frustrates me to no end when I have to work with customers that do NOT have a QA/Lab environment, and do their testing on the live production network. And happens more often than not. My job is to get them to best practice with regards to security, and segmenting production from QA/Lab shennanigans to me is best practice ... doh
On Fri, Sep 25, 2015 at 9:46 AM, Kurt Buff <[email protected]> wrote: > Thanks, but don't get me started on the other engineers - software and > test. There are perhaps 5 of them out of 75 or so whom I'd trust out > of my sight near a computer with or without admin privileges. > > Fortunately, they're mostly sequestered in a lab that's across a > layer3 boundary, and have mostly stopped causing chaos in the > production network. > > Kurt > > On Fri, Sep 25, 2015 at 6:22 AM, Jonathan Raper <[email protected]> wrote: > > Like doctors who make terrible patients.... > > > > Engineers make some of the worst end users! > > > > Thanks for the laugh and I'm so sorry. > > > > Jonathan > > > > Sent by Outlook for Android > > > > > > > > > > On Thu, Sep 24, 2015 at 3:50 PM -0700, "Kurt Buff" <[email protected]> > > wrote: > > > > I want to take away admin rights from all of our users. It's not just > > about security. It's about ignorance/stupidity > > > > One of our field engineers came to us for the 3rd time in a little > > over a week, with a laptop that was borked. The accounts had been > > deleted, the machine was no longer joined to the domain, the local > > administrator account had a blank password and most of the settings > > were gone. > > > > The first two times I wasn't there, and our helpdesk guy had rebuilt > > the machine. > > > > This time, I was there, and we had a quick discussion. > > > > He's mentioned that he was trying to stand up multiple VMs under > > hyper-v, and was ruining his machine in the process. He just didn't > > understand how. > > > > (He wants to stand up multiple VMs, because our customers use a > > plethora of VPN clients that like to step all over each other, and it > > would make life a *lot* easier to have a dedicated VM per VPN client > > type/version - it's a good idea, surprisingly) > > > > So I had him describe to me what he was doing. (I had to slow him > > down, and focus his conversation - he *loves* to talk and digress) > > > > It turns out that he was building a VM, then doing a sysprep before > > copying the VM to stand up a new one. > > > > Of course, he was sysprepping his host machine, and not the VM. > > > > What I later learned from the helpdesk guy is that the field engineer > > thought that dragging the cmd box on top of the VM and then running > > sysprep in it would be sufficient for sysprep to know that it should > > be sysprepping the VM, and not his laptop. > > > > *FACEPALM* > > > > Kurt > > > > > > >
