What if you're locked in a cube and have no direct access to a window so you don't know what the weather is outside? I mean come on at least allow a for a little human decency
User - I have no idea how those got there. By the way, check out this cool free version of solitaire that I downloaded!
And that was one of my primary reasons why I've downgraded every user's local account on Windows 7. Want to install something? Okay, well it requires me putting in a domain admin's credentials... although Chrome seems to have some type of workaround and I'm not exactly pleased about it.
It has the capability to install itself to the user's AppData (probably so that updates don't require your intervention)
But should that really affect the initial install process?
By default, the user has full rights to their own profile directory. They can install whatever they want in there as long as it doesn't touch Program Files or HKLM keys.
Very interesting... kind of defeats some of the purpose of restricting local rights, doesn't it? I must look into this more. Thanks for the information.
User rights vs admin rights is more about keeping the user from hosing the system. If the user burns their own profile, that's on them. We have backups for the data, but we have no obligation to support non-approved apps. But if you need to lock things down beyond that, go ahead.
SiliconStew on
Just remember that half the people you meet are below average intelligence.
On the plus side, being able to force policy on all users in a GApps for Business domain using Chrome to have Flashblock, adblock, and Web of Trust extensions installed by default is very, very handy.
User - I have no idea how those got there. By the way, check out this cool free version of solitaire that I downloaded!
And that was one of my primary reasons why I've downgraded every user's local account on Windows 7. Want to install something? Okay, well it requires me putting in a domain admin's credentials... although Chrome seems to have some type of workaround and I'm not exactly pleased about it.
It has the capability to install itself to the user's AppData (probably so that updates don't require your intervention)
Which is why I had to go deep in execution restrictions and NTFS permissions on my terminal servers used by high schoolers. These girls are crafty when it comes to installing games and chrome.
We just used a program that restored the workstation to a saved state on restart. I forget the name. Damn students.
On the subject of toolbars. One guy here had 3 instances of the weather network app installed so that he could see the local weather, the weather in Toronto for some reason and the weather in whatever eastern European country he came from.
Because if you're going to attempt to squeeze that big black monster into your slot you will need to be able to take at least 12 inches or else you're going to have a bad time...
On the subject of toolbars. One guy here had 3 instances of the weather network app installed so that he could see the local weather, the weather in Toronto for some reason and the weather in whatever eastern European country he came from.
Related: what's up with Linux nerds and having to have CPU/RAM/net usage bars all over the place? On their desktop machine? Who cares?
used to matter on much more limited resources (especially the ram usage)
if I was still working on a memory intensive project from only a few years back, I'd still care, because that program chewed through memory (despite efforts to improve it)
back in the days of dialup and shitty single core processors, I cared about net and cpu usage too, but that hasn't been remotely an issue in a while
End on
I wish that someway, somehow, that I could save every one of us
What if you're locked in a cube and have no direct access to a window so you don't know what the weather is outside? I mean come on at least allow a for a little human decency
I suppose you need to have something to ineffectually small-talk about with that new girl from accounting.
What if you're locked in a cube and have no direct access to a window so you don't know what the weather is outside? I mean come on at least allow a for a little human decency
I worked at a dilbert'ian office where they had gigantic windows that looked out over beautiful landscape and scenery on a floor of a cubicle farm. they placed people up against the windows, and put cubicle walls in front of the windows so they/noone could see out. Thank god that was a part time summer job.
User - I have no idea how those got there. By the way, check out this cool free version of solitaire that I downloaded!
And that was one of my primary reasons why I've downgraded every user's local account on Windows 7. Want to install something? Okay, well it requires me putting in a domain admin's credentials... although Chrome seems to have some type of workaround and I'm not exactly pleased about it.
It has the capability to install itself to the user's AppData (probably so that updates don't require your intervention)
Which is why I had to go deep in execution restrictions and NTFS permissions on my terminal servers used by high schoolers. These girls are crafty when it comes to installing games and chrome.
We just used a program that restored the workstation to a saved state on restart. I forget the name. Damn students.
Deepfreeze, we ran a trial. It was ruled out for being expensive (non-profit school) and my solution allows me to have a terminal server run without an antivirus weighing it down, or any added cost for that matter.
0
Options
jaziekBad at everythingAnd mad about it.Registered Userregular
On the subject of toolbars. One guy here had 3 instances of the weather network app installed so that he could see the local weather, the weather in Toronto for some reason and the weather in whatever eastern European country he came from.
Related: what's up with Linux nerds and having to have CPU/RAM/net usage bars all over the place? On their desktop machine? Who cares?
The only people who do this are the people who don't actually have enough actual stuff to be filling their screen real estate with.
User - I have no idea how those got there. By the way, check out this cool free version of solitaire that I downloaded!
And that was one of my primary reasons why I've downgraded every user's local account on Windows 7. Want to install something? Okay, well it requires me putting in a domain admin's credentials... although Chrome seems to have some type of workaround and I'm not exactly pleased about it.
It has the capability to install itself to the user's AppData (probably so that updates don't require your intervention)
Which is why I had to go deep in execution restrictions and NTFS permissions on my terminal servers used by high schoolers. These girls are crafty when it comes to installing games and chrome.
We just used a program that restored the workstation to a saved state on restart. I forget the name. Damn students.
Deepfreeze, we ran a trial. It was ruled out for being expensive (non-profit school) and my solution allows me to have a terminal server run without an antivirus weighing it down, or any added cost for that matter.
Yea it was the solution in place way before I got there. We were migrating things to thin clients for students. Got only a few labs done before I was outta there.
0
Options
Apothe0sisHave you ever questioned the nature of your reality?Registered Userregular
On the subject of toolbars. One guy here had 3 instances of the weather network app installed so that he could see the local weather, the weather in Toronto for some reason and the weather in whatever eastern European country he came from.
Related: what's up with Linux nerds and having to have CPU/RAM/net usage bars all over the place? On their desktop machine? Who cares?
Why do you* have cold cathodes and leds inside your computer case? It's not functional but it looks totally technical and futuristic!
We had deepfreeze at our college. We over the shoulder engineered the password(took us a while, we ocean 11'd it with a complicated plan and felt like badasses), and installed games on all the pc's we wanted permanently without anyone ever noticing. In our defense, they made things just so boring that we had nothing to do but to try and circumvent them at every turn.
Now though? Fuck college us. thank god they had a "boys will be boys" attitude about all that.
Anyone have suggestions for switches? We may be switching over to an IP phone system if we can get approval. The phones can either power from PoE or from an AC adapter, of course my switches all happen to not be PoE capable and are also EoL as of 2011.
Because if you're going to attempt to squeeze that big black monster into your slot you will need to be able to take at least 12 inches or else you're going to have a bad time...
MichaelLCIn what furnace was thy brain?ChicagoRegistered Userregular
On Chrome, Windows 8. Firewall and patches current as far as I know.
So after going to a suspicious site, I ran MSE/Defender and it came up with a Vundo infection. Claimed to delete it.
- Rebooted and re-ran; clean.
- Installed Ms Safety Scanner, also came up clean.
- Installed Malwarebytes, ran both in Regular and Safe Mode, both clean.
Am I good, or should I nuke it? Need to change passwords or anything? Been a long time since I've gotten anything, so not sure what the needed panic level is. Thanks.
0
Options
jaziekBad at everythingAnd mad about it.Registered Userregular
Anybody here got any experience with salesforce? We're trying to get the Outlook integration working, but something seems to be up with our VPN thats stopping it working. I'm not really sure where to start.
Man, I've been totally remiss in my promise of daily stupid user stories. So here's a few from last week. In some of these, the stupid users were actually admins!
1. Someone at the datacenter plugged in a device or launched a VM, that was calling itself localhost. So that name got inserted into the DNS as localhost.ourdomain.org, when then basically hosed all of our AIX/Unix systems, among which is our main HR application, because localhost is of course what they call themselves.
2. We use LANDesk for our ticket tracking and desktop remote control and management. Friday around noon we started getting calls from various IT people that they couldn't get in because they were getting told we were out of licenses. So for a couple of hours it was "DO NOT log out of LANDesk or you won't be able to get back in until we get this figured out." Turns out it was (indirectly) my fault. When a new user account is created in AD when LANDesk does it's sync with AD if they're a member of a certain couple groups they get added to the LANDesk user database. Same thing in reverse when an AD account is deleted because of termination. If that account is recreated because of getting rehired or whatever, it is not automatically added back into the user DB. So if we run across a user like that we have to ask our boss to readd them. I did so for a user. That's the extent of my involvement. He readds the user by running a query in LANDesk, which he does by selecting, the text of the actual query, then telling it run. Well, that time he missed selecting the last line, with the WHERE statement. So it readded every deleted user ever, including former IT people so suddenly we were way over our license limit. Whoops!
3. I had a user call in that was having a lot of trouble articulating what her actual problem was. I was going to try to have her log out of her citrix sessions by clicking the citrix icon in the system tray, "In the lower right corner, by the clock."
"There is no clock."
I get her hardware tracking number and oh, there's no network connection. She must be at the windows login screen. So after a few minutes of trying to talk her through turning on the wireless she grabs another. This one she gets logged into, but can't get into her Citrix apps. She's got instances open already. Which is apparently the problem she was having before. She'd managed to turn off her wireless trying to fix it. No biggie, I remote into this computer, right-click on her Citrix icon and log out her sesions. She asks how I did that. So I say "Just right click on the Citrix icon down by the clock and select log out sessions."
"There is no clock."
"Huh? Right here where I'm wiggling the mouse. The clock."
"That's not a clock. That's the time."
"... It's a fuckidigital clock."
"That's not a clock for my generation."
Lady my grandparents are in their 90's and they know a digital clock when they see one.
+2
Options
Donovan PuppyfuckerA dagger in the dark isworth a thousand swords in the morningRegistered Userregular
Man, I've been totally remiss in my promise of daily stupid user stories. So here's a few from last week. In some of these, the stupid users were actually admins!
1. Someone at the datacenter plugged in a device or launched a VM, that was calling itself localhost. So that name got inserted into the DNS as localhost.ourdomain.org, when then basically hosed all of our AIX/Unix systems, among which is our main HR application, because localhost is of course what they call themselves.
2. We use LANDesk for our ticket tracking and desktop remote control and management. Friday around noon we started getting calls from various IT people that they couldn't get in because they were getting told we were out of licenses. So for a couple of hours it was "DO NOT log out of LANDesk or you won't be able to get back in until we get this figured out." Turns out it was (indirectly) my fault. When a new user account is created in AD when LANDesk does it's sync with AD if they're a member of a certain couple groups they get added to the LANDesk user database. Same thing in reverse when an AD account is deleted because of termination. If that account is recreated because of getting rehired or whatever, it is not automatically added back into the user DB. So if we run across a user like that we have to ask our boss to readd them. I did so for a user. That's the extent of my involvement. He readds the user by running a query in LANDesk, which he does by selecting, the text of the actual query, then telling it run. Well, that time he missed selecting the last line, with the WHERE statement. So it readded every deleted user ever, including former IT people so suddenly we were way over our license limit. Whoops!
3. I had a user call in that was having a lot of trouble articulating what her actual problem was. I was going to try to have her log out of her citrix sessions by clicking the citrix icon in the system tray, "In the lower right corner, by the clock."
"There is no clock."
I get her hardware tracking number and oh, there's no network connection. She must be at the windows login screen. So after a few minutes of trying to talk her through turning on the wireless she grabs another. This one she gets logged into, but can't get into her Citrix apps. She's got instances open already. Which is apparently the problem she was having before. She'd managed to turn off her wireless trying to fix it. No biggie, I remote into this computer, right-click on her Citrix icon and log out her sesions. She asks how I did that. So I say "Just right click on the Citrix icon down by the clock and select log out sessions."
"There is no clock."
"Huh? Right here where I'm wiggling the mouse. The clock."
"That's not a clock. That's the time."
"... It's a fuckidigital clock."
"That's not a clock for my generation."
Lady my grandparents are in their 90's and they know a digital clock when they see one.
"Now, I want you to manipulate the Graphical User Interface pointing device west towards the iconic representation of the collection of logic and algorithms you use to perform your daily duties and press the primary switch two times."
"Huh?"
"Doubleclick on Outlook you pedantic fucking bitch."
I'd like to think if you could ever teach people they can google right from the goddamn address bar, that things like the google toolbar would wither and die. It's probably a pipe dream. On the same vein, Weatherbug. Do you really need the current, and probably inaccurate, temperature in your system tray? Watch the news, look out a goddamn window.
This is what GPOs were made for, I guess.
This is why people can't even so much as add a printer or map a network drive on my domain without my input.
If you can't run an exe, bat, or com -- you can't really do much damage to a system. The rest the AV will catch.
not a doctor, not a lawyer, examples I use may not be fully researched so don't take out of context plz, don't @ me
I'd like to think if you could ever teach people they can google right from the goddamn address bar, that things like the google toolbar would wither and die. It's probably a pipe dream. On the same vein, Weatherbug. Do you really need the current, and probably inaccurate, temperature in your system tray? Watch the news, look out a goddamn window.
This is what GPOs were made for, I guess.
This is why people can't even so much as add a printer or map a network drive on my domain without my input.
If you can't run an exe, bat, or com -- you can't really do much damage to a system. The rest the AV will catch.
Again, GPO to the rescue! Printer and drive mapping is the best thing they added to GPO in Server 2008. I don't want my users to either have to or be able to do a goddamn thing but their work.
I think I asked about SSL certs a while back, but I'm a god damned asshole and didn't save the information? Anyone have any handy information about getting SSL Certificates? Preferably a wildcard/subdomain one? I think we use netsol for our domain registrar -- would it be a good idea to just stick with them?
not a doctor, not a lawyer, examples I use may not be fully researched so don't take out of context plz, don't @ me
I think I asked about SSL certs a while back, but I'm a god damned asshole and didn't save the information? Anyone have any handy information about getting SSL Certificates? Preferably a wildcard/subdomain one? I think we use netsol for our domain registrar -- would it be a good idea to just stick with them?
I use Digicert, mostly because their support is the tits and they have really good guides on how to renew/request/apply since I always tend to forget since it's a once every x amount of years type deal.
Hmm what does digitcert offer me that's worth the almost $100 more over netsol?
Edit: Nevermind. Totally compared the wrong things.
bowen on
not a doctor, not a lawyer, examples I use may not be fully researched so don't take out of context plz, don't @ me
0
Options
TL DRNot at all confident in his reflexive opinions of thingsRegistered Userregular
edited September 2013
What's a wildcard cert? Like instead of having separate records for mail.bowen.com and remote.bowen.com you can just redirect (anything).bowen.com to a particular IP and enjoy SSL while doing so?
I wonder what it's like to have a decent budget. We use RapidSSL cause they are basically GeoTrust's cheap-bastard product. Though of the many things we have to pay for I think 3rd party CA's are the biggest con job.
Promised update: Patch manager's "Approved Update Summaries by computer group" report under Windows SUS Analytics reports gives you a compliance percentage for the updates assigned to that specific WSUS group, but I can't find a way to have it then show you the names of the non-compliant devices. Waiting on SolarWinds to tell me if that's doable. Maybe a custom report based off this one or something.
An even better update on SolarWinds Patch Manager. Here's the configured report as I ran it:
All these fields and filters were pulled from the "Computer Update Status With Details" data stream. You can change the Group Memberships filter to match any of your WSUS containers (and save a new report for each).
The returned report shows3 important colums:
Computer name
Update Installation State (Filtered to exclude successfully installed)
Number of updates in that state
So this is an easily digest-able list of what computers have updates in a state aside from installed, what state those updates are in, and how many updates are in each of those states. This is compared against only the updates approved for that computer's particular WSUS container.
Any given computer may show up multiple times as it could have updates in states including Downloaded (But not installed), Installed Pending Reboot (Might just filter this cause who cares), Unknown, NotInstalled, and Failed. BUT, this is still SO much more of a concise list than WSUS can possibly provide. No more "eh, its reporting at 98% installed, that's probably more or less updated. Now I know if one goddamn computer is missing one goddamn patch.
Posts
User rights vs admin rights is more about keeping the user from hosing the system. If the user burns their own profile, that's on them. We have backups for the data, but we have no obligation to support non-approved apps. But if you need to lock things down beyond that, go ahead.
We just used a program that restored the workstation to a saved state on restart. I forget the name. Damn students.
Related: what's up with Linux nerds and having to have CPU/RAM/net usage bars all over the place? On their desktop machine? Who cares?
if I was still working on a memory intensive project from only a few years back, I'd still care, because that program chewed through memory (despite efforts to improve it)
back in the days of dialup and shitty single core processors, I cared about net and cpu usage too, but that hasn't been remotely an issue in a while
I suppose you need to have something to ineffectually small-talk about with that new girl from accounting.
I worked at a dilbert'ian office where they had gigantic windows that looked out over beautiful landscape and scenery on a floor of a cubicle farm. they placed people up against the windows, and put cubicle walls in front of the windows so they/noone could see out. Thank god that was a part time summer job.
Deepfreeze, we ran a trial. It was ruled out for being expensive (non-profit school) and my solution allows me to have a terminal server run without an antivirus weighing it down, or any added cost for that matter.
The only people who do this are the people who don't actually have enough actual stuff to be filling their screen real estate with.
All the bars are hovering at the bottom, all the time. Better overclock!
Yea it was the solution in place way before I got there. We were migrating things to thin clients for students. Got only a few labs done before I was outta there.
Why do you* have cold cathodes and leds inside your computer case? It's not functional but it looks totally technical and futuristic!
* Not necessarily YOU, more a hypothetical you
My last case had blue leds on the front that I could have used to read in the dark.
I went in with pliers and did a physical castration. Don't want the case peeing all over the place.
Also, is there a place where a read receipt log for Outlook is stored? I've been looking in sent items and it's not there.
Now though? Fuck college us. thank god they had a "boys will be boys" attitude about all that.
Everything is currently Cisco, I have 1 2970G-24, 3 2950T-48s(these four are in the server room, 168 ports) and 6 2950G-48s spread throughout the building with 3 of them in one room(144 ports). I have no clue if I need managed switches or not but I was looking at these:
http://www.newegg.ca/Product/Product.aspx?Item=N82E16833150124CVF
http://www.newegg.ca/Product/Product.aspx?Item=N82E16833150164CVF
So after going to a suspicious site, I ran MSE/Defender and it came up with a Vundo infection. Claimed to delete it.
- Rebooted and re-ran; clean.
- Installed Ms Safety Scanner, also came up clean.
- Installed Malwarebytes, ran both in Regular and Safe Mode, both clean.
Am I good, or should I nuke it? Need to change passwords or anything? Been a long time since I've gotten anything, so not sure what the needed panic level is. Thanks.
1. Someone at the datacenter plugged in a device or launched a VM, that was calling itself localhost. So that name got inserted into the DNS as localhost.ourdomain.org, when then basically hosed all of our AIX/Unix systems, among which is our main HR application, because localhost is of course what they call themselves.
2. We use LANDesk for our ticket tracking and desktop remote control and management. Friday around noon we started getting calls from various IT people that they couldn't get in because they were getting told we were out of licenses. So for a couple of hours it was "DO NOT log out of LANDesk or you won't be able to get back in until we get this figured out." Turns out it was (indirectly) my fault. When a new user account is created in AD when LANDesk does it's sync with AD if they're a member of a certain couple groups they get added to the LANDesk user database. Same thing in reverse when an AD account is deleted because of termination. If that account is recreated because of getting rehired or whatever, it is not automatically added back into the user DB. So if we run across a user like that we have to ask our boss to readd them. I did so for a user. That's the extent of my involvement. He readds the user by running a query in LANDesk, which he does by selecting, the text of the actual query, then telling it run. Well, that time he missed selecting the last line, with the WHERE statement. So it readded every deleted user ever, including former IT people so suddenly we were way over our license limit. Whoops!
3. I had a user call in that was having a lot of trouble articulating what her actual problem was. I was going to try to have her log out of her citrix sessions by clicking the citrix icon in the system tray, "In the lower right corner, by the clock."
"There is no clock."
I get her hardware tracking number and oh, there's no network connection. She must be at the windows login screen. So after a few minutes of trying to talk her through turning on the wireless she grabs another. This one she gets logged into, but can't get into her Citrix apps. She's got instances open already. Which is apparently the problem she was having before. She'd managed to turn off her wireless trying to fix it. No biggie, I remote into this computer, right-click on her Citrix icon and log out her sesions. She asks how I did that. So I say "Just right click on the Citrix icon down by the clock and select log out sessions."
"There is no clock."
"Huh? Right here where I'm wiggling the mouse. The clock."
"That's not a clock. That's the time."
"... It's a fucki digital clock."
"That's not a clock for my generation."
Lady my grandparents are in their 90's and they know a digital clock when they see one.
"Now, I want you to manipulate the Graphical User Interface pointing device west towards the iconic representation of the collection of logic and algorithms you use to perform your daily duties and press the primary switch two times."
"Huh?"
"Doubleclick on Outlook you pedantic fucking bitch."
This is why people can't even so much as add a printer or map a network drive on my domain without my input.
If you can't run an exe, bat, or com -- you can't really do much damage to a system. The rest the AV will catch.
Again, GPO to the rescue! Printer and drive mapping is the best thing they added to GPO in Server 2008. I don't want my users to either have to or be able to do a goddamn thing but their work.
I use Digicert, mostly because their support is the tits and they have really good guides on how to renew/request/apply since I always tend to forget since it's a once every x amount of years type deal.
Edit: Nevermind. Totally compared the wrong things.
$100 vs $500 a year.
An even better update on SolarWinds Patch Manager. Here's the configured report as I ran it:
All these fields and filters were pulled from the "Computer Update Status With Details" data stream. You can change the Group Memberships filter to match any of your WSUS containers (and save a new report for each).
The returned report shows3 important colums:
So this is an easily digest-able list of what computers have updates in a state aside from installed, what state those updates are in, and how many updates are in each of those states. This is compared against only the updates approved for that computer's particular WSUS container.
Any given computer may show up multiple times as it could have updates in states including Downloaded (But not installed), Installed Pending Reboot (Might just filter this cause who cares), Unknown, NotInstalled, and Failed. BUT, this is still SO much more of a concise list than WSUS can possibly provide. No more "eh, its reporting at 98% installed, that's probably more or less updated. Now I know if one goddamn computer is missing one goddamn patch.
It weirds me out that you can have a file thats 4kb long and worth $100.
Well yeah, it's a scarcity thing. There are only 4096 of those files out there, in total.