My home windows 10 machine just got the no-progress-bar "all your files are exactly where you left them" update, and I'm glad I knew what it was because Microsoft would have to try pretty hard to make a more terrifying update.
Powershell, I both love you and loathe you at the same time.
a script that can find if a specific phone number is attached to a user in Lync? super bloody useful.
creating said script, one line, but still kind of dumb.
the fact that it has to be run in in Lync powershell, and not vanilla powershell, even more stupid. I still hate how on an exchange server there is "powershell" and "exchange powershell" and the same for lync, etc. If i have Exchange installed just integrate the exchange powershell applets into the "normal" powershell for fuck sakes.
Those may or may not be commands you can load in with Import-Module.
But yeah MS's drive to get their other apps integrated into powershell is good. Many of the implementations, however, are not.
Aioua on
life's a game that you're bound to lose / like using a hammer to pound in screws
fuck up once and you break your thumb / if you're happy at all then you're god damn dumb
that's right we're on a fucked up cruise / God is dead but at least we have booze
bad things happen, no one knows why / the sun burns out and everyone dies
+2
Options
lwt1973King of ThievesSyndicationRegistered Userregular
Symantec upgrading is a circle of hell.
"He's sulking in his tent like Achilles! It's the Iliad?...from Homer?! READ A BOOK!!" -Handy
life's a game that you're bound to lose / like using a hammer to pound in screws
fuck up once and you break your thumb / if you're happy at all then you're god damn dumb
that's right we're on a fucked up cruise / God is dead but at least we have booze
bad things happen, no one knows why / the sun burns out and everyone dies
+1
Options
Mr_Rose83 Blue Ridge Protects the HolyRegistered Userregular
Yeah, Powershell is great except for when I forget to use the shortcut on my desktop that integrates the Azure AD functions on startup, because fuck loading those manually.
Powershell, I both love you and loathe you at the same time.
a script that can find if a specific phone number is attached to a user in Lync? super bloody useful.
creating said script, one line, but still kind of dumb.
the fact that it has to be run in in Lync powershell, and not vanilla powershell, even more stupid. I still hate how on an exchange server there is "powershell" and "exchange powershell" and the same for lync, etc. If i have Exchange installed just integrate the exchange powershell applets into the "normal" powershell for fuck sakes.
this, 100%
Yesterday, I got a request to disable password complexity requirements for a client.
you can run get-user | ft -auto UserPrincipalName,StrongPasswordRequired for a list of users and whether the setting is enabled
per-user, of course, because this can't be changed for the domain and will need to be manually adjusted for all future users
but you need to run set-msoluser and not set-user in order to effect a change to the setting, even after already having connected to O365, and that function isn't available in whichever of the 3 versions of Powershell I opened first on the client's server
how hard would it be to issue an update for existing PS modules that imports the necessary functions when they're called instead of giving an error message and then leaving the admin to find out whether it's even possible to add the required feature
My home windows 10 machine just got the no-progress-bar "all your files are exactly where you left them" update, and I'm glad I knew what it was because Microsoft would have to try pretty hard to make a more terrifying update.
In two separate upgrade instances I've seen the user get loaded into a temporary profile, at which point the user says, "Uh. Where the fuck are my files?"
My home windows 10 machine just got the no-progress-bar "all your files are exactly where you left them" update, and I'm glad I knew what it was because Microsoft would have to try pretty hard to make a more terrifying update.
In two separate upgrade instances I've seen the user get loaded into a temporary profile, at which point the user says, "Uh. Where the fuck are my files?"
Microsoft. :tell_me_more:
My wife got that update the other night. Just turned on her computer and got the thing.
It was really really annoying. I couldn't tell if it was supposed to be a video or something that we weren't getting sound from or what.
0
Options
lwt1973King of ThievesSyndicationRegistered Userregular
Best line from Microsoft on an Office install:
It wouldn't install because it was completely uninstalled.
"He's sulking in his tent like Achilles! It's the Iliad?...from Homer?! READ A BOOK!!" -Handy
Started a new job, I'm in training with the guy I'm replacing.
"OK, now we're gonna log into the SQL server"
*opens up RDC*
*Windows 2000 Advanced Server, built on NT technology*
nooooooooooo.jpg
life's a game that you're bound to lose / like using a hammer to pound in screws
fuck up once and you break your thumb / if you're happy at all then you're god damn dumb
that's right we're on a fucked up cruise / God is dead but at least we have booze
bad things happen, no one knows why / the sun burns out and everyone dies
I have two machines (well, one laptop, one VM) that got clean Win 7 installs as of yesterday. They each did 1 giant round of Windows Update yesterday, and now won't do shit. They both just sit at either "Checking for updates..." or if I manage to get the list of updates that are available they both just sit at "Downloading updates... 0% of 0Kb".
I've tried every goddamned *.diagcab file that Microsoft suggests to let it automatically fix the problem. No dice.
faaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaahk this is getting frustrating. :x
It already did it for the first time though! They both went through a round of like 800MB worth of updates. It should already be at the point where it's got shit figured out. I let the laptop sit this morning from 7:50 AM to noon and it never left "Downloading updates... 0% of 0Kb".
Ok so you know how in windows, if you have a laptop and you sign in while connected to the domain, it will cache the credentials and then you can log in while not on the domain (at least for a while.)
Is there a way of forcing it to cache the creds of some other user?
That would be really useful right now.
life's a game that you're bound to lose / like using a hammer to pound in screws
fuck up once and you break your thumb / if you're happy at all then you're god damn dumb
that's right we're on a fucked up cruise / God is dead but at least we have booze
bad things happen, no one knows why / the sun burns out and everyone dies
Ok so you know how in windows, if you have a laptop and you sign in while connected to the domain, it will cache the credentials and then you can log in while not on the domain (at least for a while.)
Is there a way of forcing it to cache the creds of some other user?
That would be really useful right now.
Laptops need better ways of dealing with a domain tbh.
not a doctor, not a lawyer, examples I use may not be fully researched so don't take out of context plz, don't @ me
Ok so you know how in windows, if you have a laptop and you sign in while connected to the domain, it will cache the credentials and then you can log in while not on the domain (at least for a while.)
Is there a way of forcing it to cache the creds of some other user?
That would be really useful right now.
Not that I'm aware, and this is something that would have been useful to me for the last 10 years.
Windows inability for admins to impersonate users remains a thorn!
Though I guess also still a somewhat useful security paradigm.
life's a game that you're bound to lose / like using a hammer to pound in screws
fuck up once and you break your thumb / if you're happy at all then you're god damn dumb
that's right we're on a fucked up cruise / God is dead but at least we have booze
bad things happen, no one knows why / the sun burns out and everyone dies
Windows inability for admins to impersonate users remains a thorn!
Though I guess also still a somewhat useful security paradigm.
Sort of. Users should belong to groups where admins can have the permissions to impersonate specific groups. User impersonation is a useful tool, and if you have control over who can impersonate who there shouldn't be any security implications that wouldn't already exist given what an admin can actually do.
I mean I think I've already created the solution, which is having a shared local account with no access to anything but the VPN and a script the user can run which will ask for their username/password and then cache their account.
This is brand new job though so I'll sit on that got a while, but the current solution of knowing everyone's password is untenable.
life's a game that you're bound to lose / like using a hammer to pound in screws
fuck up once and you break your thumb / if you're happy at all then you're god damn dumb
that's right we're on a fucked up cruise / God is dead but at least we have booze
bad things happen, no one knows why / the sun burns out and everyone dies
I mean I think I've already created the solution, which is having a shared local account with no access to anything but the VPN and a script the user can run which will ask for their username/password and then cache their account.
This is brand new job though so I'll sit on that got a while, but the current solution of knowing everyone's password is untenable.
When I started at the place i work at now, there was literally a spreadsheet with everyone's password in it. and there was no password expiration. I changed both of that ASAP.
there are some cases where I work where the password needs to be static, and the user doesn't even know the password (truck drivers who only have a smartphone as an example) so those are still recorded, but in a more secure fashion. But the fact that I could just look up the password of someone in accounting and log in as them when I started there was absurd.
RandomHajileNot actually a SnatcherThe New KremlinRegistered Userregular
We had a password spreadsheet when I worked at an ISP like 15 years ago. Unless the user knew how to telnet in and change it, I could look up any of them. Most passwords were really bad.
Mr_Rose83 Blue Ridge Protects the HolyRegistered Userregular
Ah, password spreadsheets, the Picard-double-facepalm of network security. Ours was at least kept in an encrypted offline drive. And the passwords were all randomly generated ten-character strings so we at least got away from the "p4ssw0rd" bull, even if I couldn't implement real passphrases.
RandomHajileNot actually a SnatcherThe New KremlinRegistered Userregular
Nope! These were the passwords that people wrote down on a piece of paper, which were then typed into a spreadsheet that was sucked into the Unix password file every hour or so. Until I started working there, mine (set up by my dad) was a five letter word, all lower case.
So I think this might be the right thread for this question. I'm trying to make the step from retail to IT, and a position has just opened up within my company that, while not really being a system administrator, has what I think are some of the basic components. I would be part of a ten person team that contracts out to a few different small business to handle IT needs. It seems like most of the job would be basic fixes, but the two things that they're looking for experience in are active directory and commercial-grade firewalls. I've got one year of doing, and two years of managing experience in terms of consumer computer-repair stuff, but obviously this is a different side of things. Could anyone point me in a good direction for what it really looks like to manage a business client's normal employee needs for IT? From what I can find online Active Directory seems suspiciously simple, and the hiring manager specifically said not to worry too much about the commercial-grade firewall stuff as it seemingly changes all the time and can be easily trained.
Ok so you know how in windows, if you have a laptop and you sign in while connected to the domain, it will cache the credentials and then you can log in while not on the domain (at least for a while.)
Is there a way of forcing it to cache the creds of some other user?
That would be really useful right now.
I think that by default the last 10 domain logins are cached (with max configurable being 50), but there are many stupid client apps that will fill that cache with trash during normal operation.
0
Options
lwt1973King of ThievesSyndicationRegistered Userregular
More proof that no one reads IT's emails.
A manager's email: I have a new employee. Did you order a phone?
My email: <Had no idea about new employee> I'll take one from surplus and set it up for him.
My email: The phone is setup. I'll ship it to you. The passcode is 743985.
<The next day>
Manager's email: I received the phone. What's the passcode?
<insert me banging my head against a wall and then forwarding the original passcode email.>
"He's sulking in his tent like Achilles! It's the Iliad?...from Homer?! READ A BOOK!!" -Handy
+3
Options
TL DRNot at all confident in his reflexive opinions of thingsRegistered Userregular
Files copied, extra robocopy running just in case something slipped through, GPOs updated, logon scripts updated (and slated for deletion, why these are even in place I have no idea), and all agents scheduled to reboot overnight.
Odds that I haven't missed something that will tomorrow morning cause a headache: pretty decent!
A manager's email: I have a new employee. Did you order a phone?
My email: <Had no idea about new employee> I'll take one from surplus and set it up for him.
My email: The phone is setup. I'll ship it to you. The passcode is 743985.
<The next day>
Manager's email: I received the phone. What's the passcode?
<insert me banging my head against a wall and then forwarding the original passcode email.>
Usually when someone does this to me, I go into my sent pile and attach a copy of the original email in my reply. No other text.
Files copied, extra robocopy running just in case something slipped through, GPOs updated, logon scripts updated (and slated for deletion, why these are even in place I have no idea), and all agents scheduled to reboot overnight.
Odds that I haven't missed something that will tomorrow morning cause a headache: pretty decent!
Looks like users only have read-only access, despite being marked for Full Access NTFS and share permissions. Hmm.
edit: whoops, forgot they had shares in subfolders, and those share permissions somehow got set incorrectly.
Okay, so some questions about Apache 2 I'm having trouble finding info on:
For my current configuration I have:
www.domain.com | /www/domain.com - Media/Landing Page
app.domain.com | /www/app.domain.com - This is where the app lives. Login page is here as well.
help.domain.com | /www/help.domain.com - Currently empty, but used by Mailgun, and eventual wiki/support site for our product.
We also want to have insitution branded login pages for everyone. So Penn State would get psu.domain.com, Washington would get uw.domain.com, etc. So I currently have the default landing site being app.domain.com, and I'm building the login page to explode the domain used and pull the relevant login options (some are using only LDAP, some are using only Google, some are using both) and build the page with that schools branding (UW gets purple, PSU gets Navy, etc).
My two questions:
Is there a better way to do this than making the app page the generic catch all, without needing to update the apache configuration for every new group we bring on board? I am not a server guy by any means and every time I fuck with this stuff is one time closer to me breaking everything I feel like. What I have right now works, but it feels wrong.
And secondly, never mind because I figured out my problem while typing this! Lesson for you kids - don't do server configuration shit at 2am when you're already not that great at it.
Edit: Wait, no different problem. After you log in and out once, when you go back to the institution subdomain, it automatically puts you at app.domain.com. How do I stop that from happening?
Posts
a script that can find if a specific phone number is attached to a user in Lync? super bloody useful.
creating said script, one line, but still kind of dumb.
the fact that it has to be run in in Lync powershell, and not vanilla powershell, even more stupid. I still hate how on an exchange server there is "powershell" and "exchange powershell" and the same for lync, etc. If i have Exchange installed just integrate the exchange powershell applets into the "normal" powershell for fuck sakes.
But yeah MS's drive to get their other apps integrated into powershell is good. Many of the implementations, however, are not.
fuck up once and you break your thumb / if you're happy at all then you're god damn dumb
that's right we're on a fucked up cruise / God is dead but at least we have booze
bad things happen, no one knows why / the sun burns out and everyone dies
FTFY
http://www.symantec.com/connect/nl/user/chetan-savade
fuck up once and you break your thumb / if you're happy at all then you're god damn dumb
that's right we're on a fucked up cruise / God is dead but at least we have booze
bad things happen, no one knows why / the sun burns out and everyone dies
Nintendo Network ID: AzraelRose
DropBox invite link - get 500MB extra free.
If you link it, he will come
this, 100%
Yesterday, I got a request to disable password complexity requirements for a client.
you can run get-user | ft -auto UserPrincipalName,StrongPasswordRequired for a list of users and whether the setting is enabled
per-user, of course, because this can't be changed for the domain and will need to be manually adjusted for all future users
but you need to run set-msoluser and not set-user in order to effect a change to the setting, even after already having connected to O365, and that function isn't available in whichever of the 3 versions of Powershell I opened first on the client's server
how hard would it be to issue an update for existing PS modules that imports the necessary functions when they're called instead of giving an error message and then leaving the admin to find out whether it's even possible to add the required feature
In two separate upgrade instances I've seen the user get loaded into a temporary profile, at which point the user says, "Uh. Where the fuck are my files?"
Microsoft. :tell_me_more:
My wife got that update the other night. Just turned on her computer and got the thing.
It was really really annoying. I couldn't tell if it was supposed to be a video or something that we weren't getting sound from or what.
It wouldn't install because it was completely uninstalled.
"OK, now we're gonna log into the SQL server"
*opens up RDC*
*Windows 2000 Advanced Server, built on NT technology*
nooooooooooo.jpg
fuck up once and you break your thumb / if you're happy at all then you're god damn dumb
that's right we're on a fucked up cruise / God is dead but at least we have booze
bad things happen, no one knows why / the sun burns out and everyone dies
I've tried every goddamned *.diagcab file that Microsoft suggests to let it automatically fix the problem. No dice.
faaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaahk this is getting frustrating. :x
Then once it makes an itemized list of your hardware and updates, it takes probably 5 minutes.
punch punch punch
Burn it all down.
Is there a way of forcing it to cache the creds of some other user?
That would be really useful right now.
fuck up once and you break your thumb / if you're happy at all then you're god damn dumb
that's right we're on a fucked up cruise / God is dead but at least we have booze
bad things happen, no one knows why / the sun burns out and everyone dies
Laptops need better ways of dealing with a domain tbh.
Not that I'm aware, and this is something that would have been useful to me for the last 10 years.
Though I guess also still a somewhat useful security paradigm.
fuck up once and you break your thumb / if you're happy at all then you're god damn dumb
that's right we're on a fucked up cruise / God is dead but at least we have booze
bad things happen, no one knows why / the sun burns out and everyone dies
Sort of. Users should belong to groups where admins can have the permissions to impersonate specific groups. User impersonation is a useful tool, and if you have control over who can impersonate who there shouldn't be any security implications that wouldn't already exist given what an admin can actually do.
I mean I think I've already created the solution, which is having a shared local account with no access to anything but the VPN and a script the user can run which will ask for their username/password and then cache their account.
This is brand new job though so I'll sit on that got a while, but the current solution of knowing everyone's password is untenable.
fuck up once and you break your thumb / if you're happy at all then you're god damn dumb
that's right we're on a fucked up cruise / God is dead but at least we have booze
bad things happen, no one knows why / the sun burns out and everyone dies
When I started at the place i work at now, there was literally a spreadsheet with everyone's password in it. and there was no password expiration. I changed both of that ASAP.
there are some cases where I work where the password needs to be static, and the user doesn't even know the password (truck drivers who only have a smartphone as an example) so those are still recorded, but in a more secure fashion. But the fact that I could just look up the password of someone in accounting and log in as them when I started there was absurd.
This is a clickable link to my Steam Profile.
Nintendo Network ID: AzraelRose
DropBox invite link - get 500MB extra free.
This is a clickable link to my Steam Profile.
I think that by default the last 10 domain logins are cached (with max configurable being 50), but there are many stupid client apps that will fill that cache with trash during normal operation.
A manager's email: I have a new employee. Did you order a phone?
My email: <Had no idea about new employee> I'll take one from surplus and set it up for him.
My email: The phone is setup. I'll ship it to you. The passcode is 743985.
<The next day>
Manager's email: I received the phone. What's the passcode?
<insert me banging my head against a wall and then forwarding the original passcode email.>
Odds that I haven't missed something that will tomorrow morning cause a headache: pretty decent!
Usually when someone does this to me, I go into my sent pile and attach a copy of the original email in my reply. No other text.
...sadly, I still went through each MS article to see what was getting patched. I can't help wanting to know. I may never break that habit.
XBL:Phenyhelm - 3DS:Phenyhelm
Looks like users only have read-only access, despite being marked for Full Access NTFS and share permissions. Hmm.
edit: whoops, forgot they had shares in subfolders, and those share permissions somehow got set incorrectly.
For my current configuration I have:
www.domain.com | /www/domain.com - Media/Landing Page
app.domain.com | /www/app.domain.com - This is where the app lives. Login page is here as well.
help.domain.com | /www/help.domain.com - Currently empty, but used by Mailgun, and eventual wiki/support site for our product.
We also want to have insitution branded login pages for everyone. So Penn State would get psu.domain.com, Washington would get uw.domain.com, etc. So I currently have the default landing site being app.domain.com, and I'm building the login page to explode the domain used and pull the relevant login options (some are using only LDAP, some are using only Google, some are using both) and build the page with that schools branding (UW gets purple, PSU gets Navy, etc).
My two questions:
Is there a better way to do this than making the app page the generic catch all, without needing to update the apache configuration for every new group we bring on board? I am not a server guy by any means and every time I fuck with this stuff is one time closer to me breaking everything I feel like. What I have right now works, but it feels wrong.
And secondly, never mind because I figured out my problem while typing this! Lesson for you kids - don't do server configuration shit at 2am when you're already not that great at it.
Edit: Wait, no different problem. After you log in and out once, when you go back to the institution subdomain, it automatically puts you at app.domain.com. How do I stop that from happening?