Anyone Else Miss Classroom Training?
The pandemic did at least give some us hybrid/WFH which we may still have but I do admit I miss going on courses. I'm in England so it was a a week staying in London or other major city. Great to be away from the office.
Online courses just don't interest me at all.
https://redd.it/1niv4gk
@r_systemadmin
The pandemic did at least give some us hybrid/WFH which we may still have but I do admit I miss going on courses. I'm in England so it was a a week staying in London or other major city. Great to be away from the office.
Online courses just don't interest me at all.
https://redd.it/1niv4gk
@r_systemadmin
Reddit
From the sysadmin community on Reddit
Explore this post and more from the sysadmin community
My new job has a resident grouchy wizard... Again.
I recently started a new job supporting a bunch of somewhat legacy stuff as they modernize. As a millennial, I am one of the younger people on the team of mostly genX and some boomers. One of said GenX is treated like a god. Their rude, shitty attitude is not only tolerated, they are coddled because everyone else seems to think they are simply the best and irreplicable. Everything they say is treated as fact and the 'wizard' is extremely territorial over everything they work on so nobody really understands the things they maintain.
In a cruel twist of fate, I've worked with this 'wizard' before at a previous job. Their shitty attitude and hording of institutional knowledge is what inspired me to do completely the opposite in my career. I will train anyone on what I do, share any knowledge that I have. I'll push others to learn critical things I do so someone will know how to do it when I leave. I have learned through personal experience that teaching has greatly deepened my own understanding and that is why I am in a senior position to people 15+ years older than me.
Now I am stuck in a tough position. Though I am younger, I am senior staff and I have knowledge on par with the 'wizard' in many areas, and much more in some. Through my openness, I have gained respect. So when the wizard says "we don't use Kerberos" to our boss in a windows domain environment, how the fuck should I respond!?
That was rhetorical. I'm just pissed I have to dance around some aging jerks office politics when it comes to basic facts because of their enormous ego. This isn't a new situation to me, I've been dealing with things like this for many years.
I'm just sick of having to deal with this living stereotype over and over for decades. I strive not to be that guy because I know what it's like to fix the mess they leave. In this case literally.
Don't be that guy.
https://redd.it/1nj1eo6
@r_systemadmin
I recently started a new job supporting a bunch of somewhat legacy stuff as they modernize. As a millennial, I am one of the younger people on the team of mostly genX and some boomers. One of said GenX is treated like a god. Their rude, shitty attitude is not only tolerated, they are coddled because everyone else seems to think they are simply the best and irreplicable. Everything they say is treated as fact and the 'wizard' is extremely territorial over everything they work on so nobody really understands the things they maintain.
In a cruel twist of fate, I've worked with this 'wizard' before at a previous job. Their shitty attitude and hording of institutional knowledge is what inspired me to do completely the opposite in my career. I will train anyone on what I do, share any knowledge that I have. I'll push others to learn critical things I do so someone will know how to do it when I leave. I have learned through personal experience that teaching has greatly deepened my own understanding and that is why I am in a senior position to people 15+ years older than me.
Now I am stuck in a tough position. Though I am younger, I am senior staff and I have knowledge on par with the 'wizard' in many areas, and much more in some. Through my openness, I have gained respect. So when the wizard says "we don't use Kerberos" to our boss in a windows domain environment, how the fuck should I respond!?
That was rhetorical. I'm just pissed I have to dance around some aging jerks office politics when it comes to basic facts because of their enormous ego. This isn't a new situation to me, I've been dealing with things like this for many years.
I'm just sick of having to deal with this living stereotype over and over for decades. I strive not to be that guy because I know what it's like to fix the mess they leave. In this case literally.
Don't be that guy.
https://redd.it/1nj1eo6
@r_systemadmin
Reddit
From the sysadmin community on Reddit
Explore this post and more from the sysadmin community
What do you name your computers
I admin a small company of about 50 total users. We are about to do a computer refresh. Just wondering what kind of naming convention people use for their computers in AD.
https://redd.it/1nj1iv7
@r_systemadmin
I admin a small company of about 50 total users. We are about to do a computer refresh. Just wondering what kind of naming convention people use for their computers in AD.
https://redd.it/1nj1iv7
@r_systemadmin
Reddit
From the sysadmin community on Reddit
Explore this post and more from the sysadmin community
PSA: Chromium 141 will impact OneDrive & SharePoint Offline Access
Chromium 141 (end of September 2025) introduces a new privacy feature that prompts users for local network access!
When users access OneDrive for Web, SharePoint Document Libraries, or Microsoft Lists, they’ll see a prompt. If they hit Deny, they lose performance acceleration and offline functionality in OneDrive for Web.
Fix: Configure the local network browser policy on managed devices. This suppresses the prompts, keeps offline access intact, and preserves performance.
https://redd.it/1nj4th7
@r_systemadmin
Chromium 141 (end of September 2025) introduces a new privacy feature that prompts users for local network access!
When users access OneDrive for Web, SharePoint Document Libraries, or Microsoft Lists, they’ll see a prompt. If they hit Deny, they lose performance acceleration and offline functionality in OneDrive for Web.
Fix: Configure the local network browser policy on managed devices. This suppresses the prompts, keeps offline access intact, and preserves performance.
https://redd.it/1nj4th7
@r_systemadmin
Reddit
From the sysadmin community on Reddit
Explore this post and more from the sysadmin community
Are you still mostly running Cisco, or have you switched some gear to other vendors?
Hey folks, curious about how others are handling this.
Our org has been a mostly Cisco shop for years—core and distribution layer are all 9K/9300 series, and a lot of the edge access is Cisco as well. We get pretty deep discounts, which helps, but man, list prices are still insane if you look at them without the discount. Sometimes it feels like you’re paying double for the “brand” rather than actual capabilities. We did a small test with Arista in one of our DCs, mostly to see if we could consolidate some of the fabric. Tech-wise, it worked fine, but the automation and existing workflows we have for Cisco made it more trouble than it was worth. So for now, Cisco still dominates in our environment.
How are you balancing Cisco vs other vendors in your network these days?
https://redd.it/1nj7sth
@r_systemadmin
Hey folks, curious about how others are handling this.
Our org has been a mostly Cisco shop for years—core and distribution layer are all 9K/9300 series, and a lot of the edge access is Cisco as well. We get pretty deep discounts, which helps, but man, list prices are still insane if you look at them without the discount. Sometimes it feels like you’re paying double for the “brand” rather than actual capabilities. We did a small test with Arista in one of our DCs, mostly to see if we could consolidate some of the fabric. Tech-wise, it worked fine, but the automation and existing workflows we have for Cisco made it more trouble than it was worth. So for now, Cisco still dominates in our environment.
How are you balancing Cisco vs other vendors in your network these days?
https://redd.it/1nj7sth
@r_systemadmin
Reddit
From the sysadmin community on Reddit
Explore this post and more from the sysadmin community
Is AI really improving cybersecurity?
I keep seeing vendors throwing around “AI-powered” this and “machine learning detection” that, but mostly it is just dashboards, alerts, and noise. From what I’ve seen, the real issue is that AI usually gets bolted on as another point solution…. instead of being built directly into the network. That makes it too slow and blind to a lot of traffic. I have not yet tried platforms that bake AI into a SASE platform. So i cant tell whether they make any difference. Thoughts?
https://redd.it/1nj9sv1
@r_systemadmin
I keep seeing vendors throwing around “AI-powered” this and “machine learning detection” that, but mostly it is just dashboards, alerts, and noise. From what I’ve seen, the real issue is that AI usually gets bolted on as another point solution…. instead of being built directly into the network. That makes it too slow and blind to a lot of traffic. I have not yet tried platforms that bake AI into a SASE platform. So i cant tell whether they make any difference. Thoughts?
https://redd.it/1nj9sv1
@r_systemadmin
Reddit
From the sysadmin community on Reddit
Explore this post and more from the sysadmin community
Big-Wig security manager wants to convince us plotters aren't printers
The dipshit know-nothing in charge of system security started arguing with our management about whether plotters count as printers. Apparently he doesn't think it's enough that they reproduce digital documents onto paper like printers do, use the same protocols that printers do, and are setup on the same print server that printers are.
I'm pretty sure the reason is somebody doesn't want to follow the configuration guides for printers, and he's trying to find a way to tell them they don't need to do the things required by our regulations.
I do not approve.
https://redd.it/1njbezx
@r_systemadmin
The dipshit know-nothing in charge of system security started arguing with our management about whether plotters count as printers. Apparently he doesn't think it's enough that they reproduce digital documents onto paper like printers do, use the same protocols that printers do, and are setup on the same print server that printers are.
I'm pretty sure the reason is somebody doesn't want to follow the configuration guides for printers, and he's trying to find a way to tell them they don't need to do the things required by our regulations.
I do not approve.
https://redd.it/1njbezx
@r_systemadmin
Reddit
From the sysadmin community on Reddit
Explore this post and more from the sysadmin community
How do you get your entire company to actually care about and acknowledge security policies?
We have policies. Nobody reads them. We need attestations and it's like pulling teeth to get people to complete them. The manual tracking of who has and hasn't acknowledged policies is a time sink. How do you create a culture of compliance and, more practically, how do you automate the tracking and reminding so it's not a constant manual hassle?
https://redd.it/1njbak9
@r_systemadmin
We have policies. Nobody reads them. We need attestations and it's like pulling teeth to get people to complete them. The manual tracking of who has and hasn't acknowledged policies is a time sink. How do you create a culture of compliance and, more practically, how do you automate the tracking and reminding so it's not a constant manual hassle?
https://redd.it/1njbak9
@r_systemadmin
Reddit
From the sysadmin community on Reddit
Explore this post and more from the sysadmin community
Best enterprise password manager? (~200 seats, mostly Mac + Windows)
Our company has about 200 users split between Mac and Windows, and is finally serious about a password manager. While I'm all for security, im also under immense pressure to find a solution that is cost-effective and provides demonstrable ROI and business value, and I have smug morons breathing down my neck over this. The budget is tight, and I'm frankly exhausted by the current trend of freemium products that does nothing but lock essential features behind paywalls.
I've personally been burned by services like Defguard and Rustdesk, where after investing time in setup, I find features critical for even basic team setup requiring monthly subnoscriptions, often without month-to-month options. It’s just not sustainable and completely defeats the purpose of self-hosting for me. I want as much control over data as possible and ideally, no recurring subnoscriptions. Also if I mess this up, the aforementioned morons will have a field day, and I dont wanna give them the satisfaction.
Every other option feels like a bait-and-switch, using self-hosted or open source as a marketing scheme only to push enterprise SaaS pricing.
Because of this im heavily leaning towards solutions that offer transparent pricing or, if finding this unicorn is possible, an open source self hosted option. Not likely possible tho if I’m being honest with myself here. Vaultwarden looks decent, allows me to host my own instance, theoretically cutting costs and increasing data control, but thats all there is to it i guess. KeePass and its various clients are also appealing because they operate entirely offline and don't require server infrastructure, inherently free beyond initial setup.
Finally, Passwork claims to offer enterprise-grade security at a sustainable cost with a 30% lower TCO than competitors, which is an interesting claim. However, I need to dig into that to ensure it’s not another hidden subnoscription trap, and I haven’t found many reddit threads about it either. I have no first hand reviews of it, so I’d like those if someone has experience with it
I understand developers need to eat, and I'm not against paying for quality software or support. I regularly donate to projects I value but the "pay a cloud service amount to self-host" model is again just not sustainable for us and imho predatory for the most part.
For those of you who've successfully implemented an enterprise password manager on a budget, particularly with self-hosted solutions, what were your total costs? And do please share if you ran into any vendor lock-in or surprise paywalls, and how you avoided them. Seriously, would appreciate the advice. And sorry for the ramblings, I’ve been under some stress lately
https://redd.it/1njcpcn
@r_systemadmin
Our company has about 200 users split between Mac and Windows, and is finally serious about a password manager. While I'm all for security, im also under immense pressure to find a solution that is cost-effective and provides demonstrable ROI and business value, and I have smug morons breathing down my neck over this. The budget is tight, and I'm frankly exhausted by the current trend of freemium products that does nothing but lock essential features behind paywalls.
I've personally been burned by services like Defguard and Rustdesk, where after investing time in setup, I find features critical for even basic team setup requiring monthly subnoscriptions, often without month-to-month options. It’s just not sustainable and completely defeats the purpose of self-hosting for me. I want as much control over data as possible and ideally, no recurring subnoscriptions. Also if I mess this up, the aforementioned morons will have a field day, and I dont wanna give them the satisfaction.
Every other option feels like a bait-and-switch, using self-hosted or open source as a marketing scheme only to push enterprise SaaS pricing.
Because of this im heavily leaning towards solutions that offer transparent pricing or, if finding this unicorn is possible, an open source self hosted option. Not likely possible tho if I’m being honest with myself here. Vaultwarden looks decent, allows me to host my own instance, theoretically cutting costs and increasing data control, but thats all there is to it i guess. KeePass and its various clients are also appealing because they operate entirely offline and don't require server infrastructure, inherently free beyond initial setup.
Finally, Passwork claims to offer enterprise-grade security at a sustainable cost with a 30% lower TCO than competitors, which is an interesting claim. However, I need to dig into that to ensure it’s not another hidden subnoscription trap, and I haven’t found many reddit threads about it either. I have no first hand reviews of it, so I’d like those if someone has experience with it
I understand developers need to eat, and I'm not against paying for quality software or support. I regularly donate to projects I value but the "pay a cloud service amount to self-host" model is again just not sustainable for us and imho predatory for the most part.
For those of you who've successfully implemented an enterprise password manager on a budget, particularly with self-hosted solutions, what were your total costs? And do please share if you ran into any vendor lock-in or surprise paywalls, and how you avoided them. Seriously, would appreciate the advice. And sorry for the ramblings, I’ve been under some stress lately
https://redd.it/1njcpcn
@r_systemadmin
Reddit
From the sysadmin community on Reddit
Explore this post and more from the sysadmin community
Sonicwall security breach: cloud backups compromised
I didn't see this posted yet.
Sonicwall cloud backups have been compromised.
https://www.sonicwall.com/support/knowledge-base/mysonicwall-cloud-backup-file-incident/250915160910330
Steps are to reset everything.
https://www.sonicwall.com/support/knowledge-base/essential-credential-reset/250909151701590
Anyone changing subnets and host IPs too?
https://redd.it/1njdtn5
@r_systemadmin
I didn't see this posted yet.
Sonicwall cloud backups have been compromised.
https://www.sonicwall.com/support/knowledge-base/mysonicwall-cloud-backup-file-incident/250915160910330
Steps are to reset everything.
https://www.sonicwall.com/support/knowledge-base/essential-credential-reset/250909151701590
Anyone changing subnets and host IPs too?
https://redd.it/1njdtn5
@r_systemadmin
Reddit
From the sysadmin community on Reddit
Explore this post and more from the sysadmin community
Typos in Dell SupportAssist Upgrade Tool
While running the Dell SupportAssist Upgrade Tool last night I noticed the ridiculous amount of typos as the app is running and giving feedback. This app was obviously written by someone whose primary language is not English. That's fine, but come on Dell. ZERO effort in QA here. They just pushed out this tool to the public.
https://redd.it/1njjvza
@r_systemadmin
While running the Dell SupportAssist Upgrade Tool last night I noticed the ridiculous amount of typos as the app is running and giving feedback. This app was obviously written by someone whose primary language is not English. That's fine, but come on Dell. ZERO effort in QA here. They just pushed out this tool to the public.
https://redd.it/1njjvza
@r_systemadmin
Reddit
From the sysadmin community on Reddit
Explore this post and more from the sysadmin community
Is there a device that makes 1-man switch mounting non-miserable?
Mounting Cisco switches (and other vendors, for that matter) in a rack is a major pain when going solo. Server lifts are godsends when needed, but are also a pain to get and use.
Is there some device that can be inserted in a 4-post rack that can temporarily hold a switch in place while mounting it?
Of course mounting switches directly above a server is easy. It’s those switches that are mounted around 38-39U that have nothing above them or nothing in close proximity below them. Sound needs to be to hold anything above 25lbs.
And 20x bonus points if it’s easily portable and can fit in a carry-on bag
https://redd.it/1njkyv3
@r_systemadmin
Mounting Cisco switches (and other vendors, for that matter) in a rack is a major pain when going solo. Server lifts are godsends when needed, but are also a pain to get and use.
Is there some device that can be inserted in a 4-post rack that can temporarily hold a switch in place while mounting it?
Of course mounting switches directly above a server is easy. It’s those switches that are mounted around 38-39U that have nothing above them or nothing in close proximity below them. Sound needs to be to hold anything above 25lbs.
And 20x bonus points if it’s easily portable and can fit in a carry-on bag
https://redd.it/1njkyv3
@r_systemadmin
Reddit
From the sysadmin community on Reddit
Explore this post and more from the sysadmin community
AC Company Thermostat Demands
AC company demanded port forwarding for their AC controller. I reluctantly set it up. A year later they add a 2nd controller and port forwarding doesn't work. Still connects on local network, but forces HTTPS to HTTP. I tell them they never set it up with a certificate. They bark back that their device is secure and I don't know how to port forward. Now they want a VPN, which the basic ISP router does not offer. They want a VPN router put in.
I say no and that if I can buy a $100 honeywell thermostat from walmart and that I can log on that thing on homeywell.com and control it, securely, there is no reason their controller can't do the same. Or, if that is beyond their ability, they can place a PC on network with a remote service and that device will be allowed to connect with the controllers locally.
AITA? What say ye? Which way is most secure / common in 2025?
* To clarify, this is a million dollar AC system and a $30k custom controller. I have the same instance with the same company for a few buildings. It is the local Trane fabrication facility and their regional security officer making the demands.
** Follow up
Basic ISP router because it is a separate building. Only has the AC and 2 computers with unique roles that needed separate upload bandwidth, but don't perform business work.
AC company basically says fine, don't do it. We will bill you for 2 guys, a van, and drive time any time we need to check the stats. My employer is fairly married into the system with these guys. Not many can work on old, custom trane systems.
I do have it as separate network at other sites using port forward (sites that have a business firewall).
I guess the crux question is: is it safer to not have port forwarding but to use VPN to network, or to have port forwarding without VPN. Or with a PC with remotePC or whatever on it and none of that jazz (my choice). They are rejecting the PC idea. Guess the business will have to buy another enterprise router and pay annual fees for it. Cheaper than AC guys coming out...
Thanks for the support. They treat you like you're the crazy one, and sometimes you start to believe it...
https://redd.it/1njh3v1
@r_systemadmin
AC company demanded port forwarding for their AC controller. I reluctantly set it up. A year later they add a 2nd controller and port forwarding doesn't work. Still connects on local network, but forces HTTPS to HTTP. I tell them they never set it up with a certificate. They bark back that their device is secure and I don't know how to port forward. Now they want a VPN, which the basic ISP router does not offer. They want a VPN router put in.
I say no and that if I can buy a $100 honeywell thermostat from walmart and that I can log on that thing on homeywell.com and control it, securely, there is no reason their controller can't do the same. Or, if that is beyond their ability, they can place a PC on network with a remote service and that device will be allowed to connect with the controllers locally.
AITA? What say ye? Which way is most secure / common in 2025?
* To clarify, this is a million dollar AC system and a $30k custom controller. I have the same instance with the same company for a few buildings. It is the local Trane fabrication facility and their regional security officer making the demands.
** Follow up
Basic ISP router because it is a separate building. Only has the AC and 2 computers with unique roles that needed separate upload bandwidth, but don't perform business work.
AC company basically says fine, don't do it. We will bill you for 2 guys, a van, and drive time any time we need to check the stats. My employer is fairly married into the system with these guys. Not many can work on old, custom trane systems.
I do have it as separate network at other sites using port forward (sites that have a business firewall).
I guess the crux question is: is it safer to not have port forwarding but to use VPN to network, or to have port forwarding without VPN. Or with a PC with remotePC or whatever on it and none of that jazz (my choice). They are rejecting the PC idea. Guess the business will have to buy another enterprise router and pay annual fees for it. Cheaper than AC guys coming out...
Thanks for the support. They treat you like you're the crazy one, and sometimes you start to believe it...
https://redd.it/1njh3v1
@r_systemadmin
Reddit
From the sysadmin community on Reddit
Explore this post and more from the sysadmin community
How long were you a developer before moving to sysadmin?
Question in noscript.
I know the answer will be 0 days for many, but for those of you who use to be a software developer, how long were you doing that before you became a systems administrator?
And following question, do you wish more of your peers had a similar background?
https://redd.it/1njtd79
@r_systemadmin
Question in noscript.
I know the answer will be 0 days for many, but for those of you who use to be a software developer, how long were you doing that before you became a systems administrator?
And following question, do you wish more of your peers had a similar background?
https://redd.it/1njtd79
@r_systemadmin
Reddit
From the sysadmin community on Reddit
Explore this post and more from the sysadmin community
I think this subreddit managed to give me a reality check..
Saying this as a High School Senior
Wanting to become a sysadmin in the future almost seems uncertain and almost slightly demotivating for getting into IT as a whole..
I still want to at least try as I’ve had a passion for it (and technology in general) but it almost makes me question if I should even bother as I’d rather not get into trades, plus wages in south florida aren’t exactly the best.
And going to the military doesn’t seem that ideal to me either.
Am I just overthinking things currently or would things “maybe” get better?
https://redd.it/1njwgs2
@r_systemadmin
Saying this as a High School Senior
Wanting to become a sysadmin in the future almost seems uncertain and almost slightly demotivating for getting into IT as a whole..
I still want to at least try as I’ve had a passion for it (and technology in general) but it almost makes me question if I should even bother as I’d rather not get into trades, plus wages in south florida aren’t exactly the best.
And going to the military doesn’t seem that ideal to me either.
Am I just overthinking things currently or would things “maybe” get better?
https://redd.it/1njwgs2
@r_systemadmin
Reddit
From the sysadmin community on Reddit
Explore this post and more from the sysadmin community
The Daunting Task of App Deployment through Company Portal.
My manager has tasked me with deploying all of our apps through Company portal. All 200+ of them across about 1,000 users. Most of the apps have an exe only and ends up writing a registry key to who the hell knows so validation is tough. It takes me 9-10 tries to test deploy an app on a test machine before it starts to look like it’s working.
And then just pray it doesn’t need an update for a while or I’m doing it all over again. For every app.
Then there are these apps that need .NET 8 to supersede and a couple hotfixes before you can even try to run the executable. I’ve gotten that to work a total of 0 times.
Please tell me I’m an idiot and there’s a better way to do this. It’s my first major project in my career and I don’t want to kill it through a lack of ability. While I should have set some boundaries early, I jumped at the chance to take on something that wasn’t glorified help desk.
https://redd.it/1njwqje
@r_systemadmin
My manager has tasked me with deploying all of our apps through Company portal. All 200+ of them across about 1,000 users. Most of the apps have an exe only and ends up writing a registry key to who the hell knows so validation is tough. It takes me 9-10 tries to test deploy an app on a test machine before it starts to look like it’s working.
And then just pray it doesn’t need an update for a while or I’m doing it all over again. For every app.
Then there are these apps that need .NET 8 to supersede and a couple hotfixes before you can even try to run the executable. I’ve gotten that to work a total of 0 times.
Please tell me I’m an idiot and there’s a better way to do this. It’s my first major project in my career and I don’t want to kill it through a lack of ability. While I should have set some boundaries early, I jumped at the chance to take on something that wasn’t glorified help desk.
https://redd.it/1njwqje
@r_systemadmin
Reddit
From the sysadmin community on Reddit
Explore this post and more from the sysadmin community
Thickheaded Thursday - September 18, 2025
Howdy, /r/sysadmin!
It's that time of the week, Thickheaded Thursday! This is a safe (mostly) judgement-free environment for all of your questions and stories, no matter how silly you think they are. Anybody can answer questions! My name is AutoModerator and I've taken over responsibility for posting these weekly threads so you don't have to worry about anything except your comments!
https://redd.it/1nk44zf
@r_systemadmin
Howdy, /r/sysadmin!
It's that time of the week, Thickheaded Thursday! This is a safe (mostly) judgement-free environment for all of your questions and stories, no matter how silly you think they are. Anybody can answer questions! My name is AutoModerator and I've taken over responsibility for posting these weekly threads so you don't have to worry about anything except your comments!
https://redd.it/1nk44zf
@r_systemadmin
Reddit
From the sysadmin community on Reddit
Explore this post and more from the sysadmin community
CA policy blocking Office 365, blocks https://myaccount.microsoft.com/ also?
We implemented CA policies that:
block Office 365 access from unmanaged devices (isCompliant = False, any device platform except Android & iPhone)
force APP / MAM-WE for Office 365 (Android and iPhone only)
Some of our users have company email, but no company devices (production workers). They should be able to register and maintain their MFA from unmanaged devices. But with these policies in place (both targeted to the Office 365 resource), users from unmanaged devices can access https://mysignins.microsoft.com/ and https://aka.ms/mfasetup, but they cant access https://myaccount.microsoft.com/ . The second policy applies APP which results in 'sign in with edge browser' message.
I excluded 'My Profile' 8c59ead7-d703-4a27-9e55-c96a0054c8d2 since it came up in the logs. After that MS Graph popped up and i decided to pause, since i'm unsure this is the way. Excluding MS Graph is likely a security issue.
Am i going at this the wrong way?
https://redd.it/1nk4o5f
@r_systemadmin
We implemented CA policies that:
block Office 365 access from unmanaged devices (isCompliant = False, any device platform except Android & iPhone)
force APP / MAM-WE for Office 365 (Android and iPhone only)
Some of our users have company email, but no company devices (production workers). They should be able to register and maintain their MFA from unmanaged devices. But with these policies in place (both targeted to the Office 365 resource), users from unmanaged devices can access https://mysignins.microsoft.com/ and https://aka.ms/mfasetup, but they cant access https://myaccount.microsoft.com/ . The second policy applies APP which results in 'sign in with edge browser' message.
I excluded 'My Profile' 8c59ead7-d703-4a27-9e55-c96a0054c8d2 since it came up in the logs. After that MS Graph popped up and i decided to pause, since i'm unsure this is the way. Excluding MS Graph is likely a security issue.
Am i going at this the wrong way?
https://redd.it/1nk4o5f
@r_systemadmin
Reddit
From the sysadmin community on Reddit
Explore this post and more from the sysadmin community
Sys admin Pranks
What pranks did you pull on others to make daily life go better or just to be a PITA
About 20 years ago i was in our modest server room, some racking with about 12 p3 full tower cases, the room was in effect a converted office, with air con (recirculating)and an alarm. one day i'm working in there and i let rip, i didn't think much of it, until 3 hours later. when i got a call from one of the other sys admins. he got hit full force in the face with the smell from hell, yep it stank to high heaven and yes i chuckle even now about it
https://redd.it/1nk56rq
@r_systemadmin
What pranks did you pull on others to make daily life go better or just to be a PITA
About 20 years ago i was in our modest server room, some racking with about 12 p3 full tower cases, the room was in effect a converted office, with air con (recirculating)and an alarm. one day i'm working in there and i let rip, i didn't think much of it, until 3 hours later. when i got a call from one of the other sys admins. he got hit full force in the face with the smell from hell, yep it stank to high heaven and yes i chuckle even now about it
https://redd.it/1nk56rq
@r_systemadmin
Reddit
From the sysadmin community on Reddit
Explore this post and more from the sysadmin community
Just found out we had 200+ shadow APIs after getting pwned
So last month we got absolutely rekt and during the forensics they found over 200 undocumented APIs in prod that nobody knew existed. Including me and I'm supposedly the one who knows our infrastructure.
The attackers used some random endpoint that one of the frontend devs spun up 6 months ago for "testing" and never tore down. Never told anyone about it, never added it to our docs, just sitting there wide open scraping customer data.
Our fancy API security scanner? Useless. Only finds stuff thats in our OpenAPI specs. Network monitoring? Nada. SIEM alerts? What SIEM alerts.
Now compliance is breathing down my neck asking for complete API inventory and I'm like... bro I don't even know what's running half the time. Every sprint someone deploys a "quick webhook" or "temp integration" that somehow becomes permanent.
grep -r "app.get|app.post" across our entire codebase returned like 500+ routes I've never seen before. Half of them don't even have auth middleware.
Anyone else dealing with this nightmare? How tf do you track APIs when devs are constantly spinning up new stuff? The whole "just document it" approach died the moment we went agile.
Really wish there was some way to just see whats actually listening on ports in real time instead of trusting our deployment docs that are 3 months out of date.
This whole thing could've been avoided if we just knew what was actually running vs what we thought was running.
https://redd.it/1nk7jpr
@r_systemadmin
So last month we got absolutely rekt and during the forensics they found over 200 undocumented APIs in prod that nobody knew existed. Including me and I'm supposedly the one who knows our infrastructure.
The attackers used some random endpoint that one of the frontend devs spun up 6 months ago for "testing" and never tore down. Never told anyone about it, never added it to our docs, just sitting there wide open scraping customer data.
Our fancy API security scanner? Useless. Only finds stuff thats in our OpenAPI specs. Network monitoring? Nada. SIEM alerts? What SIEM alerts.
Now compliance is breathing down my neck asking for complete API inventory and I'm like... bro I don't even know what's running half the time. Every sprint someone deploys a "quick webhook" or "temp integration" that somehow becomes permanent.
grep -r "app.get|app.post" across our entire codebase returned like 500+ routes I've never seen before. Half of them don't even have auth middleware.
Anyone else dealing with this nightmare? How tf do you track APIs when devs are constantly spinning up new stuff? The whole "just document it" approach died the moment we went agile.
Really wish there was some way to just see whats actually listening on ports in real time instead of trusting our deployment docs that are 3 months out of date.
This whole thing could've been avoided if we just knew what was actually running vs what we thought was running.
https://redd.it/1nk7jpr
@r_systemadmin
Reddit
From the sysadmin community on Reddit
Explore this post and more from the sysadmin community
Hot desk booking software recommendations for 100 person hybrid office - any free solutions?
Our hybrid office is a becoming a bit of a mess so looking for an upgrade.
We've got 100 people fighting over maybe 60 desks at the moment, and are currently using a very DIY approach with Outlook calendar but it's just not cutting it for a proper hybrid setup.
From what I’ve seen online, I’m thinking that we need something more visual to make the whole process clearer for everyone.
Ideally I’d like something that still integrates with Outlook calendar and won’t bankrupt us (preferably free). And extra points if it’s easy to use so I don’t have to do this again in 3 months, defeated and sad.
I've been looking at Deskbird, Archie and a few others. Also considered Microsoft Places but wondering if that’s going be good enough?
Anyone using any of these (or better yet, know of something that’s free). Any pointers at all would be appreciated. Thanks!
https://redd.it/1nk5t6u
@r_systemadmin
Our hybrid office is a becoming a bit of a mess so looking for an upgrade.
We've got 100 people fighting over maybe 60 desks at the moment, and are currently using a very DIY approach with Outlook calendar but it's just not cutting it for a proper hybrid setup.
From what I’ve seen online, I’m thinking that we need something more visual to make the whole process clearer for everyone.
Ideally I’d like something that still integrates with Outlook calendar and won’t bankrupt us (preferably free). And extra points if it’s easy to use so I don’t have to do this again in 3 months, defeated and sad.
I've been looking at Deskbird, Archie and a few others. Also considered Microsoft Places but wondering if that’s going be good enough?
Anyone using any of these (or better yet, know of something that’s free). Any pointers at all would be appreciated. Thanks!
https://redd.it/1nk5t6u
@r_systemadmin
Reddit
From the sysadmin community on Reddit
Explore this post and more from the sysadmin community