It sounds like they have real-time access to the company directory. Might want to review the logs of accounts with permissions and access to your domain controller.
I posted about this a while back on that other double-d site, but I used to be an outsourced it guy for a bunch of companies.
One of my clients was a small local collection agency. Their network was aged and falling apart, we we sold them a full network update - new server, new infra, new computers. They even ordered the newest version of their agency software.
We got it all set up in parallel to the existing setup, and were at the point of installing the server app, but for the life of me, I couldn’t get the damned thing to work.
So I called support and told them the issue. The support guy said “Oh, yeah. That’s a known issue. You just need to make anybody who needs to use the software a domain admin, and you have to leave the admin panel on the server app logged in at all times with the screen unlocked.”
I sat in stunned silence for a few seconds contemplating what this idiot just told me.
“If that’s a requirement to run this software, then go ahead and transfer me to whoever I need to talk to to get a refund on this, because you’ve got to me out of your fucking mind. There’s not a chance in hell I’m going to do that on a server that handles peoples’ financial data.”
He stammered for a minute then transferred me to someone who apparently had seen a computer before, and they were able to fix the issue — a cache directory just needed write permission.
But the part that bothers me is… how many other people did he tell that to and they just blindly followed those directions? If I had told the manager or owner they needed to call, they would have just done it with no reservation.
In small orgs with no IT, where the tech stuff is just done by a nephew or a staffer that’s “good with computers,” there’s zero thought given to security. I’d seen it with dozens of small companies - they’d done their own IT work forever, and had just called me in to address a thorny problem, and I find that their database is open to the world, or their whole org runs off an access database file sitting on an XP home edition computer somebody brought in.
It sounds like they have real-time access to the company directory. Might want to review the logs of accounts with permissions and access to your domain controller.
Removed by mod
I posted about this a while back on that other double-d site, but I used to be an outsourced it guy for a bunch of companies.
One of my clients was a small local collection agency. Their network was aged and falling apart, we we sold them a full network update - new server, new infra, new computers. They even ordered the newest version of their agency software.
We got it all set up in parallel to the existing setup, and were at the point of installing the server app, but for the life of me, I couldn’t get the damned thing to work.
So I called support and told them the issue. The support guy said “Oh, yeah. That’s a known issue. You just need to make anybody who needs to use the software a domain admin, and you have to leave the admin panel on the server app logged in at all times with the screen unlocked.”
I sat in stunned silence for a few seconds contemplating what this idiot just told me.
“If that’s a requirement to run this software, then go ahead and transfer me to whoever I need to talk to to get a refund on this, because you’ve got to me out of your fucking mind. There’s not a chance in hell I’m going to do that on a server that handles peoples’ financial data.”
He stammered for a minute then transferred me to someone who apparently had seen a computer before, and they were able to fix the issue — a cache directory just needed write permission.
But the part that bothers me is… how many other people did he tell that to and they just blindly followed those directions? If I had told the manager or owner they needed to call, they would have just done it with no reservation.
In small orgs with no IT, where the tech stuff is just done by a nephew or a staffer that’s “good with computers,” there’s zero thought given to security. I’d seen it with dozens of small companies - they’d done their own IT work forever, and had just called me in to address a thorny problem, and I find that their database is open to the world, or their whole org runs off an access database file sitting on an XP home edition computer somebody brought in.
It’s fucking terrifying.