As was foretold, we've added advertisements to the forums! If you have questions, or if you encounter any bugs, please visit this thread: https://forums.penny-arcade.com/discussion/240191/forum-advertisement-faq-and-reports-thread/

[Sysadmin] Nightmare fuel

19395979899

Posts

  • jungleroomxjungleroomx Never pre-order anything. Registered User regular
    All of the computers are 2012 NCRs that badly need to go away.

  • RandomHajileRandomHajile Not actually a Snatcher The New KremlinRegistered User regular
    Feral wrote: »
    You should at least segregate your OS drive and your data drive, even on a SAN, so:

    1) your data drive filling up doesn't interfere with your OS
    2) if block size alignment is a concern (SQL or Exchange) you can format the data partition to the proper block size
    3) it makes it easier to detach the data from one VM and attach it to another for OS & application upgrades
    Sure, but we’re not even talking about special database servers or anything. 1 is very easy to fix, and is just as likely to happen due to Windows Updates anyway. I just don’t like giving a blank 20+ GB space to grow to two separate drives when it can be consolidated.

  • MugsleyMugsley Registered User regular
    All of the computers are 2012 NCRs that badly need to go away.

    Oh look, it seems that the hardware is now too old to support. Sorry, [client], you need to blame Microsoft for not supporting. Have we mentioned that these systems are 6 years old and represent rather large security holes?

  • ThawmusThawmus Registered User regular
    This conversation reminds me that there was a day when I thought Linux drive mounting was incomprehensible to me (though I still think the way Linux handles removable media is too complicated and dumb), but now I sit here and I'm in the reverse position, I don't understand why Windows still does drive mounting the way they do, with drive letters and shit.

    steam_sig.png
    Twitch: Thawmus83
    Youtube: Thawmus
    SeidkonaRandomHajile
  • FeralFeral MEMETICHARIZARD interior crocodile alligator ⇔ ǝɹʇɐǝɥʇ ǝᴉʌoɯ ʇǝloɹʌǝɥɔ ɐ ǝʌᴉɹp ᴉRegistered User regular
    Drive letters are dumb.

    Mapping network shares to drive letters is dumb.

    every person who doesn't like an acquired taste always seems to think everyone who likes it is faking it. it should be an official fallacy.
    the "no true scotch man" fallacy.
    RandomHajileThawmusSeidkonaFeldornZilla360
  • bowenbowen How you doin'? Registered User regular
    that's fair but it's easier to tell someone "go to your h drive" than it is to tell them to type "go to slash slash filestorage slash users slash your username slash documents"

    not a doctor, not a lawyer, examples I use may not be fully researched so don't take out of context plz, don't @ me
    RandomHajilejungleroomxDonovan PuppyfuckerZilla360
  • XaviarXaviar Registered User regular
    edited June 2018
    The only thing that gets me about it is that I can't reasonably expect a removable drive to get or even be able to get the same mount point next time.

    And sure I shouldn't make assumptions like that on Linux either, but I can in smaller and more controlled environments.

    At least in such a way that a script can just make the assumption and do a quick sanity check before throwing a "Hey we didn't get the mount point we wanted!"

    Whereas a quick and dirty script on windows has to start with the assumption that we have no idea which drive got which mount point and we have to go looking for them before we do anything else.

    Xaviar on
  • FeralFeral MEMETICHARIZARD interior crocodile alligator ⇔ ǝɹʇɐǝɥʇ ǝᴉʌoɯ ʇǝloɹʌǝɥɔ ɐ ǝʌᴉɹp ᴉRegistered User regular
    bowen wrote: »
    that's fair but it's easier to tell someone "go to your h drive" than it is to tell them to type "go to slash slash filestorage slash users slash your username slash documents"

    Totally.

    I don't mind so much in environments where there's just one drive (maybe N:) that points to a DFS namespace, and everything else just appears as a subfolder.

    When you get more than two or three drive letters, or when drive letters are mapped to different paths for different users (retch), then I want to flip a table.

    every person who doesn't like an acquired taste always seems to think everyone who likes it is faking it. it should be an official fallacy.
    the "no true scotch man" fallacy.
    bowenFeldorn
  • FeralFeral MEMETICHARIZARD interior crocodile alligator ⇔ ǝɹʇɐǝɥʇ ǝᴉʌoɯ ʇǝloɹʌǝɥɔ ɐ ǝʌᴉɹp ᴉRegistered User regular
    Regarding Linux, I still don't understand the difference between sbin, bin, opt, and usr.

    every person who doesn't like an acquired taste always seems to think everyone who likes it is faking it. it should be an official fallacy.
    the "no true scotch man" fallacy.
  • bowenbowen How you doin'? Registered User regular
    Feral wrote: »
    Regarding Linux, I still don't understand the difference between sbin, bin, opt, and usr.

    sbin is root only stuff

    bin is for boot/services usually

    usr is for your own local version of whatever might be installed on systems, sometimes shit like shared hosting will dump php in there for multiple different installs I guess

    opt is for random garbage that aren't usually part of an OS

    var is for the stuff that is part of the OS but doesn't belong in config folders in /etc

    not a doctor, not a lawyer, examples I use may not be fully researched so don't take out of context plz, don't @ me
    ThawmusSeidkonaZilla360
  • bowenbowen How you doin'? Registered User regular
    but every distribution does it differently anyways so :rotate:

    not a doctor, not a lawyer, examples I use may not be fully researched so don't take out of context plz, don't @ me
    RandomHajileThawmusiTunesIsEvilSeidkonaDrovekjungleroomxDonovan PuppyfuckerZilla360
  • ThawmusThawmus Registered User regular
    bowen wrote: »
    that's fair but it's easier to tell someone "go to your h drive" than it is to tell them to type "go to slash slash filestorage slash users slash your username slash documents"

    Which is something I've never ever had to say to a user and should never ever have to.

    "Go to your home folder"

    "Go to your Documents folder"

    "Go to your Pictures folder"

    "Go to your Downloads folder"

    It's really no different from telling them how to navigate their Windows profile.

    For mapped network drives you can literally name the bookmark whatever the fuck you want.

    Or you can just nfs mount shit and take it entirely out of their hands.

    steam_sig.png
    Twitch: Thawmus83
    Youtube: Thawmus
  • bowenbowen How you doin'? Registered User regular
    yeah users are dumb in my office tell me something I don't know

    not a doctor, not a lawyer, examples I use may not be fully researched so don't take out of context plz, don't @ me
  • ThawmusThawmus Registered User regular
    Feral wrote: »
    Regarding Linux, I still don't understand the difference between sbin, bin, opt, and usr.

    /bin and /sbin both have executable shit in them, but sbin is kind of your "Administrative tools". In most distros only root has /sbin added to their PATH variable, so only root can call them from cli.

    /opt is used for 3rd party shit

    /usr is for a lot of shit, mostly libraries and binaries, but it's been commandeered for a lot of shit by different distros and developers. Like, pretty much every subdirectory under /usr has got its own history for how it fucking got there and what the fuck it's for and how that changed over the years.

    steam_sig.png
    Twitch: Thawmus83
    Youtube: Thawmus
    SeidkonaDrovek
  • SeidkonaSeidkona Had an upgrade Registered User regular
    /usr/local/bin, /etc/program_name/var/log , /opt/program_name/etc/

    Go home Linux, you're drunk.

    Mostly just huntin' monsters.
    XBL:Phenyhelm - 3DS:Phenyhelm
    ThawmusAiouaFeralCogZilla360
  • ThawmusThawmus Registered User regular
    Entaru wrote: »
    /usr/local/bin, /etc/program_name/var/log , /opt/program_name/etc/

    Go home Linux, you're drunk.

    My favorite is Nagios:

    /usr/local/nagios/ leads to:

    /usr/local/nagios/bin
    /usr/local/nagios/etc
    /usr/local/nagios/sbin
    /usr/local/nagios/var

    among others....

    steam_sig.png
    Twitch: Thawmus83
    Youtube: Thawmus
    SeidkonaiTunesIsEvilFeralZilla360
  • wunderbarwunderbar What Have I Done? Registered User regular
    To go back to my SQL server thing from Thursday, since I had a 3 day weekend and didn't check here, the main reason that I still set up SQL servers that way, especially with transaction logs on a separate drive, is even in a VM/storage array environment, you don't want a case where a runaway issue with the logfiles causes issues with the live databases, and the size of the drives either fill up if you limit the virtual drive, or swells too large if it's set dynamically.

    and yes, Windows install on one drive and data on another, no matter what.

    Most servers I don't care to segregate data as much as I do with SQL, but with a big SQL server, I still want to be careful/do it right.

    XBL: thewunderbar PSN: thewunderbar NNID: thewunderbar Steam: wunderbar87 Twitter: wunderbar
    NaphtaliFeral
  • That_GuyThat_Guy I don't wanna be that guy Registered User regular
    Oh hey, Hiren's BootCD has been updates for the first time since 2012. It's been rebuilt from the ground up with the Windows 10 Preinstall Environment (PE). I just threw it on a USB stick and it's great.

    https://www.hirensbootcd.org/

    This appears to be an initial release. I don't think he's even ported the HBCD Menu into it.

    steam_sig.png
    bowenSeidkonaFeldornThawmusa5ehrenGilbert0FeralZilla360
  • wunderbarwunderbar What Have I Done? Registered User regular
    I had no idea this was a thing and now I don't know how I lived my life without it.

    XBL: thewunderbar PSN: thewunderbar NNID: thewunderbar Steam: wunderbar87 Twitter: wunderbar
  • ThawmusThawmus Registered User regular
    Hiren's and the BitDefender LiveCD are still my favorite CD's.

    They're also the only CD's I have anymore because what the fuck are CD's, precious?

    steam_sig.png
    Twitch: Thawmus83
    Youtube: Thawmus
  • KakodaimonosKakodaimonos Registered User regular
    Our support desk is sending out directions on how to fix an ongoing issue.

    It involves deleting nodes out of HKEY_LOCAL_MACHINE with regedit.

    This is not going to end well.

    SeidkonaThawmuswunderbarShadowfireDarkewolfeDonovan Puppyfuckerjungleroomx
  • bowenbowen How you doin'? Registered User regular
    Why not just give them a .reg file to run?

    not a doctor, not a lawyer, examples I use may not be fully researched so don't take out of context plz, don't @ me
    ThawmusSeidkonaFerala5ehrenDrovek
  • LD50LD50 Registered User regular
    Uh, shouldn't that be done via a .reg file at the very least?

    bowenThawmusSeidkonaFeralDrovekjungleroomx
  • ThawmusThawmus Registered User regular
    My guess is that the support desk is following vendor instructions and hasn't thought past that.

    steam_sig.png
    Twitch: Thawmus83
    Youtube: Thawmus
    SeidkonaFeral
  • SiliconStewSiliconStew Registered User regular
    Our support desk is sending out directions on how to fix an ongoing issue.

    It involves deleting nodes out of HKEY_LOCAL_MACHINE with regedit.

    This is not going to end well.

    If your users actually have permissions to do that you've got a lot more problems than that to worry about.

    Just remember that half the people you meet are below average intelligence.
    LD50wunderbarbowenFerala5ehrenDrovekNaphtaliDarkewolfeGilbert0Apothe0sis
  • LD50LD50 Registered User regular
    Our support desk is sending out directions on how to fix an ongoing issue.

    It involves deleting nodes out of HKEY_LOCAL_MACHINE with regedit.

    This is not going to end well.

    If your users actually have permissions to do that you've got a lot more problems than that to worry about.

    Bonus points if they don't have permission and those instructions got distributed anyway.

    bowenFeralDrovekNaphtali
  • lwt1973lwt1973 King of Thieves SyndicationRegistered User regular
    I love when people say they are too busy to do something and when you check on them later they are playing games on their phones.

    "He's sulking in his tent like Achilles! It's the Iliad?...from Homer?! READ A BOOK!!" -Handy
    Zilla360
  • wunderbarwunderbar What Have I Done? Registered User regular
    lwt1973 wrote: »
    I love when people say they are too busy to do something and when you check on them later they are playing games on their phones.

    well I mean.... that is actually being busy.

    XBL: thewunderbar PSN: thewunderbar NNID: thewunderbar Steam: wunderbar87 Twitter: wunderbar
    Droveklwt1973ThawmusFeralShadowfireZilla360
  • FeralFeral MEMETICHARIZARD interior crocodile alligator ⇔ ǝɹʇɐǝɥʇ ǝᴉʌoɯ ʇǝloɹʌǝɥɔ ɐ ǝʌᴉɹp ᴉRegistered User regular
    Quality CenturyLink workmanship here:

    z408nqzr6w6i.jpg

    every person who doesn't like an acquired taste always seems to think everyone who likes it is faking it. it should be an official fallacy.
    the "no true scotch man" fallacy.
    ArcSynNaphtaliThat_Guya5ehrenbowenShadowfireCogiTunesIsEvilBolthornZilla360
  • FeralFeral MEMETICHARIZARD interior crocodile alligator ⇔ ǝɹʇɐǝɥʇ ǝᴉʌoɯ ʇǝloɹʌǝɥɔ ɐ ǝʌᴉɹp ᴉRegistered User regular
    I know it's easily fixed but the sloppiness is irritating.

    Also they used plastic zipties through rack screw holes to secure power cables.

    every person who doesn't like an acquired taste always seems to think everyone who likes it is faking it. it should be an official fallacy.
    the "no true scotch man" fallacy.
  • CogCog Registered User regular
    Ran into this today.
    jgav41pr6ha4.png
    giphy.gif

    FeralThawmusInquisitor77
  • wunderbarwunderbar What Have I Done? Registered User regular
    why are they trying to map share and samefuckingshare to the same drive letter?
    I'm not sorry

    XBL: thewunderbar PSN: thewunderbar NNID: thewunderbar Steam: wunderbar87 Twitter: wunderbar
    Thawmus
  • CogCog Registered User regular
    edited June 2018
    There's a lot of places I could start bitching about what they've done (*coughmappeddrivesondefaultdomainpolicycough*) but I personally like how they use Update on the policy with highest inheritance priority, and then use Create on the policy with the lowest inheritance priority.

    That means if they change the M drive on their drive mapping policy, anything they change it to will work.... and then be overwritten by the default domain policy's "Create", which will delete the M drive mapping in order to re-create the old one.

    They also had tons of policies set to "Enforce" when they had no containers with inheritance blocking. And they had policies with only a single link to the deepest OU in a tree... set to Enforce.

    Why do people not understand how GPO works, JESUS

    Cog on
    Feral
  • CogCog Registered User regular
    On a much calmer note, this is a handy little powershell script where you can enter a username and be shown their last date and time of login.
    Import-Module ActiveDirectory
    
    $User = Read-Host -Prompt 'Input the user name'
    
    function Get-ADUserLastLogon([string]$userName)
    {
    $dcs = Get-ADDomainController -Filter {Name -like "*"}
    $time = 0
    foreach($dc in $dcs)
    {
    $hostname = $dc.HostName
    $user = Get-ADUser $userName | Get-ADObject -Properties lastLogon
    if($user.LastLogon -gt $time)
    {
    $time = $user.LastLogon
    }
    }
    $dt = [DateTime]::FromFileTime($time)
    Write-Host $username "last logged on at:" $dt }
    Get-ADUserLastLogon -UserName $User
    

    Zilla360
  • ThawmusThawmus Registered User regular
    Cog wrote: »
    There's a lot of places I could start bitching about what they've done (*coughmappeddrivesondefaultdomainpolicycough*) but I personally like how they use Update on the policy with highest inheritance priority, and then use Create on the policy with the lowest inheritance priority.

    That means if they change the M drive on their drive mapping policy, anything they change it to will work.... and then be overwritten by the default domain policy's "Create", which will delete the M drive mapping in order to re-create the old one.

    They also had tons of policies set to "Enforce" when they had no containers with inheritance blocking. And they had policies with only a single link to the deepest OU in a tree... set to Enforce.

    Why do people not understand how GPO works, JESUS

    While I share you frustration over this, because I had a hell of a time with this back in the day, I think the main reason people don't understand how GPO works is that Microsoft is using really shitty language to describe what the hell they're doing.

    If you knew nothing about Group Policy and started fucking around with it on day 1, you would expect Enforce to enforce the policy. Like it'll keep the end-user from changing the setting.

    And why not fuck around with the default domain policy if you can't delete it? Clearly it's the one Microsoft wants you to use, right?

    I find that the things that people fuck up constantly are probably super unintuitive. I know I wasn't using GPO right until I took a Citrix class and they spent the first 3/5 days teaching us group policy, because you need good fucking group policy if you're running Citrix. Then I came back from class and had to fight tooth and nail with my boss on how GPO works, because he would insist, based on the language used in the tool, that what I was saying was flat-out wrong.

    steam_sig.png
    Twitch: Thawmus83
    Youtube: Thawmus
    RandomHajileSeidkonaArcSynFeldornFeral
  • CogCog Registered User regular
    Thawmus wrote: »
    Cog wrote: »
    I think the main reason people don't understand how GPO works is that Microsoft is using really shitty language to describe what the hell they're doing.

    Yeah, I will readily admit that this is absolutely the problem. They could change it to like "Override Inheritance Block" and "Critical Domain Defaults DO NOT MODIFY" and solve 95% of those issues.

    Thawmus
  • CogCog Registered User regular
    @Aioua lighting the batsignal for vowels, help me figure out how to put function get-logonserver{ into that script so I can return both last logon time and, if they're currently logged in, which DC authenticated them.

  • AiouaAioua Ora Occidens Ora OptimaRegistered User regular
    edited June 2018
    Cog wrote: »
    Aioua lighting the batsignal for vowels, help me figure out how to put function get-logonserver{ into that script so I can return both last logon time and, if they're currently logged in, which DC authenticated them.

    @Cog
    heh, that script already finds it for you it just doesn't do anything with it. Needs better variable names!
    Here:
    Import-Module ActiveDirectory
    
    $userName = Read-Host -Prompt 'Input the user name'
    $dcs = Get-ADDomainController -Filter {Name -like "*"}
    $mostRecentLogon = 0
    $mostRecentDc = ""
    
    foreach($dc in $dcs)
    {
         $currentDc = $dc.HostName
         $userObj = Get-ADUser $userName | Get-ADObject -Properties lastLogon
         if($userObj.LastLogon -gt $mostRecentLogon)
         {
             $mostRecentLogon = $userObj.LastLogon
             $mostRecentDc = $currentDc
         }
    }
    
    $dt = [DateTime]::FromFileTime($mostRecentLogon)
    Write-Host "$userName last logged on at: $dt from DC: $mostRecentDc"
    


    e: removed function, scripts are that one giant function annoy me, that's what a script is!

    Aioua on
    life's a game that you're bound to lose / like using a hammer to pound in screws
    fuck up once and you break your thumb / if you're happy at all then you're god damn dumb
    that's right we're on a fucked up cruise / God is dead but at least we have booze
    bad things happen, no one knows why / the sun burns out and everyone dies
    CogRandomHajile
  • AiouaAioua Ora Occidens Ora OptimaRegistered User regular
    Well, that wouldn't tell you if they're currently logged in, just which DC was the one recording the most recent login. (I'm... pretty sure lastlogon only gets overwritten when you log onto that specific DC, the synced value is lastlogontimestamp)
    I'm not sure how to tell if a user is currently logged in actually... is that something AD even tracks? I have this feeling it's stateless?

    life's a game that you're bound to lose / like using a hammer to pound in screws
    fuck up once and you break your thumb / if you're happy at all then you're god damn dumb
    that's right we're on a fucked up cruise / God is dead but at least we have booze
    bad things happen, no one knows why / the sun burns out and everyone dies
    RandomHajile
  • CogCog Registered User regular
    edited June 2018
    Aioua wrote: »
    Cog wrote: »
    Aioua lighting the batsignal for vowels, help me figure out how to put function get-logonserver{ into that script so I can return both last logon time and, if they're currently logged in, which DC authenticated them.

    @Cog
    heh, that script already finds it for you it just doesn't do anything with it. Needs better variable names!
    Here:
    Import-Module ActiveDirectory
    
    $userName = Read-Host -Prompt 'Input the user name'
    $dcs = Get-ADDomainController -Filter {Name -like "*"}
    $mostRecentLogon = 0
    $mostRecentDc = ""
    
    foreach($dc in $dcs)
    {
         $currentDc = $dc.HostName
         $userObj = Get-ADUser $userName | Get-ADObject -Properties lastLogon
         if($userObj.LastLogon -gt $mostRecentLogon)
         {
             $mostRecentLogon = $userObj.LastLogon
             $mostRecentDc = $currentDc
         }
    }
    
    $dt = [DateTime]::FromFileTime($mostRecentLogon)
    Write-Host "$userName last logged on at: $dt from DC: $mostRecentDc"
    


    e: removed function, scripts are that one giant function annoy me, that's what a script is!

    Okay so now how about lets do it with popups!

    I dropped in
    [System.Reflection.Assembly]::LoadWithPartialName('Microsoft.VisualBasic') | Out-Null
    $userName = [Microsoft.VisualBasic.Interaction]::InputBox("Enter a user name", "User Name", "$env:username")
    

    To get a popup that prompts for a username with the current user filled in, but I cant find something appropriate to produce a popup for the output.

    Cog on
This discussion has been closed.