may want to try TDSSkiller.

lwt1973

None of that there. I scanned TDSSkiller with nothing. I checked other computers and it doesn't hit anything out of the ordinary. I also tried going to another bank site and it hits 85.143.166.90 immediately as well.

I'm going to reimage now as it has something really nasty in it.

Edit: Wiped and reimaged and now it's fine.

8bitogre

Another decent rootkit finder, if TDSSKIller doesn't pick anything up, is GMER

finalbroadcast

Yeah even if AV finds something, I'm still prone to error on reimaging over cleaning. I don't trust that there isn't something else in there that hasn't been found.

TL DR

Just a matter of preference, I suppose. For a lot of my users, especially those in less-developed environments, a re-image would be a Big Deal and they aren't dealing with anything sensitive enough that a 1% chance of something going undetected by multiple scans and still able to cause a problem while their AV is running would be a serious concern.

urahonky

Outlet is out in the break room so our fridge and coffee maker don't work right now. I expect to hear a hundred jokes today about the ice cream in the freezer.

iTunesIsEvil

Really? I expect you won't have much time for those jokes, instead your boss is about to ask you what you know about commercial electrical work.

urahonky

Haha well luckily it looks like it was a breaker issue. Easy enough to fix. :P

urahonky

Fuck Symantec.

I went to their "Small & Medium Business" site and bought 15 licenses for Symantec End-Point protection (for $800), and apparently that license isn't for the software we have: Symantec End Point Protection: Small Business Edition. What the fuck?

bowen

:rotate: Java

I mean :rotate: Symantec

http://technet.microsoft.com/en-us/forefront/ee822838.aspx

Nosf

Symantec are pretty shit for that, I've had it happen to me before and had to do a conference call with them and the vendor that sold it to me to get the licenses refunded and then sold the right thing. My wife works for Goodwill and they had a similar issue wherein they 'bought' software through techsoup - donated software at a great discount for education/nonprofits. They wound up with the wrong thing and had no recourse from what she tells me.

I think I bought the wrong thing from AVG once, I just phoned our rep at the time and she sorted it all out, refunds/charged out the right amount and re-issued me a new key. AVG is not as good as it once was, but they're pretty good customer service wise. Once our current license is up we're jumping ship to Forefront.

In other news, 5000+ messages in the Exchange queue about some polish conference, that was a fun way to learn I hadn't locked down the goddamn mail server to just receive from Postini.

TL DR

Alright, a user needs a calendar, viewable in Sharepoint. Ideally, everyone can add items but those that she adds would be read-only for everyone else.

Possible, or will I need a separate 'read only' calendar for her stuff?

bowen

Sounds like you want google calendar!

Nosf

If they're contributors on the calendar but not editors, then they should be able to add but not edit the items belonging to others.

urahonky

Nice! I can't get a refund for Symantec over email I have to fucking call their dumbasses.

Nosf

When that happened to me, it was a reseller that sold it to me so we had to do a conference call with the reseller and Symantec, there were 5+ people on that call. I think I started it with, "I called and asked for subscription renewal on XYZ, and this happened - between you, make it work."

They did, but yeah, we ditched them not long afterwards. ~50 machines, we migrated to AVG and were spending less than half the price for a 2 year renewal vs 1 year with Symantec.

bowen

Not sure which of those two is worse!

urahonky

Oh nice even better.... While walking to get the print-out... I got notification that I will be staying late today.

Our networking guy (who hooks up the outlets and stuff) has been mysteriously absent. Turns out he lost his vision in one of his eyes so that's why he hasn't been answering our calls. Well my COO called him and got him to come in today at 5pm EST (I leave at 4:30...supposedly). Here's the kicker: he can't climb ladders, so I'm going to be the one on the ladders doing all of the work. I'll be here until 8pm or so.

bowen

The non-twist: he lost his vision because he cut corners and ran a cat5 cable through an electrical conduit that wasn't grounded properly and the electrician that was hired cut corners and used bare wires.

urahonky

I'm guessing it was diabeetus, but I like your answer more.

TL DR

urahonky wrote: »

Oh nice even better.... While walking to get the print-out... I got notification that I will be staying late today.

Our networking guy (who hooks up the outlets and stuff) has been mysteriously absent. Turns out he lost his vision in one of his eyes so that's why he hasn't been answering our calls. Well my COO called him and got him to come in today at 5pm EST (I leave at 4:30...supposedly). Here's the kicker: he can't climb ladders, so I'm going to be the one on the ladders doing all of the work. I'll be here until 8pm or so.

Get a hard copy of your job description and just start writing all this down.

It will at least be lulzy when you go to ask for a raise.

urahonky

Oh the last time he came in I left at about 7:45pm... The day before my review... I ended up getting a 20% raise, which is stellar, but I'm sure it had something to do with the fact that they think they own me.

bowen

I mean, yay you're making more money! But $7000 more a year is a sneeze when you're doing... I'm pegging you at, 4 jobs.

bowen

At least 100% raise, come on.

$60K or bust.

urahonky

bowen wrote: »

I mean, yay you're making more money! But $7000 more a year is a sneeze when you're doing... I'm pegging you at, 4 jobs.

It was more like 4200 a year :P

bowen

Ah well that's net not gross!

Nosf

If he can't do the job, then shop around for someone else. Always pays to get a few quotes on jobs once and a while just to insure your contractors (I assume he's an outside IT person) are keeping up with current pricing.

bowen

Always cheaper to get honky to do it for free!

urahonky

yeahh that's the thing. I don't know how I'm going to bill this. I KNOW they will want me to eat the time. But I might just come in late.

urahonky

But then again when I did that last time they fucking called me at 9am to ask where I was and were upset that I wasn't in yet so I don't know....

bowen

Hour for hour at the worst. Should be time and a half though.

TL DR

Are you salaried? If not, then time and a half is standard for anything over 40 hours.

bowen

IMHO double time if it's not part of your job description and a "favor."

urahonky

Hahaha... You guys are funny. Everyone knows you eat the time when it comes to Overhead unless you hate the company and hate the owners.

TL DR

Sorry, what was that? It sounded like a faint rallying cry for the global proletariat to Occupy your workplace.