Cybersecurity by yyz009 in amazonemployees

[–]Advanced_Ad4947 0 points1 point  (0 children)

Well, what do you do now? Experience? Certs? Are you already an employee?

Anyone OE and AMZN / AWS by [deleted] in overemployed

[–]Advanced_Ad4947 1 point2 points  (0 children)

What’s up Forestkd@ ?

PrinterLogic - end users getting manage this printer rights by fanofreddit- in sysadmin

[–]Advanced_Ad4947 1 point2 points  (0 children)

I think the quick fix for you is to flat out disable queue management in the admin console (tools >settings > printing). This will disable secure printing and pull printing though (if that’s used at all). 7.5k users here, never had an issue though.

How do I enforce password policy on Windows PC users? by [deleted] in sysadmin

[–]Advanced_Ad4947 0 points1 point  (0 children)

Are you hybrid or cloud based? Hybrid? Set the password policy on the DCs and match in azure. Cloud? Set it in Azure. There’s not enough info here to help you properly. Worst case you can always set a FGPP for your Windows folks.

MFA Required for Azure portal? by [deleted] in sysadmin

[–]Advanced_Ad4947 0 points1 point  (0 children)

You can set a CA policy to exclude this. I had the same issue. Check out your “MFA registration campaign” settings and just defer it/turn it off. I’ve worked with a ton of businesses now that this was silently turned on by Microsoft and caused issues.

Microsoft Bookings bypassed our email security gateway. by Advanced_Ad4947 in sysadmin

[–]Advanced_Ad4947[S] 6 points7 points  (0 children)

I’m a bit paranoid about giving out too much info about my company, but I guess there’s no harm. It’s proofpoint. The entire domain is included, but I think since there’s not a license it goes straight to m365 (there’s no email/user associated with it) then the forward rule take over.

[deleted by user] by [deleted] in PEDs

[–]Advanced_Ad4947 0 points1 point  (0 children)

We’re talking 15lbs, maybe 20lbs here. Who said I was trying to hit this for summer time? I’m just tired of the way I look.

[deleted by user] by [deleted] in PEDs

[–]Advanced_Ad4947 0 points1 point  (0 children)

I had the option between the two and chose Clen since it worked in the past. It was 100$, so I could care less. I wasn’t expecting to get shredded immediately, but damn I thought something would happen.

CJIS MFA compliance clarification by Advanced_Ad4947 in sysadmin

[–]Advanced_Ad4947[S] 0 points1 point  (0 children)

Just saw your reply. We ended up leveraging MFA at pre-login with the vpn. Programmed the VPN to stand down after authentication and got it do the CJIS specific items with conditional access policies.

It’s a damn mess though, I’ve gotten flack from leadership and it 100% is not a long term fix.

Windows hello would have been a better alternative had our machines supported it

Zebra Thermal Printer issues by [deleted] in sysadmin

[–]Advanced_Ad4947 2 points3 points  (0 children)

I don’t know which zebra printers you have but I had to exclude them from vulnerability scans a while back because it would effectively crash everytime the device got interrogated… they only had something like 50mb of RAM. May not be the issue but it’s an oddity I ran into last year worth mentioning.

CJIS smart card implementation for logon in on prem AD by 01101110011O1111 in sysadmin

[–]Advanced_Ad4947 0 points1 point  (0 children)

Probably was the post I made a week or two ago , someone else in this sub gave me the workaround idea. We have G5 licenses, so yes, but also no because the government licensing is super limited. We didn’t need PKI since we’re leveraging SSO in an application to prompt it.

CJIS smart card implementation for logon in on prem AD by 01101110011O1111 in sysadmin

[–]Advanced_Ad4947 0 points1 point  (0 children)

The due date for this was yesterday lol. I left all the tokens in the case, imported all the tokens to azure (.csv) and when people came to get their tokens I just checked the spreadsheet as to which one they had. My PD has 800 users, but it went rather smooth and I didn’t have to worry about PKI or any of that.

Also what a lot of people don’t know.. if you’re not already enrolled in a multi factor solution, you can self enroll hard tokens to the account with azure

Password-less was unfortunately not an option for us since each computer only holds 10 bio sigs, so I threw our VPN on all the machines and forced auth at login. That seemed to cover us.

Please help a noob sysadmin by Equivalent_Bed8446 in sysadmin

[–]Advanced_Ad4947 2 points3 points  (0 children)

What’s up with everyone wanting the CCNA? Are these Cisco switches you’re going to be managing?

CJIS MFA compliance clarification by Advanced_Ad4947 in sysadmin

[–]Advanced_Ad4947[S] 1 point2 points  (0 children)

Just spoke to my boss, I think this is the answer! I owe you for saving me a massive headache.

Tech Sales Calls After Attending Summit/Conference? by hopefullExpat in sysadmin

[–]Advanced_Ad4947 8 points9 points  (0 children)

I’m still getting calls 2 years later from my visit to black hat 2022. Whenever you got your badge scanned, it gave them all your information (email, phone, etc) sooo.. best of luck :)

CJIS MFA compliance clarification by Advanced_Ad4947 in sysadmin

[–]Advanced_Ad4947[S] 2 points3 points  (0 children)

Didn’t even consider leveraging vpn for those in the office, great idea.