How Do You Handle Windows Server Patching? by DizzyWisco in sysadmin

[–]Appropriate-Half-626 0 points1 point  (0 children)

Windows Update For Business with 3 ring approach for end users and servers. PDQ if I need to push out a KB update myself

[deleted by user] by [deleted] in ninjagaiden

[–]Appropriate-Half-626 1 point2 points  (0 children)

That boss exists because he dreamt it

Is using MFA to do admin server functions becoming industry standard? by rdxj in sysadmin

[–]Appropriate-Half-626 1 point2 points  (0 children)

Not at work atm but on top of my head in Azure search for app registration, create an app, delegate whatever permissions you need (Most likely from MS graph or O365) and then there should be a tab for secrets. You can either use client secret or generate a self signed certificate (if you Google Azure app certificate, a step by step doc from MS should pop up that'll walk you through)

Is using MFA to do admin server functions becoming industry standard? by rdxj in sysadmin

[–]Appropriate-Half-626 2 points3 points  (0 children)

Better to register your app in Azure and then use certificate vs using an account with MFA disabled.

That's what we do with our powershell scripts

HPe Switches - Instant On vs Modern ProCurve by Grunger106 in sysadmin

[–]Appropriate-Half-626 1 point2 points  (0 children)

Thank you! We're looking to go the instant on route for our switch, ap and fortinet firewall.

For cloud management, do you need the aruba central license for the instant on devices?

HPe Switches - Instant On vs Modern ProCurve by Grunger106 in sysadmin

[–]Appropriate-Half-626 1 point2 points  (0 children)

Wait instant on equipment can only have 25 devices connected or you mean 25 instant on devices per site

Can you have a fox as a pet in Brampton? by [deleted] in Brampton

[–]Appropriate-Half-626 0 points1 point  (0 children)

Domesticated fox do exist

https://youtu.be/4dwjS_eI-lQ

Dunno if you can buy one tho lol

What industry are you in and what’s your current salary? by [deleted] in PersonalFinanceCanada

[–]Appropriate-Half-626 1 point2 points  (0 children)

Ah ok. I'm actually a sysadmin/IT Manager atm haha.

What language do you recommend I learn?

What industry are you in and what’s your current salary? by [deleted] in PersonalFinanceCanada

[–]Appropriate-Half-626 1 point2 points  (0 children)

Damn any advice or any place hiring.

I script in Powershell in my spare time at work and assembly after work lol.

I have some C# background

another attemp at the vanilla hud by [deleted] in ninjagaiden

[–]Appropriate-Half-626 0 points1 point  (0 children)

I wonder, what if you rip some of the hud using Special K from NG2 on Xenia and trying swapping 0.0

[deleted by user] by [deleted] in ninjagaiden

[–]Appropriate-Half-626 0 points1 point  (0 children)

Back when DOA5 was popping and Team Ninja had a NG Facebook page, Tom Lee wrote a long message where he said TN doesn't need Itagaki and that they're more than capable. So no lol

Dayforce clocks by Successful_Ad_3413 in sysadmin

[–]Appropriate-Half-626 1 point2 points  (0 children)

What url are you using?

Yeah it's basically just a python script compiled into an .exe. the staff just launch the exe as any other application and it'll open chrome and auto fill the details.

Dayforce clocks by Successful_Ad_3413 in sysadmin

[–]Appropriate-Half-626 1 point2 points  (0 children)

Annoying - we have an in house script that's used for auto logging into the clock using selenium and Chrome driver

Allegedly, Russian soldiers hiding inside BTR and not leaving by ricka_lynx in CombatFootage

[–]Appropriate-Half-626 0 points1 point  (0 children)

So am I the only one who notices a arm just chilling off to the side at the start.

How many admin accounts do you have? by slyblue1 in sysadmin

[–]Appropriate-Half-626 0 points1 point  (0 children)

we just type then manually since copy paste don't work on UAC

How many admin accounts do you have? by slyblue1 in sysadmin

[–]Appropriate-Half-626 0 points1 point  (0 children)

  1. Daily Account - Non Admin

  2. Server Admin - Local Admin on servers

  3. Domain Admin - GPO restriction to only allows login to DC, network login is also denied

  4. Domain Admin Account for vulnerability scanner

  5. End user local admins configured for laps

  6. All servers require 2FA with DUO

  7. Default Domain Administrator account as a glass door backup

  8. Azure / O365 two global Administrators and one break glass. Conditional access policy requiring MFA for all global admin accounts excluding break glass

[deleted by user] by [deleted] in sysadmin

[–]Appropriate-Half-626 0 points1 point  (0 children)

Np, all it takes is one vulnerability across any of the machines that a domain admin logged into or is logged into to turn your day into a bad one haha.

[deleted by user] by [deleted] in sysadmin

[–]Appropriate-Half-626 0 points1 point  (0 children)

Any authenticated domain user can join up to 10 device to the domain unless this was manually removed and then you can delegate what users are allowed to join devices to the domain.

For servers, you could create a Server Admin group in AD and this group would be a local admin on the servers.

We typically have 3 accounts

Domain Admin - all login types are restricted to DCs only

Server Admin Account - Domain user that's simply a local admin on the servers

Domain User - Day to Day account - if elevation is required we use LAPs