|
My company uses separate subdomains for production and non-production. Non-production includes dev, QA, and RC/UAT environments. The subdomains are firewalled, so that non-production cannot reach production and vice versa. They adopted Microsoft's "privileged access workstation" guidance, where each user is assigned a laptop that is completely locked down (can't install anything, etc.), and that laptop hosts a VM (hosted locally) where we can do internet & email but not much else. Additionally, each user is assigned a production VM and a non-production VM (each hosted remotely). Developers have local admin privileges on the non-production VM, but are encouraged to limit software installed on it to whatever is available in our corporate Software Center hub. None of this is terrible by itself, and all makes sense to me security-wise. but here lies the problem:
1) each device and VM needs a separate login with a distinct password
2) the PAW laptop needs to be connected to the VPN, requiring a 2fa login
3) the "productivity" VM (the locally-hosted one) needs a separate VPN connection (requiring a second 2fa login)
4) the VPN connections time out, and I often need to re-connect multiple times daily
5) all 4 Windows logins (PAW device, productivity VM, non-prod VM, prod VM) are subject to password rotation, with stringent password complexity requirements
6) all devices and VMs lock out after just 3 minutes of inactivity
6) the PAW laptop is bitlocker-ed, so you need to enter a decryption code each time you reboot (which is frequent, since updates are pushed multiple times per week)
The net result is that I spend a ridiculous proportion of my day typing in passwords, which I have no recourse but to write down because there's no way in heck I can remember umpteen different passwords that change every several weeks. By the time I've caught up on email, or responded to a chat thread with my colleagues, or finished reading a CP article, my non-prod VM has almost certainly locked out, and then after spending a little time writing code, I head over to my "productivity" VM to check something on StackOverflow and oops! It's locked out by now and I have to log in again (what was that password [checks notebook]?). It's a total productivity-killer!
|
|
|
|
|
|
That's the point where you should get a stand alone tap to start/stop timer, record the amount of time you waste each day playing stupid password games; and charge it to IT overhead on your time sheet each day.
Did you ever see history portrayed as an old man with a wise brow and pulseless heart, weighing all things in the balance of reason?
Is not rather the genius of history like an eternal, imploring maiden, full of fire, with a burning heart and flaming soul, humanly warm and humanly beautiful?
--Zachris Topelius
|
|
|
|
|
You could use trusts between those domains to enable your "normal" user to be able to do stuff on the developement and UAT domain, but tbh working on different domains just sucks. It adds a lot of overhead so there has to be a really good reason to go through that kind of trouble. Until now I have only seen different domains trusting each other in cases of different companies working together in some sort. I also saw people having multiple devices to work on different domains but that sucks a lot too. Imagine carrying 2 laptops with you all the time.. or in your case: 3. What you could do is set up several computers in the dev and uat domain and login on those devices via RDP using users from those respective domains. But that's all meh.
|
|
|
|
|
A long, long time ago (10+ years?) I set my personal laptop up with a work domain separate from my home domain. I don’t recall any specific problems with doing so, but I think it felt a bit clunky. I remember having to set different themes so I could tell at-a-glance which environment I was logged in to.
It’s worth a try,if only to satisfy your curiosity.
Time is the differentiation of eternity devised by man to measure the passage of human events.
- Manly P. Hall
Mark
Just another cog in the wheel
|
|
|
|
|
We have a production domain, a dmz domain and a dev domain.
There are one way trusts so that dmz trusts prod and dev trusts prod, but not the other way.
We just use prod ids on all domains.
If a dmz or dev box is compromised, it is supposed to slow down sideways propagation into prod.
|
|
|
|
|
Proponent of drink drink ! (9)
"Life should not be a journey to the grave with the intention of arriving safely in a pretty and well-preserved body, but rather to skid in broadside in a cloud of smoke, thoroughly used up, totally worn out, and loudly proclaiming “Wow! What a Ride!" - Hunter S Thompson - RIP
|
|
|
|
|
Nice!
"I have no idea what I did, but I'm taking full credit for it." - ThisOldTony
"Common sense is so rare these days, it should be classified as a super power" - Random T-shirt
AntiTwitter: @DalekDave is now a follower!
|
|
|
|
|
Will you take it in the absence of anyone else ? I ask as I can't do tomorrows
"Life should not be a journey to the grave with the intention of arriving safely in a pretty and well-preserved body, but rather to skid in broadside in a cloud of smoke, thoroughly used up, totally worn out, and loudly proclaiming “Wow! What a Ride!" - Hunter S Thompson - RIP
|
|
|
|
|
OK.
"I have no idea what I did, but I'm taking full credit for it." - ThisOldTony
"Common sense is so rare these days, it should be classified as a super power" - Random T-shirt
AntiTwitter: @DalekDave is now a follower!
|
|
|
|
|
Proponent of
drink SUP
drink PORTER
SUPPORTER
"I have no idea what I did, but I'm taking full credit for it." - ThisOldTony
"Common sense is so rare these days, it should be classified as a super power" - Random T-shirt
AntiTwitter: @DalekDave is now a follower!
|
|
|
|
|
I though it was apt for St Patricks Day
"Life should not be a journey to the grave with the intention of arriving safely in a pretty and well-preserved body, but rather to skid in broadside in a cloud of smoke, thoroughly used up, totally worn out, and loudly proclaiming “Wow! What a Ride!" - Hunter S Thompson - RIP
|
|
|
|
|
I liked it!
"I have no idea what I did, but I'm taking full credit for it." - ThisOldTony
"Common sense is so rare these days, it should be classified as a super power" - Random T-shirt
AntiTwitter: @DalekDave is now a follower!
|
|
|
|
|
|
I'm envying you - you're doing a lot of fun stuff. I love bare metal.
GCS d--(d-) s-/++ a C++++ U+++ P- L+@ E-- W++ N+ o+ K- w+++ O? M-- V? PS+ PE- Y+ PGP t+ 5? X R+++ tv-- b+(+++) DI+++ D++ G e++ h--- r+++ y+++* Weapons extension: ma- k++ F+2 X
|
|
|
|
|
Come on! There is no "ME" in "TEAM"!
Oh, hang on, there is ...
And an "i" in the "A-hole" ...
Well done you! Another article in progress?
"I have no idea what I did, but I'm taking full credit for it." - ThisOldTony
"Common sense is so rare these days, it should be classified as a super power" - Random T-shirt
AntiTwitter: @DalekDave is now a follower!
|
|
|
|
|
Not another article for this one, as it's just a driver for a work I've already published here.
Well now that I think on it, I may actually produce an article for the little hashtable and vector.
It's of limited utility, because most of the time the STL is available. It's only certain IoT frameworks where it can't be relied on.
To err is human. Fortune favors the monsters.
|
|
|
|
|
If it's that tiny, maybe a tip instead? May help someone struggling with a similar problem?
"I have no idea what I did, but I'm taking full credit for it." - ThisOldTony
"Common sense is so rare these days, it should be classified as a super power" - Random T-shirt
AntiTwitter: @DalekDave is now a follower!
|
|
|
|
|
|
"I have no idea what I did, but I'm taking full credit for it." - ThisOldTony
"Common sense is so rare these days, it should be classified as a super power" - Random T-shirt
AntiTwitter: @DalekDave is now a follower!
|
|
|
|
|
I hope you are soon done with the finished product, so that I get a chance to understand what you have been doing all these years. It always get clearer with a good picture of hardware
|
|
|
|
|
|
5 for me:
⬜⬜🟨⬜🟩
⬜🟩⬜⬜🟩
⬜🟩⬜⬜⬜
🟨🟩🟨⬜🟩
🟩🟩🟩🟩🟩
⬜⬜⬜⬜⬜
"I have no idea what I did, but I'm taking full credit for it." - ThisOldTony
"Common sense is so rare these days, it should be classified as a super power" - Random T-shirt
AntiTwitter: @DalekDave is now a follower!
|
|
|
|
|
Wordle 271 4/6
⬜⬜🟨🟨🟩
🟩🟨⬜⬜🟩
🟩🟩⬜🟩🟩
🟩🟩🟩🟩🟩
|
|
|
|
|
Wordle 271 4/6
⬜⬜⬜⬜🟩
⬜⬜🟨⬜🟩
🟨🟩⬜⬜🟩
🟩🟩🟩🟩🟩
"Life should not be a journey to the grave with the intention of arriving safely in a pretty and well-preserved body, but rather to skid in broadside in a cloud of smoke, thoroughly used up, totally worn out, and loudly proclaiming “Wow! What a Ride!" - Hunter S Thompson - RIP
|
|
|
|