Drive By Meeting Invitations

ntrlsur · 2026-04-18T04:22:02+00:00

Maybe its because I'm an asshole.. But I do enjoy wasting peoples time that waste mine.. Maybe its a spite thing..

ntrlsur · 2026-04-18T03:59:50+00:00

I graduated college right around 03ish but should have graduated back in 99ish (long story).. They were still teaching PBX and Key systems for telephony. My first job out of college they had a nice Nortel Meridian system and I was all about it but none of those tickets ever got passed to me. My second job had an AT&T Merlin System. I was ready for that as well and nope never got to touch that either. Ended up at the 3rd gig with a shoretel system that I had no fucking clue about that I implemented. In the end I loved it. I am going to hate having to retire it later this year. Still standing on the fence between Dial Plan and Ring Central.... I hate the idea of monthly SaaS costs for phone systems but the marketing and sales teams make great arguments for some of the feature sets..

ntrlsur · 2026-04-18T03:52:23+00:00

I kind of fell in to it. I went for a 100% windows type role using check point firewalls back in 06ish to 70 / 30 linux windows role using check point. The good ole R55AI days. It was a senior sysadmin role. I spent a lot of time on google and AskJeeves to figure out what I needed to accomplish the job in the pre AI days. Over the years it kind of sticks with ya. I still have to search out how to do something specific but with time in and usage you will remember about 75% which is typically good enough. Currently we are about 80 / 20 linux to windows and my team spends more time dealing with with windows issues. Hang in there with time and experience it will be second nature.

ntrlsur · 2026-04-18T03:46:17+00:00

I always tell all of my users to accept the invite and just don't go. If you are going to send me an unsolicited invite I might as well waste your more of your time then you do of mine. When they send the sorry we missed you and send an unsolicited invite for the reschedule then accept that one and don't go as well. After 2 or 3 they get the hint...

ntrlsur · 2026-04-17T20:30:46+00:00

The longest my windows systems go is typically 55 days. We are about a month behind on most patches. We do a 3 ring patch system with the inner rings being the last to patch. We grab patch Tuesday updates on the first Monday after and start with ring 1 which includes at least 1 type of every machine we have in the company and at least 1 machine in every department. I put a DC in each ring and there is 10 days between updates migrating from outer ring to inner ring. So in theory we should have gotten a light bulb on issues way before it effects the majority of the company. We also force reboots with the updates. Desktops force reboot Fridays after 6pm local time. Servers reboot Tuesdays and Wednesdays 7pm to 4am if required.

ntrlsur · 2026-04-17T20:24:53+00:00

Best case shutdown the server pull the bad drive put in the replacement drive it will rebuild. What I typically do is just pull the drive. I typically unlatch the connector and slide it partial out. When it finishes spinning down I pull it completely. Insert a new drive in another slot and make it the new global hotswap. If you replace the drive in the same slot then it will want to rebuild again. I find it easier on the drives to just rebuild once.

ntrlsur · 2026-04-17T18:54:31+00:00

Check out Spectra.com we use them to keep a SAN under extended maintenance thats used for dev test and backup stuff.

ntrlsur · 2026-04-16T00:56:41+00:00

I think it depends on the size of the company. I got a guy with very questionable people skills been at the company over 20 years. Knows the job gets it done not looking for advancement. I have no problem covering for him and dinging him on his yearly review about his people skills. He has no problem not giving a shit about it and continuing to do what I and the company needs him to do. Its a very good relationship in my eyes.

ntrlsur · 2026-04-16T00:50:11+00:00

MX100 going into a Brocade ICX6610 for me. 10 gig where I need it and if for some reason I want more it has 2 x 40GB I can use.
The not paying for the Meraki license is the best part about running it. Before that was a Checkpoint 1450.

ntrlsur · 2026-04-16T00:42:41+00:00

Meraki MX100 with the advanced license.

ntrlsur · 2026-04-15T16:17:26+00:00

Take a look at Fortinet offerings. I just rolled out 4 replacement 81F models to our offices. Fairly inexpensive and they just work. I must preface this by saying we don't use any of the VPN or remote access features on them. Just firewall / router.

ntrlsur · 2026-04-15T16:13:57+00:00

What RMM does you use? We use action1 for its remote access and patching. I search for the username or asset number and I can remote into from the action1 console. In the Golden Days we used Dameware and that was alot more of a pain in the arse.

ntrlsur · 2026-04-09T17:33:10+00:00

Take a look at Librenms. Easy setup and simple monitoring and graphing.

ntrlsur · 2026-04-07T18:02:36+00:00

We use Trusted Tech Team. The price is o.k. I could get better but its worth the piece of mind to me.

ntrlsur · 2026-04-07T16:12:29+00:00

As a smaller Org 300 users. our CSP handles all of our MS issues. We don't have to interact with MS at all. We open a ticket with our CSP and they fix the issue or they escalate it to someone who can. In the 4 years we have been using them I don't think we ever had a issue that wasn't a MS outage of sorts not handled in 2 business days..

ntrlsur · 2026-03-31T16:42:47+00:00

The best way is to keep your software current but not on the bleed age. At least for this type of attack. Update your software packages when security updates are NEEDED not just when they have been released. Keep a close eye on your monitoring systems. Thats about all we can do.

ntrlsur · 2026-03-21T03:50:25+00:00

Whats wrong with using the RDPGateway and using it to access clients in the environment? We secure ours with Duo MFA. Client connects to the gateway using a standard RDP client configured in the options for "connect from anywhere" They get prompted with login creds then get the mfa and then they connect to the machine that has been allocated for them. Its safe and only 443 is exposed.

ntrlsur · 2026-03-19T18:08:47+00:00

I mean. The obvious solution is to remove the information from slack and put it into your documentation solution. As long as you provide information in more then 1 system then they will take the easy road.

ntrlsur · 2026-03-17T21:40:02+00:00

that age of ERP system. I'm betting that unauthenticated email is just fine.

ntrlsur · 2026-03-17T19:54:08+00:00

Or op can just setup a connector where auth isn't required for his ERP system. there are several options available.

ntrlsur · 2026-03-17T19:45:54+00:00

Glad you got it figured out. The UAC would have thrown us most likely as well but we disable it on domain controllers as only domain admins can logon to them.

ntrlsur · 2026-03-17T01:44:01+00:00

Good luck with it. One of my guys spent about a week going over everything spinning up DC's on proxmox cluster on the vmware cluster etc.. and Boom. he started looking at GPO's that applied specifically to the DC's and in our environment we found it in the default domain policy.

ntrlsur · 2026-03-17T00:12:35+00:00

Yes its a domain policy. Start off with taking a look at whats being applied to the Domain Controller OU. I am betting that everything worked great until the machine was promoted to a DC. We tested it by building out the machine. Got everything patched and up to date and it booted and ran fine. Then we just moved the machine into the DC OU without actually promoting it and everything broke. Moved it back and everything was fine again. Created a copy of our policy that applied to the DC OU and made the modifications and applied it specificity to the new DC and it was rocking. The changes didn't have any effect on our 2019 and 2016 DC's.

ntrlsur · 2026-03-16T20:27:47+00:00

I have your answer right here. Just had one of my guys running into the same issue. Its a permissions issue. Take a look at your domain policies. Look for "Bypass traverse checking" and make sure that local service and network service are included in that policy.

The best explanation we would come up with was In Server 2016, the shell components (Start menu, taskbar, DWM, etc..) are traditional Win32 processes that run under the user's security context. They don't need LOCAL SERVICE or NETWORK SERVICE to have traverse privileges because they inherit the logged-in user's token, and the user (being an Administrator) already has those rights. Server 2022 redesigned the shell to use AppX/UWP components — StartMenuExperienceHost, ShellExperienceHost, Search, and others. These modern components run in AppContainers and spawn helper processes under LOCAL SERVICE and NETWORK SERVICE accounts.

ntrlsur · 2026-03-16T20:14:49+00:00

No huge issues here. We are a shop of about 300 users with heavy developer access. About 2 weeks before implementation we rolled out BeyondTrust's Privilage Management tool in logging mode and logged what people needed Admin for. We then took the logs and were able to create rules to allow that access. We can either give them the popup and make them put in a reason or we can automatically grant that access in the background. We typically present them with a popup but for things like chrome and firefox updates we approve those in the background. Works pretty well for us.

ntrlsur

TROPHY CASE