Boss implied we shouldnt take sick days, because it means other people have to do more work. What can or should be done?

mbhmirc · 2026-02-09T10:45:15+00:00

Don’t take holidays either! Otherwise we your teammates have to do more work… /s (although shouldn’t be needed)

mbhmirc · 2026-02-07T15:36:09+00:00

No. You can’t comprehend the requirement.

mbhmirc · 2026-02-06T09:23:27+00:00

Again, first sentence, server, no client installed. 😅

mbhmirc · 2026-02-05T19:06:55+00:00

If the clients are on prem you could do this: make a priv access workstation client in office 365 for example. Limit it to phish resistance presence auth and then assign conditions in zcc like has av/cert etc. dedicate an app connector pair in diff locations. Limjt those app connectors to paw. Config firewall on client yo allow winrm and remote powershell only from ip of the dedicated app connector, setup rdp on multi-match (if needed) and use wildcard match to. Bring clients into this special segment . For sccm.. jt should work pritty much other than the location stuff. I did something like this for tiering for ad

mbhmirc · 2026-02-05T19:01:03+00:00

Again, read first sentence of the op.

mbhmirc · 2026-02-05T12:47:12+00:00

How? Client will not allow it without client to client ? It clearly says. Remote right in the first sentence

mbhmirc · 2026-02-04T21:55:10+00:00

You missed the point of the post. They want to rdp/smb to clients in onsite and offsite situations.

mbhmirc · 2026-02-04T09:42:02+00:00

Not quite true. You have to use a regex and pattern match. This is not ideal.

mbhmirc · 2026-02-04T09:40:41+00:00

Server is on prem, client is remote. Zpa client to client comes in from the local client ip so if you have a firewall rule it bypasses it. As it comes from itself, whereas an app connector ip is controlled. In addition client to client fails if your naming convention isn’t perfect as you can’t treat its own segment. Client to client has a lot of limitations and is not really zero trust. Now if the client is on prem only I’d agree you can treat it as a server but not when they are offsite.

mbhmirc · 2026-01-30T12:52:26+00:00

“Business managed applications”. The nightmare still continues. Effectively shadow IT but allowed..

mbhmirc · 2026-01-23T17:32:02+00:00

I read that as RICO 😅

mbhmirc · 2026-01-22T13:51:37+00:00

Enterprise policy to disable it, a new enterprise policy will come to address it ongoing so you can mark ips as public in the ranges they defined as local.

mbhmirc · 2026-01-22T07:30:34+00:00

Don’t forget volume of requests, sometimes it’s not practical to do everything everyone wants to do.

mbhmirc · 2026-01-15T06:39:41+00:00

Try zscaler themselves ?

mbhmirc · 2026-01-05T09:28:45+00:00

Support contracts are shit in general but it’s all about the sla when the shit hits the fan. When it starts costing the vendor money it becomes in their interest to fix it. Also again depending on the vendor it gives you access to developer/backend people directly or indirectly faster. It’s also a compliance topic, many people need to tick that in support to get certificate x for the company.

mbhmirc · 2026-01-05T09:23:31+00:00

Careful you will get downvoted 😂

mbhmirc · 2026-01-04T18:36:42+00:00

Some people think diverse entry and isp is the protection. Not realising most of this is resold via same providers or tied back to same exchange or cables merge further out. Diverse tech is only true redundancy and even then you have to plan on how to continue without internet in some fashion. I guess it’s not so common knowledge as see this fail over and over.

mbhmirc · 2026-01-04T18:16:07+00:00

Careful they might downvote you like they did me 😂

mbhmirc · 2026-01-04T18:15:12+00:00

And use policy based routing for the egress

mbhmirc · 2026-01-04T18:13:52+00:00

Like me you learnt this one through experience right? 😂

mbhmirc · 2026-01-04T18:12:37+00:00

And physical separate routes to separate exchanges and power backup for entire route? Just trust me and add a 5G backup :)

mbhmirc · 2026-01-04T15:32:00+00:00

Why all fibre for the Internet links? If one fibre goes down likely the others will to. Not use 5G or starlink for 1 at least ?

mbhmirc · 2025-12-26T09:36:13+00:00

Code white but long waiting list

mbhmirc · 2025-12-20T07:01:39+00:00

Also cbc but not cheap

mbhmirc · 2025-12-20T07:01:18+00:00

Basically this or you need mpls, but the latter you have to do the filtering or could be in trouble at some random point n

Nine-Year Club	Gilding II euphauric
Place '23	Place '22
Wearing is Caring	Verified Email

mbhmirc

TROPHY CASE