-
Reddit SystemAdmin. Thanks @reddit2telegram and @r_channels.
Why are internal/business applications so far behind public applications in terms of user experience?
I work in system implementation, and have been directly involved with SAP, Oracle, and Siemens Teamcenter transformations, and have been a stakeholder for MS Dynamics, Salesforce, and similar transformations.
One of my biggest continuing complaints is how bad the user interface/experience is for these tools, especially those that aren’t customer facing. Teamcenter, for instance, is incredibly unintuitive to new users and is prone to long loading times; Oracle is a bit more user friendly, but still looks like it was built in 2003 out of the box and its OOTB reporting is stuck in 1994.
So what is it that’s driving this? Is it a lack of investment in UX by the creators? Lack of investment from my employers when planning their implementations? Or simply a byproduct of the highly customizable nature of this kind of application? All 3? None of the above?
https://redd.it/1poyaxy
@r_systemadmin
KnowBe4 alternatives
We’re looking at refreshing our security awareness setup and KnowBe4 keeps coming up just because it’s the familiar name, but I’m trying to get a better sense of what else is actually working for people. I’m mostly interested in tools that feel realistic in day to day use, keep users engaged without burning them out and don’t require constant handholding to get useful reporting out of them. If you’ve moved away from KnowBe4 or tested other platforms how did they hold up in a real environment?
https://redd.it/1povudy
@r_systemadmin
Proxmox or Hyper-V?
I am designing an on-prem environment for an accounting firm and want to make sure I am approaching this the right way from both a performance and licensing standpoint.
Applications involved:
• Thomson Reuters Accounting CS, uses SQL Server
• Thomson Reuters Fixed Assets, uses SQL Server
• Intuit QuickBooks Enterprise
• Lacerte by Intuit
From vendor guidance and experience, I understand the SQL workloads should not be stacked together, so the plan is to separate them logically.
Hardware constraint:
• Single physical server
• Virtualized environment
What I am trying to decide is the best virtualization and licensing approach.
Option 1:
Use a bare-metal hypervisor like Proxmox and deploy two Windows Server 2025 VMs, each hosting its own application stack and SQL instance.
Option 2:
Use Windows Server 2025 Standard with Hyper-V, run the host as a Hyper-V-only parent, and deploy two Windows Server 2025 guest VMs.
This leads to my licensing questions, where I want to be sure I am not misunderstanding Microsoft’s rules.
My current understanding is:
• Windows Server Standard licenses are per physical core, 16 core minimum.
• One fully licensed Windows Server Standard host grants rights to run up to two Windows Server guest OSEs
• The Hyper-V host must be used only for virtualization, no additional workloads
• If I want more than two Windows Server VMs, I must stack additional Standard licenses on the same host
Questions:
1. If I license the physical server with Windows Server 2025 Standard and use it only as a Hyper-V host, do I need separate licenses for the two Windows Server 2025 guest VMs, or are those covered by the base Standard license?
2. Are the guest VMs automatically activated when running under a properly licensed Hyper-V host, or would I still need KMS or AVMA configured?
3. From a real-world performance and management standpoint for accounting workloads like Accounting CS, Fixed Assets, QuickBooks Enterprise, and Lacerte, is there a strong argument for Proxmox over Hyper-V, or vice versa?
https://redd.it/1pomynz
@r_systemadmin
Security reviews keep asking for the same evidence in different formats
Hi all
We recently started selling into midmarket/enterprise customers and what’s catching us off guard isn’t the questions themselves but the repetition.
Every security review asks for almost the same if not the same things like policies, control evidence but always in a different fucking spreadsheet, portal or format.
Right now this means reexporting the same material over and over and it’s starting to waste a lot of our time.
Do we just standardize internally and adapt per request or is there a better way to manage this without hiring someone just to monitor audits?
Would appreciate any help🙏 .
https://redd.it/1po9c3h
@r_systemadmin
Microsoft M365 support blew up on me and hung up for asking why I need to install Outlook and do an index repair if I am having search issues in the cloud (OWA) which is all I use.
MS support has always been okay, and I have never had an issue before but the tech I had today did not seem to understand the difference between cloud and desktop outlook. I only use OWA and he wanted me to install Outlook and do a reindex because he said I had a corrupt profile on my PC was affecting the search in OWA. When I asked him how that would help me with my cloud issue, he went on a rant about how I had called him for help (as if to say not ask questions) and when I responded he hung up. I escalated to his manager via email hours ago and no one ever responded. I manage about 1500 endpoints with M365 for different orgs. Has anyone else had to deal with anything like this? How do I escalate beyond his manager?
https://redd.it/1po9plz
@r_systemadmin
Companies that send cold virtual meeting invites are horrible
At least once a week I see a meeting reminder pop up for something that I’m not immediately sure is something my company initiated or if it’s just a spam “spray and pray” tactic to get someone to join and hopefully buy in.
It’s gotten to the point that if I spot one, I immediately find the business page and give them a horrible review.
https://redd.it/1po7fkq
@r_systemadmin
How do you keep showing up when the Help Desk has completely destroyed your soul? (Need advice for a brutal meeting today)
Hey guys, 35M here. I'm completely underwater and don't know how to surface again. I've been in a Tier 1/Tier 2 support role for a growing company for five years. The sheer volume of tickets coupled with the disrespect from end-users has literally drained every ounce of motivation I have left.
I hate coming in. I hate the endless password resets, the “have you tried turning it off and on again” cycle and I especially hate how every single ticket is framed as a mission-critical five-alarm fire by someone who didn't follow the most basic instructions. My sick days have doubled this quarter because I literally cannot peel myself out of bed.
I have a meeting with my manager and HR today about my attendance and I'm simply terrified. I know this job is a grind but I just don't have the fight anymore. I find myself staring at the wall instead of resolving tickets. My brain just won't engage. My motivation is completely shot and the only emotion I have left is this heavy dread.
I'm supposed to be progressing into a proper server/networking role but I feel like if I mention mental health or burnout directly my manager will immediately assume I'm unreliable shelve my promotion path and put me on a PIP. They want solutions and professionalism, not existential despair.
Have you experienced this kind of situation? What to do about it? How to handle them? Your help will be more than welcome…really.
https://redd.it/1po3az2
@r_systemadmin
How do you secure multi tenant Kubernetes clusters with minimal images?
We run multiple tenants on the same cluster. Using minimal images reduces vulnerabilities, but I'm concerned about isolation between tenants. What patterns or tools do you use to maintain security and prevent lateral movement?
https://redd.it/1pnze13
@r_systemadmin
Weirdest queries at Service Desk
What are some of the weirdest queries that you encountered working at the service desk?
I had a suicidal man come to the desk. I left my station to be his friend for the day. I did enough to make him feel better. Seeing him smile was a relief, and he thanked me for spending the day with him.
Team leader was an ass about it though.
https://redd.it/1pnwz37
@r_systemadmin
DNS entries for gateways, vlans and management ports?
Edit: Resolved. I think he may be asking for reverse lookups but is a little confused. I'll still have to work out some way to resolve internal management IPs without exposing them to clients though.
TLDR; Anyone ever heard of giving DNS entries to gateways and unreachable management ports.
I have a cyber security guy insisting that he needs DNS entries to be added for all sorts of strange things. This is a windows AD environment for reference.
Off the top of my head he wants a DNS entry that represents the default gateway of each vlan and a corresponding dns entry for the management port of the network hardware. Except, the network management ports exist in a vlan that is unreachable from the regular network the DNS exists in. Additionally, he has asked for DNS entries for storage devices that are the backend for our VM environment, which are also unreachable from the regular network. You'd need a jump box.
According to him he needs this information for reports that come out of a security scanning server. The security server actually can talk to all those vlans to interrogate the systems so it seems like he is using DNS as a sort of labeling system. The security server will then have the DNS entry in the report to show what the IP represents... for some reason.
If you can't tell this is for unspecified government work. I have never see DNS used this way, am I crazy for pushing back on this? It seems really weird to give a gateway its own name in DNS.
https://redd.it/1pnmn78
@r_systemadmin
Robin and OfficeSpace pricing
I’m trying to compare Robin vs. OfficeSpace for hot desking and room booking and just want a general idea of pricing but I’m struggling to find info on their pricing. I’m not looking for an exact quote because I know that would require a sales call and I’m more at a research stage. Just trying to understand if these tools are more budget friendly or enterprise so I can compare them and move on.
If anyone knows ballpark pricing for either one, I’d really appreciate it. Open to other tools too if they’re more upfront about costs and I can take some notes right away..
https://redd.it/1pnhe3g
@r_systemadmin
You guys ever just not contact vendor support because you're tired of their terrible troubleshooting?
I've literally set up an email template when I work with a particular vendor because they ask for tons of the same details every single time.
I'm tired, boss. I'll just work through the issue this time because I don't have the energy to deal with the email chain back and forth.
https://redd.it/1png22c
@r_systemadmin
Server Room Cooling Systems
For those of you familiar with the planning for your data room/server room: Do you add your AC Units to the UPS circuits? How do you protect your AC units from power fluctuation and outages before the generator comes on?
https://redd.it/1pn80x5
@r_systemadmin
December is like a year in 30 days
Every vendor: we need to roll out new breaking features now, did you make those urgent changes yet?
Contracts: all renewing now
Employees: Hey remember that important ticket I stopped responding to in May? It needs to be completed by next week.
Management: we need a POC for a new system, can you bang it out next week?
HR: You have 20 PTO days you're losing at the end of the year...
Anyone else really hate December? All I want to do is clean up my desk, wrap up projects and reset for next year, but it never happens. Every year its just literally more everything in the 3 usable weeks of December.
https://redd.it/1pn9bna
@r_systemadmin
best helpdesk software for a tiny it team that is barely keeping it together
so i just got promoted to lead support at our tiny company and suddenly i am the person everyone comes to when slack or email explodes. we dont have anything set up for tickets or tracking issues right now. its all just replies in slack threads and sometimes i forget things and then someone reminds me a week later. its chaos.
i know helpdesk software is supposed to help with that but there are sooo many options and i literally have no idea where to start. we are like 10 people total, and support tickets are not crazy huge volume yet but it feels like it might hit us soon. i dont want something that feels like too much overhead or that i need a phd to understand.
for folks using helpdesk tools what do you actually like about yours? is there stuff you never use or features that seemed cool but ended up annoying? also how steep was the learning curve for your team? did your customers notice a change once you switched?
i also worry about setup time since i have to do this between answering real support questions. how long did it take you to get everything up and running? any tips to make that easier? thanks in advance
https://redd.it/1pn3omb
@r_systemadmin
What is the best way to monitor browser risks (extensions, data exfil) without crossing into invasive surveillance?
In environments with remote/hybrid teams on Windows/Chrome/Edge, how to handle the growing risks from unauthorized browser extensions and potential data leaks (e.g., sensitive info posted to external domains or copied into shady AI tools)?
Specifically looking for approaches that provide event-level visibility/alerting...things like:
* Detecting extension installs
* Flagging uploads or POSTs to non-approved domains
* Blocking or alerting on high-risk browser activity
...but without resorting to full surveillance tactics like keystroke logging, screen recording, or constant session monitoring.
https://redd.it/1povgo7
@r_systemadmin
Found out an employee is on OF from MS Defender
I thought I have seen it all until the other day.
I found out an employee is on OF from reviewing the spam/phising email reports.
An employee reported an email from Onlyfans as phising.
Subject: A new login on your Onlyfans account
DMARC: Pass
MS Defender Checks: No threats found
To: employee@company dot com
From: noreply@onlyfans dot com
Craziest part is no one would have ever known if he didn't report that email as phising. I kindly marked it as "No threats found" lol
Has anyone seen anything crazier than this?
https://redd.it/1pooa3l
@r_systemadmin
Help! A User is receiving mail not addressed to them!
I have exhausted my efforts in troubleshooting a ticket where a user states they are receiving emails to a group they are not a member of (and shouldn't see!). Here's what I have:
User: jdoe@work.com
Mailgroup: sales@work.com
Mail: Exchange Online
Environment: AD hybrid joined
Mail Filter/Journaling: Mimecast
1. I have confirmed that jdoe is NOT a member of the sales@work.com group
2. I have confirmed that jdoe is NOT a member of any other group listed under sales@work.com
3. I have confirmed that there are NO transport rules mentioning jdoe or sales@work.com
4. I have confirmed that NO message trace from within Exchange Online will show this email as being sent to jdoe
5. I have confirmed there are NO auto forwards of mail to jdoe
I am full admin of my org so I can get into any system needed, but this is making no sense to me. To boot, jdoe WAS a member of sales@work.com earlier in the year, but has since moved out of that group and into another, production@work.com.
https://redd.it/1pobke2
@r_systemadmin
how you handling IT requests that start in Slack?
how do teams of your own are dealing with this because damn. we’ve got users dropping requests in Slack DMs, channels, emails, you name it.
We’ve tried “please submit a ticket” reminders, but realistically slack isn’t going away. The problem is context gets lost, nothing’s tracked properly, and the help desk ends up doing cleanup work.
Are you just forcing everything into a ticketing system, or using something that turns Slack messages into tickets automatically? What’s actually worked long short but maybr long term??
https://redd.it/1po79n9
@r_systemadmin
Microsoft to block Exchange Online Access for outdated mobile devices
https://www.bleepingcomputer.com/news/microsoft/microsoft-to-block-exchange-online-access-for-outdated-mobile-devices/
I thought I'd share this because I could see helpdesks potentially get flooded with folk running out of date mail apps on their mobile devices.
https://redd.it/1po8ju1
@r_systemadmin
It's soon to be 2026 and my F50 corporation is just now implementing a policy to block unapproved software
Some of you work in much smaller shops where you have more control over things. I work in an enterprise and it's ridiculous how slow things get implemented here. The powers that be just this year decided it would be prudent to push out a GP that blocks installation or execution of unapproved software. My God man it's soon to be 2026 - such practices have been known and in place in other companies for years. And they're doing it on 12/31/25 so director is mandating we don't take any leave in January because you know the shit storm that's going to spin up in the new year. Because you know they've done a full scale analysis to see what everyone (~300K employees) is using to do their job and package an approved version that they've silently installed to their workstation and migrated all the configurations so it's seamless to the end user, RIGHT?? Yes they've sent communications alerting everyone but communications like these don't reach everyone. I think management thinks notifications reach everyone like a drop of water in a bowl creating ripples but it's more like boiling lava - the ripples only go so far and many other departments are dealing with their own stuff and don't always get plugged in to what's going on elsewhere. I get paid really well but man large companies are just rife with incompetence.
https://redd.it/1po3hks
@r_systemadmin
Certificates rant
So, yeah, I'm admin, have been since 2000, but I do dba work mostly, so no experience in certificates. Now I have to replace the expiring certificate for the mail server. What a pain in the ....
Please provide a CRS. WHAT? Ok it's an application for a certificate. Looked up a documentation how to do it, but it wouldn't work. The properties window of the domain simply won't open. Ok, use the tool of the certification website. Then nothing happens. Support: OK, you need to validate it via mails we sent to your mailbox(es). Which ones? Ok, here they are, tried to validate them: lots of error messages, damn it. Ok, we sent several, you don't need all of those. WHAT? Now pu 'em into place on your mail server and firewall.
How I miss writing some SQL scripts.
https://redd.it/1po0vov
@r_systemadmin
Chrome AI is taking ~4GB per user on our RDS servers
We just discovered that Chrome’s AI features are using around 4GB of disk space per user on our RDS servers.We were wondering why our RDS disk space had been decreasing so quickly lately. So we ran a quick TreeSize scan and came across this strange Google folder.
I’ll point you to this post where we learn that it’s yet another AI-related issue ! https://www.reddit.com/r/chrome/comments/1jslb22/optguideondevicemodel\_folder\_taking\_up\_3gb\_have/?tl=fr
https://redd.it/1pnzuqb
@r_systemadmin
The return of 8GB RAM laptops (RAM mayhem) - Good luck with your Service Desk
As everyone already probably know, RAM situation is only getting worse. This means that in the near future a lot of companies will be relying on entry-level workstations (laptops) featuring the absolute minimum amount of RAM. Many of us are aware what happens once you run Windows 11 with Office applications, Outlook and a browser with bunch of opened tabs .
The reason why I'm posting this is that if this becomes a reality many Service Desks will be full of complains how everything is slow and tech support have no clue how to resolve the situation.
https://wccftech.com/you-might-soon-see-8gb-laptops-everywhere/
Good luck to everyone related to Service Desk responsibilities.
https://redd.it/1pnvte5
@r_systemadmin
Tired of working in IT
I’m just really tired of working in IT, been doing it for 11 years now. Exhusted and just struggling and feeling like giving up.
https://redd.it/1pnkq7w
@r_systemadmin
Microsoft, if you're going to send us powershell commands, at least check them for accuracy first.
Just got an email from MS about the retirement of Activesync 16.0 and below in march. Nice that microsoft included an exchangeonline powershell string to quickly assess which devices might be impacted.
Except the string / query doesnt work because its not written properly.
I was able to fix the glaring issues quickly without any help from AI.
Original string sent to us my microsoft. Am I crazy?:
Get-MobileDevice | Where-Object {($_.ClientType -eq 'EAS' -or $_.ClientType -match 'ActiveSync') -and $_.ClientVersion -and (version$_.ClientVersion -lt version'16.1')} | Sort-Object UserDisplayName | Select-Object UserDisplayName, UserPrincipalName, DeviceId, DeviceModel
Fixed:
Get-MobileDevice | Where-Object {($_.ClientType -eq 'EAS' -or $_.ClientType -match 'ActiveSync') -and $_.ClientVersion -lt '16.1'} | Sort-Object UserDisplayName | Select-Object UserDisplayName, UserPrincipalName, DeviceId, DeviceModel
https://redd.it/1pniamu
@r_systemadmin
Told to purchase AI licensing because the board members want it.
Company created an "AI" taskforce which includes myself. Was told to find how employees are using AI and come up with a gameplan. After inquiring with employees I find that they're only using it to edit documents and don't need any upgraded licensing with it. Propose guidelines etc. and inform management upgraded licensing isn't needed and would cost ~10K/month if purchased. Apparently the board members really want to see us using AI and am told $10K/month is worth it to keep them happy.
Not my money but we're still in the start up phase and blowing through cash. I wonder how much money is wasted on things company wide because the board wants to see it regardless of if it's necessary.
https://redd.it/1pne8bf
@r_systemadmin
Notepad++ fixes flaw that let attackers push malicious update files
Didn't see this posted here but a lot of people use N++, so I thought it worth mentioning. I believe they had another malware issue a few years ago.
https://www.bleepingcomputer.com/news/security/notepad-plus-plus-fixes-flaw-that-let-attackers-push-malicious-update-files/
https://redd.it/1pn8vro
@r_systemadmin
Bought RAM in October to dodge price spikes… now I have to return it because “year-end optics”
Back in late October, I saw leaks on X/Twitter about upcoming RAM price hikes. So I did the smart thing: ordered extra RAM for workstations and laptops, delivery scheduled for December. Prices were great back then.
Fast forward to now: prices have tripled in some cases. My order arrives, I’m feeling good for saving the company a good amount of money.
Then accounting steps in:
>“We can’t spend anything in December, it makes the year-end numbers look bad.”
So now I’m sending back perfectly good, dirty cheap, already delivered RAM because optics. And if we reorder next year? We’ll pay 2–3× more. Brilliant.
Just some galaxy-brain financial engineering I’ll never understand, i guess?
Not my money, not my stress. No rant. I’ll just drink my tea (black with milk) and move on. Luckily, I bought some RAM for myself too.
Now I’m heading into vacation — wishing everyone a stress-free time and happy holidays!
https://redd.it/1pn5q0i
@r_systemadmin
Is it just me, or are we spending more time reverse-engineering how our own systems work than securing them?
The deeper I dig into our environment, the more it feels like half the job now is figuring out what our systems are really doing - not what the docs say they do, or what teams think they do.
Data moving between services nobody remembers, SaaS connectors doing silent jobs, internal automations with no clear owner…
Lately it feels like the real challenge isn’t new threats, it’s understanding the system-of-systems we’ve accidentally built.
Anyone else dealing with this?
https://redd.it/1pn3wx1
@r_systemadmin