-
Reddit SystemAdmin. Thanks @reddit2telegram and @r_channels.
Scaleway announces price hike effective June 1st, 2026
https://www.scaleway.com/en/blog/a-transparent-update-on-scaleway-pricing/
"Because true partners share both the wins and the realities of the market, we decided to provide complete transparency regarding the upcoming change to our pricing, effective June 1st 2026."
Scroll to the bottom of the blog post to see a table with current and future prices. As far as i have checked some products (especially "Serverless" and "External zone") gets up to 600% price hike.
https://redd.it/1sy0vat
@r_systemadmin
Employee passed away two weeks ago. Account is still active. HR says we can't touch it until legal signs off. Legal says they need the death certificate first. Anyone dealt with this?
Genuinely uncomfortable situation and I'm not sure what the right call is from a purely technical standpoint.
One of our employees passed away unexpectedly about two weeks ago. Family notified HR directly. HR notified IT. We went to disable the account in Entra and deprovision from Okta the same way we would any termination, and HR stopped us. Their position is that until legal formally processes the separation, they can't update the HRIS status, and therefore IT shouldn't take any action that might interfere with estate or beneficiary processes.
Legal wants a certified copy of the death certificate before they do anything. The family is dealing with everything you'd expect them to be dealing with and hasn't submitted documentation yet.
So right now we have an active account, valid credentials that presumably no one knows except the individual who is no longer here, sitting fully provisioned with access to all the same apps and data as before. No one has logged in since the day before they passed — we can see that in the sign-in logs — but the account is technically open.
Our security team is pushing us to at minimum force a password reset and revoke all sessions. HR says that's still "account action" and they want to hold everything until legal clears it.
I get that there are processes for a reason but I'm struggling to understand what the actual risk of a session revoke is to any estate or benefits process. Has anyone been through this? Is there a documented approach for handling this gap between "we know the person is gone" and "we have paperwork to prove it"? Specifically wondering if others have gotten legal to agree on a middle ground — like read-only preservation mode or something — while the formal process catches up.
https://redd.it/1sxuxj4
@r_systemadmin
Well, it finally happened (Being told I am required to use AI)
I know this seems like a silly post, but I need to get this off of my chest. Today, I was told, in so many words, that I am going to start using AI; full stop, no further explaination. This rangest from knowledge to experimenting with agent use. Okay, that is all fine and dandy, but I am struggling for the life of me to understand where any of this makes sense. As a systems engineer/admin, who has become very limited in what my team has full authority over, it is kind of a giant billboard of the "guess i'll just die" meme.
I could use it as a BS filter to make sure my team's engagement is appropriate in both break/fix and projects. I could use it to potentially automate light DevOps. I could use it to route tickets appropriately; which should have already been done, but that requires some level of accountability from other teams. I could use it to "sound more professional" in written communication. Again, I fully understand this sounds silly, but when I do my job exceedingly well and effecient without AI, and everyone wants to run off-script and not follow process/policy, how the actual hell do you guys go about utilizing AI in your roles?
Thx in advance
https://redd.it/1sxq3me
@r_systemadmin
Defender Notification and CVE-2026-28387
Anyone get a notification from Defender that openssl needs to be upgraded? Its a crazy one because it shows like every app (even apps fully up to date) that need openssl updated. How does one even start to approch this?
Vulnerability Name CVE-2026-28387
Vulnerability Name CVE-2026-31789
https://redd.it/1sxg560
@r_systemadmin
I know how to do the job, I just can't aswer questions about it
I don't remember the specific sequence of commands. I don't remember the exact requirements for deploying a file as MSIX. I CAN do it. Put me in front of the system, and I can do it. I just can't describe how.
And that's probably why I'm still unemployed.
Ugh.
https://redd.it/1sxfxjv
@r_systemadmin
Does anyone get real bad ADHD with slow moving SaaS portals?
Between waiting for Purview or Entra ID to load things I can get such bad ADHD that by the time something loads or goes live I can forget what I was even doing. Add application specific SaaS solutions that are the same, varonis, Palo SSPM, I feel like so much of my day is waiting for something to load and see if it actually did the thing.
How do you all stay focused?
Edit: spelling/phrasing
https://redd.it/1sxc8un
@r_systemadmin
Kaspersky recently disclosed PhantomRPC, a privilege escalation technique affecting all Windows versions (tested on Server 2022/2025)
The core issue: Windows RPC runtime doesn't verify whether the server a high-privileged client connects to is legitimate. If a target RPC server is unavailable, an attacker with SeImpersonatePrivilege can spin up a fake RPC server mimicking the same endpoint, wait for a SYSTEM-level client to connect, then call RpcImpersonateClient to escalate privileges.
Five confirmed escalation paths:
\- gpupdate /force → SYSTEM (coerces Group Policy service)
\- Microsoft Edge launch → Administrator (no coercion needed)
\- WDI background service → SYSTEM (fires every 5–15 min automatically)
\- ipconfig + disabled DHCP → Administrator
\- w32tm.exe → Administrator via non-existent named pipe
Microsoft assessed this as moderate severity, issued no CVE, and has no patch planned — justification being that SeImpersonatePrivilege is a prerequisite.
Questions for the community:
1. Are you monitoring for RPC_S_SERVER_UNAVAILABLE (Event ID 1 via ETW) in your environment?
2. Any Sigma/Defender rules already written for this?
3. Do you agree with Microsoft's severity assessment given how common SeImpersonatePrivilege is on IIS/SQL servers?
Kaspersky's full write-up + PoC: https://securelist.com/phantomrpc-rpc-vulnerability/119428/
https://redd.it/1sxa2np
@r_systemadmin
Need help revamping a poorly managed infrastructure as a student
Im currently studying IT, and have zero actual working experience in the industry. My cousin has asked me to help him with fixing his small business's computers and network.
He has a small office (7 staff, 3 of which are rotating contractors) his IT manager who had been in the business from the start left the country 6 months ago, and the next person who was hired, was caught stealing sensitive data. He says after everything that he has gone through he doesnt trust anyone he doesnt know, and wants to hire me to take charge of the IT department.
They have 5 windows desktops, 2 macs, 2 printers, 2 NAS, UPS, cloud storage, cctv, a swtich, and a domestic router. From what i've gathered nothing is business grade, there is no server, and everything is over 10 years old (including desktops that are running win 10 and cant be upgraded).
The major issue is the filing system, specially with the large number of contractors he has had, and no proper policies. They have over 20TB of data, a lot of duplicates, and no filing organisation whatsoever. A lot of documents are hard copies, and have not been digitised. Staff dont have their own accounts, and they login to PCs local account (PC1, PC2, etc)
On top of that there are numerous network/shared drives that no one knows what they are, which devices they belong to, and in a couple of cases, the passwords to actually access the drives.
One of the two NAS systems has a failed drive that has not been fixed for over a year. One of the NAS systems is WD, and the other one Synology, and both look as if they were bought off of Amazon. Both NAS are connected to the UPS. They dont know which files have been backed up to which NAS, but they do know that the Synology is connected to the cloud storage. What they dont know is how often it is getting backed up to the cloud.
They are using a netgear orbi as main router and WIFI AP, which directly connects to the ISP on WAN, and to a small switch on LAN port. The switch is a small TP Link, 5 port switch that again looks like it might have been purchased off of Amazon. The switch is connected to the 2 NAS, CCTV, and one of the desktops. All other devices are on WIFI. And dont get me started on the wiring mess. I am just thankful that its just a handful of devices.
As much as i would like to burn it all and start from scratch, I cant suggest that.
How should I approach this? What should I keep an eye out for? Any help, solutions, or tips, would be highly appreciated
My initial instinct is to set up network firewall,. Then, get a windows server, set up AD, and one shared drive with appropriate permissions for staff. Set up endpoint protection. Set up a RAID 5 NAS with encrypted data at rest, and have that upload the encrypted data to the cloud storage.
https://redd.it/1sx4fn8
@r_systemadmin
Tool for looking for duplicate files in a file system via hash.
I’m an IT guy, most specifically a network engineer. Anyways this is kinda a different question but IT affiliated in a way. I’m looking for a tool (either Windows or Linux) that will hash every file in whatever the specified path is and look for hash duplicates. Kinda an uncommon request but the reason is below.
My mom passed away last month, and my brother and I are in the process of clearing the estate (we are co-executors). One of the things I’m doing is going through her computer and getting all the family photos and anything else important off it. That’s kinda my defacto job being I’m the IT guy in the family.
The problem I identified after about 10 minutes of looking into this is there is a TON of removable media she copied stuff onto. I’m talking about 3x dozen SD cards I’ve run across and about the same for thumb drives, various CDs that have been burned, and an external hard drive. All are LOADED with family pictures, but that’s not the only thing on the media. There have been other important things (like insurance) that I had no idea about. So I can’t just toss it. In some ways it’s becoming a forensic dive.
Im guessing there is close to 500 GB between all the media. I’ve already noticed a bunch of duplicate XLS and JPG documents/files just by skimming it. So I’m certain there are ALOT of other duplicates. So if there is a tool that can compare hashes of files in batch and list any that are duplicate by my thinking is probably the best way to eliminate at least the bulk of what I need to dive into. MD5 should be perfectly adequate for this. I still need to go through everything manually, but if I can parse down what I need to go through that would help.
Note: Can’t use file names because just in my brief digging I’ve found instances of her copying files and renaming it. I also have found instances of her saving a file like 10x times as a new file. IE myfile.txt and myfile(1).txt, myfile(2).txt, and so on.
https://redd.it/1sx1u59
@r_systemadmin
Outlook Outage?
I’m not sure if it’s only MS personal or MS Exchange as well but my personal account is having issues staying logged in on Apple Mail curious if anyone else is experiencing this.
https://redd.it/1swykvq
@r_systemadmin
8 months post-acquisition and we still have 200 people with active accounts in both tenants. Anyone actually finished one of these cleanly?
We acquired a smaller company last year. They were on Entra ID + on-prem AD. We're on Okta with Entra for M365. The plan was always to migrate everyone into our tenant by month 4. It's month 8.
Current state:
Acquired employees have their original accounts in the old Entra tenant still active because some line-of-business apps were never migrated and still auth against the old tenant. They also have guest accounts in our Entra for M365 access. And they have Okta accounts provisioned from our HR system for SSO into our SaaS stack. So each of these 200 people has three account objects across two IdPs and one of them is a guest account that keeps expiring and needs manual renewal every 60 days because nobody set up proper B2B policies.
Access reviews are a joke. When auditors ask "who has access to X" and X is in our tenant but the user's identity of record is still the old tenant, I genuinely don't know how to answer that cleanly. The user exists in both. Which one is authoritative? Depends on the app, apparently.
The part that's killing us right now is offboarding. One of the acquired employees resigned last week. We disabled their Okta account. Didn't touch the old tenant. They could still access old-tenant apps for another 4 days until someone noticed.
I know the answer is "finish the migration" but the business keeps deprioritizing the app migrations that are blocking it. So in the meantime, does anyone have a sane way to manage identity across two tenants for users in this limbo state? Specifically looking for how people handle the authoritative source of truth problem and offboarding across both systems simultaneously.
https://redd.it/1swwto6
@r_systemadmin
How can I do well in a sysadmin internship this summer?
Hi all, I got an internship for system administration this summer at a medium sized company in the Bay Area. It goes on for 2 months, and it looks like the internship consists of resolving tickets and an overarching project that I get to choose. I mentioned to them that I want to do something related to cloud, either through AWS or Azure. I have no prior professional experience related to system administration. How can I do really well in this internship, and do you guys have any pointers or advice? Thanks
https://redd.it/1swqdnq
@r_systemadmin
Built a CMTrace-style log viewer for macOS
Anyone else miss CMTrace and when they're troubleshooting a Mac workstation? When I had to start supporting MacOS at work I really missed CMTrace and Support Center OneTrace. Easily spotting errors, combining logs into one pane, per-source filter, etc. Eventually I decided to try making my own log-viewer on MacOS. Hopefully some of ya'll can get some use out of it.
It's free, open-source, and notarized. I'm actively adding features and polish (v1.0.4 just went up an hour ago).
GitHub: https://github.com/thefinder808/TraceView
Let me know if it saves you some time!
https://redd.it/1swqkkv
@r_systemadmin
GoDaddy gave a domain to a stranger without any documentation xpost from HN
Here is the HN link.
Here the original link.
This may not exactly belong here, but it is good information. This happened to a domain that had been in use for 27 years. The amount of red tape and time that the customer had to put in because GoDaddy screwed up and then dragged their feet fixing their own mistake is ridiculous. The lack of a real way to dispute the issue is also a huge deal.
Not everyone here reads HN. So thought I would post.
EDIT - added info
https://redd.it/1swjuym
@r_systemadmin
Arpwatch windows equivalent
Is there a windows equivalent to Arpwatch that doesn't cost a ton?
Arpwatch is free but my manager really hates linux.
I find it useful receiving alerts when a new mac address is detected on the network.
I think ManageEngine OpUtils Professional can do it but it would cost a lot.
https://redd.it/1swgl9e
@r_systemadmin
Admin permissions on your daily laptop
I edited the question, since being local admin, and logging into portals with administrative rights, are 2 different things.
Our IT department consists of 2 people. Myself being the sysadmin doing all sorts of tasks. Both of us logging into portals from our laptop. Ofcourse with MFA, preferably phishing resitant.
Is it normal for me to loging to a portal from my daily driver? If it isn't and i should hop to a VM, how do you guys manage the MFA requirements? 3 out of 5 days i'm 300km from my workplace, so i can't go touch a Yubikey.
https://redd.it/1sxxj4x
@r_systemadmin
What are your users using as a backup to Microsoft MFA?
With the general recommendation being to disable SMS, OTP and Voice as authentication methods what are your users using as a backup method if for whatever reason the Authenticator App wont work e.g. I've had times when the code never arrives?
https://redd.it/1sxpt6y
@r_systemadmin
Using alias names in a post NTLM world
Hi All
Recently we underwent a network redesign that surfaced a whole bunch of explicit references to IP addresses and server names in all our configs, shortcuts, scripts etc etc.
Through this process we abstracted as much of this as possible and replaced with DNS CNAMES. Worked fine.
Now the cyber sec crew want us to disable NTLM across the board and I learned this would be an issue for many of the services still using CNAMES for the new "service names" we implemented.
In researching this a lot of the threads suggested adding new host and service SPNs to the device object in active directory. Then replace the CNAME with with a DNS A record for the alias pointing to the same IP as the device.
Everything I have found online seems to suggest this is a Kerberos compatible alternative to CNAMES.
I raised this to my MSP who's rolling out the cyber instructed changes and they've come back strongly recommending against using additional SPNs.
As an example they stated it wouldn't completely work on our print server and would required lowering various security settings to make it work.
They said this wasn't so much just a Kerberos auth level issue but an application level one as well .
I asked well if the CNAMES are currently working fine, albeit as NTLM, shouldn't they continue to work using the aliases defined as new SPNs with Kerberos?
They claimed for simple services like CIFS or basic RDP it'd be fine. But they had concerns about print and our Terminal server farms broker service working correctly.
Their preference was to use DFSN for all shares. A single print server print cluster. And RDPweb in front of the RDS broker. Instead of touching the SPNs.
Overall they were strongly against SPN changes at all.
How much truth is there to their aversion to SPNs? I'd not seen any similar claims during my research. All threads I found seemed to find the new SPNs to replace the CNAMES worked well for them.
Appreciate any experience y'all have on this.
https://redd.it/1sxm8r3
@r_systemadmin
Running equipment past end of life - what's the oldest in your environment?
Due to rising costs due to AI nonsense, our edge device refresh was cancelled. The $12.6k server is now $76k. These were set to replace an aging fleet of G8/G9 HPE boxes. How's is the rising price of gear impacting your orgs and what's the oldest gear you're being forced to run?
https://redd.it/1sxfg99
@r_systemadmin
What equipment do you give to your creative professionals?
As title - we have a marketing department, they produce all of our online and printed content in house using the full Adobe suite including premier for 4k video and Keyshot for animation. Recently however the machine(s) they have are starting to becoming more un-reliable and seem to struggle with what they are doing, but I'm a bit lost as to where to go with this because the machines are not that old and I think a pretty good spec.
I do not use this type of software so I have no idea what a "normal" setup might look like for this type of person and the creatives in question are not technical, they just use the software but really don't know what they want or need hardware wise. Some of the Keyshot renderings are taking days which is one of the issues, although we do have a network rendering workstation this is simply an older machine that we put a graphics card in but still takes a similar length of time to render really short animations - is this normal? (like over a day to product 10 seconds of animated video even on the laptop.
At the moment the two people in question each have a HP Zbook Studio G10, these have 64GB of RAM, NVIDIA GeForce RTX 4080 Laptop GPU with 12GB of graphics memory and 2TB Nvme drives - a pretty good spec so I thought. They are running windows 11 25H2 which is patched up to date in line with our patch management. They work from home 2 days a week which is why we provisioned laptops, but I'm beginning to wonder if this was the best choice and if I'm missing a trick somewhere and we should be doing this differently?
If anyone reading this has any helpful ideas on what might be a better way to do this or recommendations on equipment that might work better or even a totally different way of setting this up so I don't get multiple tickets a week telling me their machine keeps freezing up/crashing etc. etc. that would be awesome! (and yes I've been through a hell of a lot of troubleshooting with little effect)
And before anyone says give them a mac - I would consider it, but my boss has vetoed that on account of the fact none of us really know how to setup and support macs (which is true) and again wouldn't have a clue what model to buy.
https://redd.it/1sx915p
@r_systemadmin
How do you handle employee onboarding across HR and IT systems?
We’re at about 170 employees, and onboarding between HR and IT still feels more manual than it should.
Recent example: HR had a new hire’s start date confirmed well in advance, but IT did not get looped in until late Friday for a Monday start. That left very little time to prep the laptop, set up accounts, and make sure the right access was ready.
Right now HR and IT work in separate systems, so the handoff mostly depends on someone sending a message at the right time.
For teams that have fixed this, what actually worked? Better process, better tooling, clearer ownership, or something else?
Would love specifics on what changed and how IT now gets what it needs earlier.
https://redd.it/1sxbfbe
@r_systemadmin
mail.mil issues
Started seeing emails rejected on Friday with dmarc: temperror. MXToolbox shows no dmarc record at all .. i'm not sure if I should be surprised or not.
https://redd.it/1sx28l3
@r_systemadmin
20+ years time for a change
I’m very much a company man and worked so many roles as needed over the years effectively holding two very disparate roles for the past 15 years, one of which is head of IT, getting my hands dirty as necessarily to keep things on track, and the other being commercial.
The company has grown massively over the years and I’ve more than done my part to help it get there - 50 to 500 people for example.
But I’m feeling stale and it’s feels like a now or never kind of thing to try something new and focus more on the IT side as I’m tipping the scales the wrong side of 40.
The problem is as I never saw myself ever leaving, I never saw the point of LinkedIn and the like, I’m a mushroom heading into the light in terms of recruiting.
Where would you start?!? Contact recruiters and attempt to distill 20 years of experience?
https://redd.it/1sx2cbs
@r_systemadmin
Seasonal workers and identity automation. Pick one.
Every year, same problem. We hire \~300 seasonal warehouse staff between October and January. They leave. Some come back next season. Some don't. Some come back mid-season as rehires after quitting. HRIS treats rehires as new workers half the time, same worker the other half, depends on how HR entered them.
Result: duplicate accounts in AD. john.doe and john.doe2. Both with Okta profiles. Sometimes both active simultaneously. The old john.doe account still has group memberships from two seasons ago that never got cleaned up because the deprovisioning ran but didn't catch the app assignments that were added manually outside the normal workflow.
We've tried building automation around this. Every time we think we have it, HR changes how they enter rehires in the HRIS and the correlation logic breaks.
At this point the "automation" is one of my guys manually cross-checking a spreadsheet against AD before each season starts. That's not automation. That's just a different kind of manual.
Is anyone actually running a clean provisioning setup for high-churn seasonal workforces, or is this just the price of having humans involved in HR data entry?
https://redd.it/1swwxvh
@r_systemadmin
Gmail: Bringing easy end-to-end encryption to all businesses - I'm not sure how I feel about this and its implementation?
https://workspace.google.com/blog/identity-and-security/gmail-easy-end-to-end-encryption-all-businesses?hl=en
> When the recipient is not a Gmail user, Gmail sends them an invitation to view the E2EE email in a restricted version of Gmail. The recipient can then use a guest Google Workspace account to securely view and reply to the email.
If I'm understanding this correctly, if (and when) everyone starts doing this, then users will "get used to" having to click an email link to view a message.
Isn't this going to make detecting phishing emails and avoiding malicious links even harder? Or am I misunderstanding something here?
https://redd.it/1swxjdb
@r_systemadmin
Any suggestions for making the group email in a Teams group more visible / intuitive / accessible in Outlook?
I made a Teams group, where I want users to be able to share files and chat, but I also want them to be able to email the group.
But in Outlook, the place where Teams group emails gets relegated is so obscure, and it feels like it adds to the user workload for remembering to check for emails, in a non-intuitive way.
My users are already used to checking for new email in their main email box and in shared email boxes. But now they have to also check the inconsistently organized "Groups" folder in their main account mailbox?
As an IT admin, I understand why Teams group emails are slightly different from shared mailboxes, but why does that difference need to be communicated to the user in such a drastically different UI organization? They don't understand why some shared mailboxes appear in "Groups" under their username, but all the others appear as separate mailboxes - and frankly neither do I understand that UI design choice.
Even more frustratingly, there doesn't seem to be a default notification that you've received an email in one of your groups: I can't even see a message count from the main "homepage" in New Outlook.
In MacOS under New Outlook, I can only see that I've received new messages if I expand the "Groups" subfolder. But it's worse in Windows. At least on macOS, expanding the "Groups" subfolder is relatively easy and I can access the group emails directly from the "homepage" (but it's still a non-intuitive process compared to shared mailboxes).
But in Windows under New Outlook it instead shows a "Go to Groups" link, which takes me away from the normal Outlook "homepage", and which then doesn't seem to have a "back button" to return me to the normal homepage (I end up clicking the mail category on the left navigation pane to return to the "homepage"). Not only is this more clunky and unintuitive: it means I can't interact with group emails while also interacting with the rest of my corporate mailbox. I can only look at group emails in isolation.
Is there a better way to handle this?
https://redd.it/1swtfru
@r_systemadmin
Fax is killing me
Vonage customer and I gotta say fax machines are killing me. I’ve got a situation where fax to some numbers work and others don’t. I have to be able to fax from a physical machine and have a Grandstream ATA on the fax machine. Vonage says it’s not their problem. Printer/MFA company says it’s not theirs. What would you do?
https://redd.it/1swri5e
@r_systemadmin
Windows Hyper V Manager - extra SSD like ESXI?
Hello,
some time ago I installed an ESXi server with several virtual machines. Everything has been running smoothly until now. Best practice is to install the ESXi hypervisor on a separate SSD or another flash drive.
Now I need to set up a Windows Hyper-V manager with three virtual machines. Should I install the main Hyper-V host on a separate SSD as well?
Thanks!
https://redd.it/1swjlr1
@r_systemadmin
SharePoint synced library removed from OneDrive sync but local folder won’t delete (160GB, access denied)
I’m troubleshooting a SharePoint library that was synced to File Explorer using the SharePoint Sync button (OneDrive sync client).
We removed the sync successfully and verified the library is no longer listed under OneDrive synced locations.
However, the local folder still exists at:
C:\\Users\\User\\companyname.com\\folder
The folder is no longer syncing, but it remains on disk.
I attempted:
\- Deleting through File Explorer (progress reached 100% but folder remained)
\- rmdir /s /q (access denied)
\- Taking ownership via NinjaOne command line, but ownership became SYSTEM instead of admin
\- Confirmed OneDrive sync relationship is removed
Library size is around 160GB.
The user’s C: drive currently has only \~9GB free out of 222GB total.
I’m wondering if low disk space could be preventing cleanup of the orphaned local SharePoint cache or causing deletion to fail.
Has anyone dealt with an orphaned SharePoint/OneDrive synced folder that won’t delete after unsyncing? Looking for the cleanest way to remove the local cache without affecting SharePoint online data.
https://redd.it/1swg0qg
@r_systemadmin
NetBackup, How to Backup SUSE Linux VM's with GitHub and Nexus?
NetBackup, How to Backup SUSE Linux VM's with GitHub and Nexus. I want to backup these 2 VM's, we already have a backup of the entire VM, but there is also a requirement to back up the GitHub and Nexus Machines separately for consistent backups. So, can you guys help me how we should proceed with this and what will be the best practice, Thanks!
https://redd.it/1swdcgi
@r_systemadmin