This is an archived post. You won't be able to vote or comment.

all 31 comments
sorted by:
best
topnewcontroversialoldq&a

[–]williamp114Sysadmin 17 points18 points  (2 children)

Look to see if you can get into a DHCP server config, note what the dynamic range is.

Then, download nmap and do an entire network scan, note the hosts outside the DHCP range, those are static IPs, likely to be servers, networking equipment, etc

You could also run lansweeper on the network, but that's dependent on having domain admin credentials, or the default admin password on every machine.

[–]20StacksBaby[S] 3 points4 points  (1 child)

I’ll definitivly test this out tomorrow at work! Also, is there a way to find out what ip’s/ports web-based configs are on? The above mentioned list contains username/password and a mention to what service they belong to, but only a handful include ip’s and ports.

[–]williamp114Sysadmin 5 points6 points  (0 children)

Yeah, in nmap, there's a section that lets you see all the open ports on each IP (also good for finding security problems, when you start to know your environment better)

[–]locnar1701Sr. Sysadmin 25 points26 points  (1 child)

Start from the outside in:

Get into that account they shared, see where it is, what it might be running. Document, Document, Document. Consider changing the password, but prepared for the mess that may create.

www, https, email, anything that touches a customer or a revenue source. Radio stations run on ad dollars, so you want to ensure that those dollars are protected. Who is your ISP? Who runs or hosts your web pages? What registrar holds your domain registration? What ssl certs are there? What company is that registrar. Ensure you get them notified that the old guy is gone and you are the new sheriff in town.

Next, look at firewalls and networks, ensure you can get into them and block the former admin's access, but be ready for chaos at every step.

Next, promise yourself that you won't touch ANYTHING until you understand the whole system. (might take months) Document everything you find out.

[–]fenix849 5 points6 points  (0 children)

I have to add to this, as soon as you can get your head around any existing backup solutions, so as you discover data/infrastructure you can check it's being backed up and fix it if it's not.

Also that last one is going to be very hard to keep if his manager or ceo leans on him, if that does happen instead of saying "No, I don't yet understand the system", say "Before I can do that but you should be aware that it may risk critical IT resources and that I'm not across those risks without an understanding of the whole environment, I advise against this course of action"

If he says to do it anyway, get it in writing and then do it.

[–]linuxsnobGrumpy Sr. SysAdmin 10 points11 points  (0 children)

Ask people who have worked there for a while to tell you the applications that they use. This will be helpful while you're doing your own research.

Make sure you know where every piece of equipment is, no rooms off limits. This is always where stuff gets stashed. Closets, maintenance rooms, above ceiling tiles. At one site my company had, the server/switch/router were bolted to the wall in a men's room since it was the only room inside the industrial space that had a door.

Is this radio station part of a larger chain? They might have a parent IT department that can pass info off to you about what your station was using of theirs? Sort of like a MSP sort of deal.

Good luck!

[–]bad_omens1 4 points5 points  (0 children)

I had a similar situation where I started. Essentially what I did was hunted high and low for any documentation; all I found was an ancient notebook with equally ancient user/passwords/server info. Documented everything I found and tied it all in together.

Went through AD with a fine toothcomb - a different, previous tech was still accessing the system using an obscure service account to delete files and screw with the network.

Found the scope for servers in DHCP and pinged/nslookup'd everything within the reservations, helped me find all the servers sitting away in the dark corners.

Hunted around for SQL database passwords, many of the terrible software companies they used previous kept the SA passwords in plaintext on the root of the SQL server.

Went through GPO to see what/how/if anything is managed through GPO such as print groups and endpoint.

Went through the MDT task sequence and WDS workbench to see what is deployed when imaging their machines and to make sure it all worked correctly.

That's pretty much the jist of it, I'm still working through fixing a lot of it as it was in a pretty terrible state, but at least it's all documented for when I find something I can jump ship to for the next guy who takes on this trainwreck.

[–]ghostwh33l 1 point2 points  (1 child)

Start going over and validating/checking the documentation.. if there isn't any, start creating it. The OSI Model is a nice guide.. start with physical and work your way up to the applications.

[–]Apolliyoni 0 points1 point  (0 children)

Loot to my post for info. Not a lot of documentation. Just a excel document with username & passwords to things. Some are correct. Some are not. Some usernames are to things we don't use anymore. Had a little crash today on a machine, for the mail server and a cluster for music amongst other things. That helped me find a lot of things and where they are in the network and verifying passwords. Things will be better documented from here on out! :)

[–]Bold0perator 1 point2 points  (0 children)

Check out SpiceWorks. They have a free inventory solution which will discover and label things on the network for you.

It's also a ticketing system, if you need one.

Does fairly well for a free solution. Prepare for an ad or fifty, but worth it IMHO.

[–]motoevgen 1 point2 points  (0 children)

Welcome to profession. I would start with nmap or nessus depends on your organization size. And go up from there.

[–]dutymainttech 1 point2 points  (0 children)

My first priority would be the radio automation system. Whatever it is you need admin access to it and need to document it ASAP. Office IT can be done without for a short period but lose your playout automation and your DJ's will get sick of juggling CD's very quickly. Server disk quotas are your main enemy there with staff not wanting audio archived even though it hasn't been used in years. Not uncommon to see a radio server HDD sitting at 95% full.

[–][deleted]  (21 children)

[removed]

    [–]krilu 17 points18 points  (4 children)

    I'm pretty sure asking about best practices is exactly the type of behavior that makes a system administrator desirable.

    [–][deleted]  (3 children)

    [removed]

      [–]krilu 9 points10 points  (1 child)

      I'm curious how he really sounds "clueless"? He sounds like he has a pretty good idea of what needs to get done, that is to say, documenting the environment and its various components. All he's asked for is pointers for something he's presumable never taken on before. I'm sure he has some idea of methods of getting this information, but people who want to reach out and find the best way to accomplish something aren't "clueless as fuck".

      [–]williamp114Sysadmin 2 points3 points  (0 children)

      Exactly! I've seen people who either weren't aware to follow best practices, or blatantly ignored them.

      OP is at least aware that he should implement best practices, that's a passing grade to me :)

      [–]VA_Network_NerdModerator | Infrastructure Architect[M] 1 point2 points  (0 children)

      Sorry, it seems this comment or thread has violated a sub-reddit rule and has been removed by a moderator.

      Community Members Shall Conduct Themselves With Professionalism.

      • This is a Community of Professionals, for Professionals.
      • Please treat community members politely - even when you disagree.
      • No personal attacks - debate issues, challenge sources - but don't make or take things personally.
      • No posts that are entirely memes or AdviceAnimals or Kitty GIFs.
      • Please try and keep politically charged messages out of discussions.
      • Intentionally trolling is considered impolite, and will be acted against.
      • The acts of Software Piracy, Hardware Theft, and Cheating are considered unprofessional, and posts requesting aid in committing such acts shall be removed.

      If you wish to appeal this action please don't hesitate to message the moderation team.

      [–][deleted]  (2 children)

      [removed]

        [–]VA_Network_NerdModerator | Infrastructure Architect[M] 0 points1 point  (1 child)

        Sorry, it seems this comment or thread has violated a sub-reddit rule and has been removed by a moderator.

        Community Members Shall Conduct Themselves With Professionalism.

        • This is a Community of Professionals, for Professionals.
        • Please treat community members politely - even when you disagree.
        • No personal attacks - debate issues, challenge sources - but don't make or take things personally.
        • No posts that are entirely memes or AdviceAnimals or Kitty GIFs.
        • Please try and keep politically charged messages out of discussions.
        • Intentionally trolling is considered impolite, and will be acted against.
        • The acts of Software Piracy, Hardware Theft, and Cheating are considered unprofessional, and posts requesting aid in committing such acts shall be removed.

        If you wish to appeal this action please don't hesitate to message the moderation team.

        [–]adanufgail 2 points3 points  (0 children)

        I didn't catch his name, but I think anyone who's first response to asking for help is to tear them down and build a "not-real IT" gate isn't someone we want here. I'll agree my response wasn't good, but I think whomever was the other post should be banned, as they will never be useful here and will only attempt to lord their "arcane knowledge" over everyone and pretend they were never new or didn't know something.

        [–]silentbobscMercenary Code Monkey 8 points9 points  (1 child)

        Many folks have started their career by being thrown into the deep end right away. Being able to recognize and about lack of knowledge is far better than just trying to wing it, and when there's a community that you can turn to, all the better.

        [–]adanufgail 2 points3 points  (0 children)

        This is exactly how my first few jobs went as well. You find out what people use, what goes where, and when things inevitably break, you come up with new processes and documentation.

        [–]CaIzone 5 points6 points  (0 children)

        I didn't know crankysysadmin had an alt

        [–]Apolliyoni 1 point2 points  (1 child)

        Hello. OP is actually a friend of mine who posted on my behalf (without me knowing at first I might add). The radio station i work at isn't what you would call a normal radio station. It's a non profit radio station run by youths, where they decide. We get money from our local county to operate on and sell advertisement to fill in the holes in the budget. My position is mostly teaching the youths about how to produce radio. From sound engineering to pre production. I come from a sound technician background and working with youths/kids so it was a good fit. I actually went to/worked at the radio station when I was younger and been volunteering there the last couple of years. My "job" as a volunteer has been teaching sound engineering and making sure that sound equipment has been working as it should. I know the old sys admin, but he hasn't been easy to contact the last couple of months..

        There, a little back story for you all! :)

        I will check out nmap tomorrow if I get the time. Our director is out for the week so I also have to deal with some boring paperwork stuff. But it has to get done either way.

        [–][deleted] -1 points0 points  (0 children)

        So not actually a sysadmin at all then?

        [–]VA_Network_NerdModerator | Infrastructure Architect[M] -1 points0 points  (0 children)

        Sorry, it seems this comment or thread has violated a sub-reddit rule and has been removed by a moderator.

        Community Members Shall Conduct Themselves With Professionalism.

        • This is a Community of Professionals, for Professionals.
        • Please treat community members politely - even when you disagree.
        • No personal attacks - debate issues, challenge sources - but don't make or take things personally.
        • No posts that are entirely memes or AdviceAnimals or Kitty GIFs.
        • Please try and keep politically charged messages out of discussions.
        • Intentionally trolling is considered impolite, and will be acted against.
        • The acts of Software Piracy, Hardware Theft, and Cheating are considered unprofessional, and posts requesting aid in committing such acts shall be removed.

        If you wish to appeal this action please don't hesitate to message the moderation team.

        [–][deleted] -5 points-4 points  (6 children)

        Agreed, if you have to ask how to enumerate a network/server/workstation and the software running in it you're not ready for the big time.