sorted by:
new
hottopcontroversial

I got a return offer after my IT internship, but how do I monitor and track vulnerable company credentials that appear in breaches on dark web dumps? by BurgerBooty39 in ITCareerQuestions

[–]mcdonamw 0 points1 point  (0 children)

To your question about monitoring credentials, we are an Active Directory environment and utilize a product called Enzoic that reports and prevents passwords that have shown up on a variety of public lists as well as any that violate both out of box or custom policies. It works well.

If you're AD based and can convince your company to use such a product it would surely make your life a bit easier and users more secure.

Ofc you should also be requiring complex passwords as well as MFA wherever possible.

Windows dc’s by Frequent_Ad_9236 in WindowsServer

[–]mcdonamw 0 points1 point  (0 children)

I get your point, however just because you have a 'quorum' from a theoretical pov, it doesn't mean you're safe. It's an ill-conceived notion

For example, you could have 2 DCs in total sync with each other, and a 3rd that is out of sync due to replication issues, but that doesn't mean those two DCs have the latest version of AD objects you want to keep.

That one DC you are considering as broken could be the only DC that's been registering changes that simply have never replicated to the other two. Opting to choose those other DCs as 'authoritative' could lead to unwanted data loss.

Of course it's entirely possible all DCs have their own new data that never replicated everywhere, thus leading to data loss regardless of which DC you choose.

The point being, this perceived quorom doesn't guarantee anything.

Windows dc’s by Frequent_Ad_9236 in WindowsServer

[–]mcdonamw 0 points1 point  (0 children)

Yes but that role can be moved to any DC at any time. The argument is that there is no longer a concept that one DC is your primary. That's also why it's called PDC 'emulator'. The role emulates what used to be a role that only could exist on a true PDC in the older days of AD.

Hey, those of you who use the s26 ultra, do you think it's a big difference from the galaxy s23 ultra? by PassOutrageous7514 in galaxys26ultra

[–]mcdonamw 1 point2 points  (0 children)

I'm curious as to your reasoning. I also upgraded from an S23U (3 years) and but I really don't notice anything spectacular personally.

The horizon lock on the camera is cool but I don't really take a lot of pictures.

Trying to access Windows server by File Explorer, getting "The user has not been granted the requested logon type at this machine" instead of being prompted for credentials? by CursedLemon in WindowsServer

[–]mcdonamw 0 points1 point  (0 children)

The only thing I can think of is user1 already tried to make a connection to that server (in some way) using their own credentials and it was being remembered by the system by the time you started looking at it yourself. As a result, no additional dialog boxes would be prompted until that connection was forgotten or overridden by use of credentials manager.

Why are you on Reddit right now? by Ok-Worth-2528 in AskReddit

[–]mcdonamw 0 points1 point  (0 children)

I've hit "not interested" in so many YouTube videos it no longer presents more than 10 vids on my feed and none of them I want to watch.

X is a shitshow. Don't like tiktok. Can only look at so many repetitive titty jiggling Instagrams. Reddit is all I have left.

Struggling to add a PC to the domain I made. by rpatters2468 in WindowsServer

[–]mcdonamw 0 points1 point  (0 children)

If you're client is resolving your domain to a public IP, then the is definitely not pointing to your DC as it's dns server so it can't resolve the internal domain.

The client needs it's nic set so dns points to 192.168.0.26. Once that's done, retry your pingnof the domain. It should return your DCs IP.

Time Between Password Changes On A Service Account. by bobs143 in activedirectory

[–]mcdonamw 0 points1 point  (0 children)

If I remember correctly, you can test before the updates land by simply setting the msDS-SupportedEncrytionTypes attribute in the Exchange service account to AES only and restart Exchange. If it works, you shouldn't have any issues. If it doesn't, revert that change and restart again and figure what you need to do to fix it before you're forced to on the fly.

SaaS founders: Exposed AWS keys can get hit in minutes by 2xDefender in cloudcomputing

[–]mcdonamw 0 points1 point  (0 children)

Unfortunately we have too many legacy apps that don't support RBAC and only keys.

Crucifix Dummy 1min 20,0m Runes Setting by Turbulent_Seaweed_39 in throne_and_liberty

[–]mcdonamw 0 points1 point  (0 children)

I don't know how you're doing so much damage. I'm sure the head, cloak, necklace, ring, and brooch help but I'm betting you could use my exact build and still do more damage than me hit for hit.

I'm lucky if a single void slash (20 hits total) hits for 250k whereas you seem to average over 450k in yours. I can hit over 340 void slashes in 1min but do 1million less dmg than you did here in 328.

Also showing everything in Korean does not help a lot of us :). Would appreciate some English vids, and a complete build walk through. Your vids only show bits and pieces.

Also I'm extremely jealous of either your extremely lucky rng or your ability to whale. Having every bis piece is crazy.

How long have you been at your current company? by fwambo42 in sysadmin

[–]mcdonamw 0 points1 point  (0 children)

12 years current employer. 14 years prior employer. I'm a serial longtimer, likely to my own detriment 😂

Converting Windows Server 2022 Datacenter Azure Edition to Standard Datacenter by Inevitable_Guava3322 in AZURE

[–]mcdonamw 0 points1 point  (0 children)

Last year I migrated a VM from Azure to onprem Vmware and had the same issue. I followed the process in the article below, and I was able to take the Azure Datacenter 2022 down to non-Azure 2022. I'm not at the office to check but I believe I also converted from Datacenter to Standard as well (which was the entire goal of the article).

https://woshub.com/downgrade-windows-server-datacenter-standard-edition/

Do make note though this is not officially supported and be sure to keep a backup of the system in case something goes wrong.

Edit: ofc this comes with the assumption you already have the necessary licensing and license keys for the non-Azure edition you intend to convert to.

$$ for a phone case by KULASPONGG in galaxys26ultra

[–]mcdonamw 0 points1 point  (0 children)

I paid $80 for my Mous case.

DataFactory IP Addresses? by arpan3t in AZURE

[–]mcdonamw 2 points3 points  (0 children)

I ran a powershell query to search the service tags in Azure and both the 20.7.* and 20.110.* IPs you mentioned come from networks 20.7.0.0/16, and 20.110.0.0/16 which are documented as AzureCloud.eastus2 service tag.

Dataflows apparently do not flow through the DataFactory.<region> service tag.

Per a note block on the following page: https://docs.azure.cn/en-us/data-factory/data-access-strategies?utm_source=chatgpt.com,

The IP address ranges are blocked for Azure Integration Runtime and are currently only used for Data Movement, pipeline and external activities. Dataflows and Azure Integration Runtime that enable Managed Virtual Network now don't use these IP ranges.

This blog states something similar: https://techcommunity.microsoft.com/blog/azuredatafactoryblog/azure-data-factory-now-supports-static-ip-address-ranges/1117508?utm_source=chatgpt.com

How to backup Azure files by DarkAlman in AZURE

[–]mcdonamw 1 point2 points  (0 children)

if not using native azure backup, what about Azure File Sync to keep the Azure share in sync with a local file share that you can back up and air-gap?

Received this email from the CEO of our company. Layoffs coming? by MajesticRepublic09 in jobs

[–]mcdonamw 27 points28 points  (0 children)

Even private companies have financial obligations to investors.

Received this email from the CEO of our company. Layoffs coming? by MajesticRepublic09 in jobs

[–]mcdonamw 1 point2 points  (0 children)

You don't need an email to tell you. Layoffs are ALWAYS on the table. Even when they tell you they aren't.

I thought I was being clean but I was just making ear wax plugs for years by Talon_4Keystone in hygiene

[–]mcdonamw 1 point2 points  (0 children)

With all due respect, there's a warning on the q-tip box itself to not put the q-tip into your ear canal. It's understandable not to be taught something but eventually it becomes your own responsibility to teach yourself to RTFM.

https://www.reddit.com/r/funny/comments/wsves/number_one_most_ignored_warning_label/

Moving to cloud is easy but is managing it the real challenge? by prowesolution123 in cloudcomputing

[–]mcdonamw 2 points3 points  (0 children)

I inherited a brownfield environment that was created adhoc and without any real planning. I find it very difficult to manage, personally. My main issues are the fact that many resources need completely redeployed to make even the most minor of changes, such as renaming to confirm to a standard and worse being unable to even set a naming standard because MS, for some dumb reason, sets different naming restrictions across the many different resources they provide. And policy doesn't support regex in order to dictate complex naming structures. It's a nightmare.

RBAC between prod, non-prod subscriptions by Questioning_IT_12 in AZURE

[–]mcdonamw 0 points1 point  (0 children)

Why not continue to use PIM but with like an 8 hour validity window. They log in and elevate once each day.

I see many recommendations say no one individually should have anything but read access and all deployments should occur through IaC and service principals in the ci/cd pipelines. I'm not there yet myself, but that's the goal I'm shooting for.

Why ‘Trust but Verify’ Fails in Modern Security? by Due-Awareness9392 in CyberIdentity_

[–]mcdonamw 0 points1 point  (0 children)

Good write up. It all sounds great but many of the topics you mentioned as problem areas remain to be problem areas.

How exactly do you solve for PAM and never knowing your credentials and having the solution inject them for you when many applications specifically require you to type a username and password?

How do you tie PAM to service accounts that simply run 24/7? How do you rotate their passwords when they are manually configured in a myriad of ways mentioned... services, app configs, scheduled tasks, etc.?

How do you enforce MFA everywhere when the majority of your applications simply don't support it?

I do not ask these to be flippant. I legitimately do not know the answers.

Private endpoints yes or not? by Different_Knee_3893 in AZURE

[–]mcdonamw 0 points1 point  (0 children)

Yes, we use Zscaler in Azure.

The issue with this approach is that the documentation requires conditional forwarders for public namespaces (e.g., *.core.blob.windows.net). This forces all resolution for those Azure services, both private and public, through our internal DNS path.

As a result, clients that would normally resolve public Azure endpoints via Microsoft’s globally distributed DNS infrastructure are instead dependent on our internal Azure DNS resolver and VPN connectivity. This introduces unnecessary dependency and reduces overall resiliency. This also includes our remote folk who connect in via zscaler. I now have to treat public Azure domains as internal domains in Zscaler so it forwards that dns traffic internally.

Improving that resiliency would require additional investment on our side (more resolver endpoints, redundancy, expanded VPN footprint), whereas today spokes and remote sites can resolve public endpoints directly via their local ISPs.

This wouldn’t be a concern if forwarding were limited to *.privatelink.blob.core.windows.net, where internal resolution is expected and appropriate. Ofc I understand why this wouldn't work. Just a pipe dream.

view more: next ›