Best practices or advice to convince IT admins not to map network drives in privileged sessions with users

Why are currently trying to enhance the security posture of our company, and this means changing how some IT personnel work.

Precisely, our IT helpdesk now have 2 separate accounts: 1 for normal day to day usage (mails, internet, etc…), and 1 for administrative tasks. The later is a privileged account having several rights on the AD and some servers.

The way they work is not very secure when it comes to supporting the users: they use their privileged account to login to the user’s workstation and perform tasks where admin rights are needed.

But my question is more accurately related to network drives being mapped in their privileged account’s profile. They insisted on using the same logon script as with their standard account.

Do you have any recommendations, references to guidelines and/or best practices in such a case ? I’d like to present them some resources to convince them it’s not secure to have network drives mapped in this profile.

I tried to explain to them that if they log in a ‘contaminated’ workstation, their privileges might spread the infection to the network… But they did not understand and argued they need to access some files on the network while assisting the users. They don’t want to waste time typing UNC path, etc…

We’re deleting stale AD accounts for a company but owner wants to see the network files of AD users before deciding which accts to delete

We are deleting stale AD accounts for the companies we work for.

I contacted the owner of a particular company to help us determine which AD accounts we can delete. He said he’d first like to see what files the deletion candidates have stored on the network to help decide which accounts are OK to delete.

We have a domain admin account. Is there a way to access AD User files? Is there a PowerShell command (or GUI app) to list the files of each AD user in a clean/presentable format that we could present to the owner?

I think he’s only really concerned with the contents of each user’s Home directories (the directories containing the Documents, Music etc. folders) — and not network shares or shared folders users may happen to have access to — because the Home directories are the only directories risking deletion as a result of deleting their accounts, right?

Copy last modified backup files from network path into SQL server box and restore them using Agent job

I have to copy latest full backup from a network path and bring that to my SQL server for restore, I have to do that using agent job.

I know i can use xcopy: source and destination, but that wouldn’t give me latest modified file, can you please help ?

Thanks, learner

Proof for clustering in a network of friendship

Consider an undirected graph $ G = (V, E)$ representing the social network of friendship/trust between students. We would like to form teams of three students that know each other. The question is to decide whether the network allows for enough such teams, without checking all the triples of graph $ G$ . For this reason, we use random sampling to design an efficient estimator of the number of connected triples. We partition the set of node triples into four sets $ T_0, T_1, T_2$ , and $ T_3$ . A node triple $ v1, v2, v3$ belongs to

  • $ T_0$ iff no edge exists between the nodes $ v1, v2$ , and $ v3$ ,
  • $ T_1$ iff exactly one of the edges $ (v1, v2)$ , $ (v2, v3)$ , and $ (v3, v1)$ exists,
  • $ T_2$ iff exactly two of the edges $ (v1, v2)$ , $ (v2, v3)$ , and $ (v3, v1)$ exist,
  • $ T_3$ iff all of the edges $ (v1, v2)$ , $ (v2, v3)$ , and $ (v3, v1)$ exist.

$ |T_3|$ denotes the number of connected triples in the graph that is the quantity we need to estimate. Consider the following algorithm:

• Sample an edge $ e = (a, b)$ uniformly chosen from $ E$

• Choose a node $ v$ uniformly from $ V \ {a, b}$

• if $ (a, v) ∈ E$ and $ (b, v) ∈ E$ then $ x = 1$ , else $ x = 0$

Show that $ |T1| + 2|T2| + 3|T3| = |E|(|V | − 2)$

Any solution?

Alternative to Qubes OS network domain for a server

I know that Qubes Os is not suitable for a server use, but some of its features are quite interesting for that. In fact, all the network drivers are contained in a VM that run a different Linux based system and the connections from the “main OS” to the network are made through TCP/IP with that VM. Moreover, network drivers have been moved out from the main OS kernel. That allows to prevent the use of a potential bug in the network driver.

How can I reproduce the same configuration ? I thought about using Xen with a virtual network, but I would like to know if somebody already made it.

find the union of all min cuts of a flow network

I’m trying to solve the following question :

Given a flow network $ N = (G=(V,E),c,s,t)$ . Let $ \mathcal F$ be the set of all minimum cuts. Prove that $ \mathcal F$ is closed under intersections and unions, i.e. for every $ S_1,S_2\in\mathcal F , S_1 \cup S_2 \in \mathcal F$ and $ S_1 \cap S_2 \in \mathcal F $ .

that part I took care of just fine using the min-cut-max-flow theorem.

the other part is the one that I had trouble with :

Given a max flow $ f $ ,find $ S_{min} = \bigcap_{S\in\mathcal F} S \text{ and } S_{max} = \bigcup_{S\in\mathcal F } S $ .

I realized that when considering a min cut $ (S,T)$ , and given the residual graph (which can be built from the given maximum flow) , every vertex that’s reachable from $ s$ ( source node) , must be in $ S$ , so I was able to use that to come up with an algorithm to find $ S_{min}$ .

But as for finding an algorithm for $ S_{max}$ , I’m kinda having trouble putting my finger on a property of a min cut edge, i.e. what does it take to be a cut edge( or for a vertex to be in S) of some min cut?

I’m not looking for the full answer but rather a hint.. any help is appreciated.

Thanks in advance.