Why is r/ITCareerQuestions so much gloom and doom all the time?

You always see people posting negative shit like applied to 2000 jobs and no interviews. I see lots of good posts about people getting their first help desk job with no experience. We need optimism and hope. Every sub for nursing, lawyers, mechanics, etc has that kind of negativity and I hate it.

https://redd.it/1noxik1
@r_systemadmin

Have been at the same company for 17 years. Would you stay at this point?

Been at the same company for 17 years. Would you stay at this point?

I’ve been at the same company for 17 years here in Ohio. I’m 40 years old, started there when I was 23. Salary is $120k, $7k bonus, work remote 4 days a week, plus other good benefits. Have managed to save $600k in a 401k from this job. I’m a senior systems administrator. Hours average 40 hours a week or less, overall great work life balance.

Would you stay at this company for the rest of your career? I feel happy and content but also a bit complacent after this many years. By complacent I mean I know my job very well which isn’t necessarily a bad thing. Some friends and family keep telling me to look elsewhere to keep moving up but why rock the boat I figure. I would like to be done by 55.

Thank you

https://redd.it/1noytee
@r_systemadmin

Being proactive is rarely a boon

Proactively helping other departments and taking action on glaring issues without someone first bringing it up often ends in misery and someone upset.

Sorry folks, that's the way it is, and despite learning this lesson over and over I still tend to have to learn it again.

This is the last time though.

It's not worth the headache. Stay in your lane, unless it's really going to make you look good.

https://redd.it/1noy5t2
@r_systemadmin

8.8.8.8

What is everyone's thoughts on putting 8.8.8.8 as the second DNS on everything.

https://redd.it/1np2z6v
@r_systemadmin

The Admin Aura Effect

I was reminded of this phenomenon the other day when I saw it mentioned in an r/askreddit thread, and it struck me that it really needs a proper name.

You know how sometimes a computer or system is misbehaving, but the moment a technically capable person shows up, it suddenly starts working again? It’s not quite the observer effect or a Heisenbug — those don’t capture that it only seems to happen when someone competent is nearby.

So I’m calling it The Admin Aura Effect.

If you have it, your mere presence makes the broken system behave.

If you don’t, you’re the one stuck saying: “I swear it wasn’t working a second ago!”


I thought it deserved its own name because it’s such a shared experience in IT circles, but also funny enough that I think most people have seen it happen in some form.

What do you think?

https://redd.it/1np51hq
@r_systemadmin

Microsoft enforcing MFA 1st Oct. - best practices to avoid service account mishaps?

Hi everyone,

new Sysadmin here in need of support, apologies for the probably somewhat simple question

Been part of this fairly small business with a 2 people IT-Team for about half a year, during which i've implemented regular (legacy) MFA for all actual users using physical authenticators or business phones, where available.

At the start of next week, MS will force MFA before performing any resource management actions in Azure.

ATM we have hybrid identity with on-prem AD + Entra.

We have a few "user accounts" that are abused as service account for communication (CRM system, Monitoring, few others - created in the on-prem AD)

We have the option to delay the enforcement by 3,6 or 9 months, which we will very likely make use of, but i would still like to use this opportunity to learn.

What are the practices to apply? How do i find out which accounts would be affected? How would i migrate these accounts to service principals or similar?


Many thanks.



https://redd.it/1npa58e
@r_systemadmin

We integrate with Slack/Teams/PagerDuty/etc. Why is ServiceNow $50k + red tape?

We build an open-source monitoring tool. Users asked for a simple integration: when an alert fires, open an incident in **ServiceNow**. Easy, right? We’ve done this dance with Slack, Teams, PagerDuty, Opsgenie, Splunk, you name it, usually a webhook, API token, done.

ServiceNow, however, is a… special snowflake.

* No obvious self-serve dev path or trial we could find.
* Filled the “contact us” form multiple times → silence for months.
* Found humans → got bounced to sales (again).
* Finally reached someone → **minimum paid account is \~$50k** just to get in the door.
* Suggestion: go through a partner “Build” program to maybe get an instance… eventually.

We don’t make a cent from this. This is to help **their** customers use **their** tool better with our alerts. We’re not asking them for money or a co-sell. We just want an environment we can use to build and test a basic incident creation flow.

So, questions for folks who actually run ServiceNow or use/ship on it:

1. Is there a legit **self-serve route** we missed to build/test an integration without paying $50k or spending months in partner purgatory?
2. Are there any **workarounds** that you are using today, that we're just missing?
3. If you’ve shipped a third-party integration, **how did you get access** to a dev instance for testing?

Not trying to dunk on anyone, just stating what happened and looking for a practical way forward for our shared users.

*(Mods: not selling or recruiting. Dev experience + asking for actionable guidance.)*

https://redd.it/1np7n43
@r_systemadmin

Anyone else worried these attacks are slipping past the usual SOC stack?

First it was the M&S breach, then Co-op, and now Jaguar Land Rover grinding to a halt after hackers got in. Every time the story comes out, it feels like the same playbook: 3rd party software with a missed patch, outsourced IT, and attackers bragging online before the company even admits the scope.

What worries me isn’t just the money lost or factories stopping. It’s that these groups keep recycling methods across industries, and we only find out once they’ve already hit multiple companies.

how are you dealing with this in your own orgs? Are you doing more active monitoring outside your own perimeter, or still mainly focusing on internal hardening?

I feel like waiting for official disclosures means you’re already too late. Curious what practical steps others are taking to spot threats earlier.



https://redd.it/1npbyr3
@r_systemadmin

TeamViewer: Upgraded whether you like it or not. Enjoy your ‘missing out’ benefits.

So I got this gem from TeamViewer today:

>“In the next two weeks, you’ll be upgraded to the new TeamViewer Remote interface. This is a free and automatic switch. No action is required to enjoy the benefits.”

Translation: We’re flipping the switch whether you like it or not.

I’ve apparently been “missing out” by using the product I already paid for.
They promise a “familiar interface” (aka: it’s going to look different and you’ll hate it).
You can roll back… but only “for a limited time.”
Of course, they sprinkled in the buzzword salad: “AI, Intelligence, Global Search, Device Dock.”

Nothing says customer-first like telling me I’m missing out on features I never asked for, then strong-arming me into the “future of TeamViewer.”

https://redd.it/1npb7cq
@r_systemadmin

How strict should security be in early stage startups?

My devs use whatever SaaS tools they want. Marketing has 12 Chrome extensions.
Finance uploads spreadsheets into free tools. Should I clamp down now or let it slide until we scale?

any recommendations?



https://redd.it/1npbbgf
@r_systemadmin

MFA for all users

Quick question, how does everyone handle mfa for users in 365.

What I mean is, there are users who never leave the office and as such don't have a corporate mobile do you require these users to enable mfa on personal devices.

We have a ca policy that blocks sign ins for these users from outside the network but I feel we should still some how get these users enrolled in mfa. Just wondering what are options are

https://redd.it/1npk7lt
@r_systemadmin

WTF is wrong with Ninja One's Sales Team

Seriously, these clowns are really pissing me off. Am I the only one? They kept leaving me voicemails at work for months, spamming emails, it was driving me nuts.

Finally, one of these clowns called me on my personal cell phone (I have no clue how they got it) after work hours. I ended telling the guy to never call this number again. I was pretty pissed and obviously upset but the guy kept pushing. I told him I wasn't interested in a sales pitch and if we wanted anything we would contact them.

But this clown kept pushing anyway and told me he wasn't sales and he just wanted to invite me to see a demo. At that point I just blew up at the guy. Point blank asked him "do you think I'm that fking stupid? A demo for what? A product that you want to sell me." And this ass kept going "I'm not a sales person" at which point I finally hung up.

It blew me away how hard this guy kept pushing. I was simultaneously curious to see if/when he would get the message and back off, but clearly after explicitly telling him multiple times he still wouldn't stop.

Today rolls around and the new entry level tech who started 3 weeks ago gets a phone call from guess who? Ninja Fking One. And here's the bonkers part: he goes by a nickname and doesn't use his legal name. It's not on any of his emails or any accounts.

But he picks up on speaker phone and the woman on the other end says "hey <nickname>, how are you doing today?" She then says she's from Ninja One and she interested in talking to him about the services they offer. At that point I yell over at him "fk those guys. Don't talk to them, hang up."

Honestly I thought about putting all of the email blocks and phone blocks in place before, but after I chewed out the first guy, no one had heard from the until today. I'm going to be talking to the CIO tomorrow to clear putting the blocks in place, but seriously: fk these guys.

I get sales people are trying to make a living like anyone else, so generally I'm super polite with them but these guys are really, really screwing the pooch here. When you get the "no", it means "no". I will never use nor recommend Ninja One products ever.

https://redd.it/1npt7k4
@r_systemadmin

It's not you, dockerhub is down

I’ve been fighting this for like an hour thinking I'm crazy before I realized dockerhub is just down right now. So, FYI!


https://www.dockerstatus.com/

https://redd.it/1nps6p1
@r_systemadmin

If you're in Canada and you've been losing your mind over random mailboxes failing to load, my ticket with MS just got an incident opened

https://admin.cloud.microsoft/#/servicehealth/:/alerts/EX1158764

Thought I was going insane this past week with OWA bricking mailboxes on a daily basis..

https://redd.it/1npmxrm
@r_systemadmin

Office remodel - IT department being moved to center of office

They are remodeling our office, and we are losing our individual cubes ... the new layout will be open concept and all groups of 4 desks with low dividers. To make matters worse, they have moved the IT department right in the middle of the office. We will have one 14 foot table "shared space" to work on units shared between 3 of us.Also we are going from a 20 foot by 10 foot storage room to a closet to lock all stock up. We can't work in the server room they say because it has an inert gas fire suppression system installed.

I'm really dreading being out in the open, trying to build and repair PCs while every one walks by my desk. I don't understand why we can't be in a locking room.

So how do I make the open concept work? At this point I would prefer to be in the factory part of our building and just wear steel toes everyday.

https://redd.it/1npta1z
@r_systemadmin

AI-driven policy management in SASE?

We’re re-evaluating our SASE stack and considering AI-driven policy management to reduce firewall rule sprawl and alert noise.

On paper, AI that suggests rule cleanups or group alerts sounds helpful. In practice, I worry about trust, unintended blocking, and how change control works at scale.

We’re mid-sized with cloud workloads and hybrid staff. Our pain points:

* Too many overlapping firewall rules
* SOC buried in low-signal alerts
* Slow change approvals

Has anyone deployed an AI policy in a SASE platform? Did it actually reduce noise and speed up response times?

https://redd.it/1npvq8j
@r_systemadmin

Microsoft EOL issues. Some servers behave bad

We moved our mailservers to a new IP range about 36 hours ago, and added new IPs to a connector, But we forgot SPF. Added 24 hours ago. All involved DNS records do have a TTL of 300 (seconds, 5 minutes).

Some mail servers like

AMS0EPF000001B1.mail.protection.outlook.com (10.167.16.165) DB5PEPF00014B8D.mail.protection.outlook.com (10.167.8.201) AM3PEPF0000A796.mail.protection.outlook.com (10.167.16.101)

are still misbehaving, but I feel more mails are getting through. I do get SPF failures, meaning it uses 24h+ old DNS records with a Time-To-Live TTL of 5 minutes.

When can I expect Microsoft to do correct DNS lookups, in accordance with RFCs, respect TTL, and thus not fail mails with DKIM errors ?

This looks like really really bad programming at Microsoft. Possible developers with no knowledge at all about DNS trying to cache DNS. (For that there is only one real solution - Run a local caching DNS, like we all did on Linux before Exchange knew about SMTP. Easy, no secondary codebase to maintain, tested and stable)

I can't find the big "clear-cache across all Microsoft EOL servers" button anywhere.

Received-SPF: Fail (protection.outlook.com: domain of ourdomain.com does
not designate 1.2.3.4 as permitted sender)

https://redd.it/1npy0eb
@r_systemadmin

Internal PKI vs Cloud PKI

Hoping to get some hivemind ideas on a good approach to managing certificates in the modern day. Our current scenario is that we have about 1k endpoints, all fully intune managed. Clearpass NAC using EAP-TLS certificate auth to provide network access, and NDES to enroll SCEP certificates for our devices.

The PKI servers (1x issuer, 1x NDES) are domain joined - but the AD domain is now largely only performing user sync to AAD and providing a management layer for the server infrastructure (\~60ish servers).

To put it lightly, we have never been particularly good at managing ADCS. The templates are a complete mess, permissions are applied directly to a bunch of templates - heaps of custom templates for reasons I can't understand. Every pentest has gotten elevated access via cert exploitation, and we patch the hole they used each time but my god there are so many.

Our root cert is a self-signed certificate, and we used it to sign the Issueing CA certificate. The root cert expires in 2028 and I'd like to get ahead of it.


My questions on it are:

1. Should we buy a root cert signed by a trusted authority? This might mean more renewals but would eliminate the need to install a copy of the cert on all endpoints

2. Is it worth just ditching ADCS completely? We want to keep the AD domain, so I'm unsure if ADCS is easy to unwind. which leads to:

3. Since our primary use case for certificates is endpoint authentication for EAP-TLS - is Cloud PKI worth it? Monetarily its a tough sell, the 2 servers cost us $150 per month in azure but licensing cloud PKI will cost \~$2.5k per month.

4. Am I missing anything in the "modern" tech landscape that might solve my use cases? e.g. minimizing infra surface area, ensuring secure network authentication & keeping costs down?



Keen to hear how other people are managing endpoint certs in 2025 :)

https://redd.it/1npxife
@r_systemadmin

A question about VPN and it being secure.

I was listening to a radio phone in this morning - it was one of those where tech experts advise the general public.

One of the questions asked was, "Will a VPN make my e-banking more secure". Straight off the bat, the expert said, "Yes it would because it creates a secure private network between you and the bank". I do concede that the expert then said however you do need to be sure you use a reputable VPN provider.

I'm asking this because I want you to tell me if I'm wrong when I think the answer should be, "No, it doesn't necessarily make you more secure and as long as you're not on public WiFi or unknown WiFi the encryption between you and your bank should suffice.".



https://redd.it/1nq16rr
@r_systemadmin

What to do when your job has zero mobility?


I’m in a bit of a rut at work and could use some advice.

• I’m one of 2 junior support analysts covering ~5k users. We work a 5-on/5-off shift pattern, handling up to 120 tickets a day when it gets busy (solo on shift).

• A senior analyst joined to share the load, but after 6 months they admitted they couldn’t keep up and pulled out of the rota so now it’s just me + the other junior stuck with all the tickets again.

• I’ve had to completely put my professional development and training on hold because there’s no time outside the ticket grind. I’ve lost out on a really interesting project I was working on.

• I raised it with my boss, but they openly admitted there’s no progression or promotion route here. He also refused to commit to any training courses

For context: I have 2 years HPC experience as a helpdesk technician and a PhD in computer science, but right now I feel like I’m wasting my time in an L1 helpdesk role.

Would you stick it out for stability, or cut losses and start looking elsewhere?

https://redd.it/1nq1o7u
@r_systemadmin

Thickheaded Thursday - September 25, 2025

Howdy, /r/sysadmin!

It's that time of the week, Thickheaded Thursday! This is a safe (mostly) judgement-free environment for all of your questions and stories, no matter how silly you think they are. Anybody can answer questions! My name is AutoModerator and I've taken over responsibility for posting these weekly threads so you don't have to worry about anything except your comments!

https://redd.it/1nq2okf
@r_systemadmin