Norman Alexander
Penultimate Amazing
The bleeding hedge.
Dear Users... (A thread for Sysadmin, Technical Support, and Help Desk people)
- Thread starter JoeMorgue
- Start date
- Status
novaphile
Quester of Doglets
I think I need to plant some more shrubs... I need a hedge fund.
alfaniner
Penultimate Amazing
Just don't be a hog.
arthwollipot
Limerick Purist Pronouns: He/Him
Just had a really difficult call that prompted my TL to tell me that I need to take a breath. Stubborn customer.
Essentially the problem was that he was trying to log on via RAS, but we require two-factor authentication and he does not have a RAS token applied to his account. He insists that four years ago, he was told that he didn't need one any more, and has been using RAS during that time, including up to two weeks ago, without one. This is, of course, impossible. I confirmed with my TL that he needs to fill in a form to get a token. Oh boy. Did he not like that suggestion.
I've been using RAS without a token for four years! Four years ago they told me that I didn't need one!
Well that might have been the case four years ago but it is not the case now. You need to fill out the access request form.
But I already have a token. It's broken in a drawer somewhere at home!
The token is not assigned to your account. To get a token assigned to your account you need to fill out the access request form.
But I've been logging on without a token for four years, including just two weeks ago.
If that is the case, then that is a security breach. You've been flying under the radar. Not sure how you were overlooked for so long, but now you need to fill out the access request form.
But I already have access!
No you don't.
Then how have I been logging on for this long without a token?
I can't explain that. You need to fill in the access request form.
But I already have a token!
Lather, rinse, repeat.
In other news, there seem to be an inordinate amount of account unlocks this morning. Not sure why.
Essentially the problem was that he was trying to log on via RAS, but we require two-factor authentication and he does not have a RAS token applied to his account. He insists that four years ago, he was told that he didn't need one any more, and has been using RAS during that time, including up to two weeks ago, without one. This is, of course, impossible. I confirmed with my TL that he needs to fill in a form to get a token. Oh boy. Did he not like that suggestion.
I've been using RAS without a token for four years! Four years ago they told me that I didn't need one!
Well that might have been the case four years ago but it is not the case now. You need to fill out the access request form.
But I already have a token. It's broken in a drawer somewhere at home!
The token is not assigned to your account. To get a token assigned to your account you need to fill out the access request form.
But I've been logging on without a token for four years, including just two weeks ago.
If that is the case, then that is a security breach. You've been flying under the radar. Not sure how you were overlooked for so long, but now you need to fill out the access request form.
But I already have access!
No you don't.
Then how have I been logging on for this long without a token?
I can't explain that. You need to fill in the access request form.
But I already have a token!
Lather, rinse, repeat.
In other news, there seem to be an inordinate amount of account unlocks this morning. Not sure why.
Last edited:
Dancing David
Penultimate Amazing
Not me I am still in the batter, sulk and complain age
Donal
Philosopher
- Joined
- Sep 8, 2006
- Messages
- 8,954
After the third attempt at explaining, I tell them, "perhaps my manager would be better able to assist you". We had someone fired a few months ago because she got into with a user and yes, our calls are recorded for quality control.
arthwollipot
Limerick Purist Pronouns: He/Him
I offered. He didn't want to speak to my manager, he wanted me to bypass security protocol and just give him a token. Or even better, make it so that he could continue to log on without one.
Blue Mountain
Resident Skeptical Hobbit
Trebuchet
Penultimate Amazing
So (rule of), you had a guy who's been logging in without a token for years and an inordinate amount of account unlocks on the same day. Something changed on your side. Probably for the better, security-wise, but it's not just the users.
arthwollipot
Limerick Purist Pronouns: He/Him
I assure you, as far as RAS access is concerned, the only things that have changed since I stared in this job a year and a half ago is that the PIN requirement for tokens was removed, and a new RAS server was deployed. The requirement for two-factor authentication itself has not changed in that time.
Faydra
sinning sybarite
- Joined
- Jan 12, 2007
- Messages
- 7,439
My fight today - doesn't help at all that I have a nasty cold and was NOT in the mood for BS.
User complaining that Splunk was missing data, I asked for an example and figured out that Splunk wasn't missing data, but he was using a dashboard that was designed to filter out the data he was looking for.
The rest of the conversation went something like this:
"I liked Software A better, it should never have been decommissioned."
---Yes, but you can get the same information from softwares B, C, and D.
"But, I liked Software A better - I wasn't informed until very late in the game."
--- It was on the splash screen for months, you saw it was being decommissioned everytime you logged in.
"When I complained they just said too bad, it's too expensive"
-- Yes, running Software A was expensive when you consider you have options B, C or D.
"I heard it was only $1500 a month!"
--- That seems a rather low estimate. Anyway, Have you considered B, C, or D?
"I want Software A back".
And on and on it went.
User complaining that Splunk was missing data, I asked for an example and figured out that Splunk wasn't missing data, but he was using a dashboard that was designed to filter out the data he was looking for.
The rest of the conversation went something like this:
"I liked Software A better, it should never have been decommissioned."
---Yes, but you can get the same information from softwares B, C, and D.
"But, I liked Software A better - I wasn't informed until very late in the game."
--- It was on the splash screen for months, you saw it was being decommissioned everytime you logged in.
"When I complained they just said too bad, it's too expensive"
-- Yes, running Software A was expensive when you consider you have options B, C or D.
"I heard it was only $1500 a month!"
--- That seems a rather low estimate. Anyway, Have you considered B, C, or D?
"I want Software A back".
And on and on it went.
I sympathize with that one. 15 years in IT, and passwords/access are at the top of my frustration list. They flip out if security is tight, and flip out if there's a breach. I haven't worked anywhere yet that walks the tightrope that well, there might not be a way.
Dancing David
Penultimate Amazing
ouch! Unfortunately some humans just don't get why security is in place.
We have much less of a clamp down on log ons because our end users are students and teachers, we don't make anyone local admin anymore. Which causes some people frustration but has stopped the grayware installation.
Some of our staff were pretty upset when we implemented a password change policy, and we only require it change once a year!
arthwollipot
Limerick Purist Pronouns: He/Him
You know the worst part of the whole thing? He needed RAS so he could RDP to his workstation! Not just to access network resources, he needed to actually access the software on his desktop. Which means that the desktop needed to be exempted from the regular shutdown protocols as well! The whole thing was a security nightmare.
Dancing David
Penultimate Amazing
Youch, and they had done this for years.
I would what the access records would show on the RAS
I would what the access records would show on the RAS
Donal
Philosopher
- Joined
- Sep 8, 2006
- Messages
- 8,954
So, I get why some people, especially programmers, prefer Linux. I really do understand. I've messed around with a few distros myself.
But, my company simply does not support Linux for working from home. There are ways to make it work in HTML5 or Citrix VDA, but don't ask us to do it for you. This is not a new development. This has always been policy. Our documentation walks you through connecting in Windows 7, 10, or Mac OS X. I don't care how much better you like Linux or how simple you think it would to implement it. It ain't happening.
And it sure as hell ain't gonna help when you submit a ticket with
But, my company simply does not support Linux for working from home. There are ways to make it work in HTML5 or Citrix VDA, but don't ask us to do it for you. This is not a new development. This has always been policy. Our documentation walks you through connecting in Windows 7, 10, or Mac OS X. I don't care how much better you like Linux or how simple you think it would to implement it. It ain't happening.
And it sure as hell ain't gonna help when you submit a ticket with
Wudang
BOFH
Speaking as a Linux user, if they insist on using a linux system then it's up to them to figure it out. That's how we got citrix working from home at the big bank I worked at. And frankly there are too many linux distros (a twisty little maze..sorry I'll stop) for you to support them all and all their various combos of network packages etc.
Hellbound
Merchant of Doom
So, what, he runs his Linux distro on a server? Mainframe? What?
ETA: The perfect reply:
You do not login from home on your *Linux* machines. You will not, and never will, log in without a PC.
theprestige
Penultimate Amazing
OS chauvinism is one of the stupidest memes to ever infect IT organizations. Worse than programming language chauvinism. Even worse than text editor chauvinism.
At least the vi and emacs nerds are willing to solve their own problems with the choices they've made.
"You have instructions for vi, but I prefer emacs... So I went ahead and wrote up a mail client/IDE that runs as an emacs macro and fulfills the use case, myself."
At least the vi and emacs nerds are willing to solve their own problems with the choices they've made.
"You have instructions for vi, but I prefer emacs... So I went ahead and wrote up a mail client/IDE that runs as an emacs macro and fulfills the use case, myself."
novaphile
Quester of Doglets
So, what, he runs his Linux distro on a server? Mainframe? What?
ETA: The perfect reply:
You do not login from home on your *Linux* machines. You will not, and never will, log in without a PC.
Unfortunately, PC has become synonymous with "a computer running Microsoft Windows", probably because of the incredibly stupid "I'm a PC" "I'm a Mac" adverts.
It's also entirely possible that the poster is logging in from a tablet or telephone, which certainly meets the 1980's definition of PC (Personal Computer) but not the more commonly used meaning today.
- Status