It will blow up in their faces if they don't do it right. It's a fact. I was bumped from an account once because my security-conscious approach didn't fit with the company's idea of "useability". When another support team with a more cavalier approach took over and not nine months later the mighty Blaster worm disappeared straight up the ass of their biggest inbound call center, I was asked to come back in and try to sort out the mess.
Raise your risks, make them a matter of record, and just sit and wait. Or sit and try to get somewhere you're more appreciated. Fact - those that aren't systematic and don't cover their backsides can only get away with it for so long. I spent ages trying to convince a bunch of techs to use robocopy for data moves instead of Windows' copy and paste because there was a slight risk of file corruption. They ignored me because copy and paste always seemed to work. When it finally did go wrong, I laughed. I guess they use robocopy now. 2010/1/8 David Lum <[email protected]> > Amazing, after a meeting yesterday the deployment of 2008 has been taken > out of my area altogether, to the team of SE’s that hasn’t even deployed > 2003 R2 anywhere much less a 2008 machine, because that team doesn’t really > care about such minutiae until they find out that some OS is no longer > supported. Oh yeah, and it’s me pointing THAT out… > > > > I feel like I’ve been demoted. > > > > TGIF…I think. > > *David Lum** **// *SYSTEMS ENGINEER BUT MAYBE SHOULD BE HELP DESK TECH > > NORTHWEST EVALUATION ASSOCIATION > (Desk) 971.222.1025 > *// *(Cell) 503.267.9764 > > > > > > > > *From:* Michael B. Smith [mailto:[email protected]] > *Sent:* Thursday, January 07, 2010 10:51 AM > > *To:* NT System Admin Issues > *Subject:* RE: Adding 2008 DC's... > > > > It removes a number of “obsolete” security options. > > > > I quote the word “obsolete” because some older/insecure products depend on > them. Older versions of SAMBA for example. Some NAS that based on older > versions of SAMBA, etc. > > > > I ran into a product at one customer called a “CAS” that allowed a single > sign-on to Apache/IIS/and Windows by actually doing a man-in-the-middle > attack! It depended on this too. > > > > *From:* David Lum [mailto:[email protected]] > *Sent:* Thursday, January 07, 2010 1:36 PM > *To:* NT System Admin Issues > *Subject:* RE: Adding 2008 DC's... > > > > From what I’ve read changing the functional level to 2008 doesn’t really > “do” anything I particular anyway, right? > > > > *From:* Michael B. Smith [mailto:[email protected]] > *Sent:* Thursday, January 07, 2010 9:09 AM > *To:* NT System Admin Issues > *Subject:* RE: Adding 2008 DC's... > > > > You have to run the schema upgrade, but nothing says that you ever have to > bump the domain functional level or the forest functional level. > > > > I’ve done this for a number of customers, with no ill effect. > > > > I’d recommend you roll out 2008 or 2008 R2. It’ll save you work in the > future. > > > > *From:* David Lum [mailto:[email protected]] > *Sent:* Thursday, January 07, 2010 12:00 PM > *To:* NT System Admin Issues > *Subject:* Adding 2008 DC's... > > > > We have an environment with five 2003 Server DC’s. I need to roll out two > new DC’s and would like to make them 2008 Server. Do you guys consider this > a major or minor infrastructure change? I’m on the fence – existing DC’s are > untouched save for running ADPREP on the schema master, otherwise the > existing DC’s are untouched. Lots of new features though and to me just as > importantly 2008 will be supported for years to come. > > > > My fellow SE’s are telling me to just roll out 2003 and call it good, but > to me it seems silly since our DC’s typically hang around a long time (6+ > years currently), and in 5 years security patches go away for 2003 (extended > support ends 7/2015, and mainstream support ends 7/2010). > > > > Comments? > > *David Lum** **// *SYSTEMS ENGINEER > NORTHWEST EVALUATION ASSOCIATION > (Desk) 971.222.1025 *// *(Cell) 503.267.9764 > > > > > > > > > > > > > > > > > > > > > > > > -- "On two occasions...I have been asked, 'Pray, Mr Babbage, if you put into the machine wrong figures, will the right answers come out?' I am not able rightly to apprehend the kind of confusion of ideas that could provoke such a question." ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
