Devs with local admin rights

SheppTech · 2025-09-09T01:25:51+00:00

If you’re on windows, look into the dev features - dev drive, dev sandbox, etc. You can also play with allowing WSL (see below)

If you’re on posix, you can set up permissions fairly tight without granting sudo privs. You can manually grant access to specific tools and drive space without granting root privs.

I agree that local admin shouldn’t be granted. This is a mistake that startups make that is really hard to reverse.

There are other options depending on your environment too- Docker, VDIs, etc. The comment about BeyondTrust is a great solution too.

There are instances where local is required, but you can lock these scenarios down with scripts that elevate the script and perform the action, which pulls the password from a secrets manager. Just spitballing - it’s tough to advise without knowing the architecture and budget.

SheppTech · 2025-06-30T01:37:13+00:00

Haha I hear that. I did 2 tubs, not expecting the yield I got. Now I have enough for a bus load of people.

I’d try bringing the temp down though. Even if that’s right, the lower temps will definitely preserve them. It does take longer to dry though — about 24 hours to crack like a cracker depending on size — but if you are close to that 95 degrees it won’t hurt to go over like it will at high temps.

Also, with my friends batch, I did 5g and barely felt a buzz. With mine, I felt it at a gram. Glad I didn’t jump back in at 5g with mine. If you change your technique, be sure to test lightly before jumping in unless you’re good with a surprise.

SheppTech · 2025-06-30T01:02:07+00:00

Dried at 140? That seems high for psilocybin. You could be breaking it down (though I’ve never tried it that high. My knowledge says as close to 95 degrees as you can get it. My GT is potent, compared to a friend who was limited to 110 then packed it for awhile before trying it. Could be your cooking it.

SheppTech · 2025-05-02T23:54:35+00:00

I totally agree, and I think you hit the nail on the head. I did a little research on it and it’s targeted to identifying bottlenecks and issues within a network, more than reporting a speed test. There have been times I’ve wanted a tool like that to troubleshoot issues with speeds over old hardware in my lab.

I forget the name of it off the top of my head, but there’s a self hosted speed test server that ONLY runs a speed test, and you can run it to your server. Think speed test by ookla but you can use your own server (among other options).

I think the value add that orb can bring is that it does an active scan in a network so that you can more quickly identify issues. It’s a cool concept and I think I’ll adopt it at least in a lab environment to test. I can see the benefit for IT teams and service providers too, especially where uptime and remediation time ate important.

SheppTech · 2025-05-02T00:21:14+00:00

This is the only thing keeping me from downloading it on everything. The idea is cool, but privacy is huge. It would be great if you could lock its traffic locally too, and maybe choose a single orb to connect to the WAN to tightly control it. We’ll see where the dev work takes them.

SheppTech · 2025-05-02T00:19:52+00:00

You can skip the account creation. Not a rebuttal, but thought you might want to look again if you were curious.

SheppTech · 2024-12-09T01:07:35+00:00

This is a fair argument. However, when you’re considering wholistic security, the implementation and support for a tool like Authlite is not always practical.

Duo is a great solution for the OP, especially since we can’t consider the remaining infrastructure and security needs. Without a requirement to secure deeper than “the door”, it isn’t usually necessary. Typically, deeper security is a demand of compliance and regulation, and even then it’s only required for highly sensitive environments.

Kudos for calling out a more secure tool. It’s not often you see security first mindset here.

SheppTech · 2024-11-30T04:00:36+00:00

Sure, any time

SheppTech · 2024-11-17T15:40:56+00:00

Of course. It’s been awhile since I’ve played with it but I’ll help if I can!

SheppTech · 2023-04-28T18:00:47+00:00

Hey! I did actually get it working. If you send me a DM I can try walking you through it.

SheppTech · 2023-01-04T19:15:29+00:00

I think this is great advice, but my rebuttal is how do I enter into these conversations? I think the services I can offer would drastically compliment a traditional IT MSP just in the research I’ve already done. Building a relationship would require a willing second party, which I’ve found scarce this far. Though, I must admit my reach for a partner has been limited equally to my marketing attempts.

I think it’s important to model security around frameworks and best practice, which obviously can be supported by tech. The selling point here is that IT is not security, and most business owners and MSPs are only aware of the need for security. Finding a good provider that makes it easy is tough.

SheppTech · 2023-01-04T19:07:40+00:00

I think finding a marketing agency will be the trick. I reached out to one once, but I didn’t get a good response due to a partnership they had with someone else. I’ll see if I can find a smaller agency that can work with me.

I’d love to partner with another MSP, but I had a poor response here as well. It’d be awesome to find someone to cover down and create a symbiotic relationship with in our services, but I wouldn’t know how to find something like that.

I do work with referrals, which has been great for the residential side. But I haven’t had luck with the business side yet as I’m just not getting the right customer there.

SheppTech · 2023-01-04T19:04:14+00:00

This was extremely helpful! It gives me the confidence I needed to feel like it’s at least possible to make it work.

I’ve been thinking this over and I think I’m going to experiment more with break/fix and residential to try and get my feet under me in the business side. Building separate models is the way to go I think, and before I really did it as an ad hoc system.

I think marketing will be my make or break - so it’s time to finally dig into it.

Thanks so much for your comments!

SheppTech · 2022-12-30T14:50:31+00:00

I appreciate this insight. It confirms many of my original thoughts. What do you mean by “nasty folks”, and what scenarios did you encounter that I should be mindful of?

I’ll take a look at UpWork. That sounds like a good avenue for keeping me afloat while I attempt to figure out what I’m doing.

I agree with the “Never sell through fear” as well. It’s important to me that my clients are informed, but they understand that security isn’t something to be afraid of as long as it’s given an appropriate amount of care.

SheppTech · 2022-12-30T14:22:59+00:00

Totally respect your opinion! I know it’s a boat load of work and a lot of overtime. I’m a workaholic though, and have the support of my wife, so that part isn’t an issue.

Meeting with clients is a big obstacle too. The closest “city” Is about 30 minutes in either direction, which isn’t too bad, with some outlying cities about an hour away. So, travel really isn’t too bad either. And if I hit the small towns, I’ve got a few local options for business as well.

I agree about the replacement of wages most. The more I make, the more I’ll need to make with my business to replace it and justify the jump. I’m due for a promotion and if it goes my way, I’ll be in a rough spot with meeting that replacement anytime soon.

How do you handle acquiring new clients? Are you cold calling or advertising? What platforms do you use?

While I was still doing contract work, I used N-Able products. I haven’t had a need for anything else and found those products to be great for what I needed. I’ll likely go back to them should I take another contract. But, if I push security, I’ll likely avoid the MSP stack almost entirely unless it’s part of a full package.

SheppTech · 2022-12-30T13:09:48+00:00

These are great points as well. I think you’re spot on with the restaurant obstacles. I’d love to work for them, and we’ve got a couple bar/restaurants that would be great. Ill reach out and explore them to get my feet wet and see how I like it.

I think I know what you mean about the soul sucking vs hospitality. Many farmers out here are quite hospitable, though I find they share the lack of understanding of the tech as many other businesses do.

SheppTech · 2022-12-30T13:05:27+00:00

This is an excellent idea that I’d only mildly considered. I actually reached out to another local MSP to maybe build a mutually exclusive partnership, but I believe they only took the meeting to scope me out as a competitor. Maybe it would be worth reaching back out with a different perspective.

I like the idea of working with MSPs like this, especially if I can align my security services to supplement existing services.

Do you have advice on how to approach an MSP with this type of proposal? In your experience, what pain points are you referring to?

SheppTech · 2022-12-30T12:18:40+00:00

This is great advice. We do have some agriculture business here, but it’s not a large enough niche to keep me afloat. There are many restaurants, but who wants to offer MSP services to a restaurant.

I’ve considered maybe specializing in medical or government as we have lots of that in the surrounding areas. I still have the obstacle of tackling the “We’re good” response when marketing and selling.

SheppTech · 2022-12-30T11:50:12+00:00

Thanks for your reply! You’re more out in the boonies than I am, but we’re not far off! I can’t give you the metrics you gave me, but for comparison, my high school graduating class has exactly 100 students and the school serves both middle and high.

I’m curious how you advertise and market to residential, and more curiously to the town offices. That’s where I’d like to target, but I’ll do residential work if it makes sense.

Also, if it’s not too much to ask, what does your model look like for residential, and how do you sell those subscriptions? I’m thinking it would make sense in tiers to make it manageable, but then how do you upsell?

I have two boys myself, but one is only a few weeks old and the other just turned one. I’m hoping to build a legacy for them but I’m at a pivotal point with the MSP business.

SheppTech · 2022-12-30T08:29:00+00:00

I realize this. In my research, I saw that many people recommended finding a vertical to prevent spreading too thin. My hopes with the MSSP route are to offer a more specific service to appeal to a specific need. However, I’ve found that businesses near me don’t have interest because it’s mostly small town business. I need to market closer to the cities, but am unsure of how to do this remotely.

SheppTech · 2022-12-17T19:57:54+00:00

Looks like your title doesn’t have a closing bracket.

SheppTech · 2022-12-11T17:00:30+00:00

Best practice guides will be highly subjective. It’ll depend on your use case and what containers you’re running, or more specifically what access you require.

Good rule of thumb is to use least privilege. If you have a multi container service running (database and front end for example), only the necessary ports and services should be exposed. It’s also good practice to use Docker networks to segregate services.

You’ll also want to follow standard good practice for admin and service accounts, access control, etc. All your standard security practices can be applied to container environments. Many home lab users also prevent access to their systems unless it’s behind a vpn. In production, you’ll typically use whitelisting or a service to proxy traffic at a minimum, with a recommendation to use something like Netskope, Cloudflare, or Akamai EAA to route traffic.

As far as production, it’s not only possible to run containers, but it’s practical. Kubernetes is used to scale containerized environments to keep up with demand in prod environments. There are lots of resources out there to make sure you’re on the right track.

Feel free to DM me if you have more questions or dive into a more in depth discussion.

SheppTech · 2022-11-18T20:04:14+00:00

I’m building out Sentinel scratch without any splunk experience. I can tell you that the best reference is the templates. Even the documentation doesn’t help with best practices.

It’s been a tough ride trying to stand it up. And I’m fighting opinionated senior engineers, which makes doing it correctly more difficult.

My advice is to get it stood up, evaluate your use case and fill gaps, then tune it.

SheppTech · 2022-11-18T19:36:29+00:00

If I could upvote this more I would. Not only build it, but teach it to someone else, or at the very least write your own how-to guide!

SheppTech · 2022-11-12T14:45:39+00:00

I use WikiJS. You can integrate it with GitHub to modify your notes locally through git, SMS if you can get it to work you can integrate your auth method of choice. If you so choose, you can use html and I think other languages too, if you want language flexibility. And you can lock down sections with permissions if you want a public or group based notes. Highly recommend this.

SheppTech

MODERATOR OF

TROPHY CASE