I'm an aggressive patcher. When I started at my company we had no official policy for patching, and it was done more or less when an engineer got around to it (about once every 2 months).
I set our patching policies and we now aim for 100% installation within 14 days for any updates to any Microsoft or Adobe product, any web browser, and Java. We don't always make it, but we get close.
We were fully patched against ETERNALABLOO a month ago...
...except for that one fucking 2003 VM that we still have because that team is slowpokes
Ideally I'd patch every month, but my reality is that I can't get there... yet. I'm pushing for a pretty substantial infrastructure upgrade over the next 18 months or so. only when I have that mostly done will I be able to do it.
I'm an aggressive patcher. When I started at my company we had no official policy for patching, and it was done more or less when an engineer got around to it (about once every 2 months).
I set our patching policies and we now aim for 100% installation within 14 days for any updates to any Microsoft or Adobe product, any web browser, and Java. We don't always make it, but we get close.
We were fully patched against ETERNALABLOO a month ago...
...except for that one fucking 2003 VM that we still have because that team is slowpokes
Ideally I'd patch every month, but my reality is that I can't get there... yet. I'm pushing for a pretty substantial infrastructure upgrade over the next 18 months or so. only when I have that mostly done will I be able to do it.
It took a couple of years to get to this point and the whining
omg the whining
"Feral, random_problem_073 happened on software_that_shits_itself_all_the_time! It must have been a Windows Update!"
every person who doesn't like an acquired taste always seems to think everyone who likes it is faking it. it should be an official fallacy.
I'm an aggressive patcher. When I started at my company we had no official policy for patching, and it was done more or less when an engineer got around to it (about once every 2 months).
I set our patching policies and we now aim for 100% installation within 14 days for any updates to any Microsoft or Adobe product, any web browser, and Java. We don't always make it, but we get close.
We were fully patched against ETERNALABLOO a month ago...
...except for that one fucking 2003 VM that we still have because that team is slowpokes
Ideally I'd patch every month, but my reality is that I can't get there... yet. I'm pushing for a pretty substantial infrastructure upgrade over the next 18 months or so. only when I have that mostly done will I be able to do it.
It took a couple of years to get to this point and the whining
omg the whining
"Feral, random_problem_073 happened on software_that_shits_itself_all_the_time! It must have been a Windows Update!"
Part of my thing is we're still mostly a physical server environment so if a patch does go sideways I can't just roll back a snapshot. Much higher risk of ruining my day/week if an update goes badly.
Maybe if you didn't also make me the biller of a county and the IT guy something could get done around here, boss.
Mostly just huntin' monsters.
XBL:Phenyhelm - 3DS:Phenyhelm
0
Options
KakodaimonosCode fondlerHelping the 1% get richerRegistered Userregular
Hahaha.
After going around and updating all of our users local machines one of our techs got locked out of his account because a user came in, didn't bother to see that it wasn't his account he was trying to log in to and tried 11 times before stomping over in a huff.
So, no, I don't think we can ask users to be less stupid.
0
Options
jungleroomxIt's never too many graves, it's always not enough shovelsRegistered Userregular
one of my coworkers just got a call from one of the mooks at our new helpdesk all trying to close and reopen his ticket to reset the SLA
you messed with the wrong dude, he's already got you bosses name and is going to burn your ass
seriously you'd think you'd check and see if the requester is also IT before you try that shit
life's a game that you're bound to lose / like using a hammer to pound in screws
fuck up once and you break your thumb / if you're happy at all then you're god damn dumb
that's right we're on a fucked up cruise / God is dead but at least we have booze
bad things happen, no one knows why / the sun burns out and everyone dies
"Hmm, maybe this script I made to delete all of a computer's user profiles belonging to the contoso.com domain checks first to make sure the computer isn't joined to the contoso.com domain."
Aioua on
life's a game that you're bound to lose / like using a hammer to pound in screws
fuck up once and you break your thumb / if you're happy at all then you're god damn dumb
that's right we're on a fucked up cruise / God is dead but at least we have booze
bad things happen, no one knows why / the sun burns out and everyone dies
Just a fun side note, if you shut off SMBv1, any older scan/fax devices you may have could possibly shit themselves and no longer be able to scan to their network shares, if they don't support more current versions of the SMB protocol. I've run into some older devices that only work on SMBv1, so shutting that off to close this security loophole could inherently also make those devices stop working.
mostly because we had some hospital software that wouldn't work with newer windows
I told the hospital "tough shit" and upgraded anyways, making the doctors have to go to the actual hospital to do work on their shitty antiquated servers.
Guess what they updated.
not a doctor, not a lawyer, examples I use may not be fully researched so don't take out of context plz, don't @ me
when I used to have an office to go to, I'd work wirelessly if I knew I had to go between meetings throughout the day. just made picking up and moving around easier, and I'm lazy.
I've got a call in to see if they can be switched to v2, but if not..... no one is scanning today :rotate:
Or ever again at all on those devices.
I'm turning it back on once I'm patched up tonight. It's just amazing that this is a thing.
I was on the phone with support from the company that maintains them, and we have one machine that's new enough where it supports v2 and v3, so that one is up and running..... it's just in our remote office and not the main building. I looked at every one we have in this office and they're all 8+ years old and don't support anything above v1.
adding "get newer copiers since the ones we have are all probably past lease date anyway" to my list to bug the people who manage the copiers about.
I am getting endless amusement out of the fact that Microsoft actually fucking released an XP/2003 patch for this thing.
we were using server2003 2 years ago
We have a lot of clients using 2003 right now. Mainly because
1. They have software that won't run on anything newer 2003
2. They won't spend the money on new software that is compatible with a modern server OS or don't want to learn a new product. IE they are cheap and lazy
3. "This server works why would we spend the money to upgrade"
4. Did I mention they're cheap?
I spent most of Friday night and all of Saturday making sure patches were done to 500+ servers and pushed to the workstations at every location.
I also came in 2 hours early today just in case. So far it's been all quite and I'm hoping it lasts.
So I was thinking of cobbling together some powershell whirlygig that creates a .bat file for launching stuff, since I frequently find myself installing "C:\Program Files\Foo\Bar.exe" and I don't want to shit my PATH up with yet another folder so I want a script that makes a batch file in a directory in the path that starts that for me.
Friend of mine once made a whirlygig that added a context menu option 'add to path' that created symlinks in an already-in-path directory.
Yeah, what I want is essentially a command that lets me go "pathinate ./foo.exe". (But have it run from the actual directory, of course.)
for once, vanilla's inability to suppress at signs in code blocks works in my favor
also uh, I think the "%*" there just means "pass through all arguments" I dunno I avoid working in batch soooo
life's a game that you're bound to lose / like using a hammer to pound in screws
fuck up once and you break your thumb / if you're happy at all then you're god damn dumb
that's right we're on a fucked up cruise / God is dead but at least we have booze
bad things happen, no one knows why / the sun burns out and everyone dies
I am getting endless amusement out of the fact that Microsoft actually fucking released an XP/2003 patch for this thing.
we were using server2003 2 years ago
We have a lot of clients using 2003 right now. Mainly because
1. They have software that won't run on anything newer 2003
2. They won't spend the money on new software that is compatible with a modern server OS or don't want to learn a new product. IE they are cheap and lazy
3. "This server works why would we spend the money to upgrade"
4. Did I mention they're cheap?
I spent most of Friday night and all of Saturday making sure patches were done to 500+ servers and pushed to the workstations at every location.
I also came in 2 hours early today just in case. So far it's been all quite and I'm hoping it lasts.
not very cheap once you calculate those costs in tho
not a doctor, not a lawyer, examples I use may not be fully researched so don't take out of context plz, don't @ me
I am getting endless amusement out of the fact that Microsoft actually fucking released an XP/2003 patch for this thing.
we were using server2003 2 years ago
We have a lot of clients using 2003 right now. Mainly because
1. They have software that won't run on anything newer 2003
2. They won't spend the money on new software that is compatible with a modern server OS or don't want to learn a new product. IE they are cheap and lazy
3. "This server works why would we spend the money to upgrade"
4. Did I mention they're cheap?
I spent most of Friday night and all of Saturday making sure patches were done to 500+ servers and pushed to the workstations at every location.
I also came in 2 hours early today just in case. So far it's been all quite and I'm hoping it lasts.
not very cheap once you calculate those costs in tho
Posts
Ideally I'd patch every month, but my reality is that I can't get there... yet. I'm pushing for a pretty substantial infrastructure upgrade over the next 18 months or so. only when I have that mostly done will I be able to do it.
It took a couple of years to get to this point and the whining
omg the whining
"Feral, random_problem_073 happened on software_that_shits_itself_all_the_time! It must have been a Windows Update!"
the "no true scotch man" fallacy.
Part of my thing is we're still mostly a physical server environment so if a patch does go sideways I can't just roll back a snapshot. Much higher risk of ruining my day/week if an update goes badly.
Godspeed.
That's a tough one to get rid of.
And they want to ruin it with a reboot for a critical update.
XBL:Phenyhelm - 3DS:Phenyhelm
Problem is tho
"A" critical update?
Funny thing is, their other server rebooted and got updated.
This one hasn't.
Uptime is the currency of the strong.
XBL:Phenyhelm - 3DS:Phenyhelm
workstation's are all patched.
Also sent out an email to the users that said "be less stupid than usual today" (I might have said it in a slightly more nice way)
XBL:Phenyhelm - 3DS:Phenyhelm
After going around and updating all of our users local machines one of our techs got locked out of his account because a user came in, didn't bother to see that it wasn't his account he was trying to log in to and tried 11 times before stomping over in a huff.
So, no, I don't think we can ask users to be less stupid.
Derp, it looks like our managed copier/scanner devices use SMBv1 to for scan to file. As soon as I made the change they all broke......
I've got a call in to see if they can be switched to v2, but if not..... no one is scanning today :rotate:
one of my coworkers just got a call from one of the mooks at our new helpdesk all trying to close and reopen his ticket to reset the SLA
you messed with the wrong dude, he's already got you bosses name and is going to burn your ass
seriously you'd think you'd check and see if the requester is also IT before you try that shit
fuck up once and you break your thumb / if you're happy at all then you're god damn dumb
that's right we're on a fucked up cruise / God is dead but at least we have booze
bad things happen, no one knows why / the sun burns out and everyone dies
"Hmm, maybe this script I made to delete all of a computer's user profiles belonging to the contoso.com domain checks first to make sure the computer isn't joined to the contoso.com domain."
fuck up once and you break your thumb / if you're happy at all then you're god damn dumb
that's right we're on a fucked up cruise / God is dead but at least we have booze
bad things happen, no one knows why / the sun burns out and everyone dies
I just made an ftp server and switched scanning to it.
XBL:Phenyhelm - 3DS:Phenyhelm
Or ever again at all on those devices.
DON'T TELL ME WHAT TO DO DAD
I WILL BREAK MY FOOT OFF IN YOUR ASS IF YOU GIVE ME ANY LIP LIKE THAT AGAIN
literal "this hurts me more than it hurts you"
we were using server2003 2 years ago
I told the hospital "tough shit" and upgraded anyways, making the doctors have to go to the actual hospital to do work on their shitty antiquated servers.
Guess what they updated.
The uninstaller via the control panel couldn't even start.
Then I googled up their "removal tool".
Then the whole office got a laugh out of the captcha it has before you can actually uninstall.
It makes the internet go faster because it doesn't have to go over the pipes that all the other people are going over.
I'm turning it back on once I'm patched up tonight. It's just amazing that this is a thing.
I was on the phone with support from the company that maintains them, and we have one machine that's new enough where it supports v2 and v3, so that one is up and running..... it's just in our remote office and not the main building. I looked at every one we have in this office and they're all 8+ years old and don't support anything above v1.
adding "get newer copiers since the ones we have are all probably past lease date anyway" to my list to bug the people who manage the copiers about.
We have a lot of clients using 2003 right now. Mainly because
1. They have software that won't run on anything newer 2003
2. They won't spend the money on new software that is compatible with a modern server OS or don't want to learn a new product. IE they are cheap and lazy
3. "This server works why would we spend the money to upgrade"
4. Did I mention they're cheap?
I spent most of Friday night and all of Saturday making sure patches were done to 500+ servers and pushed to the workstations at every location.
I also came in 2 hours early today just in case. So far it's been all quite and I'm hoping it lasts.
I got bored and made this for you
param( $path ) $shortcutsLocation = "C:\pathShortcuts\" try { $fullPath = Resolve-Path $path -ErrorAction Stop} catch { throw "Error resolving path: $_" } $exeName = Get-ChildItem $fullPath | Select-Object -ExpandProperty BaseName $batPath = [string]$shortcutsLocation + $exeName + ".bat" New-Item -Path $batPath -ItemType "file" | Out-Null $batCode = "@echo off`r`n`"$fullPath`" %*" Add-Content $batPath $batCodefor once, vanilla's inability to suppress at signs in code blocks works in my favor
also uh, I think the "%*" there just means "pass through all arguments" I dunno I avoid working in batch soooo
fuck up once and you break your thumb / if you're happy at all then you're god damn dumb
that's right we're on a fucked up cruise / God is dead but at least we have booze
bad things happen, no one knows why / the sun burns out and everyone dies
not very cheap once you calculate those costs in tho
ROI is a dirty word.
The Wi-fi here bogs down less in the afternoon when the offsite backup job runs.
Doubly hilarious considering who I work for, but none of you will know that :P
You work for Symantec, you son of a bitch, admit it.