WSUS only sees a handful of PCs for Windows 11 upgrade, rest “Not Eligible”

Hey all,

I’m new to sysadmin and running into weird WSUS behavior with Windows 11 feature upgrades.

* WSUS initially wasn’t listing Windows 11 at all. A user on here saved me by mentioning it because I noticed the GPO **“Prevent the wizard from running”** under **Add features to Windows 10** was disabled. Setting it to **Not Configured** suddenly made all eligible PCs show they needed the upgrade.
* I tried configuring GPOs for automatic downloads so users could just schedule a restart. A few days later, WSUS showed **only 3 PCs needing Windows 11**, with the rest marked **Not Eligible**.
* Checked GPOs again, everything seems correct for feature updates but still inconsistent. Today it shows **9 PCs needing it**.

Has anyone seen WSUS fluctuate like this with feature upgrades? How do you reliably push Windows 11 to a domain without most machines showing as “Not Eligible”?

Thanks, just trying to get a smooth rollout without breaking anything.

https://redd.it/1nvgu48
@r_systemadmin

Tip: Prevent Microsoft from swiss cheesing your firewall

Have you ever spent any time (hours/days/weeks) trying to harden your windows firewall only to have those carefully curated rules turned into swiss cheese with stupid fucking rules for shit like ZuneMusic, Game Bar, Your Account, or the Windows CLOCK? Be molested no more! Your saviour is Group Policy. Make YOUR setting stick.


Run GPEDIT.MSC. Navigate to Computer Configuration/Security Settings/Windows Defender with Advanced Security and select Windows Defender Firewall Properties. For each network profile you use click on the Settings button, then set Apply Local Firewall Rules to No. Viola. Microsoft's baffling attempts to lower your security will henceforth be ignored. ONLY firewall rules defined in this policy will apply (or the domain policy if you're using AD (in which case, go talk to your admin instead)). Probably don't do this if you're remote. I do recommend defining your polices in the GPO first, or defining them in the firewall MMC where you can export them for use in group policy.

https://redd.it/1nvg629
@r_systemadmin

This phrase always hits the feels

When you are solo SysAdmin and see this: Customers may need to consult their IT administrator or IT Department.


Bro, I am the IT department and everything that comes with it, what more do you want?

https://redd.it/1nvj3vj
@r_systemadmin

Microsoft finally gave us what we've been asking for!

Microsoft has apparently been listening to the community very closely, and has announced new icons for the Office suite... again!

Don't worry about making "new" Outlook feature complete with "classic" Outlook, or making the 365/Azure admin centers faster, or streamlining licensing. That's all useless junk. Icons are what we need!

/s

https://redd.it/1nvl2bt
@r_systemadmin

Fallout After Layoffs

Asking as a greenhorn trying to survive. What do you do after a layoff when you weren't picked to go? As in, how do you pick up where others got left off at and try to keep the ship sailing?

I'm just looking for advice and strategies to keep going with the extra overhead that appeared.

https://redd.it/1nvhufv
@r_systemadmin

Do you back up your ticketing system?

We've had several ticketing systems over the years, but have never backed them up. Others in the team don't seem to consider the data valuable. I had to argue for increasing the archiving period for our existing system, and no one else worried about exporting the tickets from our previous systems.

99% of our old tickets are probably worthless, but I'd hate to lose any with valuable historical information.

What does everyone else do?



https://redd.it/1nvnv7s
@r_systemadmin

Does The Use Of AI Make Me A Shitty Professional ?

I have 8 years of experience working with Microsoft based systems (mainly O365 and Windows) in end-user support. I was laid off and out of work for 8 months. I also have a degree in Cloud Computing based systems and have always wanted to move into that side of the field.

In June, I landed a job as a Cloud Admin. I’m now responsible for nearly every aspect of our organization’s AWS and Azure environments from networking, IAM, infrastructure, etc. For the first time in my career, I’m working in an environment with no training wheels. There’s limited support for complex issues and no real backup. I’ve also fully transitioned away from end-user support and now work strictly on infrastructure.

At the beginning, I was really struggling to understand certain things. And really had no one to ask, So I decided to use ChatGPT to help me work through a specific issue and it honestly opened my eyes. It’s allowed me to say “Hey, I’m thinking of approaching this issue like this, what do you think?”. Which I can't always do with a person. I don't use it for everything.

Lately, I’ve been second guessing my ability. I’ve never relied on AI tools in the past, especially when working with Microsoft systems. Back then, I had years to gradually ramp up on complexity and always had senior engineers around to help if needed. But now, I don’t have that luxury. AI has become a powerful tool for me, and I sometimes wonder if would I even be able to do this job without it? It’s made me question how good I really am at what I do.

Has anyone else gone through this?

https://redd.it/1nvtfnh
@r_systemadmin

Servicedesk newcomers, how to navigate the use of chat-gpt

Hey,

First time in a leadership role for servicedeskers and don't want to impose new ways of searching and getting info for people straight out of school (or just young people) and they use chat-gpt a lot for looking up information.

However, my issue is that if someone calls, or mails, they just enter it into chat gpt and forward the response back to the user.

I always encourage critical thinking and manual searching but you can tell that the younger generation mostly use AI to lookup things.

Whenever I try to nudge them into using google search or by thinking yourself, they usually brush it off and go towards chat-gpt again.

How can I educate them properly, without being a strict parent and just saying NO to chat-gpt? For me they can use it, but they should also read and think critically about what they read and not just blind forward.

https://redd.it/1nvwuhu
@r_systemadmin

Thickheaded Thursday - October 02, 2025

Howdy, /r/sysadmin!

It's that time of the week, Thickheaded Thursday! This is a safe (mostly) judgement-free environment for all of your questions and stories, no matter how silly you think they are. Anybody can answer questions! My name is AutoModerator and I've taken over responsibility for posting these weekly threads so you don't have to worry about anything except your comments!

https://redd.it/1nvzm5n
@r_systemadmin

Looking for specific examples of incidents where shadow IT has caused a significant business impact.

As the noscript says, however dr Google isn't giving me any juicy enough leads. I'm writing some internal education documents and am looking for some examples to cite.
Google search is currenly giving me page after page of vendors selling their services and how they will fix a shadow IT problem drowning out the original query. I have tried varying the search, but not getting many results that quantify specific damages or case studies.
So, here I am asking my fellow sysadmins if anyone can point me in the right directions for some good sources of where people have acted without IT oversight but didn't have malicious intent.

Thanks in advance.

https://redd.it/1nvtndg
@r_systemadmin

For this first time in my career I’m working at a company with a dedicated Security team and I fully understand now why having SysAdmin experience should be absolutely necessary to be on a CyberSecurity team…

I’ve seen people here complain about kids fresh out of college joining their company’s Sec team and making ignorant requests, but only now do I understand.

Younger kid on our security team submitted a ticket, assigned it straight to me and not our team’s queue (ugh), saying “Hey I found this noscript online, could you run it on these three prod machines for me? Feel free to run whenever. Thanks!”

Links to some random blog post, noscript requires some package dependencies to be installed, noscript ends with a reboot command, bunch of cURLs & chmod’s in it.



https://redd.it/1nw6sks
@r_systemadmin

CrownCastle NYC area internet issues

Anyone able to get a ticket open for Crown Castle internet issue that seemed to start around 11:15am EST today? I'm in southwest CT, circuit is flapping and feels like routing issue when it's up. OR could just be flapping.

https://redd.it/1nw7al5
@r_systemadmin

As a SysAdmin, i should not have to....

I'll start:

...teach my IT Manager how to navigate folders in PowerShell.


Add:

They were promoted to their role as IT Manager from....


SysAdmin.



I now see my post was a little light on some details.

https://redd.it/1nw87ue
@r_systemadmin

Computer names - by user

My boss is asking the question, what do you think of naming the computers with the user's login or part of it? Example:  jobsite-username

Any thoughts if this is a good or bad idea? At first glance, I'm not a fan of it, being staff comes and goes.

https://redd.it/1nw917k
@r_systemadmin

Management wants to roll out a time tracker. What technical issues am I bound to run into?

The higher-ups have tasked me with deploying a time tracking tool for our remote fleet. HR already did the vendor selection and they've handed me Monitask.

My job isn't to debate the policy, it's to make sure the rollout doesn't become a technical dumpster fire. I'm already thinking about the obvious stuff like GPO deployment, potential conflicts with our EDR, and making sure it doesn't hog resources on older laptops.

For the sysadmins here who have had to deploy this kind of agent-based software, what were the unexpected headaches? Anything I should be testing for specifically that isn't in the standard documentation?

https://redd.it/1nwaygd
@r_systemadmin

Pour one out for the Crown Castle Network Admins and their customers

Outages all over the Northeast and Florida.

https://downdetector.com/status/lightower/map/

Happy Thursday!

https://redd.it/1nwadif
@r_systemadmin

Sysadmins… Microsoft is keeping your job safe..

I know nothing about what you people actually do, but I assure you that your job is safe… and Microsoft is making sure it stays that way.

As a small business owner, dealing with Microsoft is a COMPLETE nightmare for us common folk’. They move everything all over the place in their admin centers, they re-name things, and they don’t even bother to update their help articles…and even Co-Pilot just feeds you out-dated info.

I’ve literally spent 1 week on & off just trying to get my email to apply a retention policy and tag to move email messages from my mailbox into the auto-expanding archive. A WEEK! Finally, I resorted to powershell, which is 100x easier then snooping around 4 admin centers + Purview (wtf is purview?)

It still hasn’t moved anything whatsoever, but at least I confirmed everything is set up correctly.

In summary, you’re safe, and I salute you 🫡.

Thanks.

https://redd.it/1nwggqp
@r_systemadmin

CISA.DHS.GOV - Suspicious E-mail - Anyone else?

Anyone else in .gov just get a suspcious e-mail from an address on "@cisa.dhs.gov" with a .txt file attachment?


Subject: Hello

Body: Dear hello

Partial Attachment: (The Access Key and Secret Access Key I edited, because it was complete)

url https://hgsm1yxlxd.execute-api.us-gov-west-1.amazonaws.com/



IP 10.5.4.24, 10.5.2.193, 10.5.16.109

Creating IAM resources for email sender...

Created role: arn:aws-us-gov:iam::048250888335:role/lambda-email-sender-role

Created policy: arn:aws-us-gov:iam::048250888335:policy/lambda-email-sender-policy

Created user: email-sender-deployer

Access Key ID: XXXXXXXXXXXXXXXXX

Secret Access Key: XXXXXXXXXXXXXXXXXXXXXXXXXXXXX

Save these credentials securely!



IAM resources created successfully!

Lambda Role ARN: arn:aws-us-gov:iam::048250888335:role/lambda-email-sender-role

Use the deployment credentials to run the deployment noscripts.

https://redd.it/1nwginy
@r_systemadmin

CISA emails during gov't shutdown.

Curious, assuming it can't just be me...but did anyone else get an email from a specific person at CISA with an attachment that lists their credentials for what appears to be their Amazon Simple Email Service? Since the gov't is shutdown, I'm assuming CISA is as well, so I'd have been surprised to get any email from them...much less something that obviously shouldn't have been sent out.

https://redd.it/1nwhdoa
@r_systemadmin

CFO wants to know why our IT costs doubled when we went remote

Pre-remote: 100 employees, $180k annual IT costs, everything made sense.

Post-remote: 100 employees, $340k annual IT costs, CFO breathing down my neck.

The cost breakdown is painful:

- International shipping that costs 40% of equipment value
- Timezone support coverage (we now need 16 hour IT support)
- Equipment recovery when people quit (apparently $500 per laptop minimum)
- Compliance consulting for different countries
- Multiple vendor relationships instead of one local supplier

CFO keeps asking "why can't you just do the same thing but remote" and I'm running out of ways to explain that distributed IT is fundamentally different from office IT.

Anyone else getting roasted by finance for remote IT costs? This feels unsustainable but going back to office-only would lose us 60% of our talent.

https://redd.it/1nwlpo4
@r_systemadmin

Greybeards - has it always been like this?

I know it's a bit of a cliche at this point, but everything in the IT industry feels super uncertain right now.

Steady but uneven rise of cloud, automation, remote work, AI etc. But none of that is settled.

For context, I'm about 6 years into my IT career. It used to be when helpdesk would ask me "what should I specialise in" I would have an answer. But in the last couple of years I'm at a loss.

For those who have spent longer in IT - have you seen this happen before? Is this just tech churn that happens ever X number of years? Or is the future of IT particularly uncertain right now?

https://redd.it/1nwu143
@r_systemadmin