r_systemadmin | Unsorted

Telegram-канал r_systemadmin - Reddit Sysadmin

-

Reddit SystemAdmin. Thanks @reddit2telegram and @r_channels.

Subscribe to a channel

Reddit Sysadmin

Happy Thanksgiving, fellow sysadmins. I’m the new (and first) in-house IT Administrator for a ~70-endpoint company. No servers, no domain, and until two weeks ago everything went through an MSP. Now all requests come to me first, and I escalate only when necessary. Here’s what I walked into:

Almost every workstation is running Windows 11 Home

A handful are Windows 11 Pro

All users log in with local accounts

About half the company is on M365 Business Premium, the other half on Business Standard

No Intune, no Entra ID join, no AD (on-prem or cloud), no real identity management

The MSP provides ThreatLocker and Huntress, and the long-term goal is to reduce the monthly spend and move IT responsibilities more in-house while maintaining a co-managed relationship with the MSP.


My first major project, already approved by leadership, is to:

1. Upgrade all appropriate users to Business Premium


2. Upgrade all endpoints to Windows 11 Pro


3. Entra-join every workstation


4. Enroll everything into Intune


5. Begin modernizing the environment and decreasing MSP dependency



My background is seven years as a server engineer, so this is a big shift for me. I’m learning a lot as I go, and I’d appreciate any advice, lessons learned, or “watch out for this” insights from anyone who has gone through a similar small-business modernization or MSP off-ramp process.

What pitfalls should I expect? What would you tackle first?

Thanks in advance and enjoy the holiday.

Edit: Leadership mentioned that in about 6-9 months we will reevaluate and if needed we can either bring in another IT person or continue co-managed with the MSP.
ALSO, the long term (3-5 years) plan for my role is to transition into a Director of IT.

https://redd.it/1p8i2ia
@r_systemadmin

Читать полностью…

Reddit Sysadmin

Me every time: testing if VPN works using my phone's hotspot. Thinking it works. Then realizing my hotspot acts as a repeater for the office WiFi.

Gets me every time!

https://redd.it/1p8flvl
@r_systemadmin

Читать полностью…

Reddit Sysadmin

Personal Keyboard

I’m trying to look for a wireless keyboard for me to use at the office. I currently have a Logitech MX650 that I’ve been using for a few years. I’m not a huge fan of it as it just feels cheap. I think I want a mechanical keyboard but I want a more silent option. I’m moving to a more automation/programming role and I’m worried that it could get loud. The space I work in has two other people and at times I can hear my current keyboard in the background of our call recordings. I’ve looked at Aula F108, keychrone, Cherry kc 200, among others. All the YouTube videos I find they like to do the full ASMR which doesn’t help. I want to be able to swap keys and make it my own at some point if possible. What are you all using and does anyone have any recommendations? I’m trying not to do trial and error as I tend to be forgetful about returns lol

https://redd.it/1p8d1dl
@r_systemadmin

Читать полностью…

Reddit Sysadmin

Deprecation and removal of WINS after Windows Server 2025

It's official; Microsoft has announced that WINS is now deprecated, and *will be removed* from all Windows Server releases after Windows Server 2025 and will remain under the standard support lifecycle through November 2034.

No flowers

https://support.microsoft.com/en-gb/topic/wins-removal-moving-forward-with-modern-name-resolution-f00381f0-7237-4f7b-8e78-aa6f9c5b279f

https://redd.it/1p885nv
@r_systemadmin

Читать полностью…

Reddit Sysadmin

Full admin access on wifi?

We are currently implementing 802.1X on wifi and ethernet and we had a discussion if the admin VLAN should be extended to wifi or not.

Right now, there is sort of admin access if you pop on VPN while being connected to wifi, which I find strange but I didn't see that many wifi setups.

So, how do you handle it? Admin access only wired? Or with wifi too?

https://redd.it/1p854b2
@r_systemadmin

Читать полностью…

Reddit Sysadmin

How do you handle frequent password resets for students and teachers?

Hi everyone, I am new to the sysadmin community and I'm dealing with a pretty annoying problem.

I work with students and teachers who seem to lose their passwords all the time. We have about 30 students and 10 teachers calling us every 1 or 2 months because they've lost their password, or worse, they don't tell us and lose access to their sessions and Teams.

We currently have a 3-month password expiration policy (I don't make the rules, and personally I think this policy is bad). Students and teachers don't really understand why we ask them to change it every 3 months.

Passwords are already synced between Office 365 and Active Directory, but I don't know how to handle these lost passwords efficiently to save time and make users more independent. Does anyone have advice?

https://redd.it/1p81hlk
@r_systemadmin

Читать полностью…

Reddit Sysadmin

How many of you have done AI related projects?

Interested if anyone has had any projects to implement AI in their environment.

Setting up a LLM (in cloud or on-prem), integrating AI into an app that you host, creating an AI tool for your m365 services, etc.

Not trying to make a point, just curious if anybody in the real world has had to do this.

https://redd.it/1p7y3fc
@r_systemadmin

Читать полностью…

Reddit Sysadmin

Teams governance

Hi,

How is everyone else governing Teams these days? The general lifecycle management, self service, governance and overall experience of Teams from a sysadmin point of view seems really lackluster and annoying to deal with.

 


We have been scouting for a proper solution to govern our Teams and Sharepoint setup and allow for our end users to create Teams, with guard rails and governance such as a naming convention, forced ownership, automatic archiving and thing like that, but it is difficult to find the right solution, or perhaps i am just getting hit with this "FOMO" where if i pick a solution and find a better one the next day, i am dug in for at least a year.



 

So far we have looked at Teams Manager from Solutions2Share and gotten a quote on it. Seems a bit Pricey 17.000€ for a year for 1000-4000 users. We only have around 3000 users at the moment, which is why i hate the 1000-4000 tier, as you pay the same regardless of having 1000 users or 4000 users.



 

It seems like a good product though, and mayb it is the right choice. Maybe not, i was hoping for some recommendations for other products or some feedback from others using Teams Manager, pros, cons, what is annoying, what works well, what does not work well and so on.


 

Hopefully we are not the only organization using Teams and are tired of the manual workload of keeping it tidy heh.

https://redd.it/1p7zazg
@r_systemadmin

Читать полностью…

Reddit Sysadmin

Our dev workflow feels like a group project gone wrong

Design uses Figma PMs use Sheets devs use Jira QA uses something called Testy dont ask. We spend more time syncing tools than shipping builds. There has to be a better way.



https://redd.it/1p7umve
@r_systemadmin

Читать полностью…

Reddit Sysadmin

8.8.8.8 having issues?

Anyone else seeing 8.8.8.8 have issues responding to requests?

https://redd.it/1p6s3as
@r_systemadmin

Читать полностью…

Reddit Sysadmin

APC UPS eats up batteries

Hello, please let me know if this the wrong sub.

SMB infr here. We bought a Smart-UPS SRT 8000 in 2017 along with 2 battery packs in addition to the internal one that comes with the UPS. Each battery pack has two cartridges and each cartridge has 2 cells in it. Over the last three years we have had to replace both cartridges on one of the add-on battery packs every twice. The first time the cartridges lasted a year and the second time they lasted almost 2 years. We've also had to replace cartridges on the other add-on battery pack but much less frequently. The curious thing is that when the batteries are first installed they'll say that the "Predicted Replacement Date" is like 4-5 years out

Last week I got one of the alert messages saying that one of the cartridges in the problematic battery pack needs to be replaced soon (mid December). Then this week, after the UPS ran a scheduled self-test it came back saying that 3 cartridges in total needed replacing. One if each of the 3 battery packs. I am also getting messages saying that "The battery power is too low to support the load; if power fails, the UPS will be shut down immediately."

I'm curious, has anyone seen this behavior where cartridges need replacing every 1 to 2 years? Is there a proper way to replacing these that I am missing? Should I be replacing both cartridges in each pack at the same time instead of just the one that UPS says needs replacing?

Also, I noticed that when the self-test ran I got messages saying "The battery power is too low to support the load; if power fails, the UPS will be shut down immediately." I know that the self test is supposed to drain the battery to a certain amount but I never received those errors before.

What I don't want to happen is that we replace all 3 of these cartridges now (about $3K) and a year down the road we are in the same boat again without actually fixing what the real problem may be. I already have enough issues justifying other necessary IT purchases to management.

Any suggestions or insight on what may be going on would help alot.

https://redd.it/1p6j516
@r_systemadmin

Читать полностью…

Reddit Sysadmin

Memory - Fair Warning

Folks, we've seen a few posts regarding Memory availability and pricing over the last week or two and just a quick update from what we are seeing on the VAR side.

Memory is becoming non-existent slowly, but surely.
The pricing since just August has more then doubled.
Anticipate system costs going up from here if they haven't already.

Dell for example will not sell certain modules unless its in a system build. I've seen this with servers and laptops at this time.

3rd parties like Axiom/Kingston/Crucial are basically running out of stock.

I don't believe there's a good solution to "Buy Now" or "Wait it out" this is just what to expect if any of your partners come back with exceptionally high pricing or long lead times. Also your ETA's should be expected to be extended at any time.

Just fair warning friends.

https://redd.it/1p6fq4h
@r_systemadmin

Читать полностью…

Reddit Sysadmin

The original "Vibe Coding" wasn't AI. It was VisiCalc (1979)

I've been seeing the term "Vibe Coding" thrown around a lot lately regarding AI tools, and it sent me down a bit of a history rabbit hole.

I went back and looked at the launch of VisiCalc in 1979 and James Martin’s 1982 book Application Development Without Programmers. The parallels to what we are dealing with right now are actually kind of insane.

Back then, IT departments had multi-year backlogs. Managers started buying Apple IIs with their typewriter budgets just to run VisiCalc so they could bypass IT. That was the birth of "Shadow IT."

Everyone thinks macros were the start of user-gen coding, but VisiCalc didn't even have macros. It was just the sheer ability for a user to define logic without asking permission that broke the dam.

I wrote up a deeper dive on this, but the conclusion I came to is that we're trying to solve this the wrong way (again). In the 80s, IT tried to ban PCs. It failed. Then we tried to ignore spreadsheets. That failed. Eventually, we just accepted them.

We're currently in the "ban/ignore" phase with AI/Low-code tools. I think the only way out is what I'm calling "Governed Sandboxes"—basically giving users "IT-like" powers but inside a walled garden where we can still audit the data.

Curious if anyone here was around for the Lotus/Excel wars, or if you guys are seeing the exact same "Shadow IT" patterns popping up with things like Copilot or Power Platform right now?

https://redd.it/1p6ecnd
@r_systemadmin

Читать полностью…

Reddit Sysadmin

Is anyone at a 2025 ADDS functional level?

Curious if anyone has been brave enough to go for it

https://redd.it/1p635sc
@r_systemadmin

Читать полностью…

Reddit Sysadmin

Genuinely curious - would you use AI more if your data actually stayed private?

Hey everyone, genuine and curious question here.

I've been talking to a bunch of people lately about AI at work - ChatGPT, Claude, Copilot, all that stuff. And I keep hearing the same thing over and over: "I'd use it way more, but I can't put client data into it" or "my compliance team would kill me."

So what happens? People either don't use AI at all and feel like they're falling behind, or they use it anyway and just... hope nobody finds out. I've even heard of folks spending 20 minutes scrubbing sensitive info before pasting anything in, which kind of defeats the whole point.

I've been researching this space trying to figure out what people actually want, and honestly I'm a bit confused.

Like, there's the self-hosting route (which I saw recently there's a post that went viral on self-hosting services). Full control, but from what I've seen the quality just isn't there compared to GPT-5 or Claude Opus 4.5 (which just came out and it's damn smart!). And you need decent hardware plus the technical know-how to set it up.

Then there's the "private cloud" option - running better models but in your company's AWS or Azure environment. Sounds good in theory but someone still needs to set all that up and maintain it.

Or you could just use the enterprise versions of ChatGPT and hope that "enterprise" actually means your data is safe. Easiest option but... are people actually trusting that?

I guess I'm curious about two different situations:

If you're using AI for personal stuff - do you even care about data privacy? Are you fine just using ChatGPT/Claude as-is, or do you hold back on certain things?

If you're using AI at work - how does your company handle this? Do you have approved tools, or are you basically on your own figuring out what's safe to share? Do you find yourself scrubbing data before pasting, or just avoiding AI altogether for sensitive work?

And for anyone who went the self-hosting route - is the quality tradeoff actually worth it for the privacy?

I'm exploring building something in this space but honestly trying to figure out if this is a real problem people would pay to solve or if I'm just overthinking it.

Would love to hear from both sides - whether you're using AI personally or at work.

Thanks :)

https://redd.it/1p65x1m
@r_systemadmin

Читать полностью…

Reddit Sysadmin

Which is the most popular CI/CD tool used nowadays?

SO, there are many CI/CD tools like Jenkins, Azure pipelines, GitHub Actions etc., Which one is the most popularly used in current market? I guess it would be GtHub actions based on its ease of use and flexibility. Any other tool apart from these that you can mention here? Thank you

https://redd.it/1p8gmp0
@r_systemadmin

Читать полностью…

Reddit Sysadmin

DFS - Sharing Folder

Hi

Hoping you can help or point me in the right direction.

I’m trying to setup a shared folder via DFS Management.

The folder itself gets created on the C drive of Win Server Core which I’m accessing through File Explorer and I can see it but when I double click on it errors with either permissions and DFS tab shows it as inaccessible.

Any advice or pointers or a simple guide to get this sorted would’ve greatly appreciated.

Thanks in advance.



https://redd.it/1p8af7z
@r_systemadmin

Читать полностью…

Reddit Sysadmin

How do you handle IAM access visibility and access reviews?

Hey all,

Curious how other sysadmins handle access visibility and access reviews across Okta / Entra-connected apps.

I see approaches ranging from fully manual spreadsheets to automated review cycles, and I’m curious how teams here structure this in practice.

Nothing commercial, just trying to compare real-world practices with others who deal with this stuff daily :)

Would love to hear how you handle it in your environment.

Thanks!

For anyone who is up to share their experience with more background, I put together a very short 3–5 min form. Link: https://forms.gle/RtK1jjpKjyPh67bf8

Happy to share the aggregated results back with the community once enough responses come in.

https://redd.it/1p89vo1
@r_systemadmin

Читать полностью…

Reddit Sysadmin

Compliance is slowly choking actual work

Trying to add anything new to the stack now feels like punishment. I’m not proposing a bank merger, I just want to test a tool. But no, gotta do a security review, risk form, data flow diagram, legal sign-off, “how does this map to our framework”, three Jira tickets and sacrificing your first born

By the time it’s “approved”, the problem it was supposed to solve has either been worked around, forgotten, or replaced with an external agency for 4x the cost.

Compliance was supposed to stop stupid decisions, not make every small improvement feel like a six-week project. At this point, the process doesn’t keep bad tools out of the stack, it just kills any motivation to improve it.

https://redd.it/1p8728z
@r_systemadmin

Читать полностью…

Reddit Sysadmin

"Stress, anxiety, depression, and other negative mental health effects can result from lack of transparency, continuous surveillance, and productivity monitoring" - GAO report on bossware

The GAO has a new report on digital surveillance in the workplace ("bossware"): https://www.gao.gov/products/gao-25-107126

Do you administer a tool you would consider "bossware" in your workplace? What has the response been?

This stood out to me too:

>When employers misinterpret or misuse data collected by digital surveillance tools, workers’ employment opportunities could be negatively affected, according to stakeholders we interviewed. These negative effects could include reprimands, low performance evaluations, lower pay, reduced work hours, or termination.

https://redd.it/1p85cf2
@r_systemadmin

Читать полностью…

Reddit Sysadmin

Cleaning up a decade of user-level ACL chaos… I ended up building a tool to survive it

We had one of those “beautiful” environments where every department insisted on per-user NTFS permissions “for traceability”, inheritance disabled everywhere, and 500+ folders with unique ACLs.
You know the type... the kind where only the guy who left the company few years ago actually had Full Control on most of folders.

Auditing was a nightmare.
Figuring out “what does this user have access to?” was a nightmare.
Transitioning to groups was even worse because you first have to discover the full effective footprint of each user before you can rebuild anything cleanly.

I got tired of manually walking through Explorer, checking advanced security on every folder, and trying to piece together what actually exists. So over the last several months, I built a PowerShell-based GUI tool that lets me:

search any domain user or group and instantly see all explicit ACLs across shares
detect all unique ACL paths
compare two identities (“give me the same perms as that guy”)
and most importantly: use it to migrate from user-based ACLs → group-based structure much faster (find the user who represents the role, create a group, clone the ACEs onto the group, add the right members, remove the users)

I posted about it yesterday on r/PowerShell and the thread blew up... lots of debate, but also tons of admins saying they’re stuck in similar legacy environments and that visibility tools like this would have saved them days.

A few people asked if I could share the viewer part, so I published the read-only version, it’s just the ACL discovery / auditing engine with no write functions at all.
No credential storing, no privilege tricks, just reading explicit ACEs the user already has rights to read.

If anyone wants to take a look or give feedback, it’s linked on my profile (FSWorks Lab).

This whole thing came out of pure survival instinct, so if it helps someone else drag their file server out of permission hell, great.

Curious how many of you are still dealing with user-level ACL legacy… because based on yesterday’s reactions, it’s more common than I thought.

https://redd.it/1p82ll2
@r_systemadmin

Читать полностью…

Reddit Sysadmin

We need one view for everything. Is that too much to ask?

I need ONE platform that unifies everyone and lets us track dependencies in a way humans can actually understand. Design, product, marketing, and dev teams all contribute to our releases, but no one sees the same information. Marketing launches features before they’re done. Product teams write requirements no one reads. Devs don’t know what’s blocked until it's too late.

https://redd.it/1p7zmik
@r_systemadmin

Читать полностью…

Reddit Sysadmin

Thickheaded Thursday - November 27, 2025

Howdy, /r/sysadmin!

It's that time of the week, Thickheaded Thursday! This is a safe (mostly) judgement-free environment for all of your questions and stories, no matter how silly you think they are. Anybody can answer questions! My name is AutoModerator and I've taken over responsibility for posting these weekly threads so you don't have to worry about anything except your comments!

https://redd.it/1p7yid3
@r_systemadmin

Читать полностью…

Reddit Sysadmin

EU customer wants a DPA before trial. Is GDPR technically unavoidable now?

We’re US only (7 ppl) with only US customers so far

Yesterday a potential client from Britain told us they need a signed DPA and to confirm GDPR compliance before they even test the product

My initial perception of GDPR was that it's something to deal with when we intentionally launch in Europe not right now when 1 European only signs up (especially when they're treating this like its non negotiable). From what I've read it says that it includes DPAs, subprocessor lists, SCCs, mapping which all together just feel like too much to handle especially when you don't have the EU market as your current primary market

Do small teams get ahead of this or only do it once they actually close EU revenue? I don't want to just ignore it if we're LEGALLY required to do it but also can't afford to spend the next two months on nothing but compliance work

https://redd.it/1p6vf9y
@r_systemadmin

Читать полностью…

Reddit Sysadmin

Anyone using Starlink as Internet backup?

Currently, we have a single Internet service for our office. 1000 meg download with a block of 15 static public IPs.

We are now looking into a redundant Internet service. Fiber is not yet fully available in our area. Talks about early - mid 2026 though.

Anyway, anyone using Starlink as a backup internet service? If so, have you noticed if the connection is solid? Also, do they offer static IPs for businesses?

https://redd.it/1p6m48y
@r_systemadmin

Читать полностью…

Reddit Sysadmin

Who's working on their last 10 years

Who's working on their theoretically last 10 years (retire at 65?), and what are your thoughts on your current position and future in the industry?

https://redd.it/1p6j5rr
@r_systemadmin

Читать полностью…

Reddit Sysadmin

Org goes all shadow IT

Anyone else find their org going all shadow IT? I get pulled in to fix stuff non-stop and never included from the start. Ready to jump off a roof.

https://redd.it/1p6eu8l
@r_systemadmin

Читать полностью…

Reddit Sysadmin

Windows DNS forwarders validation error

Hy!

I have a DC, which are also DNS server. I try to set up the forwarders to dns1.fortiguard.net. When I entered the IP address of the DNS server 96.45.45.45, the GUI show: An unknown error occurred while validating the server.

I check the name resolution with nslookup from DC:

nslookup google.hu 96.45.45.45 and the result is success. I also check with PowerShell:

Test-NetConnection 96.45.45.45 \-Port 53

The result is success.

Why does it say the GUI the validation error?


Edit: The server operatin system is Windows Server 2022. I tried it on Windows Server 2019 and 2016, but the validation is OK in the same network. Is it a Windows Server 2022 bug?

https://redd.it/1p69vr5
@r_systemadmin

Читать полностью…

Reddit Sysadmin

Data leakage is happening on every device, managed or unmanaged. What does mobile compliance even mean anymore? Be real, all our sensitive company data and personal info we shouldn’t type into AI tools is already there...

We enforce MDM.
We lock down mobile policies.
We build secure BYOD frameworks.
We warn people not to upload internal data into ChatGPT, Perplexity, Gemini, or whatever AI tool they use.
Emails, internal forms, sensitive numbers, drafts, documents....everything gets thrown into these AI engines because it’s convenient.

The moment someone steals an employee’s phone…
or their laptop…
or even just their credentials…
all that AI history is exposed.

If this continues, AI tools will become the new shadow IT risk no one can control and we’re not ready
And because none of this is monitored, managed, logged, or enforced…
we will never know what leaked, where it ended up, or who has it
How are u handling mobile & AI data leakage ?
Anything that actually works?

https://redd.it/1p6absr
@r_systemadmin

Читать полностью…

Reddit Sysadmin

Why does identity in the Microsoft stack still feel so scattered?

Entra ID roles here.

Azure IAM there.

Intune permissions somewhere else.

Enterprise app settings in another menu.

CA policies in their own world entirely.

Every time I try to do a clean audit, I end up clicking through 10 different portals just to understand who can do what.

Is this just the permanent state of Microsoft cloud, or have any of you actually found a sane way to centralize identity governance?

https://redd.it/1p66n1h
@r_systemadmin

Читать полностью…
Subscribe to a channel