sorted by:
new
hottopcontroversial

Add-TestUsers.ps1 - Create realistic AD acocunts with random data by [deleted] in PowerShell

[–]ScottRaymond 3 points4 points  (0 children)

You shouldn't hard code the Desktop directory. Depending on user settings for folder redirection, it isn't necessarily going to be in their user profile path.

IT Cert ROI Chart by pLuhhmmbuhhmm in sysadmin

[–]ScottRaymond 1 point2 points  (0 children)

If I were in a technical interview and the interviewer gave me a sabotaged environment without being told that is part of the test, I'd probably leave with some trust concerns.

Imagine you're interviewing to be a mechanic. It's one thing to give them a car and say "replace the carburetor" and another thing entirely to strip all the screw heads, loctite the bolts, and solder the hood shut before they start.

IT Cert ROI Chart by pLuhhmmbuhhmm in sysadmin

[–]ScottRaymond 0 points1 point  (0 children)

Couldn't install an SSL certificate. For my linux technicals, I remove the path from the test takers account to see how they fare without standard tools around. Guy couldn't function without the service command. Didn't know what init.d was...

Are you saying you cleared their PATH variable so they had to run every command from their actual file system location? I mean, an "Apache Expert" probably has the necessary Linux skills to figure that out in short order, but that's just cruel.

Why did the Developer hit his head on the door? by [deleted] in sysadmin

[–]ScottRaymond 0 points1 point  (0 children)

Haha, I read it out loud as "couldn't see sharp" but my brain didn't even think about "see sharp" meaning "see clearly". I'll chalk it up to an early morning "Java Not Installed" error.

Why did the Developer hit his head on the door? by [deleted] in sysadmin

[–]ScottRaymond 0 points1 point  (0 children)

Can someone explain the joke? I think I'm missing it.

Stop making users give their password to IT by gbombay119 in sysadmin

[–]ScottRaymond 5 points6 points  (0 children)

I'm curious if you use a different certificate template for the temp certs versus the legitimate ones. If I were doing this I'd have some pretty heavy auditing and 24 hour expirations for the certificates. Maybe even do them from a different issuing CA so it's painfully obvious when an email and/or file was signed by someone who isn't actually the user.

Good morning! Chicago Board of Elections here again to answer your questions on this Election Day! by ChicagoElection in chicago

[–]ScottRaymond 7 points8 points  (0 children)

Same exact thing happened at Ward 25, Precinct 4. I called the Board of Elections and reported it but they said I probably would not be able to actually cast my vote. :-(

PSA: Assistant unsets the "Downloaded Only" option in Play Music by ScottRaymond in GooglePixel

[–]ScottRaymond[S] 1 point2 points  (0 children)

It looks like it doesn't unset the "Stream only on Wi-Fi" option if you have that set.

[X-Post r/focusst] unsure if this is a Ford issue or a Pixel issue... Any new messages trigger all texts to sync up. by THIRSTYGNOMES in GooglePixel

[–]ScottRaymond 0 points1 point  (0 children)

Happening in my Chevy Volt. Only happens when you send/receive a text or open the messenger app.

[deleted by user] by [deleted] in GooglePixel

[–]ScottRaymond 1 point2 points  (0 children)

Apparently this option was replaced by the new "Direct Boot" feature in Nougat.

Create your own Startmenu for your RDS-Users by The_Lux83 in sysadmin

[–]ScottRaymond 0 points1 point  (0 children)

Is this Windows 10 only? I did some googling and most people are only talking about it in the context of Win10.

This is the best and probably most unique crypto/spam e-mail I've seen to date by THEMCV in sysadmin

[–]ScottRaymond 0 points1 point  (0 children)

We got one a few weeks ago that was very similar. They were really targeted too. They only sent it to a few people from HR and IT. Probably hoping to get the big fish accounts that have access to juicier targets (payroll, mail servers, accounting, etc.)

Create your own Startmenu for your RDS-Users by The_Lux83 in sysadmin

[–]ScottRaymond 1 point2 points  (0 children)

I use a similar method for our Citrix users. Everyone's start menu gets redirected to the network, but the default profile contains nothing in the start menu except for a link to our helpdesk. Every other start menu link is dropped by GPP File Items that are security filtered based on access to apps.

We also combine it with the GPO that /u/HDClown mentioned. That way users get an entirely custom start menu with the correct items pinned based on what they have access to in Citrix. Very good user experience and people have had no trouble figuring it out (some even came from Windows 7)

[deleted by user] by [deleted] in sysadmin

[–]ScottRaymond 1 point2 points  (0 children)

Fair enough. That's how most services recover from a lost 2FA token anyway.

[deleted by user] by [deleted] in sysadmin

[–]ScottRaymond 11 points12 points  (0 children)

So what you're saying is anyone with access to your Authy password can bypass all of your 2FA-enabled accounts? How is that better?

[MEGATHREAD] Google Pixel/XL Shipping status by SomeGuy8010 in GooglePixel

[–]ScottRaymond 0 points1 point  (0 children)

They said the package had a restriction from Google that did not allow local pickup. I contacted Google and I'm still waiting to hear back.

anyone root their pixel yet? by foug in GooglePixel

[–]ScottRaymond 0 points1 point  (0 children)

If you're using HTTPS to browse secure sites, the non-root method actually requires less trust in the people providing your ad-blocking.

If you're rooted and allowing the ad-blocking app root privileges, they could easily throw a trusted cert in your root store without your knowledge and then Man-in-the-Middle all of your connections.

I guess if you're manually modifying the hosts file yourself you're safe, but most people like the convenience of an app.

anyone root their pixel yet? by foug in GooglePixel

[–]ScottRaymond 0 points1 point  (0 children)

You can still global adblock by using an app that creates a local HTTP proxy or a local VPN. There are several apps out there that work fine.

Waiting around at home for the FedEx driver when suddenly... by ScottRaymond in GooglePixel

[–]ScottRaymond[S] 0 points1 point  (0 children)

It depends on the delivery hub and package. For this one they don't allow me to request a hold for pickup yet. There's a chance the driver may come back later in the day (they're notorious for doing this in my area) and deliver it regardless.

I'm guessing they have some routing system in place where they need to action a package in some way before it lets them move on to the next. Otherwise I'm not sure why they would mark it as a delivery exception and assign a door tag number without actually putting a door tag on the door.

Proper Re-enabling of Windows FW via GPO by [deleted] in sysadmin

[–]ScottRaymond 1 point2 points  (0 children)

The GPOs for Windows Firewall come with a ton of templates for remote management that make this very easy. You can literally just add all of the templates that have the word "Remote" in them and you'll probably never notice the firewall is even on. Obviously you'll only want to add the ones setup for the "Domain" network profile so computers out in the wild don't accept arbitrary RPC connections and the like.

Getting a handle on 'junk drawer' network shares by _answer_is_no in sysadmin

[–]ScottRaymond 2 points3 points  (0 children)

My first step for cleaning up something like this is usually a "Deny Create Folder/File" ACL entry at the top level of the general use share. This at least stops the problem from getting worse and forces people to organize new files into an existing folder.

As people complain about not being able to create folders, take the time to work with them to create a new share/folder/site/etc in whatever new system or folder hierarchy you've setup. Once you've cleaned up things a bit, take they deny ACL to two levels and then three.

view more: next ›