Dear Users... (A thread for Sysadmin, Technical Support, and Help Desk people)

[TragicMonkey]

I thought one of the advantages of Active Directory was it served as a central repository of "truth" for the domain. But Outlook isn't not syncing? Are you using Exchange, or another email server that can't consult an LDAP database for authentication? I can see Teams having poor integration with AD, given that it's web-based. I don't know if Microsoft's 365 family integrates with AD at all.

I have no idea, I'm not a networking person. Networking stuff put me to sleep in class, and it still does. I suspect the problem is too many things trying to interact between remoting in and regular network stuff and Windows and the extra security junk and the other stuff. All I know is that I end up with my new password committed to muscle memory by the time I get it working everywhere it has to!

 

[quadraginta]

Ever since my company rolled out its "all-in-one!" password management system, changing our passwords has been a complicated ordeal. First you change it in the "all-in-one!" tool. Then you have to make the same change in the terrifying "red screen" on the computer itself, the one that permanently bricks your computer if it gets screwed up. Then you have to use another tool to sync them up. Then you have to change it in AD because the "all-in-one!" tool doesn't do that even though it's supposed to because that's the main point. Then you have to change it individually in Teams because for some reason Teams doesn't sync to Windows password changes. Outlook does, but only if you log into Windows with your old password, lock the screen, then unlock it with the new password. Restarting doesn't have that same effect even though you'd think it would. Then you get a Citrix popup demanding a password but it won't accept your old one or the new one, you just have to hit "Cancel" until it goes away. It doesn't seem to affect anything. And god help you if you have anything on your phone.

It does improve security greatly though, because it keeps people out of their applications and thus they couldn't do anything nefarious in them.

Just curious. If you've got a new Windows password, how can you log into Windows with your old Windows password?

 

[TragicMonkey]

Just curious. If you've got a new Windows password, how can you log into Windows with your old Windows password?

Because, as I'm complaining, the password changes don't completely happen all at once. There's a period where the computer's security software pre-Windows uses the new password while Windows uses the old password. For some coworkers this can last weeks because they don't do the lock thing. In that gap the various applications may take the old password or the new one, the only way to know is to try them until one works. I'm pretty sure this is not the intended performance of the "all-in-one" password change tool.

 

[JoeMorgue]

Our network security team just sent us an e-mail with a list of files that they found on the share drive / user profiles that are just unsecured, unencrypted (usually notepad, Word, or Excel) lists of passwords. We've been tasked with removing them and "training" the users on good password practices.

I expect an entire day of "But I'm a widdle ole' lady and can never remember all this complimencateable passwords you make me remember" and "Wait let me print that out before you delete it so I can have all those passwords" and that's just from the ones who don't actively fight me on it.

 

[Dr. Keith]

Our network security team just sent us an e-mail with a list of files that they found on the share drive / user profiles that are just unsecured, unencrypted (usually notepad, Word, or Excel) lists of passwords. We've been tasked with removing them and "training" the users on good password practices.

I expect an entire day of "But I'm a widdle ole' lady and can never remember all this complimencateable passwords you make me remember" and "Wait let me print that out before you delete it so I can have all those passwords" and that's just from the ones who don't actively fight me on it.

All of their passwords will be some variant of "Correct Horse Battery Staple" by tomorrow.

 

[Dr. Keith]

Because, as I'm complaining, the password changes don't completely happen all at once. There's a period where the computer's security software pre-Windows uses the new password while Windows uses the old password. For some coworkers this can last weeks because they don't do the lock thing. In that gap the various applications may take the old password or the new one, the only way to know is to try them until one works. I'm pretty sure this is not the intended performance of the "all-in-one" password change tool.

Our all-in-one password change works really well and it always surprises me. Likely a much smaller headcount and less complex system, but I am still pretty pleased each time it goes off smoothly. Your post gave me a slight jolt of anxiety.

 

[RecoveringYuppy]

All of their passwords will be some variant of "Correct Horse Battery Staple" by tomorrow.

I really wish so many sites didn't limit password length.

 

[JoeMorgue]

The industry is going to have to bit the bullet and just move on from passwords as their primary method of authentication.

I'm begging up my hierarchy to introduce some sort of single sign on or password manager feature (despite the fact that implementing either of them is going to be a nightmare with my "I don't do change" userbase in the short to mid-term).

But until then yes you'll just have to remember and not write down your passwords. Yes all of them. Deal with it.

 

[Dr. Keith]

I really wish so many sites didn't limit password length.

I use CHBS for those.

 

[Filippo Lippi]

Just heard that half (a lot) of all of our open tickets sit with one support team. One of the managers there is complaining about not receiving notifications when he is assigned a ticket from one of our processes. He's switched off notifications.

 

[Darat]

Just heard that half (a lot) of all of our open tickets sit with one support team. One of the managers there is complaining about not receiving notifications when he is assigned a ticket from one of our processes. He's switched off notifications.

And?

Why can’t you find a workaround?

Sheesh - can’t get the staff these days.

 

[The Man]

Our network security team just sent us an e-mail with a list of files that they found on the share drive / user profiles that are just unsecured, unencrypted (usually notepad, Word, or Excel) lists of passwords. We've been tasked with removing them and "training" the users on good password practices.

I expect an entire day of "But I'm a widdle ole' lady and can never remember all this complimencateable passwords you make me remember" and "Wait let me print that out before you delete it so I can have all those passwords" and that's just from the ones who don't actively fight me on it.

Who the heck keeps a password list on the device?

Employee1: "Crap, I forgot the combination to the safe!"

Employee2: "Don't worry, I taped a copy on the inside of the door."

 

[arthwollipot]

We just had a new card printer installed in one of the smartcard offices. It doesn't work. I've already had to turn away and re-book someone for next week because we are fully booked up for this week.

 

[Wudang]

In the 80s a colleague was the UK expert in IBMs RACF mainframe security product. Occasionally he’d be asked to review customer systems to check RACF was properly installed, configured etc etc. He had some horror stories. “Yeah we told management it was good but it was too complicated so we turned it off”.

“We decided it was better to just encrypt everything with a single password.”
“Ok so who knows the password?”
“Everyone they need it to do their job. It’s taped up on that window there.”

 

[JoeMorgue]

Who the heck keeps a password list on the device?

"Widdle ole' ladies" who "just aren't good with computers" that have to log into a bunch of different insurance and hospital websites as part of their jobs.

 

[arthwollipot]

We just had a new card printer installed in one of the smartcard offices. It doesn't work. I've already had to turn away and re-book someone for next week because we are fully booked up for this week.

Well, I've worked out what the problem is. There is a checkbox that needs to be checked but isn't. Problem is, the checkbox is greyed out, even when I log on to the machine with my admin account. I don't have local admin access to this box. We're trying to get someone with global local admin right now.

 

[JoeMorgue]

I'm going to find whoever at Apple decided it was a good idea to require a password to sign out of an iPad and punch them in every genital they possess.

 

[novaphile]

My Android phone requires the password to turn the phone off.

I had wondered about this, and suspect that it prevents criminals from turning off your phone when they steal it.

(i.e. you'd have to take the phone apart with spudgers to get the battery out to turn it off without the password.)

Hence, you can track them back to base via 'find my phone'.

 

[catsmate]

My Android phone requires the password to turn the phone off.

I had wondered about this, and suspect that it prevents criminals from turning off your phone when they steal it.

(i.e. you'd have to take the phone apart with spudgers to get the battery out to turn it off without the password.)

Hence, you can track them back to base via 'find my phone'.

That'd why I always carry a halberd spudger, though TBH my thumbnail generally does the job.

 

[Elvis666]

(i.e. you'd have to take the phone apart with spudgers to get the battery out to turn it off without the password.)

Lurking pays off with a new word. I have several but didn't know there are a term for them. Thank you.