Sys admin Pranks
What pranks did you pull on others to make daily life go better or just to be a PITA
About 20 years ago i was in our modest server room, some racking with about 12 p3 full tower cases, the room was in effect a converted office, with air con (recirculating)and an alarm. one day i'm working in there and i let rip, i didn't think much of it, until 3 hours later. when i got a call from one of the other sys admins. he got hit full force in the face with the smell from hell, yep it stank to high heaven and yes i chuckle even now about it
https://redd.it/1nk56rq
@r_systemadmin
What pranks did you pull on others to make daily life go better or just to be a PITA
About 20 years ago i was in our modest server room, some racking with about 12 p3 full tower cases, the room was in effect a converted office, with air con (recirculating)and an alarm. one day i'm working in there and i let rip, i didn't think much of it, until 3 hours later. when i got a call from one of the other sys admins. he got hit full force in the face with the smell from hell, yep it stank to high heaven and yes i chuckle even now about it
https://redd.it/1nk56rq
@r_systemadmin
Reddit
From the sysadmin community on Reddit
Explore this post and more from the sysadmin community
Just found out we had 200+ shadow APIs after getting pwned
So last month we got absolutely rekt and during the forensics they found over 200 undocumented APIs in prod that nobody knew existed. Including me and I'm supposedly the one who knows our infrastructure.
The attackers used some random endpoint that one of the frontend devs spun up 6 months ago for "testing" and never tore down. Never told anyone about it, never added it to our docs, just sitting there wide open scraping customer data.
Our fancy API security scanner? Useless. Only finds stuff thats in our OpenAPI specs. Network monitoring? Nada. SIEM alerts? What SIEM alerts.
Now compliance is breathing down my neck asking for complete API inventory and I'm like... bro I don't even know what's running half the time. Every sprint someone deploys a "quick webhook" or "temp integration" that somehow becomes permanent.
grep -r "app.get|app.post" across our entire codebase returned like 500+ routes I've never seen before. Half of them don't even have auth middleware.
Anyone else dealing with this nightmare? How tf do you track APIs when devs are constantly spinning up new stuff? The whole "just document it" approach died the moment we went agile.
Really wish there was some way to just see whats actually listening on ports in real time instead of trusting our deployment docs that are 3 months out of date.
This whole thing could've been avoided if we just knew what was actually running vs what we thought was running.
https://redd.it/1nk7jpr
@r_systemadmin
So last month we got absolutely rekt and during the forensics they found over 200 undocumented APIs in prod that nobody knew existed. Including me and I'm supposedly the one who knows our infrastructure.
The attackers used some random endpoint that one of the frontend devs spun up 6 months ago for "testing" and never tore down. Never told anyone about it, never added it to our docs, just sitting there wide open scraping customer data.
Our fancy API security scanner? Useless. Only finds stuff thats in our OpenAPI specs. Network monitoring? Nada. SIEM alerts? What SIEM alerts.
Now compliance is breathing down my neck asking for complete API inventory and I'm like... bro I don't even know what's running half the time. Every sprint someone deploys a "quick webhook" or "temp integration" that somehow becomes permanent.
grep -r "app.get|app.post" across our entire codebase returned like 500+ routes I've never seen before. Half of them don't even have auth middleware.
Anyone else dealing with this nightmare? How tf do you track APIs when devs are constantly spinning up new stuff? The whole "just document it" approach died the moment we went agile.
Really wish there was some way to just see whats actually listening on ports in real time instead of trusting our deployment docs that are 3 months out of date.
This whole thing could've been avoided if we just knew what was actually running vs what we thought was running.
https://redd.it/1nk7jpr
@r_systemadmin
Reddit
From the sysadmin community on Reddit
Explore this post and more from the sysadmin community
Hot desk booking software recommendations for 100 person hybrid office - any free solutions?
Our hybrid office is a becoming a bit of a mess so looking for an upgrade.
We've got 100 people fighting over maybe 60 desks at the moment, and are currently using a very DIY approach with Outlook calendar but it's just not cutting it for a proper hybrid setup.
From what I’ve seen online, I’m thinking that we need something more visual to make the whole process clearer for everyone.
Ideally I’d like something that still integrates with Outlook calendar and won’t bankrupt us (preferably free). And extra points if it’s easy to use so I don’t have to do this again in 3 months, defeated and sad.
I've been looking at Deskbird, Archie and a few others. Also considered Microsoft Places but wondering if that’s going be good enough?
Anyone using any of these (or better yet, know of something that’s free). Any pointers at all would be appreciated. Thanks!
https://redd.it/1nk5t6u
@r_systemadmin
Our hybrid office is a becoming a bit of a mess so looking for an upgrade.
We've got 100 people fighting over maybe 60 desks at the moment, and are currently using a very DIY approach with Outlook calendar but it's just not cutting it for a proper hybrid setup.
From what I’ve seen online, I’m thinking that we need something more visual to make the whole process clearer for everyone.
Ideally I’d like something that still integrates with Outlook calendar and won’t bankrupt us (preferably free). And extra points if it’s easy to use so I don’t have to do this again in 3 months, defeated and sad.
I've been looking at Deskbird, Archie and a few others. Also considered Microsoft Places but wondering if that’s going be good enough?
Anyone using any of these (or better yet, know of something that’s free). Any pointers at all would be appreciated. Thanks!
https://redd.it/1nk5t6u
@r_systemadmin
Reddit
From the sysadmin community on Reddit
Explore this post and more from the sysadmin community
Where do you draw the line between monitoring and surveillance?
Some companies are getting really heavy handed like keystroke loggers, screen recorders, even browser activity tracking for productivity. i obviously hate it, and it doesnt exactly build trust. But then again, insider threats are real, and visibility matters. What is ur thoughts on keeping staff safe/productive and not creeping them out?
https://redd.it/1nk5uq6
@r_systemadmin
Some companies are getting really heavy handed like keystroke loggers, screen recorders, even browser activity tracking for productivity. i obviously hate it, and it doesnt exactly build trust. But then again, insider threats are real, and visibility matters. What is ur thoughts on keeping staff safe/productive and not creeping them out?
https://redd.it/1nk5uq6
@r_systemadmin
Reddit
From the sysadmin community on Reddit
Explore this post and more from the sysadmin community
CVE-2025-55241
This one is wild and should be enough to not trust Entra ID. Still don’t understand why this isn’t a score 10. Any global admin token was accepted for any tenant, making virtually all systems open to anyone. Wild. https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-55241
https://redd.it/1nkaxd7
@r_systemadmin
This one is wild and should be enough to not trust Entra ID. Still don’t understand why this isn’t a score 10. Any global admin token was accepted for any tenant, making virtually all systems open to anyone. Wild. https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-55241
https://redd.it/1nkaxd7
@r_systemadmin
Reddit
From the sysadmin community on Reddit
Explore this post and more from the sysadmin community
Is noscripting just a skill that some people will never get?
On my team, I was the noscripting guy. You needed something noscripted or automated, I'd bang something out in bash, python, PowerShell or vbnoscript. Well, due to a reorg, I am no longer on that team. And they still have a need for noscripting, but the people left on the team and either saying they can't do it, or writing extremely primitive noscripts, which are just basically batch files.
So, my question, can these guys just take some time and learn how to noscript, or are some people just never going to get it?
I don't want to spend a ton of time training these guys on what I did, if this is just never going to be a skill they can master.
https://redd.it/1nkczz1
@r_systemadmin
On my team, I was the noscripting guy. You needed something noscripted or automated, I'd bang something out in bash, python, PowerShell or vbnoscript. Well, due to a reorg, I am no longer on that team. And they still have a need for noscripting, but the people left on the team and either saying they can't do it, or writing extremely primitive noscripts, which are just basically batch files.
So, my question, can these guys just take some time and learn how to noscript, or are some people just never going to get it?
I don't want to spend a ton of time training these guys on what I did, if this is just never going to be a skill they can master.
https://redd.it/1nkczz1
@r_systemadmin
Reddit
From the sysadmin community on Reddit
Explore this post and more from the sysadmin community
Hybrid Exchange 2016 to Hybrid Exchange 2019
Hello all!
I'm going to preface this with I'm not the best with Exchange.
We're in the process of updating to Exchange 2019. We're already fully migrated - no public folders or mailboxes on prem. We only use Exchange to manage and create users/mailboxes. Exchange is also used as an internal SMTP relay for copiers and other appliances.
We already have the new server created however, a few of our certs are expired. The Microsoft Exchange Server Auth Cert and the Exchange Delegation Federation certs are invalid.
When I've looked into this, it seems easy to fix - run a noscript to renew the Auth cert and then delete any federations and then run the Hybrid Config Wizard. https://www.alitajran.com/get-exchangecertificate-blank-output/
We appear to be in Full Classic mode.
I have a few questions regarding all of this:
Do we need to worry about these certs if we're already migrated? It seems that these certs might not be used for anything anymore since we aren't migrating mailboxes and we have no on-prem mailboxes that need to share free/busy status.
If I don't, will it screw something up when we add the new 2019 server to the send O365 connectors?
Do we need to even run the HCW if we're already migrated? This step isn't listed in a guide I've been following from PeteNetLive - [https://www.petenetlive.com/kb/article/0001472](https://www.petenetlive.com/kb/article/0001472)
If I do need to fix the certs and then run the HCW, should we remain at Full Classic or move to Minimal Modern?
My brain is telling me we should fix the certs and do an apples to apples migration from 2016 to 2019.
Any help is greatly appreciated.
https://redd.it/1nkcbs6
@r_systemadmin
Hello all!
I'm going to preface this with I'm not the best with Exchange.
We're in the process of updating to Exchange 2019. We're already fully migrated - no public folders or mailboxes on prem. We only use Exchange to manage and create users/mailboxes. Exchange is also used as an internal SMTP relay for copiers and other appliances.
We already have the new server created however, a few of our certs are expired. The Microsoft Exchange Server Auth Cert and the Exchange Delegation Federation certs are invalid.
When I've looked into this, it seems easy to fix - run a noscript to renew the Auth cert and then delete any federations and then run the Hybrid Config Wizard. https://www.alitajran.com/get-exchangecertificate-blank-output/
We appear to be in Full Classic mode.
I have a few questions regarding all of this:
Do we need to worry about these certs if we're already migrated? It seems that these certs might not be used for anything anymore since we aren't migrating mailboxes and we have no on-prem mailboxes that need to share free/busy status.
If I don't, will it screw something up when we add the new 2019 server to the send O365 connectors?
Do we need to even run the HCW if we're already migrated? This step isn't listed in a guide I've been following from PeteNetLive - [https://www.petenetlive.com/kb/article/0001472](https://www.petenetlive.com/kb/article/0001472)
If I do need to fix the certs and then run the HCW, should we remain at Full Classic or move to Minimal Modern?
My brain is telling me we should fix the certs and do an apples to apples migration from 2016 to 2019.
Any help is greatly appreciated.
https://redd.it/1nkcbs6
@r_systemadmin
ALI TAJRAN
How to fix Get-ExchangeCertificate shows blank output
Learn how to fix the Get-ExchangeCertificate cmdlet showing blank output by replacing the Microsoft Exchange Server Auth certificate.
New and Improved (hahahah) Microsoft Purview
Has anyone else had to deal with the degradation of the purview portal in MS latest update (been around a while now). I had a few holds that were created in the legacy portal that no longer work and creating new holds has silly limitations and weird issues. I usually just get used to the updates that MS performs on their portals, but this one is just terrible, no matter how much I work with it.
The erroring is also terrible, unless you use Powershell.
Just posting out of absolute frustration.
https://redd.it/1nkh52x
@r_systemadmin
Has anyone else had to deal with the degradation of the purview portal in MS latest update (been around a while now). I had a few holds that were created in the legacy portal that no longer work and creating new holds has silly limitations and weird issues. I usually just get used to the updates that MS performs on their portals, but this one is just terrible, no matter how much I work with it.
The erroring is also terrible, unless you use Powershell.
Just posting out of absolute frustration.
https://redd.it/1nkh52x
@r_systemadmin
Running AutoCAD as non-admin
I have a handful of users who need to use AutoCAD. I discovered that as of the August Windows updates, changes to UAC were made that cause problems with AutoCAD launching. Normal users get error 1730: You must be an administrator to remove the application. Admins can launch the app with no issues.
I contacted Autodesk support, and they referred me to the Microsoft KB article that describes how to add the product code to the registry to bypass UAC prompts. Even though Autodesk support didn't give me it and had no clue what I was talking about, despite being referenced in the KB they sent me, I also found the Autodesk KB that references the issue and helpfully gives the product code format for all of their apps to make finding and adding the strings to the registry. Easy and done, right? Nope...
Even after adding the keys to the registry and restarting, users are still getting the same error message. We use AppLocker, so looking at the AppLocker logs, I can see the app was permitted to start, and the MST located in the windows\\installer directory that it tries to launch were permitted, but the app still doesn't launch. There are no AppLocker events that indicate anything, even things not related to Autodesk apps are being blocked. I also double-checked the product code I see being run in the AppLocker logs, and it matches the code I entered. Soo...I'm stuck.
Has anyone else encountered and worked around this issue? Initially, I thought I could rollback from the 2026 version to 2024, which previously worked, but no, it too has the same issue.
https://redd.it/1nki5bq
@r_systemadmin
I have a handful of users who need to use AutoCAD. I discovered that as of the August Windows updates, changes to UAC were made that cause problems with AutoCAD launching. Normal users get error 1730: You must be an administrator to remove the application. Admins can launch the app with no issues.
I contacted Autodesk support, and they referred me to the Microsoft KB article that describes how to add the product code to the registry to bypass UAC prompts. Even though Autodesk support didn't give me it and had no clue what I was talking about, despite being referenced in the KB they sent me, I also found the Autodesk KB that references the issue and helpfully gives the product code format for all of their apps to make finding and adding the strings to the registry. Easy and done, right? Nope...
Even after adding the keys to the registry and restarting, users are still getting the same error message. We use AppLocker, so looking at the AppLocker logs, I can see the app was permitted to start, and the MST located in the windows\\installer directory that it tries to launch were permitted, but the app still doesn't launch. There are no AppLocker events that indicate anything, even things not related to Autodesk apps are being blocked. I also double-checked the product code I see being run in the AppLocker logs, and it matches the code I entered. Soo...I'm stuck.
Has anyone else encountered and worked around this issue? Initially, I thought I could rollback from the 2026 version to 2024, which previously worked, but no, it too has the same issue.
https://redd.it/1nki5bq
@r_systemadmin
Autodesk
AutoCAD products request admin credentials or give "Error 1730. You must be an Administrator..." after the installation of the…
Users reported that after the installation of the following Security Updates for Microsoft Windows. Security Update for Microsoft Windows (KB5063875) for Windows 11 Security Update for Microsoft Windows (KB5064010) for Windows 11 Security Update for Microsoft…
User was compromised and sent out 2000 emails with a bad link, 24 hours later the User still can't receive or send users after mitigation steps
As the noscript says, I have a user who has sent out 2000 emails with a malicious link. I was able to mitigate the issue by removing said OneNote page and we reset the password and information for the user in question. It's been 24 hours, and the (real) user still can't receive or send emails. I have sent emails to the user to test this and see on the trace that these emails are delivered, but they are not getting to the end user. I know Microsoft will stop emails sent from an individual user at some point, but what is the protocol to allowing the user to get and receive emails again?
*Note: This is a volunteer gig and I'm definitely not SYS Admin but have novice knowledge around Azure admin center.
https://redd.it/1nkjckp
@r_systemadmin
As the noscript says, I have a user who has sent out 2000 emails with a malicious link. I was able to mitigate the issue by removing said OneNote page and we reset the password and information for the user in question. It's been 24 hours, and the (real) user still can't receive or send emails. I have sent emails to the user to test this and see on the trace that these emails are delivered, but they are not getting to the end user. I know Microsoft will stop emails sent from an individual user at some point, but what is the protocol to allowing the user to get and receive emails again?
*Note: This is a volunteer gig and I'm definitely not SYS Admin but have novice knowledge around Azure admin center.
https://redd.it/1nkjckp
@r_systemadmin
Reddit
From the sysadmin community on Reddit
Explore this post and more from the sysadmin community
How do you balance ‘get it done’ vs. ‘there must be a better way’ as a sysadmin?
Something I keep struggling with is actually getting things done vs constantly thinking there must be a better tool, noscript, or process out there. With the amount of really useful tools, noscripts, online resources, etc. out there I'm always worried that the task I'm about to set out on could be done faster, bestter, be more automated, all that good stuff.
Whenever I'm about to start a task I’ll often catch myself thinking:
“Is this even the best way to do this? There’s probably some open source tool, online resource, or hidden feature that would save me time.”
The problem is that thought pattern sometimes leads to over researching instead of executing. I end up stuck between "just do it with the process or tools I know" and "wait a sec, let me try do this in the best practice, most efficient modern way. Maybe I should spend hours hunting for a more elegant solution".
Do other sysadmins struggle with this? How do you personally strike the balance between “just get it done even if it's not the most perfect, efficient solution” and “investing time to find a smarter way”?
https://redd.it/1nkoplb
@r_systemadmin
Something I keep struggling with is actually getting things done vs constantly thinking there must be a better tool, noscript, or process out there. With the amount of really useful tools, noscripts, online resources, etc. out there I'm always worried that the task I'm about to set out on could be done faster, bestter, be more automated, all that good stuff.
Whenever I'm about to start a task I’ll often catch myself thinking:
“Is this even the best way to do this? There’s probably some open source tool, online resource, or hidden feature that would save me time.”
The problem is that thought pattern sometimes leads to over researching instead of executing. I end up stuck between "just do it with the process or tools I know" and "wait a sec, let me try do this in the best practice, most efficient modern way. Maybe I should spend hours hunting for a more elegant solution".
Do other sysadmins struggle with this? How do you personally strike the balance between “just get it done even if it's not the most perfect, efficient solution” and “investing time to find a smarter way”?
https://redd.it/1nkoplb
@r_systemadmin
Reddit
From the sysadmin community on Reddit
Explore this post and more from the sysadmin community
Public NTP servers
The noscript summarizes it all. We have much of the infrastructure on public cloud & time gets synced from Hypervisor.
Part of the infrastructure is on Edge network, mostly network devices like firewalls, F5 load balancers & observability devices.
Does this make sense to run a private NTP server to provide time sync services just for edge n/w? What are the caveats of using public NTP services like
I somehow feel it's an overkill to offer NTP services for a small handful of clients.
Have your say!!
https://redd.it/1nkk9ij
@r_systemadmin
The noscript summarizes it all. We have much of the infrastructure on public cloud & time gets synced from Hypervisor.
Part of the infrastructure is on Edge network, mostly network devices like firewalls, F5 load balancers & observability devices.
Does this make sense to run a private NTP server to provide time sync services just for edge n/w? What are the caveats of using public NTP services like
time.windows.com or NTP pool?I somehow feel it's an overkill to offer NTP services for a small handful of clients.
Have your say!!
https://redd.it/1nkk9ij
@r_systemadmin
Reddit
From the sysadmin community on Reddit
Explore this post and more from the sysadmin community
How do you get past the question from management of "why couldn't others on the team figure this out?"
In any team, there will be people of various specialties, and not everyone is perfectly interchangeable with everyone else. But management (especially non-technical management members) often times don't comprehend this. They think that with enough training anyone should be able to do anyone else's job. Which may be the case when it comes to procedures for any defined job aspect, but there is no training that can give someone the deep insight in a given area.
Examples include a good DBA that can look at performance, glance at queries, and come up with some non-obvious set of indexes that magically make everything better (or sometimes removing indexes so a better one in a given situation gets actually used). Or you have someone who happens to be good at understanding systems-level programming, and diagnoses why a vendor license manager is segfaulting by running strace against it and seeing that a file it opened / read just prior to the segault happens to be a zero-byte XML file, and fixing that resolves the issue instantly.
You can write up incident reports that shows what the solution was for any given issue, but I really don't know how to train people on the thought process that quickly gets to a solution, when that though process was honed over 35 years of intense self-torture in front of a computer screen.
The closest I've seen in print form is after reading The Phoenix Project, which was at the beginning of the devops culture. In there they had a character named Brent that new where all the bodies were buried, and just took care of things. Not that he was a genius, but just had that deep domain and company knowledge.
Has anyone else had real-life experience with these situations, and how did you end up improving it? Did you do like was done in that book, and have your Brent explain the steps for the solution but have someone else drive the keyboard? Or, instead of solutioning it, point another team member to the appropriate documentation and have them go through it with you? What else can we implement?
https://redd.it/1nkt3nu
@r_systemadmin
In any team, there will be people of various specialties, and not everyone is perfectly interchangeable with everyone else. But management (especially non-technical management members) often times don't comprehend this. They think that with enough training anyone should be able to do anyone else's job. Which may be the case when it comes to procedures for any defined job aspect, but there is no training that can give someone the deep insight in a given area.
Examples include a good DBA that can look at performance, glance at queries, and come up with some non-obvious set of indexes that magically make everything better (or sometimes removing indexes so a better one in a given situation gets actually used). Or you have someone who happens to be good at understanding systems-level programming, and diagnoses why a vendor license manager is segfaulting by running strace against it and seeing that a file it opened / read just prior to the segault happens to be a zero-byte XML file, and fixing that resolves the issue instantly.
You can write up incident reports that shows what the solution was for any given issue, but I really don't know how to train people on the thought process that quickly gets to a solution, when that though process was honed over 35 years of intense self-torture in front of a computer screen.
The closest I've seen in print form is after reading The Phoenix Project, which was at the beginning of the devops culture. In there they had a character named Brent that new where all the bodies were buried, and just took care of things. Not that he was a genius, but just had that deep domain and company knowledge.
Has anyone else had real-life experience with these situations, and how did you end up improving it? Did you do like was done in that book, and have your Brent explain the steps for the solution but have someone else drive the keyboard? Or, instead of solutioning it, point another team member to the appropriate documentation and have them go through it with you? What else can we implement?
https://redd.it/1nkt3nu
@r_systemadmin
Reddit
From the sysadmin community on Reddit
Explore this post and more from the sysadmin community
Weekly 'I made a useful thing' Thread - September 19, 2025
There is a great deal of user-generated content out there, from noscripts and software to tutorials and videos, but we've generally tried to keep that off of the front page due to the volume and as a result of community feedback. There's also a great deal of content out there that violates our advertising/promotion rule, from noscripts and software to tutorials and videos.
We have received a number of requests for exemptions to the rule, and rather than allowing the front page to get consumed, we thought we'd try a weekly thread that allows for that kind of content. We don't have a catchy name for it yet, so please let us know if you have any ideas!
In this thread, feel free to show us your pet project, YouTube videos, blog posts, or whatever else you may have and share it with the community. Commercial advertisements, affiliate links, or links that appear to be monetization-grabs will still be removed.
https://redd.it/1nkzfz0
@r_systemadmin
There is a great deal of user-generated content out there, from noscripts and software to tutorials and videos, but we've generally tried to keep that off of the front page due to the volume and as a result of community feedback. There's also a great deal of content out there that violates our advertising/promotion rule, from noscripts and software to tutorials and videos.
We have received a number of requests for exemptions to the rule, and rather than allowing the front page to get consumed, we thought we'd try a weekly thread that allows for that kind of content. We don't have a catchy name for it yet, so please let us know if you have any ideas!
In this thread, feel free to show us your pet project, YouTube videos, blog posts, or whatever else you may have and share it with the community. Commercial advertisements, affiliate links, or links that appear to be monetization-grabs will still be removed.
https://redd.it/1nkzfz0
@r_systemadmin
Reddit
From the sysadmin community on Reddit
Explore this post and more from the sysadmin community
Likely failed the interview for my dream job
Mostly because my experience in the sysadmin world has been siloed, so I did not touch firewalls or routers muchless Cisco switches, routers but just old ass Dell poweredge servers.
Nevermind in a jov environment did I touch Linux. At least not towards the end of my time with centOS a tad. Like baby proof my access level.
I felt i did ok on the windows stuff aside from idrac (never had access before at previous job).
Anyway felt like my mental health reset just by getting this interview. 2nd interview in 2 months for any IT job that can pay my bills.
https://redd.it/1nkscbv
@r_systemadmin
Mostly because my experience in the sysadmin world has been siloed, so I did not touch firewalls or routers muchless Cisco switches, routers but just old ass Dell poweredge servers.
Nevermind in a jov environment did I touch Linux. At least not towards the end of my time with centOS a tad. Like baby proof my access level.
I felt i did ok on the windows stuff aside from idrac (never had access before at previous job).
Anyway felt like my mental health reset just by getting this interview. 2nd interview in 2 months for any IT job that can pay my bills.
https://redd.it/1nkscbv
@r_systemadmin
Reddit
From the sysadmin community on Reddit
Explore this post and more from the sysadmin community
How is InTune these days, for an SME?
When last I looked at InTune for MDM it was awful. Everything was noscripts in Azure and PowerShell controls. To be fair it was very new. Not even fully launched.
Right now we (business of about 70 endpoints) use Miradore for MDM but it would be nice to integrate better with 365 etc. How is InTune now?
https://redd.it/1nkyh45
@r_systemadmin
When last I looked at InTune for MDM it was awful. Everything was noscripts in Azure and PowerShell controls. To be fair it was very new. Not even fully launched.
Right now we (business of about 70 endpoints) use Miradore for MDM but it would be nice to integrate better with 365 etc. How is InTune now?
https://redd.it/1nkyh45
@r_systemadmin
Reddit
From the sysadmin community on Reddit
Explore this post and more from the sysadmin community
Built a free SOC2 scanner because consultants wanted $50k to run basic AWS checks
Wasn't sure which flair to post this under, let me know if it needs to go somewhere else....
With that said, a friend of mine was having issues with finding reliable help/support during a SOC2 audit. I built a simple scanner that checks the technical parts of SOC2 (the \~30% that's actually infrastructure). It's not a complete compliance solution - won't write your policies or track vendor assessments. But it will tell you which S3 buckets are public, which IAM users lack MFA, and which access keys haven't been rotated in 90+ days.
github.com/guardian-nexus/auditkit
Takes 2 minutes to run, gives you actual AWS CLI commands to fix issues.
Fair warning tho: This only covers technical controls. You still need the policies, procedures, and evidence collection for a real audit. But at least you won't pay someone $500/hour to tell you to enable MFA on root.
AWS only for now. PR's welcome if you want to add Azure/GCP.
https://redd.it/1nl3bds
@r_systemadmin
Wasn't sure which flair to post this under, let me know if it needs to go somewhere else....
With that said, a friend of mine was having issues with finding reliable help/support during a SOC2 audit. I built a simple scanner that checks the technical parts of SOC2 (the \~30% that's actually infrastructure). It's not a complete compliance solution - won't write your policies or track vendor assessments. But it will tell you which S3 buckets are public, which IAM users lack MFA, and which access keys haven't been rotated in 90+ days.
github.com/guardian-nexus/auditkit
Takes 2 minutes to run, gives you actual AWS CLI commands to fix issues.
Fair warning tho: This only covers technical controls. You still need the policies, procedures, and evidence collection for a real audit. But at least you won't pay someone $500/hour to tell you to enable MFA on root.
AWS only for now. PR's welcome if you want to add Azure/GCP.
https://redd.it/1nl3bds
@r_systemadmin
GitHub
GitHub - guardian-nexus/auditkit: AuditKit - Multi-Cloud Compliance Scanner & Evidence Collection
AuditKit - Multi-Cloud Compliance Scanner & Evidence Collection - guardian-nexus/auditkit
Onsite equipment availability?
I am in a position where we have 3-4 sites (depending on how much cross over you consider) where IT is not centrally located. This means that things like replacement mice, or keypads may take half a day to get to the recipient. We're in the manufacturing sector, so sometimes its a sudden emergency, and we need to drop everything just to bring them a $10 keyboard.
My thoughts are to have a metal cabinet, hooked up to the same system as our door access. This way we can control the users that should have access to it, and record the times that its been accessed.
For those in similiar situations, what are your solutions?
https://redd.it/1nl45r5
@r_systemadmin
I am in a position where we have 3-4 sites (depending on how much cross over you consider) where IT is not centrally located. This means that things like replacement mice, or keypads may take half a day to get to the recipient. We're in the manufacturing sector, so sometimes its a sudden emergency, and we need to drop everything just to bring them a $10 keyboard.
My thoughts are to have a metal cabinet, hooked up to the same system as our door access. This way we can control the users that should have access to it, and record the times that its been accessed.
For those in similiar situations, what are your solutions?
https://redd.it/1nl45r5
@r_systemadmin
Reddit
From the sysadmin community on Reddit
Explore this post and more from the sysadmin community
Does Server 2025 Still Have Issues?
We are getting ready to set up another AD domain. Very basic: AD, DHCP, DNS, and a fileserver. I've read 2025 has had some issues though that was several months ago since I researched it last.
I know we can get 2025 volume licensing and have downgrade rights to 2022. But, I'd rather just go to 2025 from the start if possible.
Is 2025 still a problem child?
https://redd.it/1nl5s1p
@r_systemadmin
We are getting ready to set up another AD domain. Very basic: AD, DHCP, DNS, and a fileserver. I've read 2025 has had some issues though that was several months ago since I researched it last.
I know we can get 2025 volume licensing and have downgrade rights to 2022. But, I'd rather just go to 2025 from the start if possible.
Is 2025 still a problem child?
https://redd.it/1nl5s1p
@r_systemadmin
Reddit
From the sysadmin community on Reddit
Explore this post and more from the sysadmin community
Am I Getting Fucked Friday, September 19th 2025
Brought to you by r/sysadmin 'Trusted VAR': u/SquizzOC with Trusted Telecom Broker u/Each1Teach1x27 for Telecom and u/Necessary_Time in Canada
PMs are welcome to answer your questions any time, not just on Fridays.
This weekly thread is here for you to discuss vendor and carrier expectations, software questions, pricing, and quotes for network services, licensing, support, deployment, and hardware.
Required Info for accurate answers:
* Part Number
* Manufacturer/vendor
* Service Type and Service Location
* Quantity (as applicable)
All questions are welcome regarding:
* Cloud Services - Security, configurations, deployment, management, consulting services, and migrations
* Server configs and quote answers
* Storage Vendor options, alternatives, details, and selection
* Software Licensing - This includes Microsoft CSPs
* Network infrastructure - overlay software, segmentation, routers, switches, load balancing, APs…
* Security - Access Management, firewalls, MFA, cloud DNS, layer 7 services, antivirus, email, DLP….
* User gear - Usually, you should buy the quote you have unless the quantity is +50 units
* POTS line replacements
* Single site and multi-location connectivity – Dedicated internet access, Broadband, 5G LTE, Satellite, dark fiber, Ethernet services
* Voice services- SIP, UCaaS,
https://redd.it/1nl50og
@r_systemadmin
Brought to you by r/sysadmin 'Trusted VAR': u/SquizzOC with Trusted Telecom Broker u/Each1Teach1x27 for Telecom and u/Necessary_Time in Canada
PMs are welcome to answer your questions any time, not just on Fridays.
This weekly thread is here for you to discuss vendor and carrier expectations, software questions, pricing, and quotes for network services, licensing, support, deployment, and hardware.
Required Info for accurate answers:
* Part Number
* Manufacturer/vendor
* Service Type and Service Location
* Quantity (as applicable)
All questions are welcome regarding:
* Cloud Services - Security, configurations, deployment, management, consulting services, and migrations
* Server configs and quote answers
* Storage Vendor options, alternatives, details, and selection
* Software Licensing - This includes Microsoft CSPs
* Network infrastructure - overlay software, segmentation, routers, switches, load balancing, APs…
* Security - Access Management, firewalls, MFA, cloud DNS, layer 7 services, antivirus, email, DLP….
* User gear - Usually, you should buy the quote you have unless the quantity is +50 units
* POTS line replacements
* Single site and multi-location connectivity – Dedicated internet access, Broadband, 5G LTE, Satellite, dark fiber, Ethernet services
* Voice services- SIP, UCaaS,
https://redd.it/1nl50og
@r_systemadmin
Reddit
From the sysadmin community on Reddit
Explore this post and more from the sysadmin community
KB5065426 issues Win11 24H2
Anyone else lost Microsoft Print to PDF after installing KB5065426?
I've uninstalled the update, repaired DISM. Tried re-installing through windows features, PS and DISM but always get the same error code - Error: 0x800f0922
It's driving me nuts....
https://redd.it/1nl4uyg
@r_systemadmin
Anyone else lost Microsoft Print to PDF after installing KB5065426?
I've uninstalled the update, repaired DISM. Tried re-installing through windows features, PS and DISM but always get the same error code - Error: 0x800f0922
It's driving me nuts....
https://redd.it/1nl4uyg
@r_systemadmin
Reddit
From the sysadmin community on Reddit
Explore this post and more from the sysadmin community