I also had a blast, in spite of the
intense pressure and the $%&*( anagram challenge that took me all night to
put together. J
I was thinking that maybe next time for
the AD UP-All-Nighter we could disaster-recover a screwed up forest of two or
three domains.
Wook
From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Gil Kirkpatrick
Sent: Monday, March 21, 2005 10:31 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Have fun
at DEC
Thanks for all the good words. I haven't
ground up the session evals yet, but my informal polling indicates that
overall, this DEC came off quite well.
High points (not from me, but summarized from attendee
comments I heard)
1) Most of the sessions were well done, with one or perhaps
two exceptions. Of course joe, Jorge, Dean, Wook, Jesse, and Rick wanted
gnarlier content, but for the vast unwashed the sessions were very well
recevied. I've had half a dozen attendees claim that this DEC was the best tech
conference they had ever attended.
2) The AD All Night event came off quite well...
people had a great time and learned quite a bit as well.
3) The opportunities for networking with peers were
outstanding. As was the food and the free beer.
4) The analyst panel was quite interesting and useful.
1) Wireless access charges. There was nothing we could do
about this in Vancouver,
but we will make fixing this at the next DEC a high priority.
2) Information overload. There was a lot of information in a
fairly compressed timeframe, and after a day and a half it was hard to absorb
any more. More demos or hands-on sessions would help.
3) The analyst panel wasn't interesting because it wasn't
technical. (It depended on who I talked to)
I had a great time and learned quite a bit. It was also
great to get a bunch of the more prolific activedir.org posters together and
swap stories. Jorge and joe/Dean have indicated that they are going to put
together sessions for next year, so I'm looking forward to that.
I have to agree that Christine and Stella (and now Rita too)
are the best. You can't even begin to guess at how much goes into putting on
something like DEC, and they pull it off every year with style and grace.
The .ppts will be posted up on our web site in a couple of
days (the laptop with all the .ppts was delayed coming back from Vancouver apparently).
Thanks again to those who presented and attended. I look
forward to working with you next year. Semper Pullus!
From:
[EMAIL PROTECTED] on behalf of [EMAIL PROTECTED]
Sent: Mon 3/21/2005 6:35 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Have fun
at DEC
I not
only had fun at DEC, I learnt so many things. Aside from being around
the usual suspects (Hi, Dean! Hi, Joe! Hi, Rick!), I got to meet Jorge,
Hunter, Alain and a host of other people.
Then I came away with 2 of the most eye-opening lessons to-date in my
professional life:
You can't cram a "security" discussion into a 75-minute presentation
:)
There is an inverse relationship between the number of admins and the
security of your network - the higher the number of admins, the lower the
security.
Gil and the rest of the DEC crews are some of the most gracious hosts I have
ever had the pleasure of being associated with - and I am grateful for the
opportunity.
And, Rick, thanks a bunch for your late-night assistance. I owe you one.
Sincerely,
Dèjì Akómöláfé, MCSE+M MCSA+M MCP+I
Microsoft MVP - Directory Services
www.readymaids.com - we know IT
www.akomolafe.com
Do you now realize that Today is the Tomorrow you were worried about
Yesterday? -anon
________________________________
From: [EMAIL PROTECTED] on behalf of joe
Sent: Mon 3/21/2005 5:42 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Have fun at DEC
Hey now, Dean and I actually weren't on the admin teams. We were wandering
consultants. We initially had been under the understanding that it was a
hacking session and we are under constraints about showing off tricks like
that so we excused ourselves from the competition. Gil asked us just to walk
around and check out what was going on.
Once we realized it was a break-fix with users trying to take advantage of a
poorly configured system Dean jumped in a little more but still didn't get
to do what he wanted.
Had we been on the admin team, the first thing we would have done is make it
so no one could connect remotely to the DCs and secured them, then opened
them up. That would have made the whole experiment go about 6 or so minutes
with reboots as I saw no fancy hacking going on. You probably heard us up
there saying, cut the users off at the knees, drop the services so you can
secure. Secure environment #1, users getting access to resources #2. It was
funny because as soon as Stuart (Kwan of the Ottawa Kwan Clan) walked up the
first thing he was saying was screw the users, lock down as well.
Dean spent most of his time pointing out how to fix broken things like DNS
and replication and such as well as saying disable all of the users. I spent
the time getting beers, explaining what tools were on the CD (did poorly at
that as I didn't recognize many of them), correcting command line commands,
and saying drop the network!!!
The lab environment was set up pretty poorly as the VMs that were hosting
the DCs were configured to auto-rollback changes so every time the systems
rebooted, everything the admin team had done was rolled back. Also the
person who set up the hosts neglected to set a password on the host so
people could attack the host directly which I understand was outside the
scope of the test.
Dean had the perfect solution right up front... Dump users, groups, OU
structures to LDIF files, demote the forest, repromote the forest, reimport
the users/groups/structures. That would have cleared up nearly all of the
screwups and wouldn't have left any openings for the users errr hackers
unless they could get on the physical box which they couldn't do.
It was extremely interesting though to see the various viewpoints. There was
a rather stark line between many of the people where it was get the services
running versus lock the environment down. I have no problem telling a user
to go screw off if there is a security issue. Between fixing security and
making users run I will almost always go to the side of security because if
you don't have security, you can't guarantee the quality of the information
in your system which is a poor place to be for an authentication system.
Plus if it is insecure, you can't even guarantee the services very well. ;oP
I wouldn't say anyone actually won the competition.
That last part about the schema being messed up was Dean having fun. He
pulled one of his tricks but didn't really let anyone see how he did it. It
was just to show that yes, there are ways you can really hurt yourself bad
or be hurt bad. Nothing in that test was anywhere near that level of danger.
joe
-----Original Message-----
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]
On Behalf Of Jorge de Almeida
Pinto
Sent: Monday, March 21, 2005 7:45 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Have fun at DEC
Fun at DEC?
Yeahh it was fun. It was also great to meat Gil, Guido, Dean, Joe, Rick and
Deji in person.
No chicken as I hoped for, but a t-shirt (that not even said "I went to
DEC
to get a rubber chicken but all I got was this lousy
t-shirt") and we also got a bag. Gil was walking around with his bag
that
had a rope attached to it and the rubber chicken was hanging at the end of
the rope.
We all heart the rubber chicken "cry" (hee.. I would cry if I had a
rope
around my neck! ;-)) ) on monday during the "AD all night" session.
By the
way.. that session was also fun. It all started with 4 environments and each
environment contained 1 forest and 1 domain with 2 DCs some wireless network
stuff, an ADMINS team and a USERS team. In each environment security
(whatever you could think of!!!) was really screwed! The admins (a complete
team of people incl. Dean, Joe, Rick and Deji) had about 15 min. to correct
all security screw-ups they could. After that the users came in and started
working on the network using laptops with all kinds of hacking tools. We
were supposed to wait 15 min. but we (I) didn't (hey a hacker doesn't wait
until your network is safe and all security vulnerabilities are solved by
you! So we didn't either). While the admins were searching and solving al
vulnerabilities I already created two user accounts anonymously and added
those to the adminstrators and domain admins groups. After we created the
accounts we thought we should wait a bit so the admins had the chance to to
some work. We also hoped they didn't find the accounts.... Crap that didn't
work as we afterwards wan't to delete all kinds of things in AD to screw it
up as bad as possible. The caveat was that if some admin found us screweing
around and he could prove we did the damage the user got fired. If a user
screwed up something and an admin did not prevent it the admin got fired.
I still don't who did it, but after a while both DCs started rebooting and
rebooting. The admins shut down the wireless network appliances so they
couldn't be attacked. We as users started complaining about that we could do
our work and that the SLA sucked..... ;-)) The
DCs were not physically
secured (hey that's also important!) and one of the users pulled the power
plug of the DCs and those went down... The user was caught on the act and
got fired. The admin that was responsible got demoted.... From admin to
user! Hahaha. That wasn't also bad because that admin also knew all the
passwords. As soon as we knew the password of the administrator account we
tried again to screw it up. After a while everything was closed down to
maximum security (at least I think it was as we were not able to do
anything). Better yet the admins could do much either because the DC was so
screwed it didn't even know it had a schema (or something like that). ;-))
Again: great session!
Hope to attend again next year
Cheers
Jorge
-----Original Message-----
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]
On Behalf Of joe
Sent: Friday, March 18, 2005 09:15
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Have fun at DEC
At least I heard the chicken this year, I never had heard it. I was pretty
well toasted at the time and thought a goose was running around the
conference room.
joe
-----Original Message-----
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]
On Behalf Of Daniel Gilbert
Sent: Saturday, March 12, 2005 11:20 AM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Have fun at DEC
I believe I am the proud owner of the last DEC chicken. Gil gave it to me
at DEC in Ontario.
Sure wish I could have made it to DEC this year.
Dan
> -------- Original Message --------
> Subject: RE: [ActiveDir] Have fun at DEC
> From: "joe" <[EMAIL PROTECTED]>
> Date: Fri, March 11, 2005 5:16 pm
> To: ActiveDir@mail.activedir.org
>
> Unfortunately Gil doesn't do that anymore. He did the last chicken I
> think 2 years back I think. I know for sure he didn't do one last year.
>
> He needs T-Shirts that say...
>
> I went to DEC to get a rubber chicken but all I got was this lousy
t-shirt.
>
>
> joe
>
>
>
> -----Original Message-----
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED]]
On Behalf Of Phil Renouf
> Sent: Friday, March 11, 2005 6:51 PM
> To: activedir@mail.activedir.org
> Subject: [ActiveDir] Have fun at DEC
>
> For all you folks who are going to DEC, have a great time and good
> luck getting the rubber chicken.
>
> Phil (re-subscribed with new address)
>
> List info : http://www.activedir.org/List.aspx
> List FAQ : http://www.activedir.org/ListFAQ.aspx
> List archive:
> http://www.mail-archive.com/activedir%40mail.activedir.org/
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
This e-mail and any attachment is for authorised use by the intended
recipient(s) only. It may contain proprietary material, confidential
information and/or be subject to legal privilege. It should not be copied,
disclosed to, retained or used by, any other party. If you are not an
intended recipient then please promptly delete this e-mail and any
attachment and all copies and inform the sender. Thank you.
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
|
