-
Reddit SystemAdmin. Thanks @reddit2telegram and @r_channels.
Best Method to support Laptops?
Hi, all. Have an issue that I’m looking for input on. As a new sysadmin for a company, I’m looking for the best way to manage our laptops going forward. Currently they are set up on Intune, but I haven’t touched any configuration on them since I started. Is this something I should keep, or should I put them on domain and manage via SCCM like our desktops? Would putting these devices on domain even make sense? We are swapping to a desktop or laptop only policy and I want to make sure our users can work on both interchangeably with few differences between the two. If anyone has good resources on what can actually be done with Intune please let me know. Seems like the old team bought a little of everything so I can go pretty much any route with these.
https://redd.it/1mfg0fi
@r_systemadmin
Using different brands for firewall, switches and APs vs same one
I do more cloud (Microsoft) and endpoint support. The network is managed by 3 people who don’t want to train others.
Conveniently, the previous companies I worked at used all Meraki branded equipment. Current company uses a different brand for each of them; watchguard, meraki and ubiquity. Problem I notice is that there seem to be less features overall (or maybe they don’t know how to implement some) and all it’s meant to do is to connect people to the network.
Is it better to use different brands in case “one brand have issues” like I was told? Or is it better to have the same brand for everything because of the cloud management capabilities that these network engineers aren’t doing? Everything is practically brand new so it wasn’t like their hands were forced in a way where they couldn’t buy one brand.
Generally trying to learn more and concerned about these guys aren’t modernizing much. For example to reboot the switch or firewall, they would ask someone to manually unplug it and plug it back in instead of remotely handling that. Part of monthly maintenance.
https://redd.it/1mfckip
@r_systemadmin
User issues
Did work on one of our floors on a Monday, took a bunch of drops down by disconnecting them in the data closet as they appeared dead\offline anyway.
Friday I get a call saying “ I can’t get into the ehr system”.
I go downstairs and look and sure enough it’s one of the drops I disabled on Monday. So I tell him “yeah, I know what’s going on, give me a minute”.
“Ok good, I have not been able to work all week”.
Which means for 8 hours a day, each day all week, he has done nothing.
https://redd.it/1mfaj3x
@r_systemadmin
AWS & MACsec: Confirm my Understanding (please)
IPsec from my on-prem data centers terminates on a physical Palo Alto FW in the on-prem, and a virtual Palo in our Transit VPC today.
This gives us data encryption all the way across the transit circuit(s) (a DirectConnect currently) and all the way into our Transit VPC.
But IPsec has difficulty going faster than ~1 Gbps without some kind of multi-pathing across multiple tunnels.
To paraphrase the esteemed philosopher and renowned scholar Ricky Bobby, "We wanna go fast."
MACsec is happy to go much faster than ~1Gbps.
MACsec is offered by Amazon and Microsoft as a connectivity option to enter their fabrics.
Google probably also offers this, but I haven't researched it yet.
But, if I understand things correctly, the encryption will terminate at the Amazon-provided switchport that is mapped to our customer environment.
So, from that Layer-2 segment between that switchport, and our virtual Palo... unless I misunderstand, we are not encrypted by any mechanism under our control.
We are at the mercy of Amazon saying "Trust us bro, our security wont let anybody see your traffic."
Is my understanding incomplete? Am I missing something? I kinda hope that I am missing something.
Is what Cisco calls "LAN MACsec" adequate for this service option, or do we need the fancier "WAN MACsec" ?
I have the same concern with Microsoft Azure, as I suspect the same challenge exists.
Are there any options for further securing this L2 segment that I'm not thinking of?
Are we overthinking it? Should we have more confidence in Amazon & Azure's security customer isolation?
The wisdom of the cloud gurus is appreciated.
https://redd.it/1mf32e2
@r_systemadmin
MPLS prices in 2025 are still a joke lol
Just got quoted for a regional site link and I genuinely laughed out loud. I don`t get how we are still paying enterprise prices for latency that`s barely better than a solid DIA with smart routing. I`m all for reliability but there`s gotta be a smarter way in 2025. what do you say?
https://redd.it/1mes833
@r_systemadmin
With smtp auth going away in 2026, how do you plan on handling devices that only support basic auth?
https://techcommunity.microsoft.com/blog/exchange/exchange-online-to-retire-basic-auth-for-client-submission-smtp-auth/4114750
> Exchange Online will permanently remove support for Basic authentication with Client Submission (SMTP AUTH) gradually beginning with a small percentage of submission rejections for all tenants on March 1st 2026 and reaching 100% rejections on April 30th 2026, (previously September 2025). After this time, applications and devices will no longer be able to use Basic auth as an authentication method and must use OAuth when using SMTP AUTH to send email.
> ...
> The only remediation for this is to update your client or app to support OAuth, use a different client or app that supports OAuth, or use a different email solution such as High Volume Email or Azure Communication Services for Email.
Primarily concerned about scan to email, as well as some various apps set up to do email reporting on my end.
https://redd.it/1mexemw
@r_systemadmin
Do standing desk help dev teams?
So my boss finally caved and asked me to look into getting standing desks for our IT crew (around 30 devs). Right now if you want one you either have to jump through HR hoops or buy your own which suck
Looking for brands that won't fall apart after a month. Ideally something sturdy that can handle multiple monitors without wobbling when someone bumps into it.
Anyone know companies that do bulk discounts or have decent corporate rates? Also curious if anyone's team actually uses theirs or if they just became expensive regular desks after week 2. Our devs are glued to their chairs for like 10+ hours a day so figured it might help with whole "my back is destroyed" situation everyone complains about :/
Need to get this proposal together pretty quick so any brands to check out (or avoid) would be awesome. Thanks!
https://redd.it/1mes8hr
@r_systemadmin
August 2025 Microsoft 365 Changes: What's New and What's Gone?
August brings over 25 updates to Microsoft 365, including new features, retirements, and functionality changes. Be sure to stay informed to avoid disruptions.
**In Spotlight**
* **New Microsoft Places admin center:** A centralized Microsoft Places web portal is launching. It will provide admins with a streamlined interface to manage buildings, floors, rooms, and desks.
* **Drag & Drop Emails Between Accounts in New Outlook** \- The new Outlook for Windows now supports drag-and-drop emails and files between personal, enterprise, and shared mailboxes, significantly boosting cross-account productivity.
* **Azure AD Graph API retirement:** Azure AD Graph APIs will be retired in early September 2025. Make sure to migrate to Microsoft Graph APIs before August 31, 2025.
* **Microsoft Enforces Admin Consent for Third-Party Apps -** Microsoft will enable the app consent policies by default, enforcing admin consent for third-party app access.
* **Classic eDiscovery Retirement** \- Microsoft will retire Classic eDiscovery (Premium) from the Microsoft 365 Purview portal. Move to the new eDiscovery experience.
**Here's your sneak peek:**
* Retirements: 6
* New Features: 10
* Enhancements: 5
* Existing Functionality Changes: 7
* Action Required: 2
* Retirement Postponed: 1
**Retirements**:
1. *Organization Data Types in Excel*, which allowed users to access Power BI datasets, will be retired on July 31, 2025.
2. The “*Monitoring” feature* in Conditional Access will be fully retired on August 1, 2025.
3. *Microsoft Project for the web* and *Project in Teams* will be retired in August 2025.
4. Microsoft is retiring *Cognitive Services and Azure Machine Learning integrations* in Power BI.
5. *Speaker Coach in Microsoft Teams*, which offered personalized speaking feedback during meetings, will be retired starting mid-August 2025.
6. *Client Access Rules* (CARs), which were used to control access to Exchange Online, will be deprecated by September 1, 2025.
**New Features:**
1. Microsoft Purview Data Loss Prevention will block Microsoft 365 Copilot from *processing emails that carry sensitivity labels*.
2. *Microsoft Purview Data Security Investigations* (DSI) is an AI-powered solution that helps security teams detect, analyze, and mitigate data risks.
3. Insider Risk Management will include *new detections* to identify risky AI activity, including sensitive prompts, suspicious intents, and AI-generated sensitive content.
4. SharePoint Online document library owners can now apply sensitivity labels directly at the library level. Files that are unprotected or lack labels will inherit the label. *Downloaded files retain site-level permissions* even outside SharePoint.
5. eDiscovery APIs are moving from Beta to V1. Enhancements include *additional parameters and export formats* that improve accuracy and streamline workflows.
6. Microsoft Teams will allow IT admins to run *silent call simulations* to check network readiness and proactively catch performance issues.
7. Microsoft Viva Engage introduces a *delegation feature* that allows admins to assign Pulse survey management to other users.
8. Microsoft Teams on the web will add a new sign-in experience in mid-August 2025, supporting *login through Apple or Google credentials.*
9. Microsoft Places is launching a *map-based desk reservation feature*. This will be available for Teams Premium users, allowing bookings through interactive floor maps.
10. Microsoft Purview Insider Risk Management (IRM) data will integrate with Microsoft Defender XDR, enabling *deeper threat investigations and event correlation*.
**Enhancements:**
1. Microsoft Authenticator for iOS will *support backup of all account names* using iCloud and iCloud Keychain. This includes school, work, personal, and third-party accounts like Google and Amazon.
2. Microsoft Purview *improves audit log messages* related to role group membership changes, particularly for GrantPermission and DeletePermission operations. The new
LifeLock by Norton
Just saw this ad that ran on Nat Geo Wild for 15 minutes. Paid members talking about how they got scammed and now they feel safe by using lifelock.
Cherry on top? Apparently they have support specialists who will work tirelessly in the USA to help restore your identity.
The whole ad felt fucking predatory.
Are people this gullible?
https://redd.it/1meq2c6
@r_systemadmin
blocking NTLM broke SMB.
We used Group Policy to block NTLM, which broke SMB. However, we removed the policy and even added a new policy to allow NTLM explicitly. gpupdate /force many times, but none of our network shares are accessible, and other weird things like not being able to browse to the share through its DNS alias.
https://redd.it/1meee8l
@r_systemadmin
Pre-solving this nightmare issue for you
A user got an email from internal and it "goes to their spam box." You move the email out of the spam box, back into inbox, and it goes back to spam a few seconds later he says.
That's odd, our mail rule that sets internal to internal at SCL level -1 or whatever is a thing. Run a trace, delivered normally. KQL query - delivered normally. Not junk. Not ignore conversation feature. No block list. No mailbox rules. No Outlook plugins.
I finally remote in because he's not on a job site. It's going to a folder literally called "spambox"
We don't have anything that does that. Ask AI because I'm so done with this shit at this point.
Day 3 of trying to figure this shit out. IT WAS HIS ****ING SAMSUNG MAIL APP ON HIS PHONE.
Which we don't allow people to use because it doesn't work. We tell them to use the Outlook App, which is probably renamed Copilot AI Mail Extreme Edition X .NET Copilot Edition by now.
FML I need a smoke break. I don't not smoke but Canada is on fire, can't see shit here, so going outside is technically a smoke break.
https://redd.it/1meama3
@r_systemadmin
I'm getting employees that I have to train from scratch. Now what?
First of all, thanks to everyone for their suggestions, thoughts, and condolences. It's been a bear of a month since I lost my boss, but things are sailing smooth for the moment. In the end, I got his title, his pay, and all of his responsibility.
Management approved 4 part time employees for me that are other staff members in other areas of my hospital. Lab Techs, Rad Techs, Scrub Techs, who show some aptitude with computers and the troubleshooting abilities I can train into Help Desk employees. These are skilled and educated employees, but not IT people.
I've got the beginnings of a training program (IT basics, Networking Basics, Tools we use), but what would you teach a bunch of people who are willing and eager to help, but don't necessarily know that much about IT?
https://redd.it/1me8bhf
@r_systemadmin
How do you work alongside a deeply entrenched legacy architect who resists change and views collaboration as a threat?
I stepped into a system admin role back in April. The team is small: a couple juniors, me, my boss, and a senior architect who’s been with the company for 20+ years. He basically built the network from scratch and still runs it like his personal fiefdom. To be fair, he’s extremely knowledgeable but also highly defensive, and seems to go head to head with my boss often. None of my business, anywho.
My main job is to modernize things…replace outdated monitoring away from Nagios, roll out NAPALM automation, that kind of stuff. Naturally, change is hard in any long-running environment, but it’s especially difficult here, or… have I just not worked with a wide enough array of personality types? The architect actively resists nearly every improvement. He has a rule against Docker (won’t allow it at all), rule against multiple VM’s broken up by app, blocks monitoring agents because they “use too much overhead,” insists on manually benchmarking resource usage before greenlighting anything(which is a good idea right?) , and won’t allow more than 50% hardware resource utilization on servers “for fault tolerance.” Has weird ideas remote log servers should only pull logs and remote clients never push, only allows DHCP and DNS to be managed by his shell scripts, etc. which I get since DNS is delicate.
He also has a very rigid, inconsistent subnetting scheme- /24s split by room and purpose, but implemented differently across sites. Everything is over-architected. And naming conventions? God help you if you deviate from his vision. I suppose this is all normal stuff from a long running admin?
Hey, he built it I’m using it all good who really cares.
Im used to working with relaxed folks and this guy does comes off as constantly talking down to people and getting visibly agitated which I would say is bringing me to Reddit. Some days he’ll just snap and say stuff like “I don’t care about my job anymore,” loud enough for others to hear. Personally I think it gets unprofessional when it’s bitching every day with big sighs. I share a space with him, and every day the other junior team members quietly ask if I want to go sit in their office instead, just to get away from the tension. Which, why would I leave the room and work with anyone else? I was hired to work with this guy.
There’s also a corporate team that handles change control and implements our changes on the network side. They’re very nice to work with. When I try to collaborate with them directly to push things forward, he gets pissed and says stuff like, “They wouldn’t be able to fix anything if you didn’t tell them what was wrong,” as if working with others is some kind of betrayal.
I’m getting good experience, even with all the politics and friction. My loose plan is to stick it out for 2–3 years, then move on, hey could be longer too. But in the meantime, how do you work around someone like this? A legacy architect who built the empire, thinks everyone’s out to tear it down, and makes collaboration a nightmare?
https://redd.it/1mdzgdh
@r_systemadmin
User can't find her C:\ drive - It was her C:\ drive
Shoutout to Sarah — one of the rare end users who’s genuinely nice, curious, and wants to learn how tech works. We love Sarah.
Today’s puzzle:
Sarah couldn’t find her C: drive.
She opens what looks like the right folder, sees all the familiar files... then confidently says: “Nope. This isn’t it.”
I show her the file path in plaintext Windows Explorer:
\> This PC > OS (C:\\)
Still nope.
Eventually, she explains that there's another folder with the same filenames but different content — also under C:\\.
We dig around. Turns out she had a shortcut pointing to a very specific subfolder mirrored across profile folders, and the recent GPO update removed this shortcut.
So I fixed it by re-creating the shortcut, added Target: explorer.exe "file path" and dragged it to the taskbar for her.
She proceeded to thank me for my help.
And that’s when it hit me:
Most days, shortcuts break and users get frustrated. I have been yelled at for this in my previous analyst role where people only cared about getting the task done... But today?
The shortcut broke and someone got curious. Sarah wanted to understand why her files felt familiar but wrong. She trusted her instincts, asked questions, and stayed gracious the whole time.
That’s rare.
So here’s to Sarah — proof that empathy and curiosity are still alive, hope exists, and a kitten is born.
https://redd.it/1me2lv6
@r_systemadmin
Have you ever considered SNMPv3 packet size overhead a drawback compared to SNMPv2?
I’m in a discussion with a co-worker who argues that SNMPv3 introduces too much overhead in terms of packet size and CPU usage on network hardware, especially when polling at scale. He prefers SNMPv2c for that reason alone.
Has anyone actually run into a situation where the additional bytes in SNMPv3 were a legitimate performance concern, like enough to justify avoiding it entirely on some devices? Or is this just a theoretical gripe and not really a problem in real-world deployments?
https://redd.it/1mdzxgz
@r_systemadmin
Website Developer Taking Control of Client Registrar and Names Servers
This may be a sanity check post.
I'm working with a not small client whose web developer requested domain registration/hosting transfer of their domain to their 3rd party service.
I've held firm on the registration staying in house but I'm worried I may not be getting much traction on being able to keep the name servers. It's an O365 environment with several other systems requiring DNS from on high.
Is this a hill worth dying on?
https://redd.it/1mfed90
@r_systemadmin
Why are signatures this complicated in Outlook?
We changed our company logo so the 3rd party marketing company made a new signature. They made it in Google docks. Our non-IT staff downloaded it word doc format, convereted it to PDF, uploaded to Sharepoint, opened the PDFin chrome, then copied and pasted it into the signature editor in Outlook.
FoR sOmE rEaSoN tHaT dIdN't WoRk
I downloaded the document as HTML from google docs' drop down menu that allows you to do so. The code is bulky crap with empty <p> tags and spans inside of <p> tags and is a nightmare, not to mention 60,000 characters.
I quickly rewrote it in notepad++
Mine is 48 lines, embedded BASE64 JPGs, absolute art. I throw it into
C:\\Users\\[username\]\\AppData\\Roaming\\Microsoft\\Signatures
NOPE. Outlook ignores it. Gotta make a dummy RTF file then a dummy TXT file with the same name for non-html email composing that we never do. Then you have to have a linked folder ending in _files even though we don't link to any files and that I legitimately don't know how to generate from scratch. It's some NTFS feature where it links a folder to an HTML file with CID tags or some nonsense.
So I created a dummy signature, left the RTF and TXT and folder alone, gutted the HTML they made, pasted in mine, works great. But wait...
OH GOOD, let's just ask the users to do that. And edit the HTML file to replace my name and phone number with theirs. That sounds reasonable. I'm sure they'll all do that. Management wanted this done in like 15 minutes so I don't think they'll approve me writing a .NET app to do this.
Fine, I'll just have them copy and paste from my HTML file since the code is super tidy. NOPE. Signature editor in Outlook Classic deletes just all <a> tags (so links) and makes it 319KB. So every single outgoing email and reply will be an extra 1/3 of a MB. Not acceptable.
How TF do you guys handle this company-wide? I know some third part software exists for this
https://redd.it/1mf96vi
@r_systemadmin
VPN device management is totally dying. Is Intune actually worth it?
So with the remote workforce hitting 70% across the industry, VPN-based device management is getting pretty outdated. Policy enforcement gets sketchy when users don't stay connected, software deployments take forever, and troubleshooting remote devices is a massive pain.
Intune's conditional access looks legit for cloud-based management, but did it actually fix your problems or just give you different ones?
What about configuration complexity?
https://redd.it/1mey80t
@r_systemadmin
Little Black Box
Tracing network cables at work, switch to what drop, write down the switch port and the drop name. I’m updating NetBox because there’s no documentation. The network folks are, “well some of the equipment doesn’t belong to corp so we don’t have access to that gear.”
Weird answer.
Anyway, tracing cables and one black cable (98% are blue, a few white and a few black). Follow it down, loop, follow it up.
To the top of the rack? What’s this Little Black Box?
Internet search away! It’s an environment monitoring box. Checks air temp, humidity, and a bunch of other options.
No credentials. No one at corp knows about it. The Executive Secretary though, “ah old admin used it to monitor the computer room. He discovered the AC wasn’t working from an alert.”
Okay, so alerts are being sent somewhere. Need to bring it to my laptop, check the configuration, change the settings so a group email or monitoring tool gets the alerts and not some email for someone who’s long gone.
Fun stuff :)
https://redd.it/1mevqla
@r_systemadmin
Our Epic integration vendor just ghosted us mid-project and I'm having a breakdown
So this is happening. Our "trusted" integration partner just went radio silent three weeks before go-live, their project manager isn't returning calls, and I'm pretty sure they've moved on to easier clients. Cool. Cool cool cool.
Context: I'm the IT director at a 200-bed hospital and we've been trying to replace our patient portal that literally still uses Flash. I know, I KNOW. Don't @ me. We got funding approved last year after our patient satisfaction scores tanked because people couldn't even log in to see their test results half the time.
Found this vendor who promised seamless Epic integration, showed us these beautiful demos, the whole nine yards. Signed a contract in January, paid the first milestone payment, and everything seemed legit. Their team was responsive, they knew all the right FHIR buzzwords, even had references from other health systems.
Then reality hit. The API calls started timing out randomly. Patient data was syncing but missing critical fields. Their "certified Epic integration" turned out to be a bunch of custom middleware that broke every time Epic pushed an update. When I asked about it, suddenly their developer who "built similar solutions for Mayo Clinic" was always in meetings.
Last month they missed two major deadlines. When I finally got their PM on the phone, he basically admitted they'd never actually integrated with our version of Epic before and were "figuring it out as we go." That's when I started drinking at lunch.
Three weeks ago: complete silence. Emails bouncing back. Phone goes straight to voicemail. I'm starting to think they just took our money and bailed.
Meanwhile, my CEO is asking for status updates, our chief medical officer is making jokes about our "state-of-the-art 1990s technology," and I've got 50 physicians who were promised a working patient portal by next month.
I'm sitting here at 11 PM googling "how to build Epic integration from scratch"...
Anyone know a good therapist who specializes in IT trauma? Asking for a friend who is definitely me....
https://redd.it/1mexxpv
@r_systemadmin
Fuckin' out of date dotnet everywhere
So I have end of life dotnet everywhere and it's causing me some headaches. The dotnet-core-uninstall remove powershell commands won't kill it either.
Does anyone have any automated way to kill this thing off? We don't have intune deployed so that's a nonstarter.
https://redd.it/1meqwtj
@r_systemadmin
fields, PreExecutionMessage and PostExecutionMessage, provide better transparency.
3. Microsoft Fabric will limit each workspace to a *maximum of 1,000 users* or groups across all roles (Admin, Member, Contributor, Viewer).
4. SharePoint Page Analytics will add features such as *long-term data retention, reporting by distribution lists, and export options*, starting mid-August 2025.
5. Policy alerts in Microsoft Purview will be *more customizable.* A new alert configuration page will let admins set frequency and define recipients for each alert.
**Existing Functionality Changes:**
1. Documents signed using *Adobe or DocuSign through SharePoint eSignature* will now be saved in the original folder where the signing started, not in the default "Apps" folder.
2. Microsoft will allow admins to *enable email notifications and policy tips independently* in SharePoint and OneDrive DLP policies. Currently, both settings must be enabled together.
3. Exchange Online cmdlets will show *changes to database property output*. For example, the Database property in the output of Get-Mailbox will change from: Database : APCP153DG038-db080 to a fully qualified path format: Database : APCP153.PROD.OUTLOOK.COM/7ad9dea1-26b7-4088-ad73-708c219faff6
4. Teams admins will need to complete a *Know Your Customer (KYC)* process before requesting new phone numbers. This includes submitting organizational details and supporting documents via the Teams Admin Center.
5. Microsoft is *changing the sender address* for Teams DLP Generate Incident Report emails. After August 20, 2025, only the address no-reply@temas.mail.microsoft.com will be used.
6. Starting August 25, 2025, *selected Microsoft Graph metered APIs*, including Teams chat export and meeting transcripts, will no longer be subject to usage-based billing.
7. The *Get-FederationInformation cmdlet* will return results only for the domain specified in the parameter.
**Action Required:**
1. The legacy Message Trace UI and cmdlets will be retired on September 1, 2025. Start using the new Message Trace experience and update any scripts that rely on legacy cmdlets to use their modern equivalents.
2. Starting July 31, 2025, the Microsoft Graph Beta API /deviceManagement endpoints will require either DeviceManagementScripts.Read.All or DeviceManagementScripts.ReadWrite.All permissions. Make sure to update your apps, scripts, or tools using older permissions to avoid disruptions.
**Retirement Postponed:**
1. The “Send me an email notification” action in Power Automate, which was originally scheduled to start failing 1% of the time on August 1, 2025, has been postponed .But switching to supported alternatives: “Send an email (V2)” from the Outlook connector or “Send an email notification (V3)” from the Mail connector is recommended.
Act now to stay ahead and ensure these updates don't impact you!
https://redd.it/1met9fb
@r_systemadmin
Weekly 'I made a useful thing' Thread - August 01, 2025
There is a great deal of user-generated content out there, from scripts and software to tutorials and videos, but we've generally tried to keep that off of the front page due to the volume and as a result of community feedback. There's also a great deal of content out there that violates our advertising/promotion rule, from scripts and software to tutorials and videos.
We have received a number of requests for exemptions to the rule, and rather than allowing the front page to get consumed, we thought we'd try a weekly thread that allows for that kind of content. We don't have a catchy name for it yet, so please let us know if you have any ideas!
In this thread, feel free to show us your pet project, YouTube videos, blog posts, or whatever else you may have and share it with the community. Commercial advertisements, affiliate links, or links that appear to be monetization-grabs will still be removed.
https://redd.it/1mesfm4
@r_systemadmin
Just Curious, is it normal to have access to everything?
Started a job about a month ago as my second ever IT job. The first one I had was classic HellDesk, pretty much a body just to block calls, doing about as much IT support as the user themselves could do. I got a offer from a relatively small local MSP, >50 employees. This place is... different. Right now I'm working "Dispatch" essentially the first line for calls, fixing whatever I can in 40 minutes or less, and if it's harder than that, escalate to the tier 2's. The only thing is, I have access to... everything. We have about 50 companies as clients, some including hospitals with hundreds of employees, and I can access everything. I have free reign to fuck with switches, routers, firewalls, domain admin passwords, rmms to run stuff at system level if needed, all automations. Literally everything we manage for all of our clients has credentials posted inside of our documentation somewhere. Every type of server we manage for them, exchange/365 admin access, access through a couple different RMMs with automation possibilities if I need to automate stuff at the system level, literally everything from top to bottom, I have access to it, and I'm at the very bottom of our totem pole here. Is this normal? I'm learning tons of stuff every day, so it's the best to come into as a new guy, but man it feels like the wild west. Is this just how small msps are?
https://redd.it/1mekqva
@r_systemadmin
I think I messed up today at work
So, today was going to be a normal morning, everything was going fine and well. I work for a ERP software that uses Delphi and ODBC interface to connect to SQL Server instances. I have this customer which he has this server that wanted to switch his old HDD to a new one that he had, because the previous was pretty slow. He installed a clean Windows Server install on this "new" HDD and here we go:
I connected to his server and started restoring the application database like normally. note: this was my first time doing such a big task outside of my usual ERP troubleshooting problems.
I managed to configure everything in a 2 hour time, to the point where it was before. I could connect to the SQL Server locally and everything, but then on other machines at the local network the ODBC couldn't, for some reason. I checked everything you could imagine, to firewall ranging up to the database properties itself, here we go another hour of downtime, the man starts sending angry messages due to the downtime. Even with a clean Windows 2022 server install, the server station was still sluggish.
In the end, so he would calm down, I advised him to swap over to the old HDD with the previous Windows install from yesterday so he could keep on working, even with such a slow HDD.
This is my first time doing such a task at my job with roughly 6 month experience, I'm hired as a Jr Tech Support or LVL1 Support as they call it here. It's my first IT job, also.
Could I have done any better?
https://redd.it/1me5k3p
@r_systemadmin
The reality of Imposter Syndrome
Like most you, my fellow Fix Its, imposter syndrome runs rampant through my veins. But what keeps it at bay is the constant ask for a " can you jump in this meeting" or a "quick chat". I am annoyed, but it definitely is good to know that other techs look to you for answers. Today was a rough day. I'm dead tired. It's 330pm and I'm having lunch. I get to see my wife and daughter soon, so that shutdown button is getting ready to be fingered (I laugh hardest at my own jokes). Good job everyone!
https://redd.it/1mebq9i
@r_systemadmin
Sleep Apnea and Sysadmin
Just got diagnosed with severe sleep apnea (not weight related).
Apparently, this is more common than I was aware of.
Noticed I was tired all the time and leaning more and more on stimulants (ADHD meds and caffeine). Getting older of course doesn't help, but apparently it’s more than that.
Curious if you folks have experienced the same thing?
Waiting for my APAP to hopefully solve this and get me back to my A-game.
I'm a bit anxious about using one (some people take to it immediately and others need to work into it), but need to get my mind back in the game.
If you do use one, did it take you a while to get use to it?
https://redd.it/1me20q0
@r_systemadmin
Fresh Service Down?
Is fresh service down for anyone else right now?
EDIT: It's back up for us now. About an hour of outage
https://redd.it/1me1o2f
@r_systemadmin
A DC just tapped out mid-update because someone thought 4GB RAM and a pagefile on D:\ with MaxSize=0 was a good idea.
So today, one of our beloved domain controller decided to nosedive during Windows Update.
A collegue informed me about it because he noticed that a backup plan stopped working for this server.
I log in to investigate and am greeted by this gem:
>The paging file is too small for this operation to complete.
Huh.
Open Event Viewer - Event ID 2004 - Resource Exhaustion Detector shouting into the void. Turns out:
MsSense.exe: 12.7GB
MsMpEng.exe: 3.3GB
updater.exe: 1.6GB
Total: roughly more than three times what the box even had.
Cool cool. So how much RAM does this DC have?
4GB. FOUR. On a domain controller. Running Defender for Endpoint.
Just when I think "surely the pagefile saved it," I run:Get-WmiObject -Class Win32_PageFileSetting
And there it is:
MaximumSize : 0
Name : D:\pagefile.sys
ZERO.
Zero kilobytes of coping mechanism. On D:.
Which isn’t even the system volume.
It's like giving someone a thimble of water and telling them to run a marathon in July.
Anyway, i rebooted it out of pure spite. It came back. Somehow.
Meanwhile i've created a task for the datacenter responsibles like:
>Can we please stop bullshitting and start fixing our base configs?
https://redd.it/1me29wa
@r_systemadmin
Microsoft's AI risk list left out cybersecurity. Are we actually safe or just ignored?
Been working in this field, and I keep seeing posts about AI taking over everything from copywriting to coding to customer support.
But in my day to day, I don’t see how it replaces a lot of what we do. You still need human eyes for context, forensics, incident response, and even just spotting weird behavior that tools miss in cybersecurity.
Sure AI helps with alert triage or writing detection rules faster, but it feels more like an assistant than a replacement.
could just be me, but cyber still feels pretty human. Am I missing something or is it really not that easy to replace us?
https://redd.it/1mdwaxo
@r_systemadmin