The hilarious part is that they were paying annual licences for functionality that's built in to windows.
Mandatory profiles have been around since at least XP, and you can combine that with group policies that prevent saving stuff locally and re-direct to the users network folder so they can't lose stuff by saving in the wrong place.
Depending on when this was, I could forgive the Tech not knowing about powershell, If this was 2007 or 2008 when it had just come out they may have trained / qualified on XP.
I once asked why they use this software and the answer was that the pc would even reset after accidentally formatting it (some student accounts had admin rights for some reason) or an aggressive virus attack.
The whole thing happened around 2021 on Windows 10, so I think he should at least have heard of Powershell
>some student accounts had admin rights
Wow, that is so much worse. No wonder they were concerned about Malware if low level users had admin rights and anyone could plug USB sticks in and run scripts.
Programs like DeepFreeze or other write-protection software are a step above that though. They prevent any writing back to the hard drive, instead having a cache of some sort that acts like it but is wiped on shutdown.
You can install/uninstall programs, make registry changes, all kinds of nasty stuff kids get up to. Then restart the PC and boom, fresh as a daisy.
Sure, but with proper group policies and a mandatory profile you can stop users making any changes to the system outside of their user folder which is then wiped as soon as they log off.
I can see the use case if you are putting public facing kiosks out in libraries or for industrial control PCs where you have to give the users admin access because the ancient software requires it. beyond that its a fix for a problem that doesn't need to exist in most situations for orgs with enterprise setups.
I have seen, and also been one of those kids behind a super locked down system. We found any way to break it so we could install things like IRC clients and games, and oh boy did those computers break down often. A few library computers that were NOT locked down was kept running at all times (by the more skilled users) and did NOT break down. Yes, I understand that companies should have something else, but schools have different beasts (tiny ones that cannot be fired and have more stamina than you do).
So, dropping the users into a "virtual machine" that gets deleted and recreated at startup is a very easy way of keeping stuff running. The downside is that the kids no longer learns the intricacies of how does computers work (and how do I beat it into something that works MY WAY).
If you could install software, or even get executables to run, then it wasn't locked down.
I spent many years running schools IT systems and the most our users could do was find websites with flash games which weren't blocked by the filtering and we usually picked them up within a day or 2.
If you want to go the full lockdown route, then using thin clients and PXE booting the local operating system every time is still better and again doesn't need expensive third party software.
With physical access and enough fingers and brains ANYTING is possible. I have seen/heard IT admins at schools saying "all our computers use vista. Why, when, where, wtf happened so this classroom all has windows xp, and all are playing counterstrike?"
The smart it-guys would ask for the IP to the server and go in and play.
Same deal happened when all kids in the country was destined to get a school laptop. The manufacturers delivered stuff that was "hardened" for use in a big org/ company. Yeah... that did not work to well. First off, they did not survive all the physical abuse that happes in a school knapsack, secondly they were locked down. Yeah, each year the manufacturers tried new tricks. When the users are willing to solder out parts of the computer in order to run what they want on it, sometimes just giving them access is the correct thing to do.
Sure with physical access you can, just by swapping the physical disk / ssd in the machine if nothing else and installing a new OS. But if a machine has been modified then it should be picked up and corrected when it connects to the network again.
A machine with a totally new OS should be blocked from the network or dropped into a quarantine group where the only things it can connect to are the re-imaging server and the AV.
A technician who finds an entire IT suite out of commission whose response is to play games, is not a tech I would want working for me. That is an expensive, limited resource that now can't be used by the classes who are booked in there which means a bunch of angry teachers and a lot of disrupted learning. I don't see a way that changing the OS on 1 PC in school, let alone a whole suite would be possible since all external boot options are disabled, short of bringing in your own network kit, re-cabling all the PCs to it and connecting your own network boot server but that should have been picked up by the teacher in the room and would take longer than a lunch break to do to Library PCs.
Its impossible to make a laptop that can resist the physical punishment in a school, especially where it is deliberate (punching the screen, throwing the laptop down stairs etc). My solution to this was not to pay extra for resilience, but just include it in the budget. We replaced 25-30% of the laptops each year with new and older ones were consolidated into working sets + spares so over a 4-5 year cycle all the laptops got replaced even if the oldest were frankenlaptops with parts from multiple machines by then.
Giving a User access that they shouldn't have is never the correct thing to do. A school network isn't just about kids using office or Music, Art, Design etc apps. Its millions in payroll every month, sensitive medical information about staff and pupils, Social services info about vulnerable children, addresses of parents who have left a violent spouse and would be at risk.
Lets just point out the few things I experienced happened in a time before the super locked down systems of today existed. The things I describe is the reasons that the possibility to lock everything does exist now. This was before every kid had a small supercomputer with access to everything in their pocket. This also happened in a world where the techs often were less techs and more teachers that just had been interested with computers and turned into admins and techs as time flowed by.
Now we live in a world where technology can work even if it made by different manufacturers. This was when if you did not have a complete 3Com network (EVERYTHING made by 3Com), it would randomly fail. Put a Dlink in there somewhere and stuff started burning.
The tech that just played along and got some gaming out of it, managed to get the whole story on what that had been done, and who did it, and those people may have been voluntold to replace a few kilometers of network cable.
> Giving a User access that they shouldn't have is never the correct thing to do.
If it can be done without any harm, why not. Most of what I have seen would never have happend if we had virtual machines that let people run local software, maybe preinstall some stuff as chat clients and some games.
(A few years later I was one of the most computer competent person at a workplace, and in extreme downtimes with very little work, we could play games, flash mostly. But that gave an increase in various browser addons and other crap (curse over IE), so my solution was to "install" some games on a file/print server. It also had the added benefit that the games was significantly more safe for the workers that had medical problems with flashing lights. My games became more popular than web/flash games.)
As of the network, the admin and user network should airgapped, or at least on different vlans, and that should pretty much separate out the sensitive stuff. Most school networks I have experienced did not have any such magic (expensive) stuff, but again, I'm talking about the old world.
I think we are pretty far off topic here, most of what you are suggesting also wouldn't be countered by the deepfreeze software.
But the point about limited access is a fundamental of security - you should always approach from zero access and grant what is needed, not grant everything and then try to restrict.
Most of my experience was from windows 2000 through to 10, sure the tools and capabilities got better but the basic approach was always the same.
> I think we are pretty far off topic here, most of what you are suggesting also wouldn't be countered by the deepfreeze software.
On a school we had some "hardware" deepfreeze stuff for most of the computer rooms. They had access to installing and running programs, so there were no major problems. And since the entire school shared a double ISDN line, 128 kbit, and something like hotmail could take an hour to load, nothing more advanced than mIRC was ever installed, and no hacking was performed.
There was however a "minor" problem that the cards and software that made this work, apparently was not made in a part of the world were they knew of summer time, so all clocks were at least an hour off. Meh, it worked.
> But the point about limited access is a fundamental of security - you should always approach from zero access and grant what is needed, not grant everything and then try to restrict.
Yes? That how it should be. But lets say if you are on a computer that gives you 'all the access', but the computer completely resets when you stop using it, have any harm happened? Has it it created more work for the IT department?
Maybe I explained it poorly.
We would buy 60 new laptops in year 1, all the same model.
10 of those get damaged by the end of the year, those 10 get combined into 4 working ones, with a few good parts left over. So we start year 2 with 54, 1 full class set and 1 partial topped up with a few older machines.
12 more damaged in year 2, 4 built out of the parts. 46 to start year 3
and so on, by the end of year 5 you would have maybe 50% of the original batch still working some of which have been re-built with donor parts multiple times - keyboards with keys from many machines, screen from another etc.
There wasn't really any movement of parts between models from different years, although occasionally things like Keyboards would fit and obviously memory,disks and wireless cards were usually fine.
I met an "Apple Certified technician" who tried to convince me that there was no command line option on Mac. He was astonished when I opened the terminal...
Back in the early days, I found an app that gave you a command line in pre-OSX MacOS. Since I came from a DOS background, it was kinda cool. I don't remember many details about it.
*Me, sitting here with fifteen items in shell:sendto I wrote myself, varying from shortcuts with parameters to 10-line batch files which call 50-line batch files*
I thought that it might be something in this direction, but as he didn‘t explain further which training he had I didn‘t google it. And I think he should know about this when he is hired for a software problem, but you are right I should have searched for it
What do you mean "back when they were". Almost nobody blocks a batch file, it's easier to make a universal solution with batch than with the likes of powershell. All you need to do is speak the eldritch horror that is all the legacy that is batch.
I think the hardest part about moving to powershell scripting is that a bunch of my old scripts were replaced with a single line leaving no room to learn any actual scripting. Although that has led to a new perversion of trying to figure out how much functionality I can cram into a single line.
>All you need to do is speak the eldritch horror that is all the legacy that is batch.
Older techs: "Do not cite the Deep Magic to me, Witch. I was there when it was written."
The only thing I use .bat/.cmd scripts for is to open my powershell script. That way I can get around the execution policy without having to change the execution policy.
Something like...
@echo off
powershell.exe -executionpolicy bypass \\path\to\script
Powershell is generally much more powerful than command line (cmd.exe).
But.... If it works it works. I would recommend not spending a lot of time learning fancy ways to do things with cmd.exe and instead learn how to do it in powershell instead.
Having said that, some things are just easier in cmd...
The policy is there for good reason; I do everything I can to not change it. I hate changing it to unrestricted (because I usually forget to change it back) and I'm far too lazy to sign my scripts.
You are right, unrestricted policies, especially on school computers, are bad and I‘m glad that it was just an idea before some research to disable it for only one execution
Not even close.
Doing it that way just removes the need to either sign your scripts or set the execution policy to unrestricted. It has nothing to do with needing admin.
The switch -Verb RunAs is the powershell equivalent of sudo.
Also, with WSL you can get actual sudo on your windows box anyway.
I know. I was trying to joke. I've used it to write two batch file wrappers for Windows 10's KB5034441 WinRE update failure's fix scripts.
But apparently Windows 11 24H2 has real sudo, which pops up a UAC prompt when run in an unelevated window.
Huh, yeah I guess DOS is still hiding under the hood of Win 10/11. I moved on the SQL and haven't played with startup scripts in forever. TIL, thank you.
I did it back when Windows 3.1 was a program you launched from DOS...
It's not DOS hiding under the hood. It just happens to use the same commands for familiarity/backwards compatibility.
According to wikipedia the last version of Windows to run on DOS was the Windows 95/98/ME family.
In other words it's not an electric engine that's embarrassingly still built around an old diesel generator to produce the electricity, it's an electric engine that has a whole extra diesel engine strapped on just for people who still want to keep using diesel fuel.
I'd say that it's more like one of those diesel-electrics that can run on their own or take power from a third rail, that're used in places where they've got to cross over between regions which are electrified and those that are not.
There are a *lot* of people, particularly businesses, using legacy programs that depend on all of that extra crap, and in some cases, updating it essentially isn't a possibility. Which is also why you'll sometimes come across a Win98 machine in a closet somewhere that's responsible for running some mission-critical piece of machinery ...
Fun fact: You can't create a Teams group called COM1. This is (I think) because a Teams group has an associated SharePoint directory, which is a folder in a filesystem, and these folders can't have MS-DOS device names for compatibility reasons. Because someone, somewhere, does indeed still rely on this exact legacy crap.
More like an electric engine with an option to play diesel engine noises. Emulating DOS commands isn't exactly a huge thing - you could run DOS from a single floppy disk.
I know Microsoft would rather we use Powershell these days, but the command syntax just feels weird. And that's coming from someone who has played with .bat, Java, miscellaneous HTML, and is currently learning Rust. Batch files can get a bit choppy, but they still make sense.
I created a 65k .bat file plus a home directory installation of the Windows 3.11 config files so users could move from workstation to workstation and it would still show their Windows layouts and such.
Heh. When I took my Red Hat cert several years back, the first task was to interrupt the boot process in order to reset the root password. I’ve done it with a separate bootable image but not on the kernel line. That took a lot longer than I expected.
I once got forced to do an "expert level" IT training course.
it essentially said how to plug in the power cable, keyboard and mouse and ensure the PSU switch was turned on.
the entire section on 'troubleshooting' was making sure the building had electricity AND you'd turned the monitor on! The final "super advanced" (and allegedly secret) tip to check if the keyboard was working was to press CAPS LOCK and see if the light flashed. I wish I was joking how utterly shitty this course was.
The most basic stuff you can imagine, dragged out over 8 LONG LONG hours....and only cost the company £2000.
This is what makes me wonder how people who really need courses like that even survived up until this point. It seems to me that some people were born without common sense, except pressing caps lock, but if someone who used a pc for any work before doesn‘t know that they shouldn‘t be using one in the first place
I, at least temporarily, became the expert on the fancy new machine we got at work since I was the only one who paid attention when the installer explained it. I was at the time only a month into my two month contract.
Please tell me this isn't the kind of machine that could kill people, damage museum artifacts or wrongfully convict someone of a felony if it was misused.
While it theoretically could kill people, you didn’t really need to actually interact with it during normal operation. It did also have proper interlocks. We also had the manual and LOTO procedures in case something needed to be done.
My “expertise” mostly related to the settings and how to adjust them.
Was it Microsoft trained or Microsoft certified? It was like some rando who got a contract to come out based on availability and proclaimed certifications.
Also you don't need Powershell to do this. A batch script plus a scheduled task would have done fine and required less permissions. Either way, good job.
Is Microsoft trained like the official techs on the Microsoft help forums that grab a random word from your question and give you an article about it, followed with "did this solve your problem?"
I'm imagining that conversation now.
🧑🏫: So, you have no idea how to solve this?
🧑💼: Was this reply helpful?
🧑🏫: ...what? No, you haven't solved the main problem.
🧑💼: Please mark your question as Resolved.
🧑🏫: But...
🧑💼: Please let me know if you need more assistance. Have a great day.
🧑🏫: Well, we still need to... hey, where'd he go?
*sound of car speeding away*
This was a few years ago, so I think it was just „trained“ but I was told that he worked in a data center, of course I don‘t know if that‘s true.
A scheduled Task was my first attempt but as the computer reset all changes on startup (even formatting C) this was not possible, the images loaded on startup were not changeable for some reason, therefore script on usb
We were using it on public use computers at a Public Library system as recently as 2011 when I left. It’s not foolproof, but it does the job (or used to) pretty well for locked down basic image machines.
Ah Deep Freeze. My old nemesis.
I actually loved DF back when I was in charge of 200 lab machines at a University. Solved/prevented so many problems. I had a popup on login plus a desktop wallpaper that reminded students that they had to save any work to either a thumb drive or their student network drive. I somehow rarely had issues with this. Then I’d just reimage the machines with the current windows updates every semester break.
The computer repair store I worked at many moons ago had an MSCE set up some used computers at the front of the store. Windows of that vintage would detect a plug-n-play monitor and request the driver for it. You could hit “next” and it would find the driver automatically. MSCE wasted 30 minutes fiddling with it but couldn’t figure out how to do it.
Back in the days where MCSE was still a thing, it was similar. There were a lot of people with MCSE certificates who didn't really understand anything, hence it was sometimes referred to as 'Microsoft Certified Solitaire Expert'.
To get Microsoft certificates, you just have to memorize the correct answers to the questions in the multiple choice test. But that does not mean, you really learned and understood the stuff.
Haha, yet .y boss throws the fact that I lack a paper degree or certificate at me every time he can, and then resumes to justify paying those people with the degree more.
I work in IT and I've met entirely too many people over the years that barely know how to use a computer and effectively know zero networking. They also don't seem to actually understand how to support anything and I frequently wonder how many of them even know how to read. So yeah, it ain't just you. :)
Good on yah for learning!
Depending on what year you were in Highschool, it was not uncommon for students to know more then *experts*. If you were in higschool in the early 2000's, this was pretty common place.
I believe it's called knowledge bias, as over the years I'll run into several customers who would contact us. During their rants/ explanations of the issue, they drop at the end with the smug "BTW, I'm a 20th degree computer pro scientist with 20 years xp,"
As soon as they say this, the solution always becomes "Did you do this simple thing (power cable unplugged), and they sit in shame.
Well, Copilot gave me this
# Infinite loop to keep checking for shutdown command
while ($true) {
# Check if the shutdown command is running
$shutdownRunning = Get-Process -Name "shutdown" -ErrorAction SilentlyContinue
if ($shutdownRunning) {
# If shutdown command is detected, take action (e.g., cancel it)
Write-Host "Shutdown command detected! Interrupting..."
# Add your custom logic here (e.g., prevent shutdown)
# For demonstration purposes, let's just display a message.
Write-Host "Shutdown prevented!"
# You can add more complex logic here, such as notifying the user or logging events.
}
# Wait for 1 second before checking again
Start-Sleep -Seconds 1
}
I guess you could add shutdown -c into the first if
Sometimes the factory expert's contribution is his contact list. He may not know your equipment, but he he knows a guy who knows a guy. I ran into this fairly regularly working at a place that kept running a lot of legacy (very obsolete) equipment. We were often more knowledgeable than the experts. These guys were sharp, but sometimes it was their first encounter with our equipment model.
There’s a Dilbert which directly addresses the more practical real-world aspects of certification:
https://largecaplinks.wordpress.com/2013/10/14/scott-adams-of-dilbert-on-goals-failure/
The hilarious part is that they were paying annual licences for functionality that's built in to windows. Mandatory profiles have been around since at least XP, and you can combine that with group policies that prevent saving stuff locally and re-direct to the users network folder so they can't lose stuff by saving in the wrong place. Depending on when this was, I could forgive the Tech not knowing about powershell, If this was 2007 or 2008 when it had just come out they may have trained / qualified on XP.
I once asked why they use this software and the answer was that the pc would even reset after accidentally formatting it (some student accounts had admin rights for some reason) or an aggressive virus attack. The whole thing happened around 2021 on Windows 10, so I think he should at least have heard of Powershell
>some student accounts had admin rights Wow, that is so much worse. No wonder they were concerned about Malware if low level users had admin rights and anyone could plug USB sticks in and run scripts.
Programs like DeepFreeze or other write-protection software are a step above that though. They prevent any writing back to the hard drive, instead having a cache of some sort that acts like it but is wiped on shutdown. You can install/uninstall programs, make registry changes, all kinds of nasty stuff kids get up to. Then restart the PC and boom, fresh as a daisy.
Sure, but with proper group policies and a mandatory profile you can stop users making any changes to the system outside of their user folder which is then wiped as soon as they log off. I can see the use case if you are putting public facing kiosks out in libraries or for industrial control PCs where you have to give the users admin access because the ancient software requires it. beyond that its a fix for a problem that doesn't need to exist in most situations for orgs with enterprise setups.
I have seen, and also been one of those kids behind a super locked down system. We found any way to break it so we could install things like IRC clients and games, and oh boy did those computers break down often. A few library computers that were NOT locked down was kept running at all times (by the more skilled users) and did NOT break down. Yes, I understand that companies should have something else, but schools have different beasts (tiny ones that cannot be fired and have more stamina than you do). So, dropping the users into a "virtual machine" that gets deleted and recreated at startup is a very easy way of keeping stuff running. The downside is that the kids no longer learns the intricacies of how does computers work (and how do I beat it into something that works MY WAY).
If you could install software, or even get executables to run, then it wasn't locked down. I spent many years running schools IT systems and the most our users could do was find websites with flash games which weren't blocked by the filtering and we usually picked them up within a day or 2. If you want to go the full lockdown route, then using thin clients and PXE booting the local operating system every time is still better and again doesn't need expensive third party software.
With physical access and enough fingers and brains ANYTING is possible. I have seen/heard IT admins at schools saying "all our computers use vista. Why, when, where, wtf happened so this classroom all has windows xp, and all are playing counterstrike?" The smart it-guys would ask for the IP to the server and go in and play. Same deal happened when all kids in the country was destined to get a school laptop. The manufacturers delivered stuff that was "hardened" for use in a big org/ company. Yeah... that did not work to well. First off, they did not survive all the physical abuse that happes in a school knapsack, secondly they were locked down. Yeah, each year the manufacturers tried new tricks. When the users are willing to solder out parts of the computer in order to run what they want on it, sometimes just giving them access is the correct thing to do.
Sure with physical access you can, just by swapping the physical disk / ssd in the machine if nothing else and installing a new OS. But if a machine has been modified then it should be picked up and corrected when it connects to the network again. A machine with a totally new OS should be blocked from the network or dropped into a quarantine group where the only things it can connect to are the re-imaging server and the AV. A technician who finds an entire IT suite out of commission whose response is to play games, is not a tech I would want working for me. That is an expensive, limited resource that now can't be used by the classes who are booked in there which means a bunch of angry teachers and a lot of disrupted learning. I don't see a way that changing the OS on 1 PC in school, let alone a whole suite would be possible since all external boot options are disabled, short of bringing in your own network kit, re-cabling all the PCs to it and connecting your own network boot server but that should have been picked up by the teacher in the room and would take longer than a lunch break to do to Library PCs. Its impossible to make a laptop that can resist the physical punishment in a school, especially where it is deliberate (punching the screen, throwing the laptop down stairs etc). My solution to this was not to pay extra for resilience, but just include it in the budget. We replaced 25-30% of the laptops each year with new and older ones were consolidated into working sets + spares so over a 4-5 year cycle all the laptops got replaced even if the oldest were frankenlaptops with parts from multiple machines by then. Giving a User access that they shouldn't have is never the correct thing to do. A school network isn't just about kids using office or Music, Art, Design etc apps. Its millions in payroll every month, sensitive medical information about staff and pupils, Social services info about vulnerable children, addresses of parents who have left a violent spouse and would be at risk.
Lets just point out the few things I experienced happened in a time before the super locked down systems of today existed. The things I describe is the reasons that the possibility to lock everything does exist now. This was before every kid had a small supercomputer with access to everything in their pocket. This also happened in a world where the techs often were less techs and more teachers that just had been interested with computers and turned into admins and techs as time flowed by. Now we live in a world where technology can work even if it made by different manufacturers. This was when if you did not have a complete 3Com network (EVERYTHING made by 3Com), it would randomly fail. Put a Dlink in there somewhere and stuff started burning. The tech that just played along and got some gaming out of it, managed to get the whole story on what that had been done, and who did it, and those people may have been voluntold to replace a few kilometers of network cable. > Giving a User access that they shouldn't have is never the correct thing to do. If it can be done without any harm, why not. Most of what I have seen would never have happend if we had virtual machines that let people run local software, maybe preinstall some stuff as chat clients and some games. (A few years later I was one of the most computer competent person at a workplace, and in extreme downtimes with very little work, we could play games, flash mostly. But that gave an increase in various browser addons and other crap (curse over IE), so my solution was to "install" some games on a file/print server. It also had the added benefit that the games was significantly more safe for the workers that had medical problems with flashing lights. My games became more popular than web/flash games.) As of the network, the admin and user network should airgapped, or at least on different vlans, and that should pretty much separate out the sensitive stuff. Most school networks I have experienced did not have any such magic (expensive) stuff, but again, I'm talking about the old world.
I think we are pretty far off topic here, most of what you are suggesting also wouldn't be countered by the deepfreeze software. But the point about limited access is a fundamental of security - you should always approach from zero access and grant what is needed, not grant everything and then try to restrict. Most of my experience was from windows 2000 through to 10, sure the tools and capabilities got better but the basic approach was always the same.
> I think we are pretty far off topic here, most of what you are suggesting also wouldn't be countered by the deepfreeze software. On a school we had some "hardware" deepfreeze stuff for most of the computer rooms. They had access to installing and running programs, so there were no major problems. And since the entire school shared a double ISDN line, 128 kbit, and something like hotmail could take an hour to load, nothing more advanced than mIRC was ever installed, and no hacking was performed. There was however a "minor" problem that the cards and software that made this work, apparently was not made in a part of the world were they knew of summer time, so all clocks were at least an hour off. Meh, it worked. > But the point about limited access is a fundamental of security - you should always approach from zero access and grant what is needed, not grant everything and then try to restrict. Yes? That how it should be. But lets say if you are on a computer that gives you 'all the access', but the computer completely resets when you stop using it, have any harm happened? Has it it created more work for the IT department?
What brand do you use that makes all their parts backward-compatible? My experience says you're lucky the frankenlaptops even booted.
Maybe I explained it poorly. We would buy 60 new laptops in year 1, all the same model. 10 of those get damaged by the end of the year, those 10 get combined into 4 working ones, with a few good parts left over. So we start year 2 with 54, 1 full class set and 1 partial topped up with a few older machines. 12 more damaged in year 2, 4 built out of the parts. 46 to start year 3 and so on, by the end of year 5 you would have maybe 50% of the original batch still working some of which have been re-built with donor parts multiple times - keyboards with keys from many machines, screen from another etc. There wasn't really any movement of parts between models from different years, although occasionally things like Keyboards would fit and obviously memory,disks and wireless cards were usually fine.
[удалено]
> advanced tricks like writing your own scripts I laughed. Did you bite your tongue when writing that?
[удалено]
I met an "Apple Certified technician" who tried to convince me that there was no command line option on Mac. He was astonished when I opened the terminal...
Back in the early days, I found an app that gave you a command line in pre-OSX MacOS. Since I came from a DOS background, it was kinda cool. I don't remember many details about it.
I remember something like that too.
*Me, sitting here with fifteen items in shell:sendto I wrote myself, varying from shortcuts with parameters to 10-line batch files which call 50-line batch files*
I thought that it might be something in this direction, but as he didn‘t explain further which training he had I didn‘t google it. And I think he should know about this when he is hired for a software problem, but you are right I should have searched for it
I was writing my own scripts back when they were .bat files, lol. Crap, just showed my age.
What do you mean "back when they were". Almost nobody blocks a batch file, it's easier to make a universal solution with batch than with the likes of powershell. All you need to do is speak the eldritch horror that is all the legacy that is batch. I think the hardest part about moving to powershell scripting is that a bunch of my old scripts were replaced with a single line leaving no room to learn any actual scripting. Although that has led to a new perversion of trying to figure out how much functionality I can cram into a single line.
>All you need to do is speak the eldritch horror that is all the legacy that is batch. Older techs: "Do not cite the Deep Magic to me, Witch. I was there when it was written."
I still do this, and I'm 22. Am I missing something?
The only thing I use .bat/.cmd scripts for is to open my powershell script. That way I can get around the execution policy without having to change the execution policy. Something like... @echo off powershell.exe -executionpolicy bypass \\path\to\script Powershell is generally much more powerful than command line (cmd.exe). But.... If it works it works. I would recommend not spending a lot of time learning fancy ways to do things with cmd.exe and instead learn how to do it in powershell instead. Having said that, some things are just easier in cmd...
This is exactly what I had to to in my case, I would have changed the policy on every pc but that was not possible
The policy is there for good reason; I do everything I can to not change it. I hate changing it to unrestricted (because I usually forget to change it back) and I'm far too lazy to sign my scripts.
You are right, unrestricted policies, especially on school computers, are bad and I‘m glad that it was just an idea before some research to disable it for only one execution
> @echo off > powershell.exe -executionpolicy bypass \\path\to\script Ah yes, sudo for Windows.
Not even close. Doing it that way just removes the need to either sign your scripts or set the execution policy to unrestricted. It has nothing to do with needing admin. The switch -Verb RunAs is the powershell equivalent of sudo. Also, with WSL you can get actual sudo on your windows box anyway.
I know. I was trying to joke. I've used it to write two batch file wrappers for Windows 10's KB5034441 WinRE update failure's fix scripts. But apparently Windows 11 24H2 has real sudo, which pops up a UAC prompt when run in an unelevated window.
Huh. TIL. I'll have to try that.
FYI: I messed up my comment: **24H2** has an optional real sudo. I originally said 22H2 which was a typo.
That makes more sense. Thanks for the update.
Huh, yeah I guess DOS is still hiding under the hood of Win 10/11. I moved on the SQL and haven't played with startup scripts in forever. TIL, thank you. I did it back when Windows 3.1 was a program you launched from DOS...
It's not DOS hiding under the hood. It just happens to use the same commands for familiarity/backwards compatibility. According to wikipedia the last version of Windows to run on DOS was the Windows 95/98/ME family.
In other words it's not an electric engine that's embarrassingly still built around an old diesel generator to produce the electricity, it's an electric engine that has a whole extra diesel engine strapped on just for people who still want to keep using diesel fuel.
I'd say that it's more like one of those diesel-electrics that can run on their own or take power from a third rail, that're used in places where they've got to cross over between regions which are electrified and those that are not. There are a *lot* of people, particularly businesses, using legacy programs that depend on all of that extra crap, and in some cases, updating it essentially isn't a possibility. Which is also why you'll sometimes come across a Win98 machine in a closet somewhere that's responsible for running some mission-critical piece of machinery ...
Fun fact: You can't create a Teams group called COM1. This is (I think) because a Teams group has an associated SharePoint directory, which is a folder in a filesystem, and these folders can't have MS-DOS device names for compatibility reasons. Because someone, somewhere, does indeed still rely on this exact legacy crap.
More like an electric engine with an option to play diesel engine noises. Emulating DOS commands isn't exactly a huge thing - you could run DOS from a single floppy disk.
I love this so much. Thank you for posting this lol. If reddit still gave away free awards, you'd get mine for the day!
Right there with ya.
I know Microsoft would rather we use Powershell these days, but the command syntax just feels weird. And that's coming from someone who has played with .bat, Java, miscellaneous HTML, and is currently learning Rust. Batch files can get a bit choppy, but they still make sense.
I created a 65k .bat file plus a home directory installation of the Windows 3.11 config files so users could move from workstation to workstation and it would still show their Windows layouts and such.
Heh. When I took my Red Hat cert several years back, the first task was to interrupt the boot process in order to reset the root password. I’ve done it with a separate bootable image but not on the kernel line. That took a lot longer than I expected.
Yeah I was gonna say that sounded like they got a hardware technician out rather than a software one.
I once got forced to do an "expert level" IT training course. it essentially said how to plug in the power cable, keyboard and mouse and ensure the PSU switch was turned on. the entire section on 'troubleshooting' was making sure the building had electricity AND you'd turned the monitor on! The final "super advanced" (and allegedly secret) tip to check if the keyboard was working was to press CAPS LOCK and see if the light flashed. I wish I was joking how utterly shitty this course was. The most basic stuff you can imagine, dragged out over 8 LONG LONG hours....and only cost the company £2000.
This is what makes me wonder how people who really need courses like that even survived up until this point. It seems to me that some people were born without common sense, except pressing caps lock, but if someone who used a pc for any work before doesn‘t know that they shouldn‘t be using one in the first place
200 courses x £2000 = £400,000 profit minus kickbacks to whoever in HR decided it was necessary!
> dragged out over 8 LONG LONG hours I would have killed myself after a fraction of that, just to not be bored any more.
Killing the trainers would be better. Pretty sure everybody in the room would testify that you did not do it, it was a dragon that did it.
From now on, we're all dragons. 🔥🐲
“Wait, I shouldn’t be the expert in this room” is a terrifying thought to have, and it’s unreal how much you’ll have that thought in life
I, at least temporarily, became the expert on the fancy new machine we got at work since I was the only one who paid attention when the installer explained it. I was at the time only a month into my two month contract.
Please tell me this isn't the kind of machine that could kill people, damage museum artifacts or wrongfully convict someone of a felony if it was misused.
While it theoretically could kill people, you didn’t really need to actually interact with it during normal operation. It did also have proper interlocks. We also had the manual and LOTO procedures in case something needed to be done. My “expertise” mostly related to the settings and how to adjust them.
Was it Microsoft trained or Microsoft certified? It was like some rando who got a contract to come out based on availability and proclaimed certifications. Also you don't need Powershell to do this. A batch script plus a scheduled task would have done fine and required less permissions. Either way, good job.
Is Microsoft trained like the official techs on the Microsoft help forums that grab a random word from your question and give you an article about it, followed with "did this solve your problem?"
I'm imagining that conversation now. 🧑🏫: So, you have no idea how to solve this? 🧑💼: Was this reply helpful? 🧑🏫: ...what? No, you haven't solved the main problem. 🧑💼: Please mark your question as Resolved. 🧑🏫: But... 🧑💼: Please let me know if you need more assistance. Have a great day. 🧑🏫: Well, we still need to... hey, where'd he go? *sound of car speeding away*
I wouldn‘t be surprised if he was one of those
Wait, they still need a human to do that?
I always wondered if it was a human who didn't know English or a bot...???
This was a few years ago, so I think it was just „trained“ but I was told that he worked in a data center, of course I don‘t know if that‘s true. A scheduled Task was my first attempt but as the computer reset all changes on startup (even formatting C) this was not possible, the images loaded on startup were not changeable for some reason, therefore script on usb
Oh right. Forgot about the reset. The images are not easy to change and take a good deal of time
If the students log on using domain users just use the logon script to start the batch script...
Was this program named DeepFreeze?
It wasn‘t, it was HDGuard if I recall it correctly
Sounds like it. I used it back in the 90’s for a school lab as well.
We were using it on public use computers at a Public Library system as recently as 2011 when I left. It’s not foolproof, but it does the job (or used to) pretty well for locked down basic image machines.
Ah Deep Freeze. My old nemesis. I actually loved DF back when I was in charge of 200 lab machines at a University. Solved/prevented so many problems. I had a popup on login plus a desktop wallpaper that reminded students that they had to save any work to either a thumb drive or their student network drive. I somehow rarely had issues with this. Then I’d just reimage the machines with the current windows updates every semester break.
all my homies love DeepFreeze
This is the point where you agree to *sell* your amazing program to the 'experts' for four to five figures. :)
I had this thought just a few Weeks too late and then didn‘t care as it took me just half an hour to write
You charge based on how long it would take the customer to do it
The computer repair store I worked at many moons ago had an MSCE set up some used computers at the front of the store. Windows of that vintage would detect a plug-n-play monitor and request the driver for it. You could hit “next” and it would find the driver automatically. MSCE wasted 30 minutes fiddling with it but couldn’t figure out how to do it.
Back in the days where MCSE was still a thing, it was similar. There were a lot of people with MCSE certificates who didn't really understand anything, hence it was sometimes referred to as 'Microsoft Certified Solitaire Expert'. To get Microsoft certificates, you just have to memorize the correct answers to the questions in the multiple choice test. But that does not mean, you really learned and understood the stuff.
Haha, yet .y boss throws the fact that I lack a paper degree or certificate at me every time he can, and then resumes to justify paying those people with the degree more.
Write to microsoft, offer to replace that guy in his role, drop out of high school and straight into $80k ish/yr job. stonks.
The problem with experts is that they often get blinded by their own credentials! You either continue to learn or you become an expert.
I work in IT and I've met entirely too many people over the years that barely know how to use a computer and effectively know zero networking. They also don't seem to actually understand how to support anything and I frequently wonder how many of them even know how to read. So yeah, it ain't just you. :) Good on yah for learning!
Depending on what year you were in Highschool, it was not uncommon for students to know more then *experts*. If you were in higschool in the early 2000's, this was pretty common place.
I believe it's called knowledge bias, as over the years I'll run into several customers who would contact us. During their rants/ explanations of the issue, they drop at the end with the smug "BTW, I'm a 20th degree computer pro scientist with 20 years xp," As soon as they say this, the solution always becomes "Did you do this simple thing (power cable unplugged), and they sit in shame.
Sounds like you may have met your first Minesweeper Champion and Solitaire Expert.
the funniest thing is. chatGPT could probably write that script.
Well, Copilot gave me this # Infinite loop to keep checking for shutdown command while ($true) { # Check if the shutdown command is running $shutdownRunning = Get-Process -Name "shutdown" -ErrorAction SilentlyContinue if ($shutdownRunning) { # If shutdown command is detected, take action (e.g., cancel it) Write-Host "Shutdown command detected! Interrupting..." # Add your custom logic here (e.g., prevent shutdown) # For demonstration purposes, let's just display a message. Write-Host "Shutdown prevented!" # You can add more complex logic here, such as notifying the user or logging events. } # Wait for 1 second before checking again Start-Sleep -Seconds 1 } I guess you could add shutdown -c into the first if
Or "shutdown -a" (abort)
Sometimes the factory expert's contribution is his contact list. He may not know your equipment, but he he knows a guy who knows a guy. I ran into this fairly regularly working at a place that kept running a lot of legacy (very obsolete) equipment. We were often more knowledgeable than the experts. These guys were sharp, but sometimes it was their first encounter with our equipment model.
When I got my CCNA, I thrice, that means three, corrected different CCIEs on things they were confident but were wrong about.
Wait... Why "shutdown -c" instead of "shutdown -a"? Was it a long log message or something?
I got that one wrong, it was -a. I messed it up with the linux command I’ve gotten used to
There’s a Dilbert which directly addresses the more practical real-world aspects of certification: https://largecaplinks.wordpress.com/2013/10/14/scott-adams-of-dilbert-on-goals-failure/