SwiftOnSecurity

Prevention by a competent Ops department is the cure for sad InfoSec people.

Good thing I'm here to save the day!

Anyway, this is how you end up with 2000-user Active Directory forests where Domain Users is a member of Domain Admins

I've actually had a support manager contact me asking how I solved a problem with their product, because they didn't know how I did it.

So now I'm going to write this company a nice little note to let them know the actual root problem with their documentation.

FML

You don't need to write documentation for users, if you can just make their senior IT people figure it out themselves!

So this company is going around using "Domain Admin rights" as a way to get internal IT departments to PERSONALLY SUPPORT THEIR PRODUCT.

Which any seasoned user, like someone with Domain Admin rights, would obviously recognize and solve the problem for the user.

Absent from their documentation is the fact that you need to EXTRACT THE ENTIRE ZIP AND NOT JUST THE SETUP EXE. That was the problem.

This is just a piece of desktop software. It doesn't even use LDAP. So why is Support telling our employee to get Domain Admin rights? Well

Vendor support department told an employee you needed Domain Admin to install their software. Apparently this was common knowledge. But

You've got to be shitting me.

It's better if everyone just has the job they think they have, and leave IT out of it.

Then they complain, IT forwards them to HR admin, then it takes a bit for it to propagate to Active Directory, and somebody files a lawsuit.

Then everyone's mad because their job title in their sig doesn't match what their manager told them, but it's different in the HR system.

I could implement enforced signatures at work, but then lawyers get involved and then marketing and suddenly everyone's signature is 1 meg.

oh nohttps://twitter.com/TechCrunch/status/883363046369837056 …