AddToAny

Want your TV Series Automatically Downloaded?

Its now more easier than ever before. With this step by step guide using Sickbeard , Plex and SABnzb Want your TV Series Automatically Downloaded?
Powered by Blogger.

Thursday, September 29, 2016

Elon Musk shares his interplanetary fantasy but his inspiration is down to earth

Posted By: The Funky Tech Guy - 1:31:00 AM
image

When I came across this article I knew that it was something I wanted to share not because of one man's journey towards interplanetary space travel but rather the story of one man, risking everything to achieve his dreams. He has personally pledged his entire fortune on achieving his vision and dream.

The lesson I take from this is that there is a whole,different life outside of our everyday and sometimes mundane, everyday living. It's filled with routine. Some people never leave their city and some don't even leave their community. To them that is life. That is all they know. They don't know what is out there.
As he famously says:
It would be an incredible adventure. It would be the most inspiring thing that I could possibly imagine. Life needs to be more than solving problems every day. You need to wake up every day and be excited about the future, and be inspired and want to live. ~ Elon Musk
When was the last time you woke up in the morning feeling truly excited about something?

So go out there and live your dreams,however big or small. You may want to take a tip from,in my opinion the most inspirational piece ever written.


The video below is Elon Musk’s dream. What is your dream? and what have you done recently to bring yourself closer to achieving it.



You can read the full article below:
Elon Musk shared his interplanetary fantasy but his real message is down to earth | Lynne Everatt | Pulse | LinkedIn:

Monday, September 26, 2016

3 Easy Ways To Grant the rights to modify AD group membership and be Successful

Posted By: The Funky Tech Guy - 7:17:00 AM



Problem:




You would like to grant a non domain admin user the rights or permissions ,e.g your servicedesk staff, the ability to modify the group membership but only of certain groups.
There are two very easy ways of doing this and a third more granular approach if required.

Pre-requisites:




Ensure you have created an AD group and assign your users you want to grant access to this group. If possible, create a separate OU to house all the groups you intend to give rights to.

Option 1 - Delegation of Control

  1. Right click the OU where the groups are and click Delegate Control… then click Nextimage
  2. Select your AD Group

    image
  3. Select Modify the membership of a group and click next

    image
  4. Click Next and Finish

Option 2 – Managed By

Note: you can use this on an OU or individual group.
  1. Right the same OU then click Properties
  2. Click the Managed By tab then click the Change… button

    image
  3. Specify your group and click OK

Option 3 – Using the security tab



If you need to be more granular,do it this way as it allows you to see exactly what permissions are associated with a given task and you can add additional permissions.
  1. Right click either the OU or specific group you would like to grant access or modify right to
  2. Click Properties
  3. Click the Security Tab
  4. Click Advanced
  5. Click Add
  6. Select your Group
  7. On the Object tab Select Descendant Group Objects and enable:
    • Read Members
    • Write Members


      image
  8. Click OK until all windows are closed
That's it

Hope this has been informative. If you have any comments or questions do so below.

Friday, September 23, 2016

Solved: How to Delegate Access for your Helpdesk or Servicedesk In Active Directory

Posted By: The Funky Tech Guy - 4:26:00 AM



Hi,
Today I want to share with you a simple best practise that I have often seen overlooked and not implemented.

The problem

Have you ever started at a new company and found that everyone has domain admin access? The technicians,the admins,the non technical boss and even the level 1 service desk staff? I have, in almost every company I started. This without saying,poses a huge risk,not just from a security point of view but also the fact that so many people have the potential to either intentionally or unintentionally $uck $hit up. Either way you have your hands full and enough on your plate to still have to worry about one of your servicedesk staff to start digging in things they learnt about in their mcse class.
So how do we go about mitigating this risk and applying the best practice for least privilege access (You only have access to do the things that enable you to perform your job)



The Solution

I usually tackle this in a few ways
  1. I get the backing of the decision makers by informing them of the risks to the business and what I can do to resolve it. This way if they decide to do nothing you have it in writing that they were made aware of the risk and its all on them.
  2. Next you will usually dish out an e-mail or go speak to the managers of the respective sections to find out their needs and roles. Essentially you need to know who does what before you can even begin with the technical bits
  3. Now that you have that information on who does what its allot easier to go into AD and create some groups. In my example I have 3 levels of support which is what I found most common at all the companies I worked. They are
    • Level 1 Support – Service desk- They do your quick fixes and generally require the following permissions
      • Reset password
      • unlock an account
      • change password
      • Read Access to all users attributes.
    • Level 2 Support – Desktop Engineers ,technicians generally have a few more:
        • Reset password
        • change password
        • unlock account
        • read attributes of an AD user
        • Create users
        • modify Active Directory Groups
        • Join Computers to the domain
        • Rejoin Computers to the domain
        • Unjoin computers from the domain
        • move computers to the proper OU

    • Level 3 Support – Network or Systems Admins usually have domain admin access depending on the size and organic structure of the company. Larger companies will have more granular roles,rights and permissions where as the the generalist Admin will usually have domain admin rights and whatever he/she grants to themselves Smile
  4. I create NEW administration aka adm accounts for each support user. e.g For the user John Black with a username of jblack I create admjblack. I simply add adm as a prefix.
  5. I then create AD security groups e.g Sevicedesk_Firstline , ServiceDeskdesk_Secondline and so on. Be sure to give good descriptions.

OK so now that we got that out of the way, lets get to the fun bit of actually configuring this.
button (1)

Copyright © 2013 The Funky Tech Guy ™ is a registered trademark.

Designed by Templateism . Built with Blogger Templates .