-
Reddit SystemAdmin. Thanks @reddit2telegram and @r_channels.
Remote Desktop issues after April Cumulative Updates?
Anyone having issues with Remote Desktop Connection after installing the 2025-04 Cumulative Update for Windows Server? There was a fix for a RD security flaw which is tracked as CVE-2025-27480 so I am wondering if that might be the culprit. Here are some of the issues.
1. When I minimize a RD session and then go back to it, i'll get a black screen for a few seconds, before the session shows up.
2. When I try to do something in the RD session, nothing happens. Nothing is responsive for a few seconds.
3. I'll get a message about losing connectivity and it will retry to connect (up to five attempts). It will eventually reconnect.
I'm working remotely over a VPN so am thinking of going into the office and getting on the local network to see if the issue persists. Just wondering if anyone else has seen anything like this since they installed the April CUs.
https://redd.it/1jydaol
@r_systemadmin
Anyone still running Windows 95, 98, 2000 or XP in 2025?
I recently stumbled upon a project called Windows Update Restored and honestly… it blew my mind. It fully revives the original Windows Update websites (V2 to V5), allowing you to scan for and install updates on legacy systems — just like we did back in the day, using IE and ActiveX. And yes, it actually works.
As someone who occasionally messes with retro hardware and VMs, this is pure gold. But I’m also wondering — are there still people here actively using Windows 95, 98, 2000, or XP in real setups? Maybe industrial gear, old software dependencies, labs, etc.?
Would love to hear your use cases or stories.
🔗 Official site: https://windowsupdaterestored.com
📖 More info / deep-dive article: https://systemadministration.net/windows-update-restored-old-system/
What’s the oldest Windows system you’re still maintaining (or playing with) today? 👇
https://redd.it/1jyds4m
@r_systemadmin
NGFW Recommendations Between Palo/Fortinet/Firepower
Hello all,
We have a pretty major hardware refresh coming up at my company (Amazing timing, I know). We're pretty much all Meraki/Cisco with MX routers powering around 16 locations at around 500~ users. We run a hub and spoke setup with a primary hub and a secondary as failover.
I've read murmurings over the years - and after firsthand experience of playing with a basic Fortinet firewall..The Advanced Security features on the Meraki MX Routers just really doesn't seem to be nearly as comprehensive at L7 inspection as I had hoped. Especially for the insane licensing cost..4 months of heavily diminished line speed on our older hardware and literally a single false positive remote code execution alert from Apple. Meanwhile our endpoints are downloading things that I know are in Cisco Talos' database.
I'm working on getting everyone moved over to Defender XDR on our endpoints as a primary source of threat prevention - but really am looking for the below "specs/features" on two hardware firewalls for my two hubs. Hoping you guys can share some firsthand experience on some hardware NGFW's.
- 2.5Gbit throughput capable
- Meant for <1000 users
- Solid VPN solution (preferably something that plays nice with Entra directly for auth)
- Something comprehensive - but not intimidating in terms of getting a solid running config going
Thanks everyone for any suggestions and apologies for the 800th "What NGFW is best" thread. Just couldn't find any previous posts with my exact kind of scenario.
https://redd.it/1jy6myb
@r_systemadmin
The Temptation of the Solo Admin
So I’ve been the solo support & system engineer at my pharma manufacturing place since August 2023.
I’ve filled my time combining user support, server & network engineering and laying the foundation for NIS2 cybersecurity adherence, so basically being a Jane of all IT trades.
Last year I successfully negotiated a pay rise, but what was promised to be a company in full growth is increasingly turning out to be a company peddling against the current. Budgets are tight, regulations are tight and the work culture sometimes feels a bit too… duck tapey.
I actually like what I do and I get a lot of freedom in my daily work, but I kinda miss working with IT colleagues and honestly for a company that’s actually growing or mature enough.
So I wouldn’t actually mind taking a next step career wise. Some of the functions I see available are quite tempting. At the same time: my current place would be quite fracked in the short/midterm if I’d leave now and that’s something I feel some responsibility to.
Would you stay or start exploring if you were me?
In any of y’all that is also a solo admin - what actually makes you stay?
https://redd.it/1jy6w4y
@r_systemadmin
Looking for the Best Way to Document IT Infrastructure with a Web Interface (No Database, Preferably on My Ugreen NAS)
Hi everyone,
I'm currently setting up a documentation system for my IT infrastructure and I'm looking for the best way to do it with a web interface, but without the hassle of a complex database setup. I previously used DokuWiki under Windows, but now I want to run it from my Ugreen NAS.
I’m not looking to spend too much time configuring things, and ideally, I just want something that I can easily adjust and update without needing to worry about database management. I want to be able to access my documentation via a simple web interface, like a self-hosted wiki server, but I’m open to alternatives.
Here are my main requirements:
Easy to set up with minimal configuration.
Can be hosted on my Ugreen NAS.
Preferably doesn't require a full-fledged database (SQLite is fine if needed).
Simple and clean interface, ideally something like a wiki for IT documentation.
Not interested in using traditional office tools like Word or Excel for this.
I’ve been considering setting up another wiki (not necessarily DokuWiki) but I’m also wondering if there are better methods for IT documentation, particularly if it’s easy to set up and maintain.
What solutions do you recommend for a simple, no-fuss, web-based IT documentation system?
Thanks in advance!
https://redd.it/1jy54or
@r_systemadmin
Question about service accounts and interactive logons (Event ID 4624, Logon Type 10)
I’m currently reviewing login activity via Splunk and came across something I wanted to validate.
I understand that service accounts typically should not be provisioned for interactive logons. While querying Windows security logs (Event ID 4624), I filtered for Logon Types 2, 7, and 10, and ensured the logon process was User32.
What stood out was a few service accounts showing up with Logon Type 10 , which—if I’m not mistaken—indicates a RemoteInteractive logon (RDP).
Just wanted to confirm:
Does Logon Type 10 for a service account mean it’s being used interactively via RDP?
And if so, would that generally be considered a misconfiguration or a red flag?
Appreciate any insights or experiences you can share.
https://redd.it/1jy0zfw
@r_systemadmin
Windows DNS (integrated AD zone) issue
I think I've had this odd issue for a long time, but am just noticing it now. I have 7 AD servers (4 in a parent domain; 3 in a child domain). Only one of them is a DNS server. That DNS server has a bunch of zones, of which two are AD Integrated zones (one for contoso.com; another for child.contoso.com)
The serial # on the parent zone (contoso.com) increases on its own due to some DHCP servers sending dynamic updates. That's expected. However, after a few minutes, the serial # reverts back [to some lower number\], and I get a bunch of errors in the Event Log > DNS Server:
\----------------The DNS server was unable to add or write an update of domain name contoso in zone `contoso.com` to the Active Directory. Check that the Active Directory is functioning properly and add or update this domain name using the DNS console. The extended error debug information (which may be empty) is "00002098: SecErr: DSID-031514B3, problem 4003 (INSUFF_ACCESS_RIGHTS), data 0". The event data contains the errorThe DNS server was unable to complete directory service enumeration of zone contoso.com. This DNS server is configured to use information obtained from Active Directory for this zone and is unable to load the zone without it. Check that the Active Directory is functioning properly and repeat enumeration of the zone. The extended error debug information (which may be empty) is "00002098: SecErr: DSID-031514B3, problem 4003 (INSUFF_ACCESS_RIGHTS), data 0". The event data contains the error.The DNS server encountered error 9002 attempting to load zone `contoso.com` from Active Directory. The DNS server will attempt to load this zone again on the next timeout cycle. This can be caused by high Active Directory load and may be a transient condition.
\------------------
Additionally, if I look in ADSIEdit > DC=DomainDNSZones,DC=contoso,DC=com, under CN=MicrosoftDNS, I do NOT see a "DC=contoso.com"; but instead I only see a "DC=..InProgress-596502A3FACFDAE0-contoso.con" folder (along with a RootDNSServers folder).
It seems to be some sort of permission issue, but I can't seem to pinpoint what its trying to do when it gets the permission failure. I'm also a bit concerned that I might lose all the data in this zone. I started looking into this when we noticed our secondary DNS servers (ISC BIND, not microsoft servers) were not receiving updates -- that was caused by this serial number not advancing...
The records in the "InProgress" folder seem to be years old.. and are completely stale.. It seems this zone is still in "Windows 2000 compatibility" mode.. so I've found the most current records at CN=MicrosoftDNS,CN=System,DC=contoso,DC=com. Maybe we tried to upgrade the zone to post-Win2003 (i think it was 2008 when they changed the location of the zones in AD), but it failed and maybe this InProgress thing can be deleted?? A little timid to start deleting things in fear of losing the zone.
Anyone have some tips on what to do next?
https://redd.it/1jxvdge
@r_systemadmin
What's an undervalued SaaS you use?
We all know the drill - SaaS this, SaaS that. It's everywhere! And while there are solutions for pretty much any problem you can imagine, from massive platforms down to hyper-specific niche tools, a lot of the conversation seems dominated by the same few players or categories.
I'm curious about the ones that don't get the constant mentions. The more niche and maybe more industry specific tools. What's a SaaS tool you've subscribed to that you feel provides fantastic value but doesn't seem to get much mainstream attention or hype within the industry?
https://redd.it/1jxqyxf
@r_systemadmin
Those of you with an employment gap on your resume,
how did you "get back on the horse" so to speak? How did you explain it to interviewers and minimize it being an issue?
https://redd.it/1jxph70
@r_systemadmin
Sysadmin Workflow: How Do You Efficiently Track & Prioritize CVEs Relevant to Your Stack?
Hey, managing vulnerability patching is a constant battle. Beyond just running scanners, how do you effectively keep track of newly disclosed CVEs that are actually relevant to the specific OS versions, applications, and hardware deployed in your environment? Manually sifting through NVD or vendor advisories daily seems overwhelming. What's your workflow for identifying the critical vulns needing immediate attention versus the noise? Are you using specific paid/free tools, custom scripts parsing feeds, or relying heavily on vendor notifications? Looking for practical strategies for staying ahead of relevant vulnerabilities without drowning.
https://redd.it/1jxkfrn
@r_systemadmin
Finally turned our Ivanti SSL VPN off, man that felt good
So that's about the size of it really but goddam pulling the plug on that thing felt good.
I know there aren't perfect solutions here but that thing had me on edge every goddam day with the integrity checker and constant vulnerabilities.
https://redd.it/1jxkep8
@r_systemadmin
Citrix is jacked today
All of our VDI platforms went belly-up about half hour ago.
We just got off the call with Citrix who, after a lot of hemming and hawwing, finally admitted they have a system wide issue.
Apparently we're one of the first to report it as their health dashboard still shows all services operational. Citrix Cloud Status
At this point we have to wait for Citrix to mitigate this in their platform.
If your team is fielding calls regarding this.. it's not on your end
https://redd.it/1jwwgp0
@r_systemadmin
I just got someone fired and I feel like shit
Part of my duties is finding ways to automate processes - accounting, operations, etc. I was able to automate someone's job where it cuts their workload down by 80%. Today I learned that person was laid off and it was mainly because I was able to automate their job. Anyone else run into a situation like this? How did you deal with it?
https://redd.it/1jwtdzf
@r_systemadmin
Say you're a sysadmin whithout saying you're a sysadmin
I'll go first
I haven't seen sunlight since the server migration, and my coffee has dependencies.
https://redd.it/1jwp3t7
@r_systemadmin
Tired off AI Scripts / Solutions being provided
A super short rant.
Im so utterly tired of having people write something into ChatGPT/Copilot and instantly send it my directions without any critical thinking at all.
Today our architect sent me a PowerShell Script which could call different API in our M365 Tenant expecting me to accomplish that.
1st API wasn’t even countable with the product which he wanted information for it legit wasn’t working.
2th API was straight out of a fantasy story it has never existed and will never exist.
TLDR: I hate AI for constantly telling Users/Colleagues something is possible and then it becomes my issue to solve it.
https://redd.it/1jwlay0
@r_systemadmin
How are recruiters finding you?
Is it from LinkedIn? Word of mouth? Reddit? Instagram? Onlyfans?
https://redd.it/1jyd0ln
@r_systemadmin
Managing the InfoSec Overload: How Do You Track CVEs, Breaches, EOLs, and News Efficiently?
Hi everyone,
Like many of you, I often find myself swimming in a sea of security information. Between tracking relevant CVEs for our stack, staying updated on the latest data breaches that might affect our users or partners, monitoring software/OS end-of-life dates, and filtering through general cybersecurity news, it's becoming increasingly challenging to keep everything consolidated and actionable without spending hours bouncing between different sources (NVD, vendor sites, news feeds, breach notification sites, etc.).
I'm curious how others in the r/sysadmin community are tackling this information overload.
* What's your strategy for staying informed without getting overwhelmed?
* Are you using any specific tools (commercial or open-source) or dashboards to aggregate this kind of intelligence?
* How do you prioritize what needs immediate attention versus what's just noise?
Personally, I found juggling multiple sources quite inefficient and started working on a personal project to scratch my own itch – basically a dashboard (Cybermonit) that attempts to pull together data on recent CVEs, data leaks, ransomware attacks, software EOLs, and general security news into one place.
(Full disclosure: This is my project. I initially built it to help myself manage this data stream, but I'm sharing the idea here because I genuinely wonder if others face the same consolidation challenge).
I'm keen to hear your approaches and workflows for managing this constant flow of critical information. Also, if the idea of such a consolidated dashboard resonates with you, I'd be interested in feedback on what features you'd find most valuable in such a tool.
Thanks!
https://redd.it/1jycyfu
@r_systemadmin
Who do you contact when you're data center is having packet loss with just one ISP?
I've had this issue before, but it's been years ago. Basically my data center is having some connectivity issues (sporadic packet drops) with a certain national ISP but just so happens that almost all clients in my service area are on this ISP, including my house. I can see the issue there as well. To get around it on my side, I just connect to a VPN, and no issues.
I've tried calling my data center noc and opened a ticket yesterday but have not heard back. I called again this morning and the person said they were updating the ticket and someone should call me today.
Is there a better way to handle this rather than go through my data center noc?
https://redd.it/1jy9dmc
@r_systemadmin
Team leads, how do you manage?
My lead very recently went on parental leave. I'm picking up a lot of the work they left us. Mostly everything is well organized, so this hasn't been an issue.
But I've barely been able to do actual work in days. Actual research, actual coding, just running ssh. And it's not an issue of being under fire because of things going down, our infrastructure is the most reliant I've ever had the pleasure of working with in my life.
It's just. So much communication, so much note-taking, so many meetings. Incapable of knowing what to prioritize.
Ended up doing overtime just to get some work in. The work I was doing weeks long, the work I love doing doing, the work I signed up for.
I'm happy doing it. I'm happy I was trusted with this. I respect my lead a lot, and being able to experience what their work actually is invaluable. I'm very lucky to have coworkers who understand the position I'm in and willing to help.
It's just. How do y'all manage? Do you have tips? Methods? Software? Books? Any insights at all? Anything would help. Thank you!
https://redd.it/1jy65t6
@r_systemadmin
We've open-sourced our AWS security platform that reduces setup time from months to days
We've made OpenSecOps completely open source after years of developing it for security-sensitive industries. It's a platform that significantly reduces the time needed to implement AWS security best practices.
OpenSecOps includes two main components:
Foundation: Implements AWS best practices with centralised logging, SSO implementation, least-privilege IAM roles, text-based configuration management, and numerous security features.
SOAR: Provides automated security incident response through a serverless architecture that integrates with AWS Security Hub, featuring continuous monitoring and automatic remediation.
The platform has been field-tested in regulated environments and has passed AWS Foundational Technical Reviews. One AWS Solution Architect commented, "I'd use this myself if I had a system to secure or create".
For sysadmins and IT professionals, the key benefits include:
1. Reduced Implementation Time: Deploy security controls in days rather than months
2. Simplified Management: Centralised control across multiple AWS accounts
3. Automated Remediation: Most common security issues are fixed automatically
4. Minimal Operational Overhead: Fully serverless architecture requires no infrastructure management
5. Complete Documentation: Detailed installation guides, architecture specifications, and SOPs
GitHub: https://github.com/OpenSecOps-Org
Website: https://www.opensecops.org
Blog post on our open source transition: https://www.opensecops.org/blog/our-full-transition-to-open-source
We welcome questions about implementation or feedback on our approach.
https://redd.it/1jy3bjj
@r_systemadmin
Best DNS Service as Firewall to Restrict Traffic
Hi, I am looking for the best DNS service that has capabilities to restrict sites and apps for a K12 School network. Similar to NextDNS and Control D. Suggest the ones that you have tried already. TIA.
https://redd.it/1jxv9k9
@r_systemadmin
Wouldn't blocking Data:// URLs break some websites?
I’ve heard some schools are blocking data:// URLs, but I’m wondering if that causes issues with websites that use them for things like images or scripts. A lot of sites rely on data URLs to embed stuff like images or scripts directly into the page to avoid extra requests. If they're blocked, wouldn't it mess up the way some sites work?
Has anyone here experienced problems with this when blocking data URLs?
https://redd.it/1jxu50z
@r_systemadmin
Working with the Technologically Illiterate
I'm a beginner at a small business (only IT guy on payroll), so I am by no means the best in system administration. This has led to my employers thinking that I am just here to reset passwords and help with connecting printers.
Today my boss tells me with a straight face that we cannot access our banking account on a specific PC because there is malware on it. I immediately ask him to explain how he got to that conclusion, and apparently one of our workers tried to log into our banking provider's site and got blocked out with a number to call. After they called that number, apparently the person told them that they detected malware on their PC from their IP address and to download some fraud prevention software. I immediately called BS, because you can't detect if there is malware on a PC through an IP address. I thought that they fell for either a phishing scam or a tech support scam, but after checking with the worker they said that no one remoted into the PC and the number is the correct one. We have been experiencing attacks on our publicly facing server from bots, but none ever gained access. My boss insists that they somehow got in (Even though event logs say otherwise, and remote connections to the server were disabled completely) and gets mad at me for "overreacting".
I tell him that there isn't a way for the banking service to know if there is malware on our PC from our IP address alone, but he won't listen. He insists that we contact an IT guy working with another business to come and help fix it.
I am genuinely tired of being shut down by my boss, who doesn't know anything about computers. Its general topics like this where he brings up his completely illogical insight into the issue and how to fix it.
https://redd.it/1jxoybu
@r_systemadmin
Two extra PowerEdgeT440 servers - what can they be used for?
After moving completely to Entra cloud and cloud ERP, we are have been collecting old equipment from the remote offices of our acquisitions. If it is not in their office, they can't turned it on and plug in a cable. My team dropped off two 2019 Dell T440 PowerEdge servers, 64 gig each, 8 drives each, but no keys for the side panels. We need to see about getting a key. (IT is all remote).
I figure on possibly selling and giving the proceeds to Accounting. We don't really have a need for the servers, though we have another office in driving distance we could host them at. Reading online, these seem to be more complicated to install stuff on due to drivers, etc.
Can anyone suggest novel uses or should I sell somehow?
thx
https://redd.it/1jxnq6y
@r_systemadmin
Trivia Contest Interviews, or What's Wrong With IT Hiring #292
I'm not normally one to rant, but this has been bothering me for a long time.
I'm looking for work again because of a forced RTO. So luckily I have a job, but now have a horrible commute. So, now I have to play the resume/recruiter "over 1000 people clicked Apply" dance to even secure a phone call, let alone an interview. That alone is bad.
What I think is worse is the trivia contest format of technical interviews. This is where they put you in front of a "panel" or even just the hiring manager whose only job is to trivia questions at you, as if that's a good predictor of success in 2025. It seems like every single company has switched to this format, and personally I find it very adversarial. I understand that companies are clawing back all the power they lost in 2021-2022 and have their pick of people, but what in the world makes a candidate who happened to have memorized what position the Don't-Fragment flag in a TCP header is in a perfect fit for a modern IT position??
https://redd.it/1jxltw3
@r_systemadmin
Solid explainer on OSI & TCP/IP models — useful for onboarding junior techs
If you ever need to walk junior team members or interns through the basics of networking layers, this article does a great job simplifying OSI and TCP/IP:
https://www.pixelstech.net/article/1744343358-the-layered-architecture-of-networks-explained-simply
It’s beginner-friendly, avoids jargon, and breaks down the layers with real-world analogies. Might be a good link to keep handy for onboarding or early cert prep.
Just sharing in case others are mentoring or building training resources — would love to hear what other resources you use too.
https://redd.it/1jxgqcc
@r_systemadmin
Pour one for my homies over at Dell this morning....
Got the news this morning that several DLE firms were being given notice this morning of the coming of the tide. All services to cease immediately. I was at a Dark Site with a Class/Customer and got booted out the door as my access rights were restricted.
Seems to be a few hundred folks between 3-4 different firms. Can't say i was surprised given the Federal Upshake going on.
May my brethren all land on their feet somewhere else quickly :)
https://redd.it/1jwuffr
@r_systemadmin
What's the weirdest "hack" you've ever had to do?
We were discussing weird jobs/tickets in work today and I was reminded of the most weird solution to a problem I've ever had.
We had a user who was beyond paranoid that her computer would be hacked over the weekend. We assured them that switching the PC off would make it nigh on impossible to hack the machine (WOL and all that)
The user got so agitated about it tho, to a point where it became an issue with HR. Our solution was to get her to physically unplug the ethernet cable from the wall on Friday when she left.
This worked for a while until someone had plugged it back in when she came in on Monday. More distress ensued until the only way we could make her happy was to get her to physically cut the cable with a scissors on Friday and use a new one on the Monday.
It was a solution that went on for about a year before she retired. Management was happy to let it happen since she was nearly done and it only cost about £25 in cables! She's the kind of person who has to unplug all the stuff before she leaves the house. Genuinely don't know how she managed to raise three kids!
Anyway, what's your story?!
https://redd.it/1jwrzko
@r_systemadmin
What tasks or functions that IT do can be handed over to users to manage themselves?
I'm working for a small business (under 100 staff) and everything and anything that needs to be done IT wise falls on one person to do. This creates a bottleneck and means someone is stretched all the way from password resets to designing our GCP infrastructure - not sustainable.
They are looking for ways that staff within the business can take on some tasks that lend themselves to being "self service" or areas where we can use more automation. We need to strike the right balance of effort/reward so while a lot can be automated, if it's going to be for something we rarely need or will take weeks to do then it probably isn't right.
So far we have come up with:
Self service password reset
Changes to distribution group membership
Changes to SharePoint site membership
E-discovery moved to our compliance department
Fine tuning our laptop builds so they are hands free i.e. using Autopilot
Automation of patch deployment (this is largely done through Intune)
Standardised approach to Teams and SharePoint site creation (we have sprawl problems atm)
Standardised laptops
Automation of joiners leavers (low priority as there is low churn)
Ability to self handle low risk blocked emails (spam, not phishing or malware)
I do need to ensure that staff don't go wild and that we have audit trails so where appropriate we will still need a service desk ticket but the person handling it will be outside of the IT department.
Are there any other areas that could be targeted that have worked successfully?
Is there anything that has not worked out well that people have handed over to the business?
What I want to do is put things in the "right" places - there is no need for IT to be a gate keeper for everything and get bogged down with simple things that people can do themselves.
What about tooling? Any recommendations for low cost/high value tools that can help unlock some of the above - they are fully cloud so on-prem would not be suitable. I have my eyes on Action1 and also Power Automate - just not sure yet if the latter might actually help or just a rabbit hole that would absorb a lot of time?
On the technical side there will be an exercise to automate as much as possible but at the moment the focus is on enabling the business where it makes sense and doesn't end up creating more problems than it solves.
https://redd.it/1jwknec
@r_systemadmin
Weekly 'I made a useful thing' Thread - April 11, 2025
There is a great deal of user-generated content out there, from scripts and software to tutorials and videos, but we've generally tried to keep that off of the front page due to the volume and as a result of community feedback. There's also a great deal of content out there that violates our advertising/promotion rule, from scripts and software to tutorials and videos.
We have received a number of requests for exemptions to the rule, and rather than allowing the front page to get consumed, we thought we'd try a weekly thread that allows for that kind of content. We don't have a catchy name for it yet, so please let us know if you have any ideas!
In this thread, feel free to show us your pet project, YouTube videos, blog posts, or whatever else you may have and share it with the community. Commercial advertisements, affiliate links, or links that appear to be monetization-grabs will still be removed.
https://redd.it/1jwm7q8
@r_systemadmin