Announcement

Collapse
No announcement yet.

Commands I ran on a DC [Was: IT Lingo]

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Commands I ran on a DC [Was: IT Lingo]

    Hi all,

    Please read this and tell me if (in your opinion) is on the up and up. I think it's 50% BS myself. This is from an IT remote Admin which I do not trust at all. He always seems to make me want to look bad. We've been having some issues for the past two weeks with folks not being able to login, get on the internet, or access certain servers.

    Hello,

    As this week has been rather hectic in resolving many problems I have run into many more. On Monday the first described problem was said to be that users could not access resources, Thus resulting in an inability to reach internet or DHCP services. We also first thought this was a switching issue, although at this point there is always a possibility that an underlying switch issue can be the case, I have found many other issues of which I believe to be a factor in this. As discussed I have gone ahead and made some changes which seem to have helped smooth out the problems at least to a running standpoint.

    The first issue I was concerned about was that after changing several users passwords on 1Controller, it never reflected the change on 2Controller. This instantly pointed out Active Directory Issues or DNS issues in my mind. Following this to back up those thoughts, BC’s computer displayed an error message for her stating that the referenced computer account was incorrect. After changing B's DNS to 1Controller it was resolved. This too also showed an inconsistency with Active Directory. As I looked into the Active Directory Issues, the first most immediate thing I noticed was that 2Controller has had a number of changes. One being that the IP address is now x.x.9.50 whereas the AD farm was looking for 172.31.9.12. I am not sure when this change happened. With the farm looking for the wrong ip, it was also viewable that the AD ROOT’s were incorrect. I have fixed this by running the following commands on each domain controller in order:

    Arp –d
    Ipconfig /flushdns
    Ipconfig /registerdns
    Dcdiag /fix
    Netdom /fix
    Net stop netlogon
    Net start netlogon
    Dcdiag /fix


    After running these commands on 2controller, I also noticed that an External IP was registering itself before the internal for DNS on ana2. After confirming with My manager, this External ip was for the old PPP vpns that we used to use, fortunately Marcus has moved these VPNS over to being controlled by the Firewall. Thus I have gone ahead and disabled the EXT interface on 2controller. After disabling the external interface I reran the commands above again to clear out the external IP.

    After this, it had also been discovered that we had a high amount of CRC errors and broadcasts on the switches. This has been discussed several times in the past as well, as we thought it may have been a bad switch earlier in the morning I had brought a dedicated switch over for backup. (the switch is from Site B office and sitting in the server room in site A, instead of this switch we will need to order another POE switch for ana for backup. And then we can return this ded switch back to Site B inventory) After tracing all the cables to the ports that were in question it was found that each port went specifically to a computer. One computer to pay attention to was a computer in the office across from our IT Director which I believe belongs to (I think his name is) ******, as well as several other computers in the CSR’s office, and sparse computers throughout the rest of the building. As I looked into each computer I noticed a trend across all these computers. Each computer had many Symantec Antivirus Alerts of it randomly closing, Not being able to scan temp files, erroring out, Windows Updates were also very far behind on it. Antivirus definitions were also out of date.

    Trying to mitigate the switch errors I though since this had been discussed before a healthy first step would be to go ahead and reboot all three switches as we had wanted to do this a while back ago but never had to opportunity arise. All switches were rebooted on Tuesday at 5:30 PM. This unfortunately did not stop the CRC’s and errors which meant it was coming from the systems themselves. After which, I ran windows updates on all the computers in question. One particular patch I’d like to point out is the Confiker patch, I forced install of this patch on those machines, after which these machines stopped generating errors across the switches.

    Overall, I think we would benefit greatly on this network and improve performance by making some small but large impacting changes. At the moment Windows Updates are assumed they will be automatically installed nightly, there is no form of verification that these updates are installed and there is no form of reporting or management for these updates. As discussed with both **** and ****, I think we would benefit greatly from installing a readily available package that Microsoft has been offering for several years now called the Windows Software Update Services (WSUS). This would allow us to have a Centralized form of windows updates network wide and would also allow us to generate daily, weekly, monthly and yearly reports of any computers not currently up to date. This would also help streamline protection with new patches such as the conficker patch. The offset to this is that one admin would need to login at least 1 time a week and check the updates and do about five minutes worth of work on this. It is very easy and I would not mind at all helping out with this or even training individuals whom we would like to have keep track of this. Secondly, We have already implemented a centralized Antivirus solution. Although this solution is unfortunately no longer working. Due to Active Directory compatibility issue ( which I will get into in the next paragraph) We are unable at the time to monitor the agents and unable to make forced pushes to many of the clients. Thus resulting, the clients are out of date. While this holds true with Antivirus, this also holds true with simple computer management. Active Directory cannot currently manage the Windows Vista computers.

    All this sounds great and I did discuss this with both **** and *** and it was discussed I would get this all setup. Unfortunately, I overlooked one major problem, the majority of our computers are running Windows Vista Business and above. This is great and they are still able to render use of the 2003 server domain and Active Directory setup for LDAP authentication. Although, at the moment Server 2003 cannot manage more advanced functions like discussed above for the Windows Vista Computers. This can be easily solved by upgrading our Active Directory Infrastructure to servers running Windows Server 2008, all this will require is some time organized to planning the process and executing the process in a controlled setup. I think that this upgrade would greatly improve performance for many users, and also fix some of the common issue we are seeing on the server’s side. At this point no policies are being applied to the Windows Vista computers because the policies on the domain are XP and below, this upgrade would also allow us to begin enforcing policies again.

    This process although will make some major adjustments, is rather minor but will require some time for things to be done slowly and properly. With these changes we should begin to see a more stable, better solution for the network of the Corp office. I am always open to help, please let me know if anything is needed or if you would like to pursue these projects.
    Last edited by Mudd; 29th April 2009, 19:05.

  • #2
    Re: IT Lingo

    Sounds like 90% waffle with the odd nugget of truth in it
    I think we need to know more about your environment (and maybe you need to sanitise the post above of names etc)

    I don't think he's right on needing to upgrade DCs to 2008 -- 2003 works absolutely fine with Vista
    WSUS, however, is generally a good idea
    Tom Jones
    MCT, MCSE (2000:Security & 2003), MCSA:Security & Messaging, MCDBA, MCDST, MCITP(EA, EMA, SA, EDA, ES, CS), MCTS, MCP, Sec+
    PhD, MSc, FIAP, MIITT
    IT Trainer / Consultant
    Ossian Ltd
    Scotland

    ** Remember to give credit where credit is due and leave reputation points where appropriate **

    Comment


    • #3
      Re: IT Lingo

      IMHO, this guy is trying to do a good job based on what he writes in the report. Personally I'm not sure he is dilligent enough in tackling the AV and AD issues, and I'm not sure he has the best troubleshooting skills for the problems presented and his comments regarding the cause and resolution of said problems (server 2003 not able to manage vista? sounds wrong to me as we have several vista machines managed just fine by our 2003 DC's). I think he's on the right track but based on the number of other people he references it sounds like there's a lot of politics getting in the way of properly managing the infrastucture. (the firewall guy checks with the server guy who then checks with the network guy who has to get the director's approval who has to clear it with the CIO, etc.).

      Are you in the same department as this guy (IT)? It can be difficult working across and through managerial and functional boundaries and the bigger the company the harder it is.

      My summary: What he's saying is not completely accurate from a technical standpoint but his intentions and desire to resolve the issues seems right on the money to me.

      Comment


      • #4
        Re: IT Lingo

        Sanitized!

        Ok we currently have Win2K3 DC's and Vista Business PC's. The DC's will be upgraded in the near futrue to 2K8. One domain and replicated between two domain controllers.

        We have different subnets via VLANS.

        x.x.7.x VoiP Phone
        x.x.8.x Dev Dept
        x.x.9.x Gen User
        x.x.10.x CSR Dept

        VLANS setup using three POE switches. I use to be able to ping print and access from the .9 sub to the .10 sub but until recently cannot. I've noticed a lot of CRC errors on the switch that the CSR sub connects to. I'm not a network guy so I don't know how to fix this. I'm at the mercy of this and other fellows.
        Last edited by Mudd; 29th April 2009, 19:11.

        Comment


        • #5
          Re: IT Lingo

          CRC errors are usually related to the physical medium (NIC, cable, port, switch, etc.). A packet capture should be performed on each subnet to determine the origin of the CRC errors.

          Comment


          • #6
            Re: IT Lingo

            Ok thanks!
            Last edited by Mudd; 29th April 2009, 19:57.

            Comment


            • #7
              Re: IT Lingo

              There are several good free packet capture programs:

              Wireshark
              Packetyzer
              Microsoft Network Monitor 3

              You need one with some diagnostic capability to make it easier to see particular types of problems. Of the above listed, Wireshark is the only one that offers diagnostic capability AFAIK. Also, because CRC errors are usually discarded at the physical layer, they might not make their way up the stack to the sniffer driver so you might not see them. If you don't get any CRC errors using Wireshark then you'll need to look at the switch logs if they're available. Look for ports with a high volume of CRC errors, usually 2% or more of the total traffic on that port is indicitive of a problem. while you're at it look for a high volume of physical layer or network layer broadcasts and look fo a high number of collisions. Any of these metrics in excess of 2-5% of the total traffic is indicitive of a problem IMHO.

              Comment


              • #8
                Re: IT Lingo

                I'd like to preface my post with the disclaimer that I am noobish in IT, having only 4.5 years of experience in professionally dealing with computers. I admit my observations are probably less valuable than folks like Ossian and Joeqwerty.

                Originally posted by joeqwerty View Post
                CRC errors are usually related to the physical medium (NIC, cable, port, switch, etc.). A packet capture should be performed on each subnet to determine the origin of the CRC errors.
                Exactly. I just had to deal with CRC errors thrown on a file server. I swapped switch ports and cables before finally feeling secure enough to blame the card. I bought a new Intel NIC and all is quiet on the network.


                Now, on to Mudd's main saga:

                Originally posted by Mudd View Post
                Please read this and tell me if (in your opinion) is on the up and up. I think it's 50% BS myself. This is from an IT remote Admin which I do not trust at all.
                I hope he doesn't frequent Petri. That could make things rather... uncomfortable.

                Originally posted by Mudd View Post
                On Monday the first described problem was said to be that users could not access resources, Thus resulting in an inability to reach internet or DHCP services. We also first thought this was a switching issue, although at this point there is always a possibility that an underlying switch issue can be the case,…
                The main problem in all of this is people not being able to get to network resources? Okay. If people aren't getting DHCP leases then that makes me think it's network level problems. Unless you have some kind of NAP enforced. What gives out DHCP and is it specialized to only give out DHCP to specific machines? If it's plain vanilla DHCP, then it seems like something is funny with the network layer on the clients. Or, is this access problem a permissions thing? Or is it that people can get on the network but can't see file shares? I'm foggy about the exact nature of the problem.


                Originally posted by Mudd View Post
                The first issue I was concerned about was that after changing several users passwords on 1Controller, it never reflected the change on 2Controller. This instantly pointed out Active Directory Issues or DNS issues in my mind. Following this to back up those thoughts, BC’s computer displayed an error message for her stating that the referenced computer account was incorrect. After changing B's DNS to 1Controller it was resolved. This too also showed an inconsistency with Active Directory. As I looked into the Active Directory Issues, the first most immediate thing I noticed was that 2Controller has had a number of changes. One being that the IP address is now x.x.9.50 whereas the AD farm was looking for 172.31.9.12. I am not sure when this change happened. With the farm looking for the wrong ip, it was also viewable that the AD ROOT’s were incorrect. I have fixed this by running the following commands on each domain controller in order:
                Lots more needs to be done for this. In my mind, this is "A1" priority. If Active Directory ain't happy... ain't nobody happy. Use replmon and other replication tools to monitor the process. If you have to, gracefully demote the 2nd controller and get a new one in place. Whatever you do, fix AD first (IMO, of course). A DC suddenly changing network configuration is weird and scary. Search event logs to find out when and why this happened. Not sure what he means by "AD Farm" or "One being that the IP address is now x.x.9.50 whereas the AD farm was looking for 172.31.9.12". Furthermore: "I am not sure when this change happened." Makes me think: "Event viewer is a beautiful thing." Furthermore, "it was also viewable that the AD ROOT’s were incorrect." Dude... wait... what?? AD ROOTS? Is there some old/new nomenclature that I'm not aware of?

                Originally posted by Mudd View Post
                After running these commands on 2controller, I also noticed that an External IP was registering itself before the internal for DNS on ana2.
                The DC is multihomed and one NIC had a public IP? I think multihomed DCs can be problematic at times. Later he said he removed that interface which sounds good to me.

                Originally posted by Mudd View Post
                After this, it had also been discovered that we had a high amount of CRC errors and broadcasts on the switches. This has been discussed several times in the past as well, as we thought it may have been a bad switch earlier in the morning...(snip)... After tracing all the cables to the ports that were in question it was found that each port went specifically to a computer. One computer to pay attention to was a computer in the office across from our IT Director which I believe belongs to (I think his name is) ******, as well as several other computers in the CSR’s office, and sparse computers throughout the rest of the building. As I looked into each computer I noticed a trend across all these computers. Each computer had many Symantec Antivirus Alerts of it randomly closing, Not being able to scan temp files, erroring out, Windows Updates were also very far behind on it. Antivirus definitions were also out of date.
                Seems like some symptoms of bad NICs or cabling or wall ports. Run some protocol samples on the PCs to see what kind of errors there are. How long has this been happening on those computers? Could also be some kind of malware I suppose. To me, it sounds mostly unrelated to the AD problems.

                Originally posted by Mudd View Post
                All switches were rebooted on Tuesday at 5:30 PM. This unfortunately did not stop the CRC’s and errors which meant it was coming from the systems themselves. After which, I ran windows updates on all the computers in question. One particular patch I’d like to point out is the Confiker patch, I forced install of this patch on those machines, after which these machines stopped generating errors across the switches.
                Interesting.

                Originally posted by Mudd View Post
                I think we would benefit greatly from installing a readily available package that Microsoft has been offering for several years now called the Windows Software Update Services (WSUS). (snip) The offset to this is that one admin would need to login at least 1 time a week and check the updates and do about five minutes worth of work on this.
                WSUS is a Good Thing. I think his "5 minute a week" estimate is very low though (depending on how much attention you want to give to patches I suppose).

                Originally posted by Mudd View Post
                Secondly, We have already implemented a centralized Antivirus solution. Although this solution is unfortunately no longer working. Due to Active Directory compatibility issue ( which I will get into in the next paragraph) We are unable at the time to monitor the agents and unable to make forced pushes to many of the clients. Thus resulting, the clients are out of date. While this holds true with Antivirus, this also holds true with simple computer management. Active Directory cannot currently manage the Windows Vista computers.
                It gets really weird at about this point. A/V not working due to Active Directory incompatibilities? Is that true? I suppose it could be, but... hrm. AD can manage Vista. Do some Googling to back it up though.

                Originally posted by Mudd View Post
                All this sounds great and I did discuss this with both **** and *** and it was discussed I would get this all setup.
                Get what all set up? I didn't see anything discussed prior to this except WSUS.

                Originally posted by Mudd View Post
                Unfortunately, I overlooked one major problem, the majority of our computers are running Windows Vista Business and above. This is great and they are still able to render use of the 2003 server domain and Active Directory setup for LDAP authentication. Although, at the moment Server 2003 cannot manage more advanced functions like discussed above for the Windows Vista Computers.
                I didn't see any discussion above concerning advanced features of Vista that need to be managed in order to stop some of the problems that you're experiencing.

                Originally posted by Mudd View Post
                This can be easily solved by upgrading our Active Directory Infrastructure to servers running Windows Server 2008, all this will require is some time organized to planning the process and executing the process in a controlled setup. I think that this upgrade would greatly improve performance for many users, and also fix some of the common issue we are seeing on the server’s side. At this point no policies are being applied to the Windows Vista computers because the policies on the domain are XP and below, this upgrade would also allow us to begin enforcing policies again.
                If you have a crummy 2003 AD forest, upgrading it will give you a crummy 2008 AD forest and might even make it worse. Fix AD first and I'll bet a lot of problems go away. You can manage Vista and apply policies with a 2003 domain. Call him on it to back up his research. If policy isn't being applied, it's because AD is messed up, not because the 2003 forest isn't the proper version to apply to Vista.

                Originally posted by Mudd View Post
                This process although will make some major adjustments, is rather minor but will require some time for things to be done slowly and properly. With these changes we should begin to see a more stable, better solution for the network of the Corp office.
                Minor? Saying that a forest upgrade is minor makes the hair on my neck stand up. I don't think he's done his research on this. Sure, running forestprep and domainprep is easy on paper, but the planning pre-flight routine isn't. Bottom line: AD needs to be healthy before this is done. AD is not currently healthy. Do the math. I am baffled at the jump from CRC errors and anti-virus problems to "We need a 2008 domain". Weird, if you ask me.
                Last edited by Nonapeptide; 29th April 2009, 21:00. Reason: stuff
                Wesley David
                LinkedIn | Careers 2.0
                -------------------------------
                Microsoft Certifications: MCSE 2003 | MCSA:Messaging 2003 | MCITP:EA, SA, EST | MCTS: a'plenty | MCDST
                Vendor Neutral Certifications: CWNA
                Blog: www.TheNubbyAdmin.com || Twitter: @Nonapeptide || GTalk, Reader and Google+: [email protected] || Skype: Wesley.Nonapeptide
                Goofy kitten avatar photo from Troy Snow: flickr.com/photos/troysnow/

                Comment


                • #9
                  Re: IT Lingo

                  For your CRC errors i would look at maybe syncing the port speed of the port and making sure its the same on both sides.

                  Comment


                  • #10
                    Re: IT Lingo

                    WSUS: Good
                    network wide AV w/ an internal upgrade point (with local PC / network failover to the AV's website for updates): Good
                    2003 -> 2008 solely because of Vista: BAD

                    To concurr with the rest, fix AD first and don't upgrade to 2008 purely because of Vista. We're running XP / Vista here on a Server 2003 AD, and yes, the policies work on the Vista PCs just fine. Now there are additional policies in 2008 that you can't currently take advantage of, but you're not crippling the network by not using 2008 either. Once all of the issues are resolved and you're happy with the network's health, THEN look at the advantages of 2008, and plan it out WELL. Not something to go into half planned and half cocked.

                    He said that each port goes to a computer. No. Shit. Sherlock. I'm assuming that the switches aren't hard coded to the MAC addresses of each PC.

                    The best thing to do is to analyze everything. Figure out what the actual issues are and what's causing them. Then formulate a plan and act upon it.

                    More importantly, analyze the IT department. Make sure it's crystal clear who does what in the department and what the proper troubleshooting steps both technically as well as within the department are. This will help you to streamline the troubleshooting process, minimize strengths of each member of your IT staff, and minimize your stress!
                    Last edited by Wired; 1st May 2009, 20:58.
                    ** Remember to give credit where credit is due and leave reputation points where appropriate **

                    Comment


                    • #11
                      Re: IT Lingo

                      Originally posted by Wired View Post
                      He said that each port goes to a computer. No. Shit. Sherlock. I'm assuming that the switches aren't hard coded to the MAC addresses of each PC.
                      I was a little puzzled by that statement of his as well. Then I realized that, in one major environment I work in we have unmanaged 5 port switches at most desk areas to split on or two drops between a half dozen or more computers. Maybe he was just stating that it was one switch port per PC and not unmanaged switches scattered about the workspace? Dunno.

                      Mudd, how goes the battle mate?
                      Wesley David
                      LinkedIn | Careers 2.0
                      -------------------------------
                      Microsoft Certifications: MCSE 2003 | MCSA:Messaging 2003 | MCITP:EA, SA, EST | MCTS: a'plenty | MCDST
                      Vendor Neutral Certifications: CWNA
                      Blog: www.TheNubbyAdmin.com || Twitter: @Nonapeptide || GTalk, Reader and Google+: [email protected] || Skype: Wesley.Nonapeptide
                      Goofy kitten avatar photo from Troy Snow: flickr.com/photos/troysnow/

                      Comment


                      • #12
                        Re: IT Lingo

                        Yeah, I thought of that as well, but ultimately a port goes to a computer. That's why I brought up the MAC address thing, just in case some genius locked them in like that. I REALLY hope they didn't lol. Love the pic in the sig btw
                        ** Remember to give credit where credit is due and leave reputation points where appropriate **

                        Comment


                        • #13
                          Re: IT Lingo

                          Originally posted by Nonapeptide View Post
                          I was a little puzzled by that statement of his as well. Then I realized that, in one major environment I work in we have unmanaged 5 port switches at most desk areas to split on or two drops between a half dozen or more computers. Maybe he was just stating that it was one switch port per PC and not unmanaged switches scattered about the workspace? Dunno.

                          Mudd, how goes the battle mate?
                          I don't know, it just seems as though as soon as this guy came aboard I got bad vibes. He takes every opportunity to make me look bad by throwing out these round about ways of saying things which seem to point to me. For example; awhile back our management decided to allow a chosen few access to our VoiP web interface to manage our phone systems in which he was not given access. I guess he took offense to this and made claims that whom ever was involved we're "playing games." Having access to the web interface is the only change we had made regarding the phone system. The very next day he stated he was having problems with the phones in his office and it was because (and I quote) "all these changed you guys made are causing all sorts of issues." "You just set us back 6 months, but I can probably fix it in 3." WTF!!!

                          It's statements like these that make me distrust this guy. He's always very vague in his accusations and never goes into detail about what he is talking about and when I call him out about it he either tries to change the subject or doesn't respond at all. All these conversations happens over an in-house chat system by the way. I feel as though he wants to work here in the corporate office since he does not. He is at one of our remote data centers so I guess he feels as though I am in the way. I also believe he has upper management believing in his bullshit. I'm an honest guy and have always been honest in everything I do here. Whether it was something I messed up or someone else. I just feel we can all learn something when we cop up to screwing up. I hope in the end it pays off for me.

                          The thing is, I am not that talented in monitoring my network and possibly catching this guy doing something he shouldn't be doing. I wish I was but I'm not, any help or suggestions in this area would be much appreciated.

                          Comment


                          • #14
                            Re: IT Lingo

                            Originally posted by Mudd View Post
                            I don't know, it just seems as though as soon as this guy came aboard I got bad vibes. He takes every opportunity to make me look bad by throwing out these round about ways of saying things which seem to point to me. For example; awhile back our management decided to allow a chosen few access to our VoiP web interface to manage our phone systems in which he was not given access. I guess he took offense to this and made claims that whom ever was involved we're "playing games." Having access to the web interface is the only change we had made regarding the phone system. The very next day he stated he was having problems with the phones in his office and it was because (and I quote) "all these changed you guys made are causing all sorts of issues." "You just set us back 6 months, but I can probably fix it in 3." WTF!!!
                            Sounds kinda weasely. Maybe he's insecure and wants to make sure he's seen as valuable. The big question is: do his superiors see him in that way? Does your boss know he might be a bit of a weasel? Is this remote IT person seemingly trying to divide and conquer by sucking up to managers and VPs? Just make sure you:
                            • Do the best job you know how to
                            • Keep your nose clean (I prefer Kleenex, but bandanas will do just fine… )
                            • Don't lower yourself to his level
                            • Keep this in mind: http://clintjcl.wordpress.com/2009/0...-bad-bad-meme/
                            • Stay kind and courteous in the face of it all
                            • Document everything you do and make sure others know what you're doing!! Keep open lines of communication with your boss.
                            • Kiss your wife and kids every day.


                            Originally posted by Mudd View Post
                            I'm an honest guy and have always been honest in everything I do here. Whether it was something I messed up or someone else. I just feel we can all learn something when we cop up to screwing up. I hope in the end it pays off for me.
                            Statistically speaking, it should pay off.

                            Originally posted by Mudd View Post
                            The thing is, I am not that talented in monitoring my network and possibly catching this guy doing something he shouldn't be doing. I wish I was but I'm not, any help or suggestions in this area would be much appreciated.
                            Hmmm… that depends on what exactly you want to monitor. If it's permission usage, AD makes that relatively easy. Each system (switches, phone systems, operating systems, etc.) should have its own set of configuration management tools that you can use to set up alerts for changes. Of course, it also depends on the level of role separation so that he can do what he needs to do but not remove himself or the device from any monitoring schemes. What systems in particular are you immediately worried about?
                            Wesley David
                            LinkedIn | Careers 2.0
                            -------------------------------
                            Microsoft Certifications: MCSE 2003 | MCSA:Messaging 2003 | MCITP:EA, SA, EST | MCTS: a'plenty | MCDST
                            Vendor Neutral Certifications: CWNA
                            Blog: www.TheNubbyAdmin.com || Twitter: @Nonapeptide || GTalk, Reader and Google+: [email protected] || Skype: Wesley.Nonapeptide
                            Goofy kitten avatar photo from Troy Snow: flickr.com/photos/troysnow/

                            Comment


                            • #15
                              Re: IT Lingo

                              Originally posted by Nonapeptide View Post
                              Sounds kinda weasely. Maybe he's insecure and wants to make sure he's seen as valuable. The big question is: do his superiors see him in that way? Does your boss know he might be a bit of a weasel? Is this remote IT person seemingly trying to divide and conquer by sucking up to managers and VPs? Just make sure you:
                              • Do the best job you know how to
                              • Keep your nose clean (I prefer Kleenex, but bandanas will do just fine… )
                              • Don't lower yourself to his level
                              • Keep this in mind: http://clintjcl.wordpress.com/2009/0...-bad-bad-meme/
                              • Stay kind and courteous in the face of it all
                              • Document everything you do and make sure others know what you're doing!! Keep open lines of communication with your boss.
                              • Kiss your wife and kids every day.


                              Statistically speaking, it should pay off.


                              Hmmm… that depends on what exactly you want to monitor. If it's permission usage, AD makes that relatively easy. Each system (switches, phone systems, operating systems, etc.) should have its own set of configuration management tools that you can use to set up alerts for changes. Of course, it also depends on the level of role separation so that he can do what he needs to do but not remove himself or the device from any monitoring schemes. What systems in particular are you immediately worried about?
                              Well, I had our CFO come up to me and make a statement that kind of made me feel uneasy. He said "johndoe has got you on lockdown bro," I know it sounds weird coming from a CFO, but these guys are bikers and they are laid back like that. Good people, just have a different way of running their company than say Microsoft I guess.

                              Anyway, it was that statement that lead me to believe this guy was running some sort of monitoring software and after looking around I noticed he installed MOM (Microsoft Office Management) on one of our servers along with SQL (another thing I'm unfamiliar with). Another thing that has me thinking is that on one of our subnets (which I can't access from where my PC is) he was able to control a machine on that subnet remotely. Now how can he access that subnet from another geographical location when I can't within the same building? Did he block my subnet from this other subnet on a switch? Thats where I feel helpless, I can't figure out what he did to do that, and how are the clients being authenticated because the DC resides on the same subnet as I. Did he block ports some where, and if so, where? I've ran packet captures using Wireshark and notice a machine at another location of ours was pinging the very machine I was running Wireshark. Do you think I'm being monitored that closely?

                              Basically want to monitor traffic coming in and out of our network from the fire wall, monitor my servers DC's, member, and stand-alones. Just don't know where to start. I just want to know who is doing what. Which brings me to another thing I've noticed, I don't ever see this guys user account as being logged into a server. I can see mine, which has "detailed Tracking" next to my user name, but I never see his. Whats that all about?

                              TIA
                              Last edited by Mudd; 9th May 2009, 17:47.

                              Comment

                              Working...
                              X