Blocking Tor IP Ranges through Conditional Access
Howdy,
I wanted to see if I could block TOR (specifically the exit nodes) by using conditional access in Entra. I have a few security layers for our corporate devices (Defender XDR, Applocker, managed through Intune) but that doesn't extend to personal devices accessing 365. The native functionality comes from Cloud App Security and requires an E5 Security license and a AAD P2 license. MAM could be an option too, but it requires an AAD P2 license in addition to an Intune license. The bulk of our user base doesn't have any of these licenses assigned, so I figured I'd try and do it on a budget.
I found the TOR exit nodes were publicly available (v6 was not available from the Tor Project) so I just grabbed those and noscripted out the updates through Azure Automation.
The noscript itself will download the IPv4 and IPv6 lists, format the response and then either create a new IP Location range if one doesn't exist or update an existing one.
As I mentioned above, the IPv4 exit node list is provided publicly from the TOR Project but the IPv6 (also includes IPv4) exit node list is from www.dan.me.uk \- Thanks Dan!
The IPv4 exit node list is official and provided by the Tor project so I opted to use that for IP4 and the other for IPv6.
Tor Exit Nodes
IPV4 - https://check.torproject.org/torbulkexitlist
IPV4/IPV6 - https://www.dan.me.uk/torlist/?exit (You can only hit this every 30 minutes or else it can block you)
Script
https://github.com/clocktowerletter/hellclock/blob/main/Tor%20Exit%20Node%20CA%20Policy%20Update.ps1
NOTE: Whenever the noscript updates the IPv4 and IPv6 Tor ranges, it wipes out the existing CIDRs within the policy, so it will always be current with the public lists. If no response is returned when pulling the IPv4 or IPv6 list, the noscript will stop. More error checking could and should be added.
The noscript is using a managed identity to sign into Microsoft Graph and I'm leveraging Azure Automation on a twice-daily schedule to run it. The permission assigned to the managed identity is "Policy.ReadWrite.ConditionalAccess.
It will create/update two named location IP range policies. You will still need to link this to a blocking policy in Conditional Access but I omitted that part as it can be done through the portal. If you want to run it locally, you could utilize interactive based sign-in for Microsoft Graph. Just to remove the "-Identity" switch from the second line and for best practice replace with "-Scopes 'Policy.ReadWrite.ConditionalAccess'". Azure Automation was being quirky with the newer Graph modules but YMMV.
https://redd.it/1nhp33m
@r_systemadmin
Howdy,
I wanted to see if I could block TOR (specifically the exit nodes) by using conditional access in Entra. I have a few security layers for our corporate devices (Defender XDR, Applocker, managed through Intune) but that doesn't extend to personal devices accessing 365. The native functionality comes from Cloud App Security and requires an E5 Security license and a AAD P2 license. MAM could be an option too, but it requires an AAD P2 license in addition to an Intune license. The bulk of our user base doesn't have any of these licenses assigned, so I figured I'd try and do it on a budget.
I found the TOR exit nodes were publicly available (v6 was not available from the Tor Project) so I just grabbed those and noscripted out the updates through Azure Automation.
The noscript itself will download the IPv4 and IPv6 lists, format the response and then either create a new IP Location range if one doesn't exist or update an existing one.
As I mentioned above, the IPv4 exit node list is provided publicly from the TOR Project but the IPv6 (also includes IPv4) exit node list is from www.dan.me.uk \- Thanks Dan!
The IPv4 exit node list is official and provided by the Tor project so I opted to use that for IP4 and the other for IPv6.
Tor Exit Nodes
IPV4 - https://check.torproject.org/torbulkexitlist
IPV4/IPV6 - https://www.dan.me.uk/torlist/?exit (You can only hit this every 30 minutes or else it can block you)
Script
https://github.com/clocktowerletter/hellclock/blob/main/Tor%20Exit%20Node%20CA%20Policy%20Update.ps1
NOTE: Whenever the noscript updates the IPv4 and IPv6 Tor ranges, it wipes out the existing CIDRs within the policy, so it will always be current with the public lists. If no response is returned when pulling the IPv4 or IPv6 list, the noscript will stop. More error checking could and should be added.
The noscript is using a managed identity to sign into Microsoft Graph and I'm leveraging Azure Automation on a twice-daily schedule to run it. The permission assigned to the managed identity is "Policy.ReadWrite.ConditionalAccess.
It will create/update two named location IP range policies. You will still need to link this to a blocking policy in Conditional Access but I omitted that part as it can be done through the portal. If you want to run it locally, you could utilize interactive based sign-in for Microsoft Graph. Just to remove the "-Identity" switch from the second line and for best practice replace with "-Scopes 'Policy.ReadWrite.ConditionalAccess'". Azure Automation was being quirky with the newer Graph modules but YMMV.
https://redd.it/1nhp33m
@r_systemadmin
Proxmox ceph failures
So it happens on a friday, typical.
we have a 4 node proxmox cluster which has two ceph pools, one stritcly hdd and one ssd. we had a failure on one of our hdd's so i pulled it from production and allowed ceph to rebuild. it turned out the layout of drives and ceph settings were not done right and a bunch of PGs became degraded during this time. unable to recover the vm disks now and have to rebuild 6 servers from scratch including our main webserver.
the only lucky thing about this is that most of these servers are very minimal in setup time invlusing the webserver. I relied on a system too much to protect the data (when it was incorectly configured)..
should have at least half of the servers back online by the end of my shift. but damn this is not fun.
what are your horror stories?
https://redd.it/1nhtj2l
@r_systemadmin
So it happens on a friday, typical.
we have a 4 node proxmox cluster which has two ceph pools, one stritcly hdd and one ssd. we had a failure on one of our hdd's so i pulled it from production and allowed ceph to rebuild. it turned out the layout of drives and ceph settings were not done right and a bunch of PGs became degraded during this time. unable to recover the vm disks now and have to rebuild 6 servers from scratch including our main webserver.
the only lucky thing about this is that most of these servers are very minimal in setup time invlusing the webserver. I relied on a system too much to protect the data (when it was incorectly configured)..
should have at least half of the servers back online by the end of my shift. but damn this is not fun.
what are your horror stories?
https://redd.it/1nhtj2l
@r_systemadmin
Reddit
From the sysadmin community on Reddit
Explore this post and more from the sysadmin community
Solarwinds, I'm out.
I have defended this company's on prem solutions for years, and today is the day I am done. I have already put the replacement in place, that's how easy it was to get rid of them.
They took $119/year product and started charging $999/year. The DPA product was pretty good for quicky troubleshooting, but not a $500/year product to $2500/year. Now you are getting $0.
Good job, private equity firm. You have killed another one.
https://redd.it/1nhxgg0
@r_systemadmin
I have defended this company's on prem solutions for years, and today is the day I am done. I have already put the replacement in place, that's how easy it was to get rid of them.
They took $119/year product and started charging $999/year. The DPA product was pretty good for quicky troubleshooting, but not a $500/year product to $2500/year. Now you are getting $0.
Good job, private equity firm. You have killed another one.
https://redd.it/1nhxgg0
@r_systemadmin
Reddit
From the sysadmin community on Reddit
Explore this post and more from the sysadmin community
Server 2025 DC - Clients randomly unable to log in until they restart
We've been struggling to get all the issues ironed out of a Server 2025 DC deployment. There is a 2nd DC in place still running 2022, so we can demote the 2025 if we absolutely have to.
At first, everything seemed okay, but recently we've been having issues where a client PC will boot up in the morning, they enter their credentials, and are told the username or password is incorrect. Even if we confirm that the credentials ARE correct, they cannot log in. They do not get a domain trust error, just that the password is incorrect.
If they reboot their workstation, they are then able to log in on the subsequent reboot.
I'm not sure if this is a 2025 DC issue, or a W11 24H2 issue. I've found other references to the same problem, but nobody has posted about a fix.
There have been so many issues with 2025 DCs that it can be somewhat difficult to find information on the specific one you're dealing with. Searching for this issue tends to bring up posts about the earlier problem where rebooting a DC would cause its network profile to change and then computers couldn't authenticate, but this is not the same issue.
I'm currently in the process of installing the September cumulative update on the DC, but I don't think that's going to change anything.
If anyone has any suggestions, I'd love to hear them!
https://redd.it/1nhtlx7
@r_systemadmin
We've been struggling to get all the issues ironed out of a Server 2025 DC deployment. There is a 2nd DC in place still running 2022, so we can demote the 2025 if we absolutely have to.
At first, everything seemed okay, but recently we've been having issues where a client PC will boot up in the morning, they enter their credentials, and are told the username or password is incorrect. Even if we confirm that the credentials ARE correct, they cannot log in. They do not get a domain trust error, just that the password is incorrect.
If they reboot their workstation, they are then able to log in on the subsequent reboot.
I'm not sure if this is a 2025 DC issue, or a W11 24H2 issue. I've found other references to the same problem, but nobody has posted about a fix.
There have been so many issues with 2025 DCs that it can be somewhat difficult to find information on the specific one you're dealing with. Searching for this issue tends to bring up posts about the earlier problem where rebooting a DC would cause its network profile to change and then computers couldn't authenticate, but this is not the same issue.
I'm currently in the process of installing the September cumulative update on the DC, but I don't think that's going to change anything.
If anyone has any suggestions, I'd love to hear them!
https://redd.it/1nhtlx7
@r_systemadmin
Reddit
From the sysadmin community on Reddit
Explore this post and more from the sysadmin community
ScreenConnect/Control new policies
I LOVE the fact they are making a paywall to stop these idiots from using a free service to hack the less techie folks. I would like to see all the other products follow suit. I also noticed that Control implemented a real warning that says "You are letting someone control your computer. DO YOU REALLY CONCEDE?"
https://redd.it/1ni2jvp
@r_systemadmin
I LOVE the fact they are making a paywall to stop these idiots from using a free service to hack the less techie folks. I would like to see all the other products follow suit. I also noticed that Control implemented a real warning that says "You are letting someone control your computer. DO YOU REALLY CONCEDE?"
https://redd.it/1ni2jvp
@r_systemadmin
Reddit
From the sysadmin community on Reddit
Explore this post and more from the sysadmin community
Am I Overreacting About Our MSP Deploying a VM Without Telling Me?
I’m the sole IT/ERP Manager for a small business with around 60-70 employees spread across four locations. We work with an MSP under a co-management agreement to help support our environment.
Last Thursday, I had a meeting with their Director of Customer Service because I was frustrated — they were making changes without properly informing me and weren’t holding up parts of their support agreement.
Later that day, I met with their lead technician, who walked me through some new software tools they’re planning to roll out for us. One of the tools mentioned was Nodeware. During that 15-minute conversation, multiple tools came up, and they made it sound like Nodeware was a cloud-based solution. Regardless, all of these tools were supposed to be in a test enviorment. Nothing should be on our production hyper v host.
Fast forward to tonight — I was doing some off-hours work on one of our Hyper-V hosts and noticed a VM that I didn’t recognize. After digging in, I found it’s a Linux server running Nodeware.
To say I’m frustrated would be an understatement. This is the first time they’ve deployed a VM directly on my production host — without notifying me. Every other tool we've deployed through them has been cloud-based. If they had just told me ahead of time, I probably wouldn’t have had an issue. But dropping a VM into my production environment without a heads-up? That feels like crossing a line.
I plan to bring this up with our COO tomorrow. But before I do, I’d like to check in with you all — am I overreacting here?
(And just in case I do show this to him — hey Mike 👋)
https://redd.it/1ni32db
@r_systemadmin
I’m the sole IT/ERP Manager for a small business with around 60-70 employees spread across four locations. We work with an MSP under a co-management agreement to help support our environment.
Last Thursday, I had a meeting with their Director of Customer Service because I was frustrated — they were making changes without properly informing me and weren’t holding up parts of their support agreement.
Later that day, I met with their lead technician, who walked me through some new software tools they’re planning to roll out for us. One of the tools mentioned was Nodeware. During that 15-minute conversation, multiple tools came up, and they made it sound like Nodeware was a cloud-based solution. Regardless, all of these tools were supposed to be in a test enviorment. Nothing should be on our production hyper v host.
Fast forward to tonight — I was doing some off-hours work on one of our Hyper-V hosts and noticed a VM that I didn’t recognize. After digging in, I found it’s a Linux server running Nodeware.
To say I’m frustrated would be an understatement. This is the first time they’ve deployed a VM directly on my production host — without notifying me. Every other tool we've deployed through them has been cloud-based. If they had just told me ahead of time, I probably wouldn’t have had an issue. But dropping a VM into my production environment without a heads-up? That feels like crossing a line.
I plan to bring this up with our COO tomorrow. But before I do, I’d like to check in with you all — am I overreacting here?
(And just in case I do show this to him — hey Mike 👋)
https://redd.it/1ni32db
@r_systemadmin
Reddit
From the sysadmin community on Reddit
Explore this post and more from the sysadmin community
4 years in IT and I still can’t believe some of the requests I get from management
Been working in sysadmin for 4 years now. Thought I had seen it all… until last week.
Boss comes up with a “brilliant” idea: let’s let interns have full root access on production servers for a week, because “they need to learn fast”. Yep. I stared at him like 🤯.
Spent the next few hours adding firewall rules, writing monitoring alerts, and praying nothing blew up. Meanwhile, he’s bragging about being a hands-on leader…
4 years in, and honestly, some days I wonder if management should be required to take a week of IT training before issuing directives.
Fellow sysadmins — what’s the dumbest request you’ve ever had to deal with?
https://redd.it/1ni6uz9
@r_systemadmin
Been working in sysadmin for 4 years now. Thought I had seen it all… until last week.
Boss comes up with a “brilliant” idea: let’s let interns have full root access on production servers for a week, because “they need to learn fast”. Yep. I stared at him like 🤯.
Spent the next few hours adding firewall rules, writing monitoring alerts, and praying nothing blew up. Meanwhile, he’s bragging about being a hands-on leader…
4 years in, and honestly, some days I wonder if management should be required to take a week of IT training before issuing directives.
Fellow sysadmins — what’s the dumbest request you’ve ever had to deal with?
https://redd.it/1ni6uz9
@r_systemadmin
Reddit
From the sysadmin community on Reddit
Explore this post and more from the sysadmin community
It finally happened. I drove 3 hours to tell a user to log off.
My team spent hundreds of dollars on a rental car because they couldn't get this guy on the phone. They neglected to mention this is why I was being sent on-site
https://redd.it/1niaalr
@r_systemadmin
My team spent hundreds of dollars on a rental car because they couldn't get this guy on the phone. They neglected to mention this is why I was being sent on-site
https://redd.it/1niaalr
@r_systemadmin
Reddit
It finally happened. I drove 3 hours to tell a user to log off. : r/sysadmin
122 votes, 43 comments. 1.2M subscribers in the sysadmin community. A reddit dedicated to the profession of Computer System Administration.
Samsung DeX in Enterprise
Our leadership team is exploring whether we could move to a single-device workflow, specifically using the Galaxy Fold 7 with Samsung DeX, for both office and remote work.
We’re planning to trial DeX in a real-world enterprise setting, but I’d love to hear from anyone who’s already done this at scale.
Our current setup:
- Each desk has a conference monitor connected via USB-C, daisy-chained to a second monitor using DisplayLink.
- Users frequently use webcams and conferencing monitors for Teams calls.
- Application suite comprises largely of online SaaS applications and Microsoft 365
Concerns we have before committing:
- DisplayLink isn’t officially supported, meaning we may need to replace dual-monitor setups with a single large curved monitor just to make DeX viable. (Have heard this is coming at some point though…)
- Webcams on conference monitors reportedly don’t work properly in DeX mode.
- We worry this could push more people onto VDI (CloudPCs), frustrating users and driving up costs.
Questions for the community:
- Have you deployed DeX in an enterprise environment? How did users respond?
- What hardware setups worked best (single vs dual monitors, docks, webcams)?
- What were the biggest limitations or deal-breakers you encountered?
-Any tips or lessons learned that made adoption smoother?
We really like the idea of a “single device for everything” approach, but my gut feeling is that DeX might not quite be mature enough for enterprise workflows yet. I’d love to hear your real-world observations, good or bad, before we invest heavily.
Thanks in advance!
https://redd.it/1nia5dy
@r_systemadmin
Our leadership team is exploring whether we could move to a single-device workflow, specifically using the Galaxy Fold 7 with Samsung DeX, for both office and remote work.
We’re planning to trial DeX in a real-world enterprise setting, but I’d love to hear from anyone who’s already done this at scale.
Our current setup:
- Each desk has a conference monitor connected via USB-C, daisy-chained to a second monitor using DisplayLink.
- Users frequently use webcams and conferencing monitors for Teams calls.
- Application suite comprises largely of online SaaS applications and Microsoft 365
Concerns we have before committing:
- DisplayLink isn’t officially supported, meaning we may need to replace dual-monitor setups with a single large curved monitor just to make DeX viable. (Have heard this is coming at some point though…)
- Webcams on conference monitors reportedly don’t work properly in DeX mode.
- We worry this could push more people onto VDI (CloudPCs), frustrating users and driving up costs.
Questions for the community:
- Have you deployed DeX in an enterprise environment? How did users respond?
- What hardware setups worked best (single vs dual monitors, docks, webcams)?
- What were the biggest limitations or deal-breakers you encountered?
-Any tips or lessons learned that made adoption smoother?
We really like the idea of a “single device for everything” approach, but my gut feeling is that DeX might not quite be mature enough for enterprise workflows yet. I’d love to hear your real-world observations, good or bad, before we invest heavily.
Thanks in advance!
https://redd.it/1nia5dy
@r_systemadmin
Reddit
From the sysadmin community on Reddit
Explore this post and more from the sysadmin community
Finally got hired after a 6 month non-paid internship as a Microsoft Security Analyst/sysadmin. Where to go from here?
Hey there everyone.
So back in April I started this non-paid internship at a company that offers a varied catalogue of IT services.
I was put in a team that focuses on Microsoft related stuff and learned a lot of stuff.
As of today, I've officially been hired to work as an analyst (using the microsoft defender suite)/sysadmin (with intune).
I've also begun studying and working on GRC projects (with intune) and started dipping my toes into more infrastructure related projects ( azure, hybrid servers, AD and so on).
While I do like the job and what I do, I feel that, on the long run, only focusing on one tech stack will not improve my skills all that much.
I do like studying and working on the cloud, as a field, and will definitely start focusing on AWS and GCP in the future but was wondering how I could improve myself if I ever wanted to focus on something else.
I'm quite interested in doing some pentest work in the future and I wanted some advice on how to advance my career and on what I could focus on in the future base on your experiences.
As of now I have these certifications:
\- sc-200
\- md-102
\-sc-401
thanks for your help and sorry for all my rambling
https://redd.it/1nibhvk
@r_systemadmin
Hey there everyone.
So back in April I started this non-paid internship at a company that offers a varied catalogue of IT services.
I was put in a team that focuses on Microsoft related stuff and learned a lot of stuff.
As of today, I've officially been hired to work as an analyst (using the microsoft defender suite)/sysadmin (with intune).
I've also begun studying and working on GRC projects (with intune) and started dipping my toes into more infrastructure related projects ( azure, hybrid servers, AD and so on).
While I do like the job and what I do, I feel that, on the long run, only focusing on one tech stack will not improve my skills all that much.
I do like studying and working on the cloud, as a field, and will definitely start focusing on AWS and GCP in the future but was wondering how I could improve myself if I ever wanted to focus on something else.
I'm quite interested in doing some pentest work in the future and I wanted some advice on how to advance my career and on what I could focus on in the future base on your experiences.
As of now I have these certifications:
\- sc-200
\- md-102
\-sc-401
thanks for your help and sorry for all my rambling
https://redd.it/1nibhvk
@r_systemadmin
Reddit
From the sysadmin community on Reddit
Explore this post and more from the sysadmin community
Imaging using sysprep
Does anyone have any experience with imaging laptops using sysprep? I have been struggling with this all day, I keep getting an unexplained “windows 11 failed to install” error at the end of my installations when sysprep worked completely fine, the dism command showed no errors, and I had no errors when burning the image to an iso , then using Rufus to put that iso onto a USB for imaging. It’s been driving me crazy. I’m using a very simple image where I only installed one program to test if it worked and it’s failing everytime. I’m also having an issue using acronis usbs for imaging as well, I just can’t seem to catch a break, our company doesn’t use intune for deploying, I’m just at a loss on what to do at this point.
https://redd.it/1nibzlr
@r_systemadmin
Does anyone have any experience with imaging laptops using sysprep? I have been struggling with this all day, I keep getting an unexplained “windows 11 failed to install” error at the end of my installations when sysprep worked completely fine, the dism command showed no errors, and I had no errors when burning the image to an iso , then using Rufus to put that iso onto a USB for imaging. It’s been driving me crazy. I’m using a very simple image where I only installed one program to test if it worked and it’s failing everytime. I’m also having an issue using acronis usbs for imaging as well, I just can’t seem to catch a break, our company doesn’t use intune for deploying, I’m just at a loss on what to do at this point.
https://redd.it/1nibzlr
@r_systemadmin
Reddit
From the sysadmin community on Reddit
Explore this post and more from the sysadmin community
Change in direction
So I have worked in IT for about 20 years all told.
Mostly at support level, and more recently at an MSP (I know plenty will go "boo") and have enjoyed it. We have some good clients, I've gotten to know them, their systems, their people, so overall good. Was working on going up the chain, eventually wanting to be a full on system admin. I had applied for and got offered a role as one, but the renumeration was laughably low, so much so I'd have been better off unemployed (that's a whole other story though).
But now, I am suddenly in management. My previous manager was not great, so much so I did run-arounds to get answers I needed to do my job, or to help out the rest of my team. So he finally leaves (wahey) and I figure for the hell of it, let's apply.
I get offered the job, and now a few months in, I am actually enjoying it. My team is really happy too. So, while I may want to aim for system admin....maybe I can be a manager, and not part of manglement?
Yeah just thanks for all the help over the years with questions, and interesting topics. I will still remain here as I can always learn more.
https://redd.it/1nie67t
@r_systemadmin
So I have worked in IT for about 20 years all told.
Mostly at support level, and more recently at an MSP (I know plenty will go "boo") and have enjoyed it. We have some good clients, I've gotten to know them, their systems, their people, so overall good. Was working on going up the chain, eventually wanting to be a full on system admin. I had applied for and got offered a role as one, but the renumeration was laughably low, so much so I'd have been better off unemployed (that's a whole other story though).
But now, I am suddenly in management. My previous manager was not great, so much so I did run-arounds to get answers I needed to do my job, or to help out the rest of my team. So he finally leaves (wahey) and I figure for the hell of it, let's apply.
I get offered the job, and now a few months in, I am actually enjoying it. My team is really happy too. So, while I may want to aim for system admin....maybe I can be a manager, and not part of manglement?
Yeah just thanks for all the help over the years with questions, and interesting topics. I will still remain here as I can always learn more.
https://redd.it/1nie67t
@r_systemadmin
Reddit
From the sysadmin community on Reddit
Explore this post and more from the sysadmin community
UK IT Recruitment
Hi
I work for a growing financial services company in the UK with 500 users. IT is Microsoft - Hybrid with AD and a handful of servers and infrastructure in Azure, M365 E5, MDE, Intune, Purview, Sentinel, Fortinet, Backups, security awareness etc. Lots of projects on the go. We have been looking to recruit a ” generalist” to help manage our environment but a couple of months into the process and we have not made much progress.
Job boards: Floods of responses from candidates lacking the skills and experience
Recruitment agencies: The couple we have worked with have not materialised into anything past 1^(st) stage interview.
I realise without knowing specifics (job spec, salary, benefits etc) it’s hard to comment, but I wanted to get thoughts on the UK job market and whether there are recommendations for IT recruitment agencies to work with or other avenues to get someone on board.
Thanks
https://redd.it/1nielwo
@r_systemadmin
Hi
I work for a growing financial services company in the UK with 500 users. IT is Microsoft - Hybrid with AD and a handful of servers and infrastructure in Azure, M365 E5, MDE, Intune, Purview, Sentinel, Fortinet, Backups, security awareness etc. Lots of projects on the go. We have been looking to recruit a ” generalist” to help manage our environment but a couple of months into the process and we have not made much progress.
Job boards: Floods of responses from candidates lacking the skills and experience
Recruitment agencies: The couple we have worked with have not materialised into anything past 1^(st) stage interview.
I realise without knowing specifics (job spec, salary, benefits etc) it’s hard to comment, but I wanted to get thoughts on the UK job market and whether there are recommendations for IT recruitment agencies to work with or other avenues to get someone on board.
Thanks
https://redd.it/1nielwo
@r_systemadmin
Reddit
From the sysadmin community on Reddit
Explore this post and more from the sysadmin community
SysAdmins who successfully pitched yourself to take over a position: what did you find it helpful to highlight when making your case?
TL;DR: What did you find it helpful to highlight when presenting yourself to take over an existing SysAdmin role?
So a bit of background: I know someone who is employed in a financial services company. Behind the scenes as far as IT is concerned, this company is a mess. The company is roughly 25 or so staff including some working offshore.
The company was failing cybersecurity and compliance audits because of simple things like not using a VPN, RDP over the internet and, well, that should be enough to paint a picture. They previously had a solo person who was "maintaining" things but these audits shone the light on his lack of doing so and he was let go. The company shortly after replaced him with an MSP.
Now since they commenced work, the MSP (to their limited credit) has done things like shifted the whole company onto using a VPN, limited what can be done over the plain internet, replaced PCs that were unable to run Windows 11 with brand new ones that can, retired a very much aged RDP/network/EverythingInOne server with a new (still inadequate) one running a later version of Windows Server, setup proper AD control and permissions and more. However, this MSP has always been difficult to work with and will commonly take 1-2 business days to reply to a ticket or request for something critical, such as an outage that affects everyone's ability to work, nickle and dimes the company for the smallest things (as they do) and more. As such, the director of the company is looking at cutting ties with them and going back to having a dedicated person handling things.
This is where I'm looking at stepping in and pitching myself. Admittedly I've almost zero prior professional experience in the field aside from administrating my own homelab and servers, however I'm familiar in an unofficial sense, I suppose, with the sort of equipment they're using for everything, what their RDP/AD host is used for and other relevant factors. They've previously asked for my advice on issues they've had after having already been to their MSP about it as well, so I know they're somewhat interested in me already.
I'm just sort of wondering what the best way to approach/pitch this would be, and how to present myself. Something like this would be quite the deep end learning experience for someone who doesn't have any prior experience in the field, but I've an eagerness and a willingness to learn what I don't know and put to work what I do know. Do I put everything relevant into a PDF attached to my resume and fire it over? How would you approach this?
Thanks in advance for any answers offered. Been a long-time lurker and reader of the sub, honestly didn't think a potential opportunity like this would ever present itself to me, just want to put my best foot forward.
https://redd.it/1nig4y1
@r_systemadmin
TL;DR: What did you find it helpful to highlight when presenting yourself to take over an existing SysAdmin role?
So a bit of background: I know someone who is employed in a financial services company. Behind the scenes as far as IT is concerned, this company is a mess. The company is roughly 25 or so staff including some working offshore.
The company was failing cybersecurity and compliance audits because of simple things like not using a VPN, RDP over the internet and, well, that should be enough to paint a picture. They previously had a solo person who was "maintaining" things but these audits shone the light on his lack of doing so and he was let go. The company shortly after replaced him with an MSP.
Now since they commenced work, the MSP (to their limited credit) has done things like shifted the whole company onto using a VPN, limited what can be done over the plain internet, replaced PCs that were unable to run Windows 11 with brand new ones that can, retired a very much aged RDP/network/EverythingInOne server with a new (still inadequate) one running a later version of Windows Server, setup proper AD control and permissions and more. However, this MSP has always been difficult to work with and will commonly take 1-2 business days to reply to a ticket or request for something critical, such as an outage that affects everyone's ability to work, nickle and dimes the company for the smallest things (as they do) and more. As such, the director of the company is looking at cutting ties with them and going back to having a dedicated person handling things.
This is where I'm looking at stepping in and pitching myself. Admittedly I've almost zero prior professional experience in the field aside from administrating my own homelab and servers, however I'm familiar in an unofficial sense, I suppose, with the sort of equipment they're using for everything, what their RDP/AD host is used for and other relevant factors. They've previously asked for my advice on issues they've had after having already been to their MSP about it as well, so I know they're somewhat interested in me already.
I'm just sort of wondering what the best way to approach/pitch this would be, and how to present myself. Something like this would be quite the deep end learning experience for someone who doesn't have any prior experience in the field, but I've an eagerness and a willingness to learn what I don't know and put to work what I do know. Do I put everything relevant into a PDF attached to my resume and fire it over? How would you approach this?
Thanks in advance for any answers offered. Been a long-time lurker and reader of the sub, honestly didn't think a potential opportunity like this would ever present itself to me, just want to put my best foot forward.
https://redd.it/1nig4y1
@r_systemadmin
Reddit
From the sysadmin community on Reddit
Explore this post and more from the sysadmin community
The "ball of random bullshit" tickets
Why are there always 1-2 people at any company who contact you on a regular basis, and who can't limit their requests to one or two issues with relevant details. Instead you get 25 different half-coherent mentions of various trash can fires, all bundled into what is either relayed over the phone in a monologue or formatted like someone's first attempt at communication using letters.
>"Hello we need access for Susan to network drive who switched roles with Sarah (who is susan? where did sarah go??) and the fax is not sending bill invoices to LifeCo but working for others, it's printing 500 pages now with just random stuff, and also my computer is slow all of a sudden since a month ago, the server (??) takes a long time to load when selecting file transfers for AMP13 clients (????) and also Susan needs Sarah's phone extension switched to her name and also we moved some of the desks in the office and now many cables will not reach, there was a fire in the staff kitchen yesterday and the phone on the wall did not work to call emergency services when dialing outside numbers, and also there is a presentation at 11am today (it's currently 10:45) and we need the product demo environment reset and populated with test data because Bob deleted the admin account last week"
I've worked at 8 different places over the past 20 years, and there's always someone that does this.
https://redd.it/1nijegx
@r_systemadmin
Why are there always 1-2 people at any company who contact you on a regular basis, and who can't limit their requests to one or two issues with relevant details. Instead you get 25 different half-coherent mentions of various trash can fires, all bundled into what is either relayed over the phone in a monologue or formatted like someone's first attempt at communication using letters.
>"Hello we need access for Susan to network drive who switched roles with Sarah (who is susan? where did sarah go??) and the fax is not sending bill invoices to LifeCo but working for others, it's printing 500 pages now with just random stuff, and also my computer is slow all of a sudden since a month ago, the server (??) takes a long time to load when selecting file transfers for AMP13 clients (????) and also Susan needs Sarah's phone extension switched to her name and also we moved some of the desks in the office and now many cables will not reach, there was a fire in the staff kitchen yesterday and the phone on the wall did not work to call emergency services when dialing outside numbers, and also there is a presentation at 11am today (it's currently 10:45) and we need the product demo environment reset and populated with test data because Bob deleted the admin account last week"
I've worked at 8 different places over the past 20 years, and there's always someone that does this.
https://redd.it/1nijegx
@r_systemadmin
Reddit
From the sysadmin community on Reddit
Explore this post and more from the sysadmin community
Microsoft 365 MFA: Initial Setup now no longer offers Security Key as primary option
Hello everyone, I've stumbled across a hitch with our MFA expansion on Microsoft 365 and wondered if this community had some answers.
We bought a handful of FIDO2 keys to test with a month or so ago, and at the time using a Security Key was an option on first account setup, i.e. after you have provided your microsoft ID and password you are then taken to the Initial Setup wizard.
However on testing it now seems like the only options present to the user on initial setup are Authenticator, Hardware Token, and Phone Number.
Why / has Microsoft changed approach here, and is there an option to permit use of a Security Key at this step? For the life of me I can not find a setting for this within the Admin Console.
It is worth noting that we can use Authenticator on this screen to complete the process, then go to Microsoft Account Security page, add a secondary means of MFA (Security Key), and then delete the original Authenticator method, leaving us with just the Security Key. Of course, this is not practical given we intended to be totally hands-off with our deployment.
https://redd.it/1niiurn
@r_systemadmin
Hello everyone, I've stumbled across a hitch with our MFA expansion on Microsoft 365 and wondered if this community had some answers.
We bought a handful of FIDO2 keys to test with a month or so ago, and at the time using a Security Key was an option on first account setup, i.e. after you have provided your microsoft ID and password you are then taken to the Initial Setup wizard.
However on testing it now seems like the only options present to the user on initial setup are Authenticator, Hardware Token, and Phone Number.
Why / has Microsoft changed approach here, and is there an option to permit use of a Security Key at this step? For the life of me I can not find a setting for this within the Admin Console.
It is worth noting that we can use Authenticator on this screen to complete the process, then go to Microsoft Account Security page, add a secondary means of MFA (Security Key), and then delete the original Authenticator method, leaving us with just the Security Key. Of course, this is not practical given we intended to be totally hands-off with our deployment.
https://redd.it/1niiurn
@r_systemadmin
Reddit
From the sysadmin community on Reddit
Explore this post and more from the sysadmin community
Windows Management Instrumentation Command-line (WMIC) removal from Windows
Original publish date: September 12, 2025
KB ID: 5067470
Summary
The Windows Management Instrumentation Command-line (WMIC) tool is progressing toward the next phase for removal from Windows. WMIC will be removed when upgrading to Windows 11, version 25H2. All later releases for Windows 11 will not include WMIC added by default. A new installation of Windows 11, version 24H2 already has WMIC removed by default (it’s only installable as an optional feature). Importantly, only the WMIC tool is being removed – Windows Management Instrumentation (WMI) itself remains part of Windows. Microsoft recommends using PowerShell and other modern tools for any tasks previously done with WMIC.
https://support.microsoft.com/en-us/topic/windows-management-instrumentation-command-line-wmic-removal-from-windows-e9e83c7f-4992-477f-ba1d-96f694b8665d
https://redd.it/1nimb7e
@r_systemadmin
Original publish date: September 12, 2025
KB ID: 5067470
Summary
The Windows Management Instrumentation Command-line (WMIC) tool is progressing toward the next phase for removal from Windows. WMIC will be removed when upgrading to Windows 11, version 25H2. All later releases for Windows 11 will not include WMIC added by default. A new installation of Windows 11, version 24H2 already has WMIC removed by default (it’s only installable as an optional feature). Importantly, only the WMIC tool is being removed – Windows Management Instrumentation (WMI) itself remains part of Windows. Microsoft recommends using PowerShell and other modern tools for any tasks previously done with WMIC.
https://support.microsoft.com/en-us/topic/windows-management-instrumentation-command-line-wmic-removal-from-windows-e9e83c7f-4992-477f-ba1d-96f694b8665d
https://redd.it/1nimb7e
@r_systemadmin
Reddit
From the sysadmin community on Reddit
Explore this post and more from the sysadmin community
User training
We’re having some problems with user training falling behind due to high turnover.
Who handles training on enterprise apps in your environment? Until recently, we had reliable trusted users who have reached a level of expertise- those folks do most of the in depth training. From my perspective, our job is to install it, we don’t use it and are therefore not experts and by extension not competent enough to provide training.
Edit: thanks for the input, I needed the sanity check.
https://redd.it/1nijs0n
@r_systemadmin
We’re having some problems with user training falling behind due to high turnover.
Who handles training on enterprise apps in your environment? Until recently, we had reliable trusted users who have reached a level of expertise- those folks do most of the in depth training. From my perspective, our job is to install it, we don’t use it and are therefore not experts and by extension not competent enough to provide training.
Edit: thanks for the input, I needed the sanity check.
https://redd.it/1nijs0n
@r_systemadmin
Reddit
From the sysadmin community on Reddit
Explore this post and more from the sysadmin community
In 2025 Employers are offering IT workers significantly less money
In 2025 Employers are offering IT workers significantly less money that 2014 - 2025. And possibly earlier.
The cost of living is going up. The pay for your typical IT jobs appear to be going down.
I would encourage anyone working in IT, not to just accept anything for your salary and know your worth. It's one thing for an employer to to hire someone less qualified to save money, Their choice, but they will spend time an resources training that person. But for qualified people to take a job significantly less than the average pay for that position, is killing the worth of an IT worker. I didn't know if it was just me noticing this, but after asking around, this is happening a lot.
https://redd.it/1niq4xv
@r_systemadmin
In 2025 Employers are offering IT workers significantly less money that 2014 - 2025. And possibly earlier.
The cost of living is going up. The pay for your typical IT jobs appear to be going down.
I would encourage anyone working in IT, not to just accept anything for your salary and know your worth. It's one thing for an employer to to hire someone less qualified to save money, Their choice, but they will spend time an resources training that person. But for qualified people to take a job significantly less than the average pay for that position, is killing the worth of an IT worker. I didn't know if it was just me noticing this, but after asking around, this is happening a lot.
https://redd.it/1niq4xv
@r_systemadmin
Windows Pipes screensaver gave me mega billable hours (funny)
In the early 2000s, I was a contractor that would consult to various firms. One of my clients was an accounting firm running Accpacc accounting software (client / server ). I got frantic calls from them over several weeks that "the server is slow" (NT 4.0). I show up, go to the server, turn on the CRT monitor (which takes time to warm up) and jiggle the mouse to get the login screen. I login, and they go "oh thank god you fixed it" and I would leave, 2 hours later they would call, same problem.
This continued for weeks. Finally I said look I'm just going to camp out here for a day, and get to the bottom of it. I'm hanging out, eating lunch and they said to me "it's happening again" and I ran to the server...and I discovered what the issue was.
Someone had enabled the Windows Pipes screensaver, and the CPU would spike like crazy rendering it...on the server. I changed it back to "black screen". Problem solved.
They were not happy to get the bill it was something like 2-3k.
https://redd.it/1nityjb
@r_systemadmin
In the early 2000s, I was a contractor that would consult to various firms. One of my clients was an accounting firm running Accpacc accounting software (client / server ). I got frantic calls from them over several weeks that "the server is slow" (NT 4.0). I show up, go to the server, turn on the CRT monitor (which takes time to warm up) and jiggle the mouse to get the login screen. I login, and they go "oh thank god you fixed it" and I would leave, 2 hours later they would call, same problem.
This continued for weeks. Finally I said look I'm just going to camp out here for a day, and get to the bottom of it. I'm hanging out, eating lunch and they said to me "it's happening again" and I ran to the server...and I discovered what the issue was.
Someone had enabled the Windows Pipes screensaver, and the CPU would spike like crazy rendering it...on the server. I changed it back to "black screen". Problem solved.
They were not happy to get the bill it was something like 2-3k.
https://redd.it/1nityjb
@r_systemadmin
Reddit
From the sysadmin community on Reddit
Explore this post and more from the sysadmin community
Reason for burnout
Saw this video on either insta or reddit. It talked about the reasons for burnout in any sector, and it made a very interesting point. It stated that burnout wasn't due to the volume of work, but more so the lack of structure to how the work was given to you. Also mentioned that managers aren't protecting their staff against predatory behaviour from other departments. As someone that deals with endpoints, everything is an IT problem because it hits the endpoint. Server issues, software upgrades, OS patching, etc etc. Some issues are a lack of training, wrong documentation or straight up HR or finance issues. Definitely not IT. But, it hits the computer, so it's on us. How does your leadership team deal with this?
https://redd.it/1niun8s
@r_systemadmin
Saw this video on either insta or reddit. It talked about the reasons for burnout in any sector, and it made a very interesting point. It stated that burnout wasn't due to the volume of work, but more so the lack of structure to how the work was given to you. Also mentioned that managers aren't protecting their staff against predatory behaviour from other departments. As someone that deals with endpoints, everything is an IT problem because it hits the endpoint. Server issues, software upgrades, OS patching, etc etc. Some issues are a lack of training, wrong documentation or straight up HR or finance issues. Definitely not IT. But, it hits the computer, so it's on us. How does your leadership team deal with this?
https://redd.it/1niun8s
@r_systemadmin
Reddit
From the sysadmin community on Reddit
Explore this post and more from the sysadmin community