Any tips on 'creating' work in a desktop support role?

techfiend

I'm currently working part time as the IT support guy at a small business supporting 25-30 local workstations and ~200 remote tablets. The more work I find the more hours I can get and the low hours is my only disappointment atm. I'm having trouble finding work and seeking some ideas for others that have been in the same situation. I know documentation has to be updated or created but I don't have access to most of it and not sure of company policies on it, I really should ask about it. 'The spreadsheet' definitely exists and is admin only which I have and TE gave me an idea to encrypt it, which I might ask about tomorrow. Other than that we have a server 2003 to 2012 update planned for early next year which I'm very excited about. Until then I can't think of much to do and usually go chat with colleagues or browse the internet. Does anyone have any ideas?

ajs1976

How are the desktops being patched? if not alreadying using it, implement WSUS or even a third party utility that will do more then Microsoft updates.

Check AD for stale user and PC accounts and clean it up.

techfiend

Right now locally patched and current admin says WSUS server's drive is full, probably with outlook pst's. It's something I've really wanted to get going on. We are going through a transition from XP to 7/8.1 workstations and 2003 to 2012. The former is pretty much done, just waiting on hardware. Current admin wants to wait until we transfer over to 2012 to use WSUS again. The only thing that get's updated except for microsoft is av, the rest is proprietary software that the developer patches on occasion so another updater wouldn't be justified. We just received a blade with a bunch of storage but that will probably wait until the 2012 install. It's kind of in limbo now, done with workstations, not yet started on servers. After these are done I don't know what I'll do besides the occasional support, hopefully they pay me well to study.

AD is kind of a mess, there are dozens of former employees that are disabled. The ceo, who used to be the support guy, is a data packrat and probably wants to keep them all. According to admin 2012 is going to be a fresh install. There's some AD inconsistencies that should be fixed, that will make for a few fun days supporting users for me.

cyberguypr

Let me guess, there are no backups in place. Correct?

techfiend

There's a second server replicated and a third server collecting incremental backups. Once 2012 is up the third server will go to a remote location to be replicated. Each server has I think admin said 4 vm's with their own tasks but I really need to ask him about it and get into that. There's a standalone IIS server with an old workstation backing it up.

I think they are making a concerted effort to improve their situation, it's not horrible right now but it could be a lot better.

The current plan for 2003 to 2012 is pull backup server, set up 2012 and install it, pull third (backup collector) setup 2012 and install it, switch over to 2012, pull main server for 2012 install, take third server to remote location.

There are also plans to start fresh on the sonicwall, they have a backup they'll configure before replacing the current one. I'm not all that excited about doing this after seeing everything that has to be done but it's good experience.

techfiend

I took initiation and setup wsus on the backup server today, it had the most hdd space of the servers. The IT manager was happy but the JOAT probably won't be, he dislikes wsus and anything patching I was told today. I'm starting to see why they want to replace him. Thing is I'm doing things quickly, which is my nature, and it hurts me financially in this case. For example I've never setup WSUS and in 15 minutes I had it up and synchronizing once I planned where it should go, then I spent 2 hours waiting for it to finish syncing.

Next week I'll probably get going on roaming profiles, another thing IT manager wants but current joat has always shrugged off. If there's going to be a fresh 2012 install soon is it worth setting up 2003 roaming profiles now? Are they able to be migrated to 2012?

I'll be doing this and maybe the full server 2012 installs alone, or at least assisting on them on an entry level wage, almost seems unfair, but hopefully it pays off. The experience is great anyways. There isn't enough support workload to justify paying someone to do it full time. I'm lucky to see 3 issues a day working part time and they are often very quick resolutions.

While I really enjoy working there the 3+ weeks I've been there I'm going to need more money soon after receiving news today that I'm making just enough money to not qualify for state assisted medical insurance, state exchange open enrollment is over and private medical insurance is going to cost me about 30% of wages. I have some medical concerns and can't go without insurance, last year I racked up over $100,000 in medical bills. In April I have to go in for a $5000 medical procedure which may lead to another $100,000+ situation, given the stupid probationary periods of insurance this may be too soon to be covered, this is really concerning. At my current wage my paychecks for the next 2+ years are gone just in debt and I need some spending money so looking at 3+ years, add in the insurance payments and looking at 5+ years, add in the lack of coverage and probably 10+ years of paying off debt simply because I took this job. Maybe I'll consider consulting with other companies, that's what the current joat does but he has 25+ years of experience compared to my 3+ weeks and I'm sure I'd run into some things I wouldn't be able to handle.

My schedule is 20-25 hours a week but it's all over the place in a 14 hour range and getting another job outside of weekend or pick my own hours is out of the question. I'd hate to just quit this job because it can't pay my bills but they are very hesitant on giving me more hours without having anything to do. It took me months to find this position and really learning a lot but I'm feeling so overwhelmed about the near future that I need to do something financially before it hits me in the face. Does anyone have suggestions?

LeBroke

As they say, best time to find a new job is when you already have one. Start looking, if only because you have nothing better to do in the 25 hours you are NOT working.

techfiend

LeBroke: I wasn't very clear on my hours, I work 20-25 hours a week but my shifts vary day to day in a 14 hour range.

Wouldn't looking for work after working at a place for a month be a bit concerning to potential employers?

Also I probably wouldn't learn or enjoy it nearly as much elsewhere. USA healthcare system screws over so many people, I'm just the latest victim. I might try appealing to the state.

If the appeal fails, I might talk to my current employer and see what they have to say. They know I'm pushing to get more hours and not giving them and also know that I recently reapplied for state medical assistance. They don't know about my medical history but I have a fresh scar on my neck and cheek that should be a clue.

NetworkingStudent

Ask the admin if he has anything for you to do.

Get a list of issuess that you see and ask your manager if they should be addressed.

Do the tablets have any AV? Are these tablets locked down?

Takes notes and screen shots as you work
( and save in evernote or onenote on your computer)
Get the ok to install evernote or onenote on you work computer.

techfiend

I feel relieved after finding out the state's open enrollment has been extended to February.

Admin is there only 2 days a week but I get a lot done when he's there, other days, not so much. I've decided to take initiation on things that really should be done but admin isn't doing it.

The tablets have no AV, I've read most of them are bogus anyways and have never needed one for linux, android is based off of linux. There's never been malware issues on the tablets. Locked down in what way? All the tablets are technically the employees, they have the option to provide their own or purchase from the company at a competitive price. The only thing that's required is to be able to run a proprietary app that is required for them to perform their job.

I'm free to install any software without permission but I don't see much need for onenote or evernote currently. I also don't have my own workstation but that's being worked on.

LeBroke

techfiend wrote: »

The tablets have no AV, I've read most of them are bogus anyways and have never needed one for linux, android is based off of linux. There's never been malware issues on the tablets.

Much to learn, you still have. I have no experience with tablets, but Linux viruses are some of the nastiest pieces of work there is. Literally had one the other day that locked a client out of his server by disabling SSH and then configuring IPTables and (client-installed) DenyHosts to block any successful connections (by blacklisting the IP) even after an openssh-server reinstall.

With Windows, except for cryptolockers or keyloggers, most viruses are still spambots or script kiddie toys.

NetworkingStudent

I'am no expert on security, but I have heard other IT security pros say that Iphones and Ipads are more locked down than android.


Here is what you should ask yourself about these devices?
Do these devices have important data on them?

Do they connect to your network?

Would it be ok if they got compromised and delivered malware onto your network?

If the tablet is lost, do you have remote wipe capabilities?


Here is an article on adroid security

*
What You Need To Know About Android Tablet Security

http://www.makeuseof.com/tag/android-tablet-security/

From the article:

As I point out in virtually every Android Internet security article, antivirus apps for the platform remain a bit of an open question. Comprehensive, objective tests of their ability to defend again threats remain rare.
However,*a recent A/V Comparatives study*did show that most security apps were able to protect against a test selection of malware threats, and the study goes so far as to recommend that all Android users install antivirus software.


http://www.securingthehuman.org/newsletters/ouch/issues/OUCH-201210_en.pdf

techfiend

I understand linux has to have some open holes for malware but honestly I've never seen AV suggested nor seen it on any linux boxes. It's been a few years since I've been on production linux boxes (data centers mainly) so maybe things have changed since. Disabling SSH and iptables blacklisting sounds painful especially if you aren't local to the box.

The proprietary app has remote tracking, picture taking and wiping built in. All tablets have to be activated with their own unique ID before they communicate with the IIS server, activation can be disabled instantly on the local server. I've been told by the inhouse developer that only the app can communicate with the server by using the apps unique ID. While malware getting to the server wouldn't be pleasant, there's 2 hot backups that can be switched to. These are just old workstations but perhaps sitting behind a honeypot might be something to consider? That would give me something to do for a few days.

There isn't any crucial data stored on the tablets, the server's ip list, but that's not a big deal, they all need to authenticate after 30 minutes of inactivity and there's no option to save credentials. Even if someone gets a hold of a tablet logged in there isn't much they can do. They can try to disrupt normal operation in the app but that requires a unique code, picture, signature and possibly voice to confirm. Maybe some really smart hacker can get the app's unique id and spoof it to communicate with the server but there's a very slim chance of this happening.

I'll bring up AV with them, I was looking at some endpoint solutions last night and noticed a few that claim mobile security. Since it looks like a big chunk of money is involved to cover ~200 tablets it will probably be a case where if there's been no problems it's not worth trying to prevent an issue, one of infosec's favorite phrases.