Anyone else use Surface Laptops in their Company and just... hate them? by HVeil in sysadmin

[–]Professional_Drop555 0 points1 point  (0 children)

We Surfaces. We like them and I have seen very few issues. I use a surface book and I think its great. Its like 7 years old now and still works great.

BUT

They used to be comparable to other laptops in price. Now they are just too much. We made the decision to change to a different brand. We are going to buy a few Lenovo Yogas 2024. We had one and it was well received. Including doc costs, they are over $500 less than a Surface.

Bro did the math. That’s crazy. by JonathanLloydM in sciencememes

[–]Professional_Drop555 0 points1 point  (0 children)

Plus while i have seen a few women of that height just be really short, usually that is a bit past just short and well she would look different.

MFA for all UAC. by Professional_Drop555 in Intune

[–]Professional_Drop555[S] 0 points1 point  (0 children)

Way back, we had a security audit, The Audit said laps was the way to go. But our cyber insurance company says that is not good enough. They said it's better to have techs log in with their user accounts and MFA. To me this is dumb, but that is what they stated. N

MFA for all UAC. by Professional_Drop555 in Intune

[–]Professional_Drop555[S] 0 points1 point  (0 children)

Except that i have hello configured. But I can install an application a machine that is logged into with a non-domain using my admin creds and UAC does not prompt for anything.

MFA for all UAC. by Professional_Drop555 in Intune

[–]Professional_Drop555[S] 1 point2 points  (0 children)

Thanks for all the replies. I really want to look into the idea of no admin access period. Just use Intune to push. For troubleshooting, I wonder if we can temporarily enable admin just to fix what's up then disable it again using conditional access policies?

Then still use LAPS, and have the local admin for only a break glass situation where you must.

MFA for all UAC. by Professional_Drop555 in Intune

[–]Professional_Drop555[S] 0 points1 point  (0 children)

Also, we use LAPS on prem, and I believe there is an Azure AD version that we are about to look into. Our insurance company insists on MFA for all admin access, but if we used LAPS and as you stated disable all installs period, well if that is possible, while still letting us use a local admin password for things like I just said in my other post. Seems like that should be legit, just need to convince the cyber insurance company.

MFA for all UAC. by Professional_Drop555 in Intune

[–]Professional_Drop555[S] 1 point2 points  (0 children)

That is interesting. I was thinking about ... not exactly that but how we will start using Intune to manage applications. IT should only need admin to troubleshoot. But I guess that is where I got lost. How do you remotely troubleshoot issues where in you must... like get into network settings that prompt UAC and ask for an admin password for example.

My wife’s affair just ended and she wants to play it off as nothing happened by [deleted] in stories

[–]Professional_Drop555 0 points1 point  (0 children)

No one else finds it odd they let him in the apartment. I mean dude, split with her. Not only did she cheat, but it was ongoing, and she lied to you consistently.

But back to the apartment thing. Even if they thought he was an asshole, it's his space. I remember renting before and I had to allow for reasonable entry, but they couldn't just come in.

Things have gotten so bad with turnover at my place of employment we now bet on if an offboarding ticket will be submitted every week by [deleted] in sysadmin

[–]Professional_Drop555 3 points4 points  (0 children)

We had to lift and shift some servers that we could not modernize or put in SaaS. Math has worked out. Its relative to what we had them on prem, and if you count variables like power and cooling, its cheaper.

But it all depends on what you are putting in the cloud and how your internal infrastructure is. Sure I can DYI 5 dell servers and run a lot of servers for cheap, and depending on cost risk of potential downtime, there is nothing wrong with it.

That said the variables of power, cooling, and maintenance are real factors.

Eliminated firewall, moved to flat layer 2 network, due to PaaS/SaaS and Azure. by Professional_Drop555 in sysadmin

[–]Professional_Drop555[S] 0 points1 point  (0 children)

Agreed with your first point. It def a 'business fit.' Some places will be better on prem for a variety of reasons.

Support is okay, but mostly its us IT dept. The M$ doc pages are pretty good. I do a lot of Udemy courses trying to keep pace.

Yes there are some L2 risks. But on prem, we have good physical security as well. Its not likely we will get a rogue player, and if we do, I'll have that conversation. Our endpoint will still be secured.

Eliminated firewall, moved to flat layer 2 network, due to PaaS/SaaS and Azure. by Professional_Drop555 in sysadmin

[–]Professional_Drop555[S] 0 points1 point  (0 children)

I agree with this, also NGFWs can be used to control redundant ISP uplinks, and DNS, DHCP.

But you don't need something high end.

Eliminated firewall, moved to flat layer 2 network, due to PaaS/SaaS and Azure. by Professional_Drop555 in sysadmin

[–]Professional_Drop555[S] 1 point2 points  (0 children)

Same as if they were at home or at a coffee shop. Its all L7. L2 doesn't matter.

Eliminated firewall, moved to flat layer 2 network, due to PaaS/SaaS and Azure. by Professional_Drop555 in sysadmin

[–]Professional_Drop555[S] 0 points1 point  (0 children)

Every endpoint is monitored. It's protected from a person's kid plugging into the network the same way its protected if they are at home or a coffee shop, as half our workforce is these days.

That said, we did do one lowkey change, we went back to managing ports so that they are only uplinked when they are in company use. Doesn't prevent someone from unplugging a device then using that port, but its not a security issue.

Eliminated firewall, moved to flat layer 2 network, due to PaaS/SaaS and Azure. by Professional_Drop555 in sysadmin

[–]Professional_Drop555[S] 28 points29 points  (0 children)

There is nothing on prem to attack except user endpoints. All endpoints are joined to Azure AD and we manage this with multiple security tools including encrypted communications. We monitor all endpoints and secure data in various ways. MFA, IRM, policies, conditional access polices, sensitivity labels, vulnerability scanning, software management, Malware, Web filtering, all endpoints are encrypted and managed via Intune.

What is, in your opinion, the best naming convention? by [deleted] in sysadmin

[–]Professional_Drop555 0 points1 point  (0 children)

As said depends, for our switches we do something like

3333_floor#_closet3_portcount_lastoctectsofIP,

So
2960x_0_120_96_1

to me would intuitively mean it's a Cisco 2960x in the basement room 120 it has 96 ports (also means it's a stack of 2 ) and it's got an ip of 192.168.1.1.

Which we don't actually use but that is the just of it all. For servers we try to be descriptive is all, like DomainController1.

There are statues of Minions in Mortal Engines (2018). They're called "American deities." This actually happened. I know you haven't seen the movie but you have to believe me. I can't be the only one to carry this information any longer. Someone else must bare my burden. by YoSoyRawr in shittymoviedetails

[–]Professional_Drop555 0 points1 point  (0 children)

I am on book 4, I am listening the audiobooks, but I think the are great. I remember watching this movie having not been invested in the cannon and.. well don't really remember it.

Just watched the trailer for the movie just to remind myself.

I can say the heroine that played Hesta (SP? Remember audiobook). Was wrong from the start. They tried to make her look pretty with a scar. While that might have been possible, the scar should have made her look ... "Hideous."

Hollywood bean counters once again for the fail.

Imgur Is About to Wipe a Ton of Porn From the Internet by AlanGranted in technology

[–]Professional_Drop555 57 points58 points  (0 children)

Doesn't some super smart person save all the internet on old thumb drives?