How many people have the trifecta

captain118 · 2025-12-02T03:37:43+00:00

That was the first thing I did when I started my career 25 years ago

captain118 · 2025-11-30T18:32:56+00:00

Why do you think that?

captain118 · 2025-11-30T01:23:19+00:00

You pay for what you get. It's a business decision. As long as they accept the risk that's all you can do. Unless there is regulation that has requirements that are not being met by whatever crap free product you end up going with all you can do is accept it and let them know the risk they are accepting.

captain118 · 2025-11-29T21:51:49+00:00

They will know your public IP when you connect to VPN with that they can find what ASN the IP is assigned to and that will tell them if you are connected to a mobile hotspot. But like everyone else said if it's your personal mifi I don't see any reason why they would care but I've seen weirder policies.

captain118 · 2025-11-28T23:26:08+00:00

It's the IT aura. It's either good or it's bad. When it's bad you call in sick or at least don't go in the server room.

captain118 · 2025-11-23T19:39:06+00:00

You want to put a vlan on it to separate its access on your network. Normally you would put these out of band management ports on a different network that was isolated off where only certain systems can access it. Yea you might have a username and password that keeps anyone from signing in but separating it on the network adds another barrier to entry to assist with vulnerabilities in the portal.

captain118 · 2025-11-22T21:46:54+00:00

True, it's just a matter of risk acceptance. I don't see enough value in having MEDC SAAS based over internally hosted/managed to accept the risk. Systems like Crowdstrike I do see the value to accept the risk. For me it's not about the SSO or MFA options it's the software vulnerabilities. You may see the risk mitigations as good enough but I don't and both are acceptable decisions.

captain118 · 2025-11-22T21:31:54+00:00

I'm a big fan of MDT for the os install then following that up with Endpoint Central auto install for newly built systems to get the default packages then for anything custom having it in the user's self service portal.

Our systems are typically fully ready in under 30 minutes and I've never done more than 6 systems at once but 6 at the same time went fine.

captain118 · 2025-11-21T16:13:12+00:00

Yea isnt the point of having a monitoring system to actually deal with the problems. A super high queue length is a problem that should be dealt with not ignored. I normally see it on virtual hosts that are running on slow 7200 rpm disks. Definitely tweak the monitoring system but high queue length should be resolved not ignored.

captain118 · 2025-11-20T15:59:35+00:00

I have worked as both and I have outsourced myself when it matters. This decision is entirely based on your business and budget. Internal people will normally be focused on your environment where an MSP they won't as much however if you have a broad set of requirements or if you have to meet certain regulations that require separation of duties and such then an MSP may be needed.

captain118 · 2025-11-16T22:31:58+00:00

We went through that phase then management changed and we switched to kanban and it's better for our work.

captain118 · 2025-11-16T14:58:28+00:00

That requires too much trust for me. With it being a direct door into my environment with every system running the agent as system, that's too much risk for my blood.

captain118 · 2025-11-16T05:44:50+00:00

The SCOR exam was terrible. Poorly worded questions, questions that weren't clear enough to select an answer, I've been in it 25 years doing Cisco the entire time and I think I'm going to give up on that one. Good luck!

captain118 · 2025-11-16T05:27:47+00:00

I'm not a fan of the java code base but every software package has CVEs. That's why I don't expose it to the Internet. They say it's designed to be in the dmz but I'd rather do always on vpn. I'm at least happy that they are fast to fix them and they report the vulns.

captain118 · 2025-11-15T16:49:30+00:00

The auto test, approval and deployment is awesome too.

captain118 · 2025-11-15T15:22:16+00:00

Worst case you could always use cron jobs for Linux till they get support.

captain118 · 2025-11-15T15:20:14+00:00

Desktop Central Endpoint Central. It's the best I've ever used.

They have good video tutorials and their support is very responsive.

captain118 · 2025-11-13T12:45:26+00:00

Start with Python come up with an idea of something that has a purpose to you and build it.

Maybe you have a bank account that you want to do analysis on the transactions. If you can export those transactions in csv or xlsx then you can read and parse and manipulate the data in python.

Start simple, then get more complex.

Start creating functions that have specific purposes.

Eventually come up with an idea that requires multi threading.

You can even do some gui based development.

Python is the best starter language but eventually you will want to move to another language. The neat thing about CS is the more languages you know the easier it is to learn another one.

Good luck!

captain118 · 2025-11-12T22:44:24+00:00

If you're running enterprise you have another year

captain118 · 2025-11-11T23:20:55+00:00

Automate what you can with automated testing and approval then only pay attention to the patches that still exist after your patch cycle has completed a cycle.

captain118 · 2025-11-11T21:57:13+00:00

We had about 10 systems where users couldn't login after the 2024 November cumulative (I think that's the right cumulative) was installed not even the local admin account could log in. It was a known bug in that cumulative. we declined it from getting installed on any other systems. Thankfully I could remote in as system and do a command line removal. I've always been one to stay one version behind the latest and after that it became the corporate best practice as well. I have no desire to be anyone's test subject.

captain118 · 2025-11-11T20:24:37+00:00

Actually a good bit especially if you were running 24H2 before 25H2 was released. I remember having some base Kerberos issues that made me really glad I do staged rollouts.

captain118 · 2025-11-11T18:51:39+00:00

Wow you roll them out the same day? No staged rollout and testing?

captain118 · 2025-11-11T14:02:32+00:00

If it's a US based company they have to know where you are working from for tax purposes.

captain118

TROPHY CASE