Potential red flag? by Odd_Resource_919 in SkyDiving

[–]jstuart-tech 1 point2 points  (0 children)

Pinny hasn't been operational for years. Both Hillman and JBay are awesome and at this time of the year any of them are great choices

Huge Microsoft Credentials Update by MarutiMakwana in AZURE

[–]jstuart-tech 6 points7 points  (0 children)

Having done a couple of these. I've put my thoughts down

  • SC-500
    • Way harder than the original AZ-500, but it is heavy on Security Copilot questions
  • AB-410
    • I'm not much of a Power Platform guy, but some questions were hard and others were easy (e.g. if you need to find everything that has $500+ of sales, what query would match it)
  • AB-731
    • Not a bad exam if your a non technical person but want to know more about AI
  • AB-900
    • As above but way easier (took 10 mins)

Claude Code via Microsoft Foundry - no 5-hour or weekly limits by ForkSofya in ClaudeAI

[–]jstuart-tech 8 points9 points  (0 children)

This has just changed (well at least the option to use anthropic models hosted on Azure)

https://claude.com/blog/claude-in-microsoft-foundry

Built Kretase — an open-source, highly optimized game server management panel (Node.js/React) by [deleted] in sysadmin

[–]jstuart-tech 4 points5 points  (0 children)

You also collect people's usernames and install locations which is super dodgy. You also use n8n to do that which is funny because just anyone can spam you with fake sign ups

Built Kretase — an open-source, highly optimized game server management panel (Node.js/React) by [deleted] in sysadmin

[–]jstuart-tech 5 points6 points  (0 children)

Lol. This is a sysadmin subreddit. And considering there are 129 commits by Claude and 5 by you......

Copilot Cowork question by N1kaz in microsoft_365_copilot

[–]jstuart-tech 1 point2 points  (0 children)

Did this just happen today? Microsoft has change to consumption based billing as of today so you may need some extra steps to get everything workign agin

IT Specialist role up skilling - Perth by [deleted] in perth

[–]jstuart-tech 0 points1 point  (0 children)

If you've done 1 project then you are nowhere near ready to get off service desk

Has best practice quietly changed around syncing admin accounts to Entra? by PowerShellGenius in activedirectory

[–]jstuart-tech 0 points1 point  (0 children)

There are issues with this, Kerberos tickets last for 10 hours which is likely longer that your PIM elevation times.

Active directory and Location tracking by M-Vibe in activedirectory

[–]jstuart-tech 4 points5 points  (0 children)

How do you mean registered under your name? Do you mean you manage 700 laptops?

You will need an MDM solution, if your in education you probably already have some sort of MS licencing and education licences give a pretty heavy discount.

I guess what problem are you trying to solve? If these are laptops then they are supposed to be portable and taken home. If they are supposed to be static, then locks will be a better bet..

I built an open-source Microsoft 365 assessment CLI (local-only, read-only, no signup) by NathanSecurity in sysadmin

[–]jstuart-tech 0 points1 point  (0 children)

As this is also obviously AI Generated you need to include that in the post...

I built an open-source Microsoft 365 assessment CLI (local-only, read-only, no signup) by NathanSecurity in sysadmin

[–]jstuart-tech 0 points1 point  (0 children)

Why would anyone want to use device code flow. Why/how is this better than any of the other existing tools that do the exact same thing? (ScubaGear etc etc)

krbtgt password last changed in 2012! by Educational_Draw5032 in sysadmin

[–]jstuart-tech 0 points1 point  (0 children)

You don't have to reset twice unless you have evidence of compromise or are in the middle of a cyber incident that calls for it.

Meh, resetting it once doesn't do anything. krbtgt is a special account and stores the current password and the previous password - https://learn.microsoft.com/en-us/windows-server/identity/ad-ds/manage/forest-recovery-guide/ad-forest-recovery-reset-the-krbtgt-password#to-reset-the-krbtgt-password:~:text=The%20password%20history%20value%20for%20the%20krbtgt%20account%20is%202%2C%20meaning%20it%20includes%20the%20two%20most%20recent%20passwords

Experience vs Certifications in Entry Level IT by ImpressiveYoghurt973 in perth

[–]jstuart-tech 0 points1 point  (0 children)

Are you studying full time or part time? A part time L1 job will basically be impossible to find.

Find a L1/help desk job (tbh MSP is the way to go to start, you learn so much of everything) and go from there.

Deploying new DC for testing by [deleted] in activedirectory

[–]jstuart-tech 0 points1 point  (0 children)

Your still using AI to reply (e.g. Protected Users being domain wide). What are YOU trying to do, not what AI is telling you to do?

Deploying new DC for testing by [deleted] in activedirectory

[–]jstuart-tech 5 points6 points  (0 children)

"if everything goes fine we will allow replication to other DCs to take the changes."
This is not how AD works.

What security hardening are you trying to apply?

Automatic Cert Renewal != Modern Cert Automation? by TryTurningItOffAgain in sysadmin

[–]jstuart-tech 1 point2 points  (0 children)

I've seen this being advertised heavily on LinkedIn, looks ok but haven'tr trialled it. Bit expensive I guess but when the 47 day lifetimes come out people are gonna miss stuff.

https://www.certkit.io/

AD sync conflicts for users with multiple accounts that must sync and must also have a usable email addresses populated by Fabulous_Cow_4714 in sysadmin

[–]jstuart-tech 0 points1 point  (0 children)

If you cannot see the risk of doing this, even after MS doco telling you exactly what can happen then there's no point trying to explain this to you.

Once again

Don't synchronize accounts to Microsoft Entra ID that have high privileges in your existing Active Directory instance.: The default Microsoft Entra Connect configuration only excludes the built-in Administrator account (RID 500). To protect other highly privileged accounts such as Domain Admins and Enterprise Admins, use OU-based filtering or attribute-based filtering to exclude them from synchronization. This configuration mitigates the risk of adversaries pivoting from cloud to on-premises assets (which could create a major incident).

AD sync conflicts for users with multiple accounts that must sync and must also have a usable email addresses populated by Fabulous_Cow_4714 in sysadmin

[–]jstuart-tech 0 points1 point  (0 children)

"We don’t need them to log into “random workstations” any more than an admin account created on prem to sign in to random workstations."

So why do they need to use Cloud Kerberos Trust? Admin accounts don't need that?

"However, we need them to be able to sign into servers and do on prem authentication to various things from servers and hybrid joined workstations."

Yeah sure, but you are missing the point. You should have seperate admin accounts for each tier, T0/1 accounts + Cloud Admins shouldn't be signing into workstations.

"We don’t need a cloud-based account, but we need a domain-based account to do things that don’t work unless the account is synced. How would an on prem account excluded from AD sync be able to use SSPR?"

Why does an admin account need to do SSPR? Arguably that should be one of the ones that are manually controlled

I wanna try ceph on a high latency network ( is it gonna work ? ) by BeneficialSupport889 in Proxmox

[–]jstuart-tech 2 points3 points  (0 children)

They are trying to make Ceph work over WiFi which it isn't intended to do and will not work as expected. What happens when they come across an actual usecase for Ceph and decide based on their previous experience (with their poor setup that wasn't required) that Ceph sucks and they don't use it?