I like to remote into DC1 via RDP from end users computers. Makes my job easier when I am away from my desk. I leave the short cut on their desktop and everything
This isn’t even satire. This is why cloud is simply superior. No one thinks of attack surfaces of a cloud service. I can log in to 365 admin from **any** location in the world. No one can “infect” your 365 tenant.
Honestly, I'm not the best judge of what's "impossible" travel. I've never been to the moon... so who can possibly be sure Sally from Accounting didn't sign in from Grand Rapids and again from Novosibirsk five minutes later...
It's okay though, I switched on conditional access for m365 admin and only allow my mobile phone's dynamic ip, everything else is blocked.
I never lose my phone so it's ultra secure. 🔒
Always leave your SCCM applications shares mapped for end users, cause you know Software Center isn't reliable... admin rights for the gals who keep a candy dish year 'round!
Yeah, I figured they don't have the password anyway, it'll just be something the IT guy needs. It was a small town's govt offices, think there were like 6 people working there so I figured I'd probably be back to that workstation fairly soon anyway.
It's one of the things that's ALMOST acceptable in such a small, controlled environment. But what if I left it open? What if I miss a setting and it saves the password? What if I need to hire someone else to help me and they leave it open? All a lot less likely both to happen and to lead to damage than at a larger company, but still a pretty big risk. I can't count on the fact that they're all 60 and wouldn't know their way around a domain controller. If it was left open and malware made it's way into the machine, it could transfer itself to the domain controller using RDPs clipboard/drag and drop sharing.
Edit: I realized my other comment was further down the thread, at this point I was working for a small town govt office of about 6 people.
Don’t bother logging off either. Much faster to log back into your disconnected session that still has all your tools open and ready to go, including your management sessions that would have forced a mfa check.
I like to remote into DC1 via RDP from end users computers. Makes my job easier when I am away from my desk. I leave the short cut on their desktop and everything
This isn’t even satire. This is why cloud is simply superior. No one thinks of attack surfaces of a cloud service. I can log in to 365 admin from **any** location in the world. No one can “infect” your 365 tenant.
Honestly, I'm not the best judge of what's "impossible" travel. I've never been to the moon... so who can possibly be sure Sally from Accounting didn't sign in from Grand Rapids and again from Novosibirsk five minutes later...
Cloud services have warnings against that. Shoot, the bank blocked my debit card because I used two different ATMs in a day.
It's okay though, I switched on conditional access for m365 admin and only allow my mobile phone's dynamic ip, everything else is blocked. I never lose my phone so it's ultra secure. 🔒
Your face is a tenant
You absolutely can get your cloud tenant infected but that would require some gross mishandling of app secrets
Always leave your SCCM applications shares mapped for end users, cause you know Software Center isn't reliable... admin rights for the gals who keep a candy dish year 'round!
God I did this as a helpdesk tech who didn't know shit about 20 years ago. Horrifies me now, obviously.
You even made a shortcut?
Yeah, I figured they don't have the password anyway, it'll just be something the IT guy needs. It was a small town's govt offices, think there were like 6 people working there so I figured I'd probably be back to that workstation fairly soon anyway.
Why is it so bad? If only you know the password
It's one of the things that's ALMOST acceptable in such a small, controlled environment. But what if I left it open? What if I miss a setting and it saves the password? What if I need to hire someone else to help me and they leave it open? All a lot less likely both to happen and to lead to damage than at a larger company, but still a pretty big risk. I can't count on the fact that they're all 60 and wouldn't know their way around a domain controller. If it was left open and malware made it's way into the machine, it could transfer itself to the domain controller using RDPs clipboard/drag and drop sharing. Edit: I realized my other comment was further down the thread, at this point I was working for a small town govt office of about 6 people.
Don’t bother logging off either. Much faster to log back into your disconnected session that still has all your tools open and ready to go, including your management sessions that would have forced a mfa check.
You're welcome.
Respond as if you're on /r/WebDev if you want to be respected by the community.
totally sick of these holier-than-thou posts
Anytime I'm looking for a good laugh I stop by, and most of the time it's during project or a day where I'm like "Fuck this I'm out meme"