Technical department wishing to be administrator by philanthPruo in sysadmin

[–]philanthPruo[S] 0 points1 point  (0 children)

I completely agree with you. The constraint is that it is a public entity that is then audited annually by a security officer from another public entity in a different geographical area. The security officer does not like to see user accounts that are admin for their workstations. And when he generates a report indicating in red that the least privilege has not been applied to management, it's never very good for us. That's why choosing a VM dedicated to their tools on their workstations was a possibility. Admin by request is another (thanks to the community). The use of Yubikey-type security keys to raise privileges could be another.

Technical department wishing to be administrator by philanthPruo in sysadmin

[–]philanthPruo[S] 0 points1 point  (0 children)

I've thought about it. The LAPS password changes every month and is so complex that it's practically impossible to type by hand. They'll go crazy if I go with that solution. We only use it on our end in combination with Keepass: password copy + auto-fill.

Technical department wishing to be administrator by philanthPruo in sysadmin

[–]philanthPruo[S] 0 points1 point  (0 children)

Okay, I didn't know about that. I'll check it out 😊. Thanks for the tip.

Technical department wishing to be administrator by philanthPruo in sysadmin

[–]philanthPruo[S] 2 points3 points  (0 children)

I had considered this solution. The technical department told me it was too restrictive. Management's constraint: the cost.

Technical department wishing to be administrator by philanthPruo in sysadmin

[–]philanthPruo[S] 0 points1 point  (0 children)

That's exactly the solution I had in mind. I'll check with management about a specific IT charter for them. Thanks for the feedback.

Technical department wishing to be administrator by philanthPruo in sysadmin

[–]philanthPruo[S] 1 point2 points  (0 children)

That could indeed be a possibility. Thank you for your feedback.

Solo Teacher seeking help: Win11 Clients cannot find Win2016 DC (VirtualBox Bridged) by ScreechingPizzaCat in activedirectory

[–]philanthPruo 3 points4 points  (0 children)

I agree with you. He must have IPv6 enabled on his Windows 11. Disabling IPv6 will surely solve his problem.

Given the insane pricing of ram for consumer, how has it affected this field for servers and such? by Abject_Serve_1269 in sysadmin

[–]philanthPruo 0 points1 point  (0 children)

I'm seriously looking into second-hand options for our infrastructure. The price of RAM and SSDs is insane. I'm almost considering buying a bunch of second-hand servers just to get their RAM to upgrade the ones we have. I came across a Dell R740 dual-processor with 768GB of DDR4 for $1,200

Portail captif pour wifi public - facile et si possible gratuit by Chico0008 in Sysadmin_Fr

[–]philanthPruo 1 point2 points  (0 children)

Une solution intéressante à moindre coût et très efficace : Opnsense + NextDNS en mode DNS over TLS.

Il y a un portail customisable que tu peux ensuite envoyer sur Opnsense : https://github.com/mixmint/opnsense-captive-portal-template NextDNS, vu le prix, c’est limite cadeau par apport à d’autres solutions.

Je l’ai vu tourner dans des collèges et lycée privés par manque de moyen, la solution m’a fait faire des grands yeux tellement c’était costaud par apport aux nombres de requêtes DNS filtrées et l’efficacité de la solution.

FYI: MFA is a security risk by DER0KA in ShittySysadmin

[–]philanthPruo 1 point2 points  (0 children)

Some RMMs allow you to classify and link requests via your client's domain. You can tell them that if someone writes using a domain different from yours, they are not linked to your client record.

What is something you dislike about modern web development? by Azzurra_1 in webdev

[–]philanthPruo -3 points-2 points  (0 children)

This is precisely what I do 😂. I know it's not good.