mac and intune in general is horrible

I just wanted to rant a little about how unfun it has been to integrate Intune as our first MDM. We already had the licenses sitting around, but never got around to actually setting up an MDM. With the growing number of colleagues, it finally became a top priority, so we decided on Intune mainly because the licenses were already there.

The project scope was huge: Windows, Android, and Apple devices all needed to be fully managed by Intune. On top of that, different departments required different apps, and we had to enforce a ton of security policies: no app store, no admin rights, encryption, Defender for Endpoint, etc. Doing all of this on my own while trying to learn how everything works was brutal.

The last piece of the puzzle was getting Apple devices set up, and I’m not going to lie this was the absolute worst experience of the entire project. Just setting up Apple Business Manager took days. Then figuring out how to actually enroll Apple devices was nothing short of a nightmare. Half the time it barely works: you reset the device, use the Configurator app, cross your fingers that the Microsoft Entra login actually shows up, then sit there waiting for Intune configurations to apply. It’s slow, clunky, and honestly miserable to deal with.

And don’t even get me started on Microsoft’s documentation. Why are there 20 different guides for the same thing, all giving slightly different instructions? Finding the one guide that actually matches reality is a mess. Between the inconsistent documentation, the awful speed of Intune, and the painful Apple setup, this project has been one of the least enjoyable IT tasks I’ve ever worked on.

I really don’t understand why there aren’t more people screaming about how bad some parts of Intune are. It feels like everyone just quietly suffers through it.

https://redd.it/1nccgdc
@r_systemadmin

sysadmin but no infrastructure actually exists

Hello everyone,

I’ve finally been accepted for a SysAdmin role and signed the contract, as I really wanted to move on from my previous position in application support. But there’s a catch:

1. The company I’m joining is a vendor a partner with multiple providers offering data applications like Informatica, Denodo, and Cloudera.


2. I found out that vendor companies don’t usually maintain their own infrastructure, since they don’t host services for customers.


3. They only have about three or four servers with one or two applications installed for testing purposes, plus a Windows Server domain controller that, oddly enough, everyone in the company has access to.


4. This left me a bit confused about my role. When I asked my team lead, he explained that I’ll be responsible for installing and configuring applications on the customer’s side starting from setting up the OS, through application installation and configuration, until go-live. After that, my responsibility ends.

i am really confused i don't know what to ask you guys and don't know what to do exactly but I'm open for any advice.



https://redd.it/1ncezle
@r_systemadmin

npm got owned because one dev clicked the wrong link. billions of downloads poisoned. supply chain security is still held together with duct tape.

npm just got smoked today. One maintainer clicked a fake login link and suddenly 18 core packages were backdoored. Chalk, debug, ansi styles, strip ansi, all poisoned in real time.

These packages pull billions every week. Now anyone installing fresh got crypto clipper malware bundled in. Your browser wallet looked fine, but the blockchain was lying to you. Hardware wallets were the only thing keeping people safe.

Money stolen was small. The hit to trust and the hours wasted across the ecosystem? Massive.

This isn’t just about supply chains. It’s about people. You can code sign and drop SBOMs all you want, but if one dev slips, the internet bleeds. The real question is how do we stop this before the first malicious package even ships?



https://redd.it/1ncf87f
@r_systemadmin

For anyone having issues installing nuget this morning...

might just be a caching thing in my area but I'm seeing an expired cert right now for *.azureedge.net on the nuget download endpoint I've been shown to.

Not the first time, it seems: Fix NuGet PackageProvider No Match Found Error

https://redd.it/1ncdqnh
@r_systemadmin

User cant use password to log into office portal

Recently while trying to log in to the office portal, Microsoft asks for your PIN or Facial recognition instead of a password, is there any way to just use the password? At this stage what is the point of even creating a password if the user is forced to use the PIN for everything?

https://redd.it/1ncilre
@r_systemadmin

Best IT asset management for a small business? Ideally a plug and play option

Just need a good rec ofr something solid to replace sheets. Anything that’s real easy to set up and manage. We’re not big enough for full-on enterprise stuff, but I still need to know who has what and when it was last used. Any tools out there that you’ve used and liked? Would prefer SaaS, but open to ideas if the setup’s not a pain. And before you guys say it, snipe it is not a good plug and play option. Budget isn’t a major issue, I just need something that works with minimal manual oversight

Thanks.

PS: I’m relatively inexperienced, and this is my first HR job in a fairly large company. I’ve only done most of my work manually, granted it was for much smaller businesses, hence my avoidance of snipe it. I’d rather just have the business pay for something more convenient

https://redd.it/1nck487
@r_systemadmin

Microsoft announces a return-to-office mandate of three days per week

Article here: https://www.theverge.com/report/774414/microsoft-return-to-office-policy-announcement

It'll start with those currently around the Seattle office, and then move to those around the US and internationally.

https://redd.it/1ncmclm
@r_systemadmin

Anyone else experiencing their Remote Desktop window closing automatically

Several users so far this morning have had their Remote Desktop window vanish on them. I logged into the AVD as well as I was looking around, BLOOP, my window went away as well. I logged back in, windows were still like I left them, so session was disconnected. Seeing if this is happening to others.

https://redd.it/1ncmc4p
@r_systemadmin

ChatGPT Fixed it

Can you relate? https://imgur.com/a/JunuRtY

something my coworker said when dealing with a vendor support tech.

https://redd.it/1ncutbg
@r_systemadmin

What are good Jira alternatives for IT support and workflows?

Jira feels like overkill for smaller IT teams that just want to track requests, handle approvals, and keep things moving without a ton of overhead. What tools are you all using instead that actually fit well inside day-to-day workflows?

Keep hearing about Foqal, any thoughts on it?

https://redd.it/1ncvesm
@r_systemadmin

IT Miracles

I'll go first.

The sprinkler pipe burst in our data center right over our storage rack. One of our NetApp shelves got filled with water. We pulled the shelf and emptied about two gallons of water into the garbage can. We carried the shelf to the boiler room and let it sit there for two hours to dry out. We popped the shelf back in and it fired up like nothing happened. No disks were lost.

https://redd.it/1nd1q4i
@r_systemadmin

Salary expectations?

Hi everyone, I had some questions regarding the salary in the field as I’m nearing graduating college with a B.S. in Cybersecurity and spoke to my boss about a full-time position post graduation.

For context, I have been working part-time (~24 hours a week, 40 hours a week over summers) as a Junior IT Analyst for about a year and a half now at a mid size government contracting company in the Washington D.C. area (~400 employees, most on government sites while only about 40-50 work in HQ). Although my noscript is Junior IT Analyst, I manage myself and report directly to the CFO. He was in charge of all IT things before alongside his actual work, and I am the first and only IT hire in the company. This is actually my first job in my career, other than like retail stuff in highschool. My work basically consists of this:

Assisted the CFO in the migration of all employees from commercial Microsoft 365 to Microsoft GCC High. This allowed a level of CMMC compliance that opens up many contracts.

Created the first internal IT ticketing system for employees. It’s basically just an app I made built into our employees MS Teams. It allows to submit tickets, software requests, view FQAs, etc. I use this to manage the tickets and requests people have.

I deploy any software our employees might need, especially our software developers that always need different things deployed.

Use PowerShell to automate lots of process for HR, like new user creation.

Set up devices for all new hires.

And overall keep the day to day IT procedures running, managing the system from Microsoft Admin Center, Entra, Intune, etc.


I’m currently payed $20 an hour. However, once I graduate and can work as a full-time employee, I’m obviously hoping for a decent salary. I’ll have my degree and a TS clearance. So basically my question is, what would be a fair salary to request? I just want to have a good idea of the average salaries in the industry before discussing finances with my boss.

https://redd.it/1nd3dq3
@r_systemadmin

Help understanding how laptop was compromised

Hi guys, reaching out for some understanding on how someone has got around some security controls...

Situation: We have a laptop that has been "borrowed" by someone and they have been able to create a local admin account on the device and install a hyper-v vm, disable ASR rules and run hacky tools etc.


We want to understand how this may be possible. For context:

* The person had physical access to the device away from where it was borrowed - we have since regained possession
* Dell Latitude Laptop
* No evidence the person has any admin credentials or that an admin has modified anything
* Bitlocker not enabled currently - we are unsure as to whether it was already off or they have turned it off
* BIOS admin password was set (and still is )
* Kali Live USB was seen on the device (Defender Timeline)
* Person has deleted security event logs
* MCM reporting is flaky - but a small percentage of laptops from the same area reporting bitlocker off - the person may have had access to these at some point

My questions

* If bitlocker was on - is there a way to disable it / bypass it without Local admin?
* If bitlocker was already off (or if turned off by the person) - I understand there are ways to create a local admin account via Registry/SAM offline, so that would explain that
* If bios has admin pw - how were they able to boot Kali Live?

Thanks!



https://redd.it/1nd21ss
@r_systemadmin

I Launched a Federal Investigation into Microsoft

So I was recently employed at Microsoft and previously, I've worked for big tech companies like Meta, and the general consensus seems to be that the work culture has declined significantly, especially with the advent of AI and after the death of Satya Nadella's son.

What I started to see was a culture of gaslighting, psychological projection, and scapegoating. Critical internal documentation was missing, coworkers behaved in a passive aggressive manner - there was deliberate information siloing, and all the on campus IT support was offshored to third party contracting companies causing significant delays on tasking that would frequently reach boiling points. I was shamed for asking completely relevant questions about legacy systems and processes that would be perfectly reasonable to ask about as a new employee (such as questions about their database).

Then came the mass layoffs - thousands of people every month were not only suddenly let go - entire departments and teams - but thousands more started receiving PIPs and then terminated. Now, neither of these things crosses a line into illegally, but then I started noticing my manager blatantly lying about my performance - in particular, delays on my feature work which my manager claimed was the reason for issuing my PIP were completely outside of my control - in fact it took 3 months just to get a replacement laptop that could at minimum access teams and a month delay because of yubikey shortages alone (I would go to the campus, call IT support, and send DMs/ emails every day).

I was told I had an option between a severance or a 45 day PIP period to "improve" my performance, and then for the entire duration of my PIP I did not have access to any basic functional assets required to do any tasking at all that could even at minimum turn on. Then, only 4 days in to my PIP after having a coworker message my manager on teams (because I no longer had access to teams and I had to ask a coworker I met in one of the ERG groups to DM him and he wasn't answering my emails), I was terminated citing "performance."

What is troubling is that once going public with my story people who both have been wrongfully terminated and even who still work there in director level roles have messaged me thanking me for saying what they are afraid to bring up - what is going on at Microsoft is not legal.

There are refusal to provide ADA accomodations, firing employees on family medical leave, whistleblower retaliation, physical intimidations outside of work - they create more and more "security" processes for engineers to jump through but then dont provide any documentation for them - all while offshored IT contractors in other lands seemingly don't have to jump through them, and then microsoft gets hacked by those other countries. I've even had folks in India message me claiming that Microsoft has violated worker protections and lied to them there. There seems to be a culture of institutionalized gaslighting, denials of reality, clear lack of accountability, pathological lying, passing the buck around, dysfunctions of critical support, passive aggressiveness, poor communications, psychological projection, and gaslighting.

Apparently Microsoft has also formed agreements with many law firms to just simply not sue them, and an employee was even recently found dead on campus.

So now I have a federal investigation into Microsoft, and I will not be accepting this sort of behavior, and if attorneys and agencies are not doing their jobs, they have to realize the amount of bad PR they are receiving over this. Every day on LinkedIn and blind I've seen more and more folks upset.

https://redd.it/1nd5vdr
@r_systemadmin

Is it a bad idea to block Temu from a data security perspective?

I have recently blocked Temu due to concerns surrounding the excessive amount of information their site stores. Am I being paranoid?

https://redd.it/1nd5l5o
@r_systemadmin

Stopping GenAI data leaks when staff use ChatGPT at work

We’ve had a few close calls where employees pasted sensitive client info into ChatGPT while drafting responses. Leadership doesn’t want to ban AI tools entirely, but compliance is worried. We’re trying to figure out the best way to prevent data leakage without killing productivity. Curious if anyone has found approaches that actually work in practice.

https://redd.it/1nd7ynt
@r_systemadmin

User reported someone remoted into his virtual machine

Hi Everyone,

One of our users reported that while his workstation was in sleep state, it turned itself on and looked like someone was navigating through some excel files. He reported that this happened for like 15-30 seconds. User primarily works on a windows virtual desktop and it is being monitored by Defender for Endpoint.

My colleagues where first to respond and have tried to reach out to the user but he was unreachable. They did check on the security event log and did not see any logins besides service accounts. His office 365 activity was also checked from the Defender activity portal and Entra ID.

I first ran a full scan for his virtual machine from the defender portal and it did not came back with anything. Checked the TerminalServices-LocalSessionManager event logs for both the local and virtual machine but only user's account was seen to login. Can't get the network information from the logins since it was unavailable.

No other remote connection program was installed besides remote desktop and screenconnect both for the local and virtual machine. Have checked on the scheduled task, startup programs and processes but nothing really stood out to be malicious. My seniors checked on the firewall logs and they weren't able to detect suspicious connections either.

Considered someone from IT logged accidentally and tried to review the application logs to see if anyone have logged in with screenconnect within the time user reported but none was observed. Even looked for cleared log events but none have been found. Not sure if this could be caused by faulty hardware since user said that it was shifting through excel tabs.

I know this should have been done in the first place but i have suggested that a malwarebytes/hitmanpro scan should be done on the local and virtual machine to rule out any undetected malware. My boss doesn't really like me reaching out to client or remoting in to their workstation yet since we have someone from the team that does that and I'm the one with the least experience. Can only remote in via the backstage feature in ConnectWise Automate with limited access.

May I please know what else to check or if I'm missing anything? Really appreciate for any help. I've been at this for already for more than a week and can't find anything.

https://redd.it/1nd6eli
@r_systemadmin

Heads-up: Atlassian is sunsetting Data Center by March 2029.

That means:

Dec 2025 → no new DC apps on Marketplace
Mar 2026 → no new DC licenses
Mar 2028 → no expansions, no Marketplace app sales
Mar 2029 → Data Center goes read-only

If you’re running Confluence/DC on-prem, this effectively forces a cloud migration unless you move elsewhere.

Next week there’s a webinar with Nextcloud + XWiki showing how some orgs migrated off Confluence and what a full self-hosted stack looks like (docs, files, project management).

📅 Sept 17, 3:00pm CEST / 9:00am EDT
🔗 https://go.nextcloud.com/r/20it

Recording will be available if you can’t join live.

Are you planning to stick it out with Atlassian until 2029, or already testing alternatives?

https://redd.it/1ndac56
@r_systemadmin

Bit of a rant

My first post here I think.

I have been the sole IT person for over 23 years in the same business, my tenure has been mostly because of the people I work amongst, all have been there for similar amounts of time and we are more than just colleagues but great friends too.

My role includes maintaining the infrastructure and everything else you can imagine. I have even created a custom CRM, portal and customer portal that is used every day and has become the center of the whole business saving him tens of thousands in licencing.

I am running the infrastructure on a very limited budget, I won't bore you with the details but we have a hybrid cloud phone system that used to be on it's own internet line that is now shared with the main network internet connection as the boss wanted to save £30 a month on what he's sees as a waste (don't go there).

Currently earning £36k but just asked for a salary of £45k with 2 days from home (75 mile daily commute for me). Since then he has not dismissed it but has said he will think about it and we will revisit in a few weeks. He has also got me consulting an external company to "assist if I am ill or unavailable" under the guise that his insurance is asking for it.

Here's the kicker, I do basic finance related duties daily as well as he didn't want to pay for another member of staff that won't be full time.

If you were in my position what would your next move be?

https://redd.it/1ndamiz
@r_systemadmin

Windows BitLocker Vulnerability Let Attackers Elevate Privileges

Windows BitLocker allows an authorized attacker to elevate privileges locally.
Windows BitLocker Vulnerability Let Attackers Elevate Privileges


CVE page: CVE-2025-54911 - Security Update Guide - Microsoft - Windows BitLocker Elevation of Privilege Vulnerability


https://redd.it/1ndbqfj
@r_systemadmin

Is it weird for my employer to ask me to make a direct line to our IT team for guests?

Good morning all,

I currently work in hospitality, and I’m looking for some outside perspective on a change at work.

Traditionally, when a guest has an issue, they contact Guest Services, who create a ticket explaining the problem. We then go to the room and resolve it.

Our boss now wants to change this process: if a guest has a “Do Not Disturb” sign, instead when we go up to fix the issue, we’re supposed to leave a note with an email address so they can contact our IT team directly. Initially, they asked if we could provide guests with the email address for our internal ticketing system (we said no), but now they’re pushing for a separate shared mailbox for guest issues.

From my perspective, it feels strange to give guests a direct line to the company’s internal IT department, even if it’s a separate mailbox.

I’d love to hear how other companies handle similar situations. Do you allow guests to directly email IT, or do you have a different process in place?

https://redd.it/1nddhqg
@r_systemadmin