?

Log in

No account? Create an account
PSA for all network admins - Whizistic's Lair [entries|archive|friends|userinfo]
William

[ website | never working right seemingly ]
[ userinfo | livejournal userinfo ]
[ archive | journal archive ]

Links
[Links:| arstechnica.com the-whiteboard.com userfriendly.org ctrlaltdel-online.com slashdot.org ]

PSA for all network admins [Jun. 3rd, 2005|11:18 am]
William
[Tags|, ]

When playing with shiny new toys (e.g. smartcard authentication) which require drastic changes to the global login settings for your [tree | domain | forest | workgroup], please ensure you are working in the [dev | test | non-production] area of your network.

Should you accidentally blow away the ability to login for all users, it would be nice if you'd LET THE REST OF THE IT STAFF KNOW WTF JUST HAPPENED SO WE DON'T HAVE COLLECTIVE HEART ATTACKS.

This has been a public service announcement.
linkReply

Comments:
[User Picture]From: dragon5223
2005-06-03 03:43 pm (UTC)
Trouble at work, Bill?
(Reply) (Thread)
[User Picture]From: lalaith82
2005-06-04 01:25 am (UTC)
Tell it, Bill. Tell it.
(Reply) (Thread)
[User Picture]From: jgp
2005-06-08 11:31 pm (UTC)
We'd fire someone for doing that. =) Like, out-the-door-within-minutes fire them. Did they update the schema all across your forest? Or, since you're a gov'mint agency, are you using Novell? =P

I'm worried, cause within a few weeks of coming home, I'll have finished up all the requirements to get Enterprise Admin rights for my employer. And, uh, that kinda scares me.
(Reply) (Thread)
[User Picture]From: whizistic
2005-06-09 12:03 pm (UTC)
That would soooo totally be a a Novell thing. Novell Modular Authentication Service. Basically sorta like linux's PAM ported to NT and boosted with some baseball steroids. I wrote the PSA to be applicable to all directory services applications.

Ooh! I remember the days when I was an enterprise admin... I think I did something that required that right precisely once; "raise domain functional level"

Almost ended up extending the schema to support LDAP more better, but figured out the right mappings thanks to some university in Australia.

Oh, and ended up laying pipe up north rather than building cripple walls. But yes, I am striving to convince my brother that a nailgun would be a good investment. He's already got the compressor.
(Reply) (Parent) (Thread)
[User Picture]From: jgp
2005-06-09 03:32 pm (UTC)
Hahahaha... I had to do that once, in our dev environment... cause the damned developers just HAD to be running Windows Server 2003 functional level. They didn't get it when I told them that I had to go thru and upgrade all of the DC's for that to happen (they were all on Windows 2000 still). *sigh*

I guess laying pipe is better than building walls... but still, I dunno, I'm not one for excessive manual labor... =)
(Reply) (Parent) (Thread)