old MSP wants to know what they did wrong

IRJ

If they are looking for a security analysis or Pen Test let me know. It sounds like they will need one in a few months once they try to get everything up to par.

dafyre

@IRJ said in old MSP wants to know what they did wrong:

If they are looking for a security analysis or Pen Test let me know. It sounds like they will need one in a few months once they try to get everything up to par.

*cough* shameless plug *cough*

IRJ

@dafyre said in old MSP wants to know what they did wrong:

@IRJ said in old MSP wants to know what they did wrong:

If they are looking for a security analysis or Pen Test let me know. It sounds like they will need one in a few months once they try to get everything up to par.

*cough* shameless plug *cough*

Lol.Obviously they aren't ready for one yet, they have a ton of patching to do first after an internal assessment.

Mike Davis

Well the Ubiquiti is in place now and the Server 2003 box is no longer their firewall, so that's a huge step in the right direction.

dafyre

@Mike-Davis said in old MSP wants to know what they did wrong:

Well the Ubiquiti is in place now and the Server 2003 box is no longer their firewall, so that's a huge step in the right direction.

Finally get the admin credentials, etc?

Mike Davis

Initiating the request for the internet domain name transfer now...

IRJ

Good luck!

It would be pretty neat if you documented the whole process. This is the kind of stuff we see on Spiceworks everyday

Mike Davis

@IRJ said in old MSP wants to know what they did wrong:

Good luck!

It would be pretty neat if you documented the whole process. This is the kind of stuff we see on Spiceworks everyday

You mean a list of the stuff that was wrong and how I fixed it?

BRRABill

@Mike-Davis said in old MSP wants to know what they did wrong:

@IRJ said in old MSP wants to know what they did wrong:

Good luck!

It would be pretty neat if you documented the whole process. This is the kind of stuff we see on Spiceworks everyday

You mean a list of the stuff that was wrong and how I fixed it?

#mangocon2017

ntozier

Honestly if it's as bad as you are saying it is. I would compose a list. I would document the whole thing with screen shots (and pictures) and I would hand it all to your boss and tell him to consult his lawyer as to whether or not they are going to sue him... He obviously wasn't providing them with what he was billing them for. Of course wait until you got the domain transferred. Then you can tell him that you aren't allowed to speak to him, and that all communications should be routed through "name of lawfirm here".

DustinB3403

@ntozier

While I don't disagree, the issues that the previous tech left should be documented, and provided to the customer so they can address the issue. I don't think that @Mike-Davis should even communicate with the old tech at all.

It's not his place to speak to anyone but his customer. If the client asks that of @Mike-Davis then ok.

IRJ

@DustinB3403 said in old MSP wants to know what they did wrong:

@ntozier

While I don't disagree, the issues that the previous tech left should be documented, and provided to the customer so they can address the issue. I don't think that @Mike-Davis should even communicate with the old tech at all.

It's not his place to speak to anyone but his customer. If the client asks that of @Mike-Davis then ok.

I would highly recommend that this company pay for the documentation process. Otherwise I wouldn't touch the company. @ntozier is spot on. If they won't pay for the documentation process then they are already lost. You can't start fixing things if you don't document what exactly is wrong.

DustinB3403

@IRJ said in old MSP wants to know what they did wrong:

@DustinB3403 said in old MSP wants to know what they did wrong:

@ntozier

While I don't disagree, the issues that the previous tech left should be documented, and provided to the customer so they can address the issue. I don't think that @Mike-Davis should even communicate with the old tech at all.

It's not his place to speak to anyone but his customer. If the client asks that of @Mike-Davis then ok.

I would highly recommend that this company pay for the documentation process. Otherwise I wouldn't touch the company. @ntozier is spot on. If they won't pay for the documentation process then they are already lost. You can't start fixing things if you don't document what exactly is wrong.

That is a good point, to go through the existing organization and document the issues that are present. This gives @Mike-Davis a checklist of things that need to be addressed.

More likely what will happen is that he'll be working on something and discover an issue.

Mike Davis

I have a running list. I have screen shots. I have photos of the server literally being held together with duct tape.

IRJ

@Mike-Davis said in old MSP wants to know what they did wrong:

I have a running list. I have screen shots. I have photos of the server literally being held together with duct tape.

Who needs the "cloud" when you have duct tape?

DustinB3403

@Mike-Davis said in old MSP wants to know what they did wrong:

I have a running list. I have screen shots. I have photos of the server literally being held together with duct tape.

I need this shared.....

I've seen people use rubber bands and scotch tap to fit an SSD to the original 3.5" winchester, but duct tape.. come on.

DustinB3403

@IRJ said in old MSP wants to know what they did wrong:

@Mike-Davis said in old MSP wants to know what they did wrong:

I have a running list. I have screen shots. I have photos of the server literally being held together with duct tape.

Who needs the "cloud" when you have duct tape?

Who needs a server at that point.... or ethernet clips, or drive bays or anything.

Mike Davis

Some of the stuff, the tech could say that the owner didn't want to spend money on a new server, so he couldn't do anything.

Other stuff, like using the everyone group instead of the domain users group when creating the main file share there is just no excuse for except for incompetence.

He probably did this because some people are logging in under domain accounts and some are local accounts and couldn't figure out why the share wasn't working.

IRJ

@DustinB3403 said in old MSP wants to know what they did wrong:

@Mike-Davis said in old MSP wants to know what they did wrong:

I have a running list. I have screen shots. I have photos of the server literally being held together with duct tape.

I need this shared.....

I've seen people use rubber bands and scotch tap to fit an SSD to the original 3.5" winchester, but duct tape.. come on.

As much as I want to see the issues, he probably shouldn't share a report even if information is redacted. Because if the company name somehow gets out, they can be hacked in about 10 seconds lol.

dafyre

@DustinB3403 said in old MSP wants to know what they did wrong:

@IRJ said in old MSP wants to know what they did wrong:

@Mike-Davis said in old MSP wants to know what they did wrong:

I have a running list. I have screen shots. I have photos of the server literally being held together with duct tape.

Who needs the "cloud" when you have duct tape?

Who needs a server at that point.... or ethernet clips, or drive bays or anything.

Not me, just a block of wood and enough duct tape to hold the motherboard down and the hard drive up.