Do you use an Enterprise Password Manager for hundreds or thousands of employees?
Hi,
The company I work for chose LastPass for our enterprise password manager a couple years ago. It sucks and everyone hates it. The person who has taken over the ownership of it wants to find something else. I used LastPass personal for a while, until they were dumb and I then changed to Bitwarden and never looked back. I know BW has an enterprise version, but I've never used it so can't speak to how well, or not, it works.
I'm just wondering what Password Manager other people might be using and how well they work. The main issue is how things are owned and shared amongst other people or teams in the company. I'm told we have 1000-1500 users and 4000+ actual passwords in the system. We need to have a good way to share the entries with other people so we don't have duplicates. We don't have that now which causes issues when I change a password and then break something for 10 other people who have duplicate entries for the system that I didn't know about and can't see myself.
Anyway, just looking for ideas.
Thanks.
https://redd.it/1ntkwvk
@r_systemadmin
Hi,
The company I work for chose LastPass for our enterprise password manager a couple years ago. It sucks and everyone hates it. The person who has taken over the ownership of it wants to find something else. I used LastPass personal for a while, until they were dumb and I then changed to Bitwarden and never looked back. I know BW has an enterprise version, but I've never used it so can't speak to how well, or not, it works.
I'm just wondering what Password Manager other people might be using and how well they work. The main issue is how things are owned and shared amongst other people or teams in the company. I'm told we have 1000-1500 users and 4000+ actual passwords in the system. We need to have a good way to share the entries with other people so we don't have duplicates. We don't have that now which causes issues when I change a password and then break something for 10 other people who have duplicate entries for the system that I didn't know about and can't see myself.
Anyway, just looking for ideas.
Thanks.
https://redd.it/1ntkwvk
@r_systemadmin
Reddit
From the sysadmin community on Reddit
Explore this post and more from the sysadmin community
Migrating Group Policies into Microsoft Intune?
Hey everyone, I’m looking for some advice. I just got thrown into an Intune Autopilot project after the person who was handling it before broke his leg, and I’m a bit lost. Does anyone here have experience with this or know of a solid guide I could follow? Any help would be hugely appreciated!
https://redd.it/1ntki4r
@r_systemadmin
Hey everyone, I’m looking for some advice. I just got thrown into an Intune Autopilot project after the person who was handling it before broke his leg, and I’m a bit lost. Does anyone here have experience with this or know of a solid guide I could follow? Any help would be hugely appreciated!
https://redd.it/1ntki4r
@r_systemadmin
Reddit
From the sysadmin community on Reddit
Explore this post and more from the sysadmin community
Worthless MSP
So we outsourced our help desk to a worthless MSP. These people are so incompetent they can’t reset basic 365 passwords. Yet we give them admin access.
Any good MSPs out there that can be trusted?
https://redd.it/1ntoayr
@r_systemadmin
So we outsourced our help desk to a worthless MSP. These people are so incompetent they can’t reset basic 365 passwords. Yet we give them admin access.
Any good MSPs out there that can be trusted?
https://redd.it/1ntoayr
@r_systemadmin
Reddit
From the sysadmin community on Reddit
Explore this post and more from the sysadmin community
Follow Up: The Previous Network Administrator 'Didn't Believe in VLANs'
Hello again. I posted this a while back and people seemed to enjoy reading it. Here's a follow up with some progress and more jank I've discovered since. This is not an exhaustive list of jank or progress, just stuff I thought was particularity funny.
Chat/IM
A serverless chat client that operated via multicast was in use and installed on all workstations. It kept local logs of all chats on each workstation in plaintext and used no authentication whatsoever. You set your own nickname and that got reported to all other online clients. Do you want to be the HR manager today? That was just two clicks away! (The HR manager reached out to me on the chat app my first day and asked. “Hey, is this LeftoverMonkeyParts?. This is HR Manager. Can you verify some of your details for me?” My nickname hadn’t been set yet, so they were just reaching out to the one user online with the default name.)
Status: Removed from all endpoints. Replaced with Teams
VNC
All remote support was handled through TightVNC. The server, and client, were installed on all employee workstations all utilizing a single, shared, six character password. To initiate a remote support connection, an IT employee was supposed to use the aforementioned chat application to get the IP address of the computer for the user they wanted to connect to. Did I mention the chat app would give you the IP address and hostnames of the remote clients?
Please be aware that ManageEngine Endpoint Central was deployed to all endpoints and already has a fully featured remote support tool built in with multi-monitor support and clipboard sharing. There was also no requirement that I get a users IP address as I can simply search by logged on user or hostname
Status: Removed from all endpoints. Replaced with ManageEngine
System Center DPM - Backups in general
I’ve never really figured out what their DR plan was. I don’t think they knew either. It was something they knew they should have, and a lot of the pieces were there, but they weren’t put together right or really at all. The best way I can describe it is “Put as many copies of what we think is important in as many places as possible and there’s no way they’ll get them all”.
The only real backup solution in place was Microsoft System Center DPM. It integrated fairly well with MSSQL Server and pretty poorly with everything else. It took backups of all the production SQL databases (Just the Databases, not images of the VMs) and documents that they thought were important and wrote them out to disk on a dedicated physical Windows domain joined Dell Server that was chuck-to-fuck full of 100+ TB of enterprise flash storage. The perfect backup hardware. Very fast. It also wrote out to tape on a daily basis using two dedicated SAS LTO-8 drives. If it were me, personally, I would have spent the 100 TB of flash storage money on an LTO autoloader…. But hey, that’s what the PC tech is for getting here at 6AM every morning to load tapes. “What? Let them run overnight? No. That would never be feasible!”
A lot more ‘work’ went into ‘Backing Up’ the SQL servers. In addition to DPM, all of the production databases were exported as SQL BAK files on a single SMB shared volume and were then automatically loaded onto a series of “DR” sql servers each night. Most of this was orchestrated using the SQL Agent jobs which were all running as a single shared account with domain admin privileges. All of the documents (4TBs of PDFs) were similarly scattergunned across a dozen different domain joined SMB shares via a series of robocopy scheduled tasks all also running with domain admin privileges. With the exception of the tapes, not a single warm copy of this data was stored anywhere that wasn't a windows domain joined endpoint.
No image level backups of VMs were being taken whatsoever. But that wasn’t for a lack of effort. System Center DPM does integrate
Hello again. I posted this a while back and people seemed to enjoy reading it. Here's a follow up with some progress and more jank I've discovered since. This is not an exhaustive list of jank or progress, just stuff I thought was particularity funny.
Chat/IM
A serverless chat client that operated via multicast was in use and installed on all workstations. It kept local logs of all chats on each workstation in plaintext and used no authentication whatsoever. You set your own nickname and that got reported to all other online clients. Do you want to be the HR manager today? That was just two clicks away! (The HR manager reached out to me on the chat app my first day and asked. “Hey, is this LeftoverMonkeyParts?. This is HR Manager. Can you verify some of your details for me?” My nickname hadn’t been set yet, so they were just reaching out to the one user online with the default name.)
Status: Removed from all endpoints. Replaced with Teams
VNC
All remote support was handled through TightVNC. The server, and client, were installed on all employee workstations all utilizing a single, shared, six character password. To initiate a remote support connection, an IT employee was supposed to use the aforementioned chat application to get the IP address of the computer for the user they wanted to connect to. Did I mention the chat app would give you the IP address and hostnames of the remote clients?
Please be aware that ManageEngine Endpoint Central was deployed to all endpoints and already has a fully featured remote support tool built in with multi-monitor support and clipboard sharing. There was also no requirement that I get a users IP address as I can simply search by logged on user or hostname
Status: Removed from all endpoints. Replaced with ManageEngine
System Center DPM - Backups in general
I’ve never really figured out what their DR plan was. I don’t think they knew either. It was something they knew they should have, and a lot of the pieces were there, but they weren’t put together right or really at all. The best way I can describe it is “Put as many copies of what we think is important in as many places as possible and there’s no way they’ll get them all”.
The only real backup solution in place was Microsoft System Center DPM. It integrated fairly well with MSSQL Server and pretty poorly with everything else. It took backups of all the production SQL databases (Just the Databases, not images of the VMs) and documents that they thought were important and wrote them out to disk on a dedicated physical Windows domain joined Dell Server that was chuck-to-fuck full of 100+ TB of enterprise flash storage. The perfect backup hardware. Very fast. It also wrote out to tape on a daily basis using two dedicated SAS LTO-8 drives. If it were me, personally, I would have spent the 100 TB of flash storage money on an LTO autoloader…. But hey, that’s what the PC tech is for getting here at 6AM every morning to load tapes. “What? Let them run overnight? No. That would never be feasible!”
A lot more ‘work’ went into ‘Backing Up’ the SQL servers. In addition to DPM, all of the production databases were exported as SQL BAK files on a single SMB shared volume and were then automatically loaded onto a series of “DR” sql servers each night. Most of this was orchestrated using the SQL Agent jobs which were all running as a single shared account with domain admin privileges. All of the documents (4TBs of PDFs) were similarly scattergunned across a dozen different domain joined SMB shares via a series of robocopy scheduled tasks all also running with domain admin privileges. With the exception of the tapes, not a single warm copy of this data was stored anywhere that wasn't a windows domain joined endpoint.
No image level backups of VMs were being taken whatsoever. But that wasn’t for a lack of effort. System Center DPM does integrate
Reddit
From the sysadmin community on Reddit
Explore this post and more from the sysadmin community
with VMWare and they did try to make it work several times. About once per year judging by the leftover service accounts. I initially hit the same roadblock they did, but I was able to overcome it via the secret troubleshooting magicks of “Looking in the event viewer.” It was a TLS version mismatch between DPM and vCenter.
Status: Replaced with Veeam. 100TB Flash Server is now a \wicked* fast VHR. All data is now backed up at the image level
Remote Access/Remote Work
They seem to have settled on VMWare Horizon VDI as their remote access solution of choice. 40 Windows 10 VMs running in the prod cluster, one machine per employee for remote access. Before this they had been issuing personal VPN hardware appliances out of employees to wack into their home networks. From what I can tell they initially allowed traffic through the firewall right to the Horizon servers. It was breached at some point soon after going online (because of course it was). They then added a VMWare horizon Secure Access Gateway which is \designed* to go into a DMZ to sit in-between the public facing internet and the Horizon servers, but they didn’t do that. It was just put in the same prod network as the VMWare cluster and Horizon servers. This solution, when it was working, resulted in some employees having essentially three devices. A Windows Desktop, a Windows Laptop, and a Windows VDI VM. One employee was using their laptop to connect to their VDI VM and then RDPing into their desktop.
Status: Replaced with Laptops/Docks and the OpenVPN implementation with 2FA that’s built into the firewall.
EDR
They paid for a modern EDR tool with a 24/7 SOC. Reliably deployed to every system, even the Server 2012 VMs. At first I was impressed, but then I dug deeper. They had disabled all alerting from the tool and forbid the SOC from taking any action in the event of a detection and not provided any phone/cell contact information to the SOC for anyone in the department. Here’s what they did instead:
One server called “ITUTIL1” ran a scheduled task (as domain admin) that would run a literal for loop to generate a list of every possible endpoint address within all of our subnets. It would then attempt to reach out with WinRM to all addresses and collect the event logs from Windows Defender for every successful connection. The data was then “formatted” and emailed twice daily to the IT Department director. The VM did other silly things too, like use the same logic to generate a list of all available IP addresses and email them to the director weekly.
Status: VM burned in a fire. Reporting for EDR tool enabled and SOC given full authorization to do whatever they want
FTP Servers
We have several FTP servers which are used to exchange data programmatically with a few different external entities. The entities are all known with fixed IP addresses, but the firewall rules for FTP are all set to allow any in the firewall. That’s because on the FTP server software they’ve set a *blacklist* with huge swaths of IP addresses blocked out
Ex:
…
80.0.0.0 - 82.255.255.255
83.0.0.0 - 85.255.255.255
…
They then have the “enabled” button unchecked for the particular range where an external entity sits, thus permitting the connection via FTP. I have no idea why they chose to do things this way. Other services for known entities that aren’t FTP have lists of allowed addresses in the firewall
Status: Confirmed external addresses with entities, added to firewall. Disabled dumb blacklist nonsense
Argentina
Some of the local subnets use Non RFC1918 addresses. It was a historical holdover required by an external entity from before NAT and RCF1918 existed as proper standards, but they never fixed it. Looking at the geoblocking config in the firewall I see all incoming connections with the exception of Canada, The United States, and Argentina are blocked. I wonder how that went down. Super Funny
There's so much more, but this is what I can share easily and without worry. To all the junior sysadmins out there I want you to know that I'm not
Status: Replaced with Veeam. 100TB Flash Server is now a \wicked* fast VHR. All data is now backed up at the image level
Remote Access/Remote Work
They seem to have settled on VMWare Horizon VDI as their remote access solution of choice. 40 Windows 10 VMs running in the prod cluster, one machine per employee for remote access. Before this they had been issuing personal VPN hardware appliances out of employees to wack into their home networks. From what I can tell they initially allowed traffic through the firewall right to the Horizon servers. It was breached at some point soon after going online (because of course it was). They then added a VMWare horizon Secure Access Gateway which is \designed* to go into a DMZ to sit in-between the public facing internet and the Horizon servers, but they didn’t do that. It was just put in the same prod network as the VMWare cluster and Horizon servers. This solution, when it was working, resulted in some employees having essentially three devices. A Windows Desktop, a Windows Laptop, and a Windows VDI VM. One employee was using their laptop to connect to their VDI VM and then RDPing into their desktop.
Status: Replaced with Laptops/Docks and the OpenVPN implementation with 2FA that’s built into the firewall.
EDR
They paid for a modern EDR tool with a 24/7 SOC. Reliably deployed to every system, even the Server 2012 VMs. At first I was impressed, but then I dug deeper. They had disabled all alerting from the tool and forbid the SOC from taking any action in the event of a detection and not provided any phone/cell contact information to the SOC for anyone in the department. Here’s what they did instead:
One server called “ITUTIL1” ran a scheduled task (as domain admin) that would run a literal for loop to generate a list of every possible endpoint address within all of our subnets. It would then attempt to reach out with WinRM to all addresses and collect the event logs from Windows Defender for every successful connection. The data was then “formatted” and emailed twice daily to the IT Department director. The VM did other silly things too, like use the same logic to generate a list of all available IP addresses and email them to the director weekly.
Status: VM burned in a fire. Reporting for EDR tool enabled and SOC given full authorization to do whatever they want
FTP Servers
We have several FTP servers which are used to exchange data programmatically with a few different external entities. The entities are all known with fixed IP addresses, but the firewall rules for FTP are all set to allow any in the firewall. That’s because on the FTP server software they’ve set a *blacklist* with huge swaths of IP addresses blocked out
Ex:
…
80.0.0.0 - 82.255.255.255
83.0.0.0 - 85.255.255.255
…
They then have the “enabled” button unchecked for the particular range where an external entity sits, thus permitting the connection via FTP. I have no idea why they chose to do things this way. Other services for known entities that aren’t FTP have lists of allowed addresses in the firewall
Status: Confirmed external addresses with entities, added to firewall. Disabled dumb blacklist nonsense
Argentina
Some of the local subnets use Non RFC1918 addresses. It was a historical holdover required by an external entity from before NAT and RCF1918 existed as proper standards, but they never fixed it. Looking at the geoblocking config in the firewall I see all incoming connections with the exception of Canada, The United States, and Argentina are blocked. I wonder how that went down. Super Funny
There's so much more, but this is what I can share easily and without worry. To all the junior sysadmins out there I want you to know that I'm not
complaining, I'm loving every second of this for now. Don't let posts like this discourage you from coming into this field.
https://redd.it/1ntqvyo
@r_systemadmin
https://redd.it/1ntqvyo
@r_systemadmin
Reddit
From the sysadmin community on Reddit
Explore this post and more from the sysadmin community
How are people coping with Bitnami shutting down their image distribution?
Fuck Broadcom.
https://redd.it/1ntqmkm
@r_systemadmin
Fuck Broadcom.
https://redd.it/1ntqmkm
@r_systemadmin
Reddit
From the sysadmin community on Reddit
Explore this post and more from the sysadmin community
I had the pleasure of speaking to Microsoft Support for the first time in ages this afternoon...
I was trying to troubleshoot an issue with a cross-tenant SharePoint migration, struggling to find any documentation on the error I was getting, so I figured I'd give MS support a shot...
They kept giving me Powershell commands containing parameters that don't actually exist, and letting me sit in complete silence for minutes at a time while they "looked into the issue"
If I wanted Powershell commands hallucinated by Copilot, I would talk to Copilot myself! Silly me for thinking they would do anything else 🙃
https://redd.it/1ntw4e8
@r_systemadmin
I was trying to troubleshoot an issue with a cross-tenant SharePoint migration, struggling to find any documentation on the error I was getting, so I figured I'd give MS support a shot...
They kept giving me Powershell commands containing parameters that don't actually exist, and letting me sit in complete silence for minutes at a time while they "looked into the issue"
If I wanted Powershell commands hallucinated by Copilot, I would talk to Copilot myself! Silly me for thinking they would do anything else 🙃
https://redd.it/1ntw4e8
@r_systemadmin
Reddit
From the sysadmin community on Reddit
Explore this post and more from the sysadmin community
Executive is convinced that former disgruntled IT employee set his account to auto-accept all incoming appointments
Which would be a little hilarious if true but how do I go about investigating this 😭
https://redd.it/1nu1606
@r_systemadmin
Which would be a little hilarious if true but how do I go about investigating this 😭
https://redd.it/1nu1606
@r_systemadmin
Reddit
From the sysadmin community on Reddit
Explore this post and more from the sysadmin community
Are DBAs generally psychopaths or sadists in your opinion?
I want to say every DBA I’ve ever dealt with has hurt my feelings.
I’m a very sensitive Windows admin/infrastructure guy.
https://redd.it/1nu5kdd
@r_systemadmin
I want to say every DBA I’ve ever dealt with has hurt my feelings.
I’m a very sensitive Windows admin/infrastructure guy.
https://redd.it/1nu5kdd
@r_systemadmin
Reddit
From the sysadmin community on Reddit
Explore this post and more from the sysadmin community
If you were designing a data center/server room today, what would you prioritize?
Hey folks,
I’m working on a network plan for a 12-story hospital and I’d love to tap into your experience. If you were given the chance to design a server room or small data center from scratch today, what would you focus on and how would you approach it?
Would you prioritize redundancy (power, cooling, networking) above all else?
How much attention would you give to scalability for the next 10–15 years?
What rack/cabling layout or standards would you follow?
Any advice for managing fiber vs. copper in a hospital setup?
What are the “gotchas” you wish you’d thought about before your own builds?
I’m not asking for free consulting, just trying to gather some real-world lessons and crowd wisdom from people who’ve actually done this.
Thanks in advance!
https://redd.it/1nu0o00
@r_systemadmin
Hey folks,
I’m working on a network plan for a 12-story hospital and I’d love to tap into your experience. If you were given the chance to design a server room or small data center from scratch today, what would you focus on and how would you approach it?
Would you prioritize redundancy (power, cooling, networking) above all else?
How much attention would you give to scalability for the next 10–15 years?
What rack/cabling layout or standards would you follow?
Any advice for managing fiber vs. copper in a hospital setup?
What are the “gotchas” you wish you’d thought about before your own builds?
I’m not asking for free consulting, just trying to gather some real-world lessons and crowd wisdom from people who’ve actually done this.
Thanks in advance!
https://redd.it/1nu0o00
@r_systemadmin
Reddit
From the sysadmin community on Reddit
Explore this post and more from the sysadmin community
Our "asset management" is a Google Sheet and I'm not even embarrassed anymore
Started as IT admin at a 200 person distributed company. Asked about our asset tracking system during onboarding.
"Oh yeah, it's in the shared drive. Really comprehensive spreadsheet."
This "comprehensive spreadsheet" has:
- 47 laptops marked as "somewhere in California"
- 12 entries that just say "John's laptop (which John?)"
- One MacBook Pro listed as "probably dead but maybe just sleeping"
- 3 different tabs with conflicting information
- Last updated 8 months ago
Found out we've been paying insurance on equipment that was returned 2 years ago. Also discovered we apparently own 15 monitors but nobody knows where they are.
CEO keeps asking for "better visibility into our IT assets" while I'm over here playing detective trying to figure out if Sarah in marketing actually has 2 laptops or if someone fat-fingered the spreadsheet.
Anyone else managing distributed IT with the technological sophistication of a lemonade stand?
https://redd.it/1nu7z4h
@r_systemadmin
Started as IT admin at a 200 person distributed company. Asked about our asset tracking system during onboarding.
"Oh yeah, it's in the shared drive. Really comprehensive spreadsheet."
This "comprehensive spreadsheet" has:
- 47 laptops marked as "somewhere in California"
- 12 entries that just say "John's laptop (which John?)"
- One MacBook Pro listed as "probably dead but maybe just sleeping"
- 3 different tabs with conflicting information
- Last updated 8 months ago
Found out we've been paying insurance on equipment that was returned 2 years ago. Also discovered we apparently own 15 monitors but nobody knows where they are.
CEO keeps asking for "better visibility into our IT assets" while I'm over here playing detective trying to figure out if Sarah in marketing actually has 2 laptops or if someone fat-fingered the spreadsheet.
Anyone else managing distributed IT with the technological sophistication of a lemonade stand?
https://redd.it/1nu7z4h
@r_systemadmin
Reddit
From the sysadmin community on Reddit
Explore this post and more from the sysadmin community
Do you bring your laptop on vacation?
I’ve been in IT for 18+ years in a bunch of different roles. Right now, I’m the network admin/manager at a mid-sized business, been here 7 years. I like the job and the company a lot.
Here’s the thing, I don’t have a backup for most of what I do. My IT Director handed this stuff off to me years ago and never looked back. Because of that, I’m basically on call all the time. I dont trust him if somthing were to break and needed to be fixed. Most of the time when hes working on somthing he ends up calling me to step in.
I’ve got a vacation coming up for my 20th anniversary with my wife, and she’s not thrilled that I’m planning to bring my laptop. Her thought is if I have to bring it, the company should pay for the carry-on fee. My point to her is, 99% of the time I don’t get calls. Once in a while, I do, usually something small I can fix in 10 minutes or just walk someone through over the phone. If it was ever a real disaster, I’d fly home anyway.
So, just to settle the debate—do you guys bring your work laptop on vacation “just in case,” or do you leave it at home?
https://redd.it/1nuacyi
@r_systemadmin
I’ve been in IT for 18+ years in a bunch of different roles. Right now, I’m the network admin/manager at a mid-sized business, been here 7 years. I like the job and the company a lot.
Here’s the thing, I don’t have a backup for most of what I do. My IT Director handed this stuff off to me years ago and never looked back. Because of that, I’m basically on call all the time. I dont trust him if somthing were to break and needed to be fixed. Most of the time when hes working on somthing he ends up calling me to step in.
I’ve got a vacation coming up for my 20th anniversary with my wife, and she’s not thrilled that I’m planning to bring my laptop. Her thought is if I have to bring it, the company should pay for the carry-on fee. My point to her is, 99% of the time I don’t get calls. Once in a while, I do, usually something small I can fix in 10 minutes or just walk someone through over the phone. If it was ever a real disaster, I’d fly home anyway.
So, just to settle the debate—do you guys bring your work laptop on vacation “just in case,” or do you leave it at home?
https://redd.it/1nuacyi
@r_systemadmin
Reddit
From the sysadmin community on Reddit
Explore this post and more from the sysadmin community
Everything Is So Slow These Days
Is anyone else as frustrated with how slow Windows and cloud based platforms are these days?
Doesn't matter if it is the Microsoft partner portal, Xero or God forbid, Automate, everything is so painful to use now. It reminds me of the 90s when you had to turn on your computer, then go get a coffee while waiting for it to boot. Automate's login, update, login, wait takes longer than booting computers did back in the single core, spinning disk IDE boot drive days.
And anything Microsoft partner related is like wading through molasses, every single click taking just 2-3 seconds, but that being 2-3 seconds longer than the near instant speed it should be.
Back when SSDs first came out, you'd click on an Office application and it just instantly appeared open like magic. Now we are back to those couple of moments just waiting for it to load, wondering if your click on the icon actually registered or not.
None of this applies on Linux self hosted stuff of course, self hosted Linux servers and Linux workstations work better than ever.
But Windows and Windows software is worse than it has ever been. And while most cloud stuff runs on Linux, it seems all providers have just universally agreed to under provision resources as much as they possibly can without quite making things so slow that everyone stops paying.
Honestly, I would literally pay Microsoft a monthly fee, just to provide me an enhanced partner portal that isn't slow as shit.
https://redd.it/1nuatci
@r_systemadmin
Is anyone else as frustrated with how slow Windows and cloud based platforms are these days?
Doesn't matter if it is the Microsoft partner portal, Xero or God forbid, Automate, everything is so painful to use now. It reminds me of the 90s when you had to turn on your computer, then go get a coffee while waiting for it to boot. Automate's login, update, login, wait takes longer than booting computers did back in the single core, spinning disk IDE boot drive days.
And anything Microsoft partner related is like wading through molasses, every single click taking just 2-3 seconds, but that being 2-3 seconds longer than the near instant speed it should be.
Back when SSDs first came out, you'd click on an Office application and it just instantly appeared open like magic. Now we are back to those couple of moments just waiting for it to load, wondering if your click on the icon actually registered or not.
None of this applies on Linux self hosted stuff of course, self hosted Linux servers and Linux workstations work better than ever.
But Windows and Windows software is worse than it has ever been. And while most cloud stuff runs on Linux, it seems all providers have just universally agreed to under provision resources as much as they possibly can without quite making things so slow that everyone stops paying.
Honestly, I would literally pay Microsoft a monthly fee, just to provide me an enhanced partner portal that isn't slow as shit.
https://redd.it/1nuatci
@r_systemadmin
Reddit
From the sysadmin community on Reddit
Explore this post and more from the sysadmin community
Windows 10 on embedded devices, separate VLAN for each device?
I work for a manufacturing company that has some major manufacturing equipment with internal computers running Win10. I don't think it is even possible to purchase a new computer for some of them to upgrade to Win11. I am planning to segment these devices away from the rest of our Manufacturing floor, but should I create a separate VLAN for each device, or one VLAN with all Win 10 devices?
I.e. VLAN71 - CNC#1, VLAN72 - CNC#2
vs
VLAN70 - All Win10 embedded machines?
https://redd.it/1nueat7
@r_systemadmin
I work for a manufacturing company that has some major manufacturing equipment with internal computers running Win10. I don't think it is even possible to purchase a new computer for some of them to upgrade to Win11. I am planning to segment these devices away from the rest of our Manufacturing floor, but should I create a separate VLAN for each device, or one VLAN with all Win 10 devices?
I.e. VLAN71 - CNC#1, VLAN72 - CNC#2
vs
VLAN70 - All Win10 embedded machines?
https://redd.it/1nueat7
@r_systemadmin
Reddit
From the sysadmin community on Reddit
Explore this post and more from the sysadmin community
AI - Rant
Is it just me or is anyone else tired of normal users talking about AI and how we should be using it at our company?
IT sets up CoPilot licensing for users giving them access to build CoPilot agents themselves - but these users are too dumb or too lazy to get to step one of building an agent. They talk about agents nonstop but want IT to build it all for them. You build a CoPilot agent for them that they requested and then they never use it.
End users have all these fancy ideas but no idea how to implement any of them, watch a YouTube video to learn something or go to Microsoft's website to learn something. They all have 365 licenses including Power Automate but cannot create a trigger for Power Automate flow. They all want their hand held but they think because they have these ideas they are a part of the IT department. When you give them all the power they need to execute their wishes but cannot figure out the solution, their last excuse is they don't have enough permissions.
Just because you know what the word AI stands for does not make you a part of the IT team. Have you spent years at the help desk before climbing up the IT ladder? No, you are just another end user with dumb requests.
https://redd.it/1nuix34
@r_systemadmin
Is it just me or is anyone else tired of normal users talking about AI and how we should be using it at our company?
IT sets up CoPilot licensing for users giving them access to build CoPilot agents themselves - but these users are too dumb or too lazy to get to step one of building an agent. They talk about agents nonstop but want IT to build it all for them. You build a CoPilot agent for them that they requested and then they never use it.
End users have all these fancy ideas but no idea how to implement any of them, watch a YouTube video to learn something or go to Microsoft's website to learn something. They all have 365 licenses including Power Automate but cannot create a trigger for Power Automate flow. They all want their hand held but they think because they have these ideas they are a part of the IT department. When you give them all the power they need to execute their wishes but cannot figure out the solution, their last excuse is they don't have enough permissions.
Just because you know what the word AI stands for does not make you a part of the IT team. Have you spent years at the help desk before climbing up the IT ladder? No, you are just another end user with dumb requests.
https://redd.it/1nuix34
@r_systemadmin
Reddit
From the sysadmin community on Reddit
Explore this post and more from the sysadmin community
Windows 11, version 25H2 is now available
https://admin.microsoft.com/AdminPortal/home?ref=MessageCenter/:/messages/MC1162857
>When will this happen:
For commercial organizations, Windows 11, version 25H2 is available today through Windows Autopatch and the Microsoft 365 admin center. It is also available for download from the Microsoft Software Download Service and Visual Studio Subnoscriptions. On October 14, 2025, it will be available via Windows Server Update Services (WSUS).
https://redd.it/1nuj6hk
@r_systemadmin
https://admin.microsoft.com/AdminPortal/home?ref=MessageCenter/:/messages/MC1162857
>When will this happen:
For commercial organizations, Windows 11, version 25H2 is available today through Windows Autopatch and the Microsoft 365 admin center. It is also available for download from the Microsoft Software Download Service and Visual Studio Subnoscriptions. On October 14, 2025, it will be available via Windows Server Update Services (WSUS).
https://redd.it/1nuj6hk
@r_systemadmin
Reddit
From the sysadmin community on Reddit
Explore this post and more from the sysadmin community
"How do I get myself to care about this?" or - "maybe it's time to buy a goat farm?"
TL;DR: lost a job I loved, the IT job market sucks, maybe I should be glad to have any job and quit whining? Not sure if others are experiencing this or what to do about it.
A little back story - I've been doing this for too long probably, this is my 29th year I think. I probably should have changed careers a long time ago but the timing and opportunity has never been right.
Before, during, and just after covid I worked my ass off and earned a pretty good paying spot managing an IT department in a healthcare org in the midwest. I finished a bachelor's degree, started a masters, and piled on a ton of certs in about a 2 year period. I worked very hard, many long days and nights and lots of 50-60 hour weeks at work to handle some bad situations and eventually was rewarded with a very good job and fantastic pay. I LOVED what I did and the people I worked with, and I was personally devoted to my responsibilities. I really cared about what I was doing. I was personally mentored by the CIO and CEO and learned more in a few years than I had in a decade before. I was MOTIVATED.
Company politics changed, the CEO and CIO left, nepotism reared it's head and my position was eliminated so that the new CEO could hire his old friend to lead a reorganized IT structure. I saw it coming but it didn't make it any easier. The environment had turned utterly toxic about 3-4 months before and I realized later on that was them trying to force me out.
I spent a few months trying to figure out what to do next and eventually landed a middle IT management position in a different industry. Pay sucks, the org is backwards, nobody here really cares about what we're doing and overall it's very hard to get motivated to do any of this since nobody else seems to think what we're doing matters.
Every day I struggle with getting going, something that I NEVER had trouble with in the past. I can't make myself care about the work I do beyond doing it to get it done because "it's my job".
The job market sucks, I'd have to uproot my family of wife and 4 kids to move to a different state to make any significant improvement in job prospects, which would be really hard for reasons... In the last 2 years I've applied for over 500 jobs between in-person and remote, and the only ones I've seen offers for were very low paying relative to my experience and qualifications (<80k) or would have been very stressful on my family.
I've been through work burnout before, reinvented myself and my job and come out the other side better and stronger. There was always another opportunity to tackle.
Now this just feels like an impassable wall. There are few/no jobs here, the economy is going to hell. IT jobs are vanishing like a fart in the wind and other options are very limited. This is badly exacerbated by living in a fairly rural area where tech jobs are about as rare as hen's teeth.
Has anyone else dealt with this situation before and how did you handle it. Did you get through it or did you end up raising proverbial goats? Anyone want to offer advice or just tell me to quit whining maybe?
Are things hard for anyone else lately?
Apologies in advance if this is just a bunch of complaining about things everyone else has already talked to death.
https://redd.it/1nul0mb
@r_systemadmin
TL;DR: lost a job I loved, the IT job market sucks, maybe I should be glad to have any job and quit whining? Not sure if others are experiencing this or what to do about it.
A little back story - I've been doing this for too long probably, this is my 29th year I think. I probably should have changed careers a long time ago but the timing and opportunity has never been right.
Before, during, and just after covid I worked my ass off and earned a pretty good paying spot managing an IT department in a healthcare org in the midwest. I finished a bachelor's degree, started a masters, and piled on a ton of certs in about a 2 year period. I worked very hard, many long days and nights and lots of 50-60 hour weeks at work to handle some bad situations and eventually was rewarded with a very good job and fantastic pay. I LOVED what I did and the people I worked with, and I was personally devoted to my responsibilities. I really cared about what I was doing. I was personally mentored by the CIO and CEO and learned more in a few years than I had in a decade before. I was MOTIVATED.
Company politics changed, the CEO and CIO left, nepotism reared it's head and my position was eliminated so that the new CEO could hire his old friend to lead a reorganized IT structure. I saw it coming but it didn't make it any easier. The environment had turned utterly toxic about 3-4 months before and I realized later on that was them trying to force me out.
I spent a few months trying to figure out what to do next and eventually landed a middle IT management position in a different industry. Pay sucks, the org is backwards, nobody here really cares about what we're doing and overall it's very hard to get motivated to do any of this since nobody else seems to think what we're doing matters.
Every day I struggle with getting going, something that I NEVER had trouble with in the past. I can't make myself care about the work I do beyond doing it to get it done because "it's my job".
The job market sucks, I'd have to uproot my family of wife and 4 kids to move to a different state to make any significant improvement in job prospects, which would be really hard for reasons... In the last 2 years I've applied for over 500 jobs between in-person and remote, and the only ones I've seen offers for were very low paying relative to my experience and qualifications (<80k) or would have been very stressful on my family.
I've been through work burnout before, reinvented myself and my job and come out the other side better and stronger. There was always another opportunity to tackle.
Now this just feels like an impassable wall. There are few/no jobs here, the economy is going to hell. IT jobs are vanishing like a fart in the wind and other options are very limited. This is badly exacerbated by living in a fairly rural area where tech jobs are about as rare as hen's teeth.
Has anyone else dealt with this situation before and how did you handle it. Did you get through it or did you end up raising proverbial goats? Anyone want to offer advice or just tell me to quit whining maybe?
Are things hard for anyone else lately?
Apologies in advance if this is just a bunch of complaining about things everyone else has already talked to death.
https://redd.it/1nul0mb
@r_systemadmin
Reddit
From the sysadmin community on Reddit
Explore this post and more from the sysadmin community
Hopefully not crying wolf....but RSAT on 25H2 is crashing my PCs
I had this issue a couple weeks ago when 25H2 was "released", but was released as its build number rather than through the pretty finalized version.
With it going live today, I figured I'd download the media again and try again.
Whenever I open something installed by RSAT (AD Users & Computers, for example), my system freezes, clock stops, fans spin up.
I had to wipe 2 computers and start over last time, and right now, it looks like I'll have to either roll back the update, or reinstall and not use RSAT.
So....heads up. Upgrade and fresh install, RSAT seems to not like 25H2.
It was installed with the following noscript Get-WindowsCapability -Name RSAT* -Online | Add-WindowsCapability -Online
I know there's an offline installer, but I don't know if they've made it available yet (or at least where to look for it).
I don't think using the GUI would make things any different...but I'm not sure yet. I rebooted this laptop and now RSAT is working fine after the reboot, which is different from how it acted last week. Last week, I could open the admin tools and I was crashing my system like clockwork.
https://redd.it/1numhtb
@r_systemadmin
I had this issue a couple weeks ago when 25H2 was "released", but was released as its build number rather than through the pretty finalized version.
With it going live today, I figured I'd download the media again and try again.
Whenever I open something installed by RSAT (AD Users & Computers, for example), my system freezes, clock stops, fans spin up.
I had to wipe 2 computers and start over last time, and right now, it looks like I'll have to either roll back the update, or reinstall and not use RSAT.
So....heads up. Upgrade and fresh install, RSAT seems to not like 25H2.
It was installed with the following noscript Get-WindowsCapability -Name RSAT* -Online | Add-WindowsCapability -Online
I know there's an offline installer, but I don't know if they've made it available yet (or at least where to look for it).
I don't think using the GUI would make things any different...but I'm not sure yet. I rebooted this laptop and now RSAT is working fine after the reboot, which is different from how it acted last week. Last week, I could open the admin tools and I was crashing my system like clockwork.
https://redd.it/1numhtb
@r_systemadmin
Reddit
From the sysadmin community on Reddit
Explore this post and more from the sysadmin community
Sysadmin being forced in IAC/DevOps
Hi, first of all, English is not my main language, so sorry if it’s not clear.
I’m 40 years old, sysadmin for 10 years now, did level 1, 2, 3 tech before that. Total of 22 years in tech.
I’m the main admin for our Azure, I’ve been deploying, securing and managing all our resources through the portal for years now.
Now I’m getting pushed by management to switch to IAC in DevOps and I feel so underwhelmed and honestly afraid.
I’m no developer and I feel like this is such a big change for me.
Any other sysadmin in the same situation as me ?
Any good place to start learning this ?
Thanks
https://redd.it/1nugkyk
@r_systemadmin
Hi, first of all, English is not my main language, so sorry if it’s not clear.
I’m 40 years old, sysadmin for 10 years now, did level 1, 2, 3 tech before that. Total of 22 years in tech.
I’m the main admin for our Azure, I’ve been deploying, securing and managing all our resources through the portal for years now.
Now I’m getting pushed by management to switch to IAC in DevOps and I feel so underwhelmed and honestly afraid.
I’m no developer and I feel like this is such a big change for me.
Any other sysadmin in the same situation as me ?
Any good place to start learning this ?
Thanks
https://redd.it/1nugkyk
@r_systemadmin
Reddit
From the sysadmin community on Reddit
Explore this post and more from the sysadmin community