What is better for mdm? Jamf or addigy?

Been watching videos on apple support to get a better idea since I never had to use mdm for apple . Not even in intune.

But I figured id ask this group sinxe some use either and would like some feedback.

https://redd.it/1nyuy29
@r_systemadmin

Crestron UC system with no vendor documentation

We have a Crestron teams room setup installed by a vendor who has since closed down. It's a Crestron UC system with an OptiPlex 7080 as the MTR device, Crestron TS-1070, Crestron UC Soundbar and Crestron Touchpanel-770-T.

The password on the touch panel has been set to an unknown value and the default Admin password on the UC system has also been set to an unknown password.

Teams Pro Portal has recently started giving us warnings about low disk space, time sync issues and USB Peripheral Power Drains so I figured it's time I reset these units, enroll them into Intune and start managing them properly.

I know how to do a factory reset on the Touchpanel-770-T, for the UC system, can I boot that into Windows Recovery mode and do a software reset on that (and then configure and enroll in Autopilot)? Ideally I'd prefer to reload the OS from scratch but I don't have access to the Win 11 24H2 iOT ISO (working on it) so is this my only option?

https://redd.it/1nyz2v4
@r_systemadmin

Hostname conflict killed DNS/AD - Now the original IP Addr is unusable on the AD. Ideas?

tl;dr hostname conflict spanned across two FQDN's and now DNS breaks if the IP of the device that lost the hostname fight is in use.

Long story short I have been slowly picking apart a mess of a network and some fun nonsense happened this evening. We have $DC1.domain.com (DC1) and $DC2.domain.com (DC2)- both also acting as primary and secondary DNS. DCname1 suddenly stopped reporting to our antivirus dashboard and an uptime indicator. Got into it with vcenter thinking it was powered off. It was on. Ran dcdiag and found an alert that $IPaddr is preventing $dcname1 hostname from being claimed by this PC(DC1).

Tracked down that IP and it was not supposed to be connected - but located it, We have an older network on an isolated subnet that is also $DC1.differentdomain.com (DC3) and $DC2.differentdomain.com (DC4), and I knew this may bite us eventually but them being in different subnets in different buildings and different FQDNs, and domain.com only having servers that are static IP assignments I was sort of putting it off.

Fearing that $DC2 would do the same thing if it conflicted with $DC2 I quickly renamed the differentdomain DC's (3&4) using netdom and verified they stayed working.

Now back to the main domain, I rebooted DC1.domain and still no dice. It throws a tantrum with nbtstat but other devices now properly ping and it returns expected results with tracert. DNS is acting like it is still dead though, and all reporting tools that use hostname for identification report the server as offline. I really don't want touch anything else until Monday, but if I give DC1 a different static IP and reboot it, nbtstat works, and every hostname based dashboard shows the device as online again. If I put it back to its correct IP that it had before this mess started, everything breaks. I also re-registered the DNS on DC1 and still nop dice.

What am I missing here? Any ideas on google paths to go down on Monday?

https://redd.it/1nz1dt4
@r_systemadmin

Audit and revoke all existing accounts that currently have add/remove computer permission

Hey everyone,

I am looking for some advice on how to properly audit and lock down who can add or remove computers from an Active Directory domain. I want to make sure only a dedicated service account (used by MDT for workstation deployments) has the ability to join or remove machines, and that no other users or groups can do it. I’m mainly trying to figure out the best way to audit all existing accounts that currently have this permission, whether it’s through Group Policy (SeMachineAccountPrivilege) or delegated OU permissions for creating/deleting computer objects.

I’d also like to know how experienced sysadmins typically implement this restriction—should I rely entirely on GPO, or also check and remove any inherited or delegated ACEs in Active Directory? Basically, I want a clear and repeatable way to identify every account or group with join/remove rights and then enforce a least-privilege setup using MDT.

Any recommended noscripts, best practices, or methods to audit and tighten this would be greatly appreciated.


Thank you.

https://redd.it/1nz48ue
@r_systemadmin

Bob quit, now step up !

I can't be the only one in this situation.

Working for a very large IT firm for the past 20 years. Been doing all kind of things, but one thing is always the same.

When I transitioned into the storage team, there was Bob and a junior responsible for an extreme SAN, multiple PB serving thousands of servers,

I learn fast, and am quite good with IT in general, but I am no Bob, I can't be Bob, some people just have it all and no amount of studying will get you there.


Problem is, Bob quit, he will be leaving in 1 month.

I tell management, you have to find another Bob.

Their response is that there is no Bobs available in the market. We will promote a guy from servicedesk who is hungry to learn. You will now be Bob..


In my opinion that is a horrible choice, I do NOT have the knowledge to run this complex setup. Sure, I can probably keep it afloat but if A or B happens we are SOL and it will affect thousands of people and the money lost can't be counted.


What are the options, just move and hope the next place have a Bob ?

https://redd.it/1nz9vty
@r_systemadmin

Am I being exploited for my job noscript?

First of all, I'm from Brazil and work on-site on a medium legacy garments ERP system, on-premises.

February I got my first job which is this one that I'm right now, labeled as a IT Support Analyst Jr.

However, I get paid a net salary of roughly 1250, which is lower than the minimum wage, because I have to get a bus to work, so they gave me a pass card that gets discounted drom my salary.

Almost 8 months in I already started feeling down due to me being able to do tasks ranging from simple things like user counseling to hard ones like major incident, DBA monitoring, elaborating complex SQL queries (yes, I do use AI, but more as a means of learning and a tool). There's little to no documentation whatsoever so when an incident happens, I do have to figure out how the system routine works before writing a ticket, and that's very time consuming and stressful and if I happen to write a ticket with information that's not worthwhile or worthless (don't know the exact word for this) the QA lead gets mad about that, and always keep flaming our support team. They hate our sector, for some reason.

The thing is, I can learn pretty quickly, can multitask pretty easily nowadays and also went through major incidents, like helping migrate our company server to the cloud, but I feel that all my opinions on a subject, they seem to just blush off, and guess what? shit happens and I go like "well, I warned you."

I just I could land a remote job because this is pretty depressing and always feeling down after work, no motivation whatsoever to study, I have no money because I'm the one who's putting food on the table at our parent's house, can't get certifications due to me having this shitty wage. And yes, I have no college, just a self-taught guy from Brazil.

My CSAT score is pretty good with over 90% rating and that keeps me happy. But damn, I really hate on-site jobs. Things in Brazil are chaotic and feel unsafe everyday I leave my home to the office just to turn a PC, something I could do at my house.

https://redd.it/1nzaoko
@r_systemadmin

Anyone else notice clients are getting way stricter about how we access their systems?

recently i landed a contract and instead of giving me a VPN login, they made me install a special chrome profile with restrictions. No copy/paste into google docs, can’t even upload files to dropbox from that tab. Its kinda nice because it does not mess with my laptop like some heavy MDM software, but it did feel like big b watching. Are other freelancers seeing this trend?

https://redd.it/1nzdm8w
@r_systemadmin

Moronic Monday - October 06, 2025

Howdy, /r/sysadmin!

It's that time of the week, Moronic Monday! This is a safe (mostly) judgement-free environment for all of your questions and stories, no matter how silly you think they are. Anybody can answer questions! My name is AutoModerator and I've taken over responsibility for posting these weekly threads so you don't have to worry about anything except your comments!

https://redd.it/1nzevwd
@r_systemadmin

How to deal with a colleague

Lately I made a post but I expressed myself badly and my English is poor people made fun of me.

I have a new job as a sysadmin.
120 users 130 to 140 computers. I don't know the number of servers because my colleague refuses to give me this information. My colleague uses the norms and standards that he invented according to his logic. He's doing computing with his own rules. He doesn't know ITIL and he doesn' tcare about mister cybersecurity. I am lost.
I would like to know what are the best practices to have and to deal with him.

He doesn't want software to do the inventory. He doesn't want centralized authentication, no LDAP and no active directory. He doesn't want antivirus. He doesn't want remote control software. He doesn't want software deployment software. He doesn't want ticketing software.

I am a system administrator engineer. He has the same job.

He regularly takes me for a technician who has neither skills nor experience. For example, he gave me a how to install Windows 10 step by step.He constantly criticizes me for not understanding my French. I'm French, born in France, and my mother tongue is French. He's the only one at work who doesn't understand my French. How to avoid having problems with him??


https://redd.it/1nzciwu
@r_systemadmin

What’s your best strategy for safely giving non-technical teams access to server resources without compromising security?

What’s your best strategy for safely giving non-technical teams access to server resources without compromising security?

https://redd.it/1nzgtvp
@r_systemadmin

Any experience with private backbone VPNs for lower latency

We have teams in EU and North America, but most of our infrastructure is hosted in the US. Users in EU are experiencing high latency around \~90-110ms over VPN,which is hurting productivity for real-time apps.

I am looking into private backbone options to improve routing between regions and reduce dependency on the public internet. Ideally, something that can reliably cut latency.

Has anyone tried routing traffic through a cloud region closer to users in Europe and then exiting in the US over the provider’s internal network? I am considering AWS, Azure, or GCP, but I am concerned about egress costs scaling with traffic.

I’d love to hear your recommendations for SD-WAN or private backbone solutions to optimize cross-region performance. I’m open to any suggestions that could help us get those ping times down, ideally under 60ms. Thanks.



https://redd.it/1nzeuv8
@r_systemadmin

Gifs in Teams on latest mobile version

I recently got a complaint from a department that they no longer had the ability to send gifs in Teams and that the internet had told them that we had shut it off (IT here is not some weird cartoon villain so I know it was nobody in my department). I don't some troubleshooting and find the solution by creating a policy in app admin center enabling optional connected experiences, which Microsoft recently changed to be off by default.

Every PC can send gifs again, but only some mobile users can. I did a little digging and I realize those with older versions of Teams on mobile are able to send them again, but those who have updated to the latest version cannot. I updated my own app to test this theory (I never use them anyway) and confirmed this feature is not working on the latest mobile version. I am trying to troubleshoot but all results I am getting are referring me to a policy I already have enabled. So hail Mary time - has anyone else noticed this issue? Have you managed to find a way to fix it?

TL;DR: how do I fix Teams not sending gifs in the newest version of mobile? The policy is already enabled for allowing optional connected experiences.

Edit: options for sending through keyboard are greyed out, sending through built in emoji tool is just not there

https://redd.it/1nzjh25
@r_systemadmin

What are the most in demand skills needed for Sysadmins in 2025?

Hi everyone. I wanted to start of by saying that I know Sysadmin is probably the most overused and generic job noscript in the industry right now, and that what you actually do as a sysadmin will vary greatly from company to company. However, I'm certain there must be some skills that are applicable to most environments such as networking, understanding of server operating systems, etc.

I was in help desk at my previous company for a while but had no upward growth (small IT department with one sysadmin.) I'm just starting a new help desk position with a bigger company that will hopefully have more growth potential, but I want to try to get ahead and show them I'm capable of learning and dedicated to improving. I just setup a Proxmox server and was thinking of setting up a small Windows environment. What are the most important skills that would show an employer that I'm capable of doing more than just help desk?

https://redd.it/1nzl80k
@r_systemadmin

How do you deal with not getting recognition for your work?

I know as sysadmins, and IT professionals, we don't do the job for "Thank yous" or pat on the backs. But a lot of what we do is behind the scenes and only noticed when something breaks or goes wrong.

Lately, its been bothering me that a lot of my work I get done ends up getting credited to my only other co-worker, because (at least I think) he has been here longer (me less than a year, him 7+ years) but it's frustrating when I'm putting in the effort and improving things, or fixing things only for them to thank my co-worker for doing it. Now I will say this is coming from end users, and not our boss

I'm trying to focus on the fact I am doing my job, making my environment more secure and reliable, but I'd be lying if I said it doesn't suck sometimes.

So, how do you all deal with this? Do you just accept that its part of the job? Do you find ways to make your work more visible without coming off as someone who just wants to be seen?

https://redd.it/1nzm1ae
@r_systemadmin

I just don't care like I used to

I'm doing what I always wanted and feel lucky to get paid for it, but I just don't put in the same level of effort. I'm not burnt out, I just don't care / am coasting.



I put in a solid 80% 4 out of 5 days a week and maybe 85% on the 5th day. But my 80% looks like most peoples' 95%.



I don't know if there is an industry term for this, but I know alot of you probably know hat I am talking about. There is this lack of "curiosity" that stunts peoples' growth both technically and career-wise. It's this lack of technical curiosity, context awareness, or systems thinking.



Some people in support or ops get really good at following documented steps (“If X happens, do Y”), but never go beyond that. They don’t stop to ask why the steps exist or how the system behaves behind them.



Anywhere I've been, I've bubbled up to the highest level of support. I've been in Infra and Operations pretty much my whole career. And I did it by being curious to understand what certain errors meant, what things touched, and how the underlying systems works. I got to a point this is second nature.



Our Dev QA manager reached out last week saying, "I can't access this thing." And because I make it a point to know how everything I touch works - I took one look at his screenshot and used three pieces of information to immediately identify the problem. Something he should be able to do by knowing how we set IIS connect-as across the org, the naming convention we use across the org, etc. Basic things.



I feel like no one makes an effort. A senior compliance engineer who owns our Doc Control system messaged me to ask if we had a process for x. She didn't even try / think to search Doc control.



I'm the highest level of support where I am now, I'm the backstop - the final boss... Lower level support escalates things and it's clearly a bug. Things like a SQL column missing. So I send it back and say, "Hey this is a bug. It's missing a SQL column named X. I highlighted he error and drew and arrow to the column name. Create a bug escalation please." They say okay but then respond two days later, "Hey I still can't solve this can you help."



And it just makes me not care to help them because they didn't even factor in that the sooner they got this to Dev the sooner the customer would have a fix. Just that lack of foresight / lack of a sense of urgency. And because I gave them everything they needed to succeed. I told the what to tell dev, formatted the screenshot with a big red arrow, etc. And idid express this to my boss - that they needed to put in more effort and he did tell me they had just had a meeting over it that morning because others complained to.



It's not just support. Manager don't do major manager things and they say, "No one explicitly asked me to do that."



When I was strting out - I didn't have anyone senior mentoring me. I didn't climb levels I-IV. It was all sink or swim. From my year on a help desk to my first real job as a Sys Admin II. I became the king od support because I learned how our web app worked. I learned that pages were powered by SQL veiws, processes by SPs, data by tables. I learned the naming conventions, the FKs, etc. Then when a page was endlessly loading I was able to identify the view, which let me identify the tables, which let me find where an index had been dropped and get it re added. No one taught my that. I just learned it by being curious as I worked in these systems day to day supproting everything.



And I took my knowledge of the databases and the tickets coming in to build automated data processes that took hour long requests down to 5 minutes by writing SPs and building standard data processes. No one tuaght me that or suggested we do it. We needed more time in our day and there was no one else around to solve the problem.



One of my first projects was Jan 2015 moving the entire company's email and archiving I just started for into 365 with no background in 365. And I quickly learned certain things were not in the GUI so I taught myself PowerShell to

get it done.



I'm just to the point I'm eleven years i nand Im coasting. i do worry because I'm only 36 and the markt is so rough, but all i care about is stuffing the max allowed each year into my mutual funds. If I can stay ahead financially I have plenty of skills I can leap frog into something.



And it's just annoying because anywhere I've been, I've just naturally bubbled to the top but not for doing anything special - but just for making minimal effort. My first place got acquired and then merged and I was moved into the Engineering Dept under the Infra team because I had helped the manager and team cut over a lot of infra and impressed the manager and a VP. And even that was mostly just knowing where the bodies were buried because again, I look around and learn the systems I touch. And he'd constantly call me to thank me for figuring something out because no one else even tried because they were too scared they wouldn't know how to solve it in the end.

There was a time I'd walk people through things and explain it a few times. Now I just don't feel like they deserve it. And I shrink communication down to the minimum to avoid back and forth and save my sanity. I will literally say, "I just made a change right now at 13:25 Pacific. Please test. If you tested before 13:25, that test is irrelevant. Please test again as of right now."

So now I'm just coasting, but everyone comes to me when it doubt.

Go ahead and troll me and tell me how all of this is my fault.

https://redd.it/1nznkho
@r_systemadmin

Experiences with PDQ?

I am an IT Specialist and I want to convince my manager to purchase the PDQ Suite next fiscal year. We already use the free version for deploying noscripts, but it seems like the paid version has many more features to offer and utilize. I am looking at the big three they offer, smartdeploy, PDQ Deploy, and Inventory.


We currently use WSUS to manage updates and such, and I see that Deploy can also do some managing of updates. It seems like it's not a full replacement, but could be a great addition to help smoothen things out.


We are in the process of creating a deployment server, and it has been a pain to get going. SmartDeploy looks like it could make it much easier and simpler.


As I said, we already use the free version to deploy some noscripts, and looking through the feature set of the full version, it looks like something that we could utilize almost daily, and it could be something that makes our lives much easier.


I just wanted to see if anybody here has any experiences, negative and positive, with PDQ Applications. It seems great for the price, there are only 3 of us so the licensing wouldn't be too bad. price to feature set seems extremely fair to me.

https://redd.it/1nzl0y8
@r_systemadmin

RDS - is there a future or no?

Trying this again; looking for opinions on the viability of remote access systems like RDS / Citrix for the future. I'm a big fan of the technology and I believe that it's the future but due to lack of support from microsoft and the push towards technologies like 365.

To add more detail I mean as a primary access system rather than a one off used to grant access to 32 bit systems.

Just looking for opinions - do you see RDS as a viable technology going forward?

https://redd.it/1nzqkgq
@r_systemadmin

Do you guys have Credential Guard turned on?

I haven't had any problems with Intune, so it does interest me. Can someone persuade me why I need an extra container to save my passwords and secrets? The configuration doesn't seem worth it, but I'm not really seeing the value in virtualization-based security, or VBS as they call it.

https://redd.it/1nzue3q
@r_systemadmin

Dumbest "Portable Monitor" for meetings

Hey folks. I'm stumped on trying to find a clean solution to this problem.

I have a general manager who is itching for a dumbed down solution to duplicate a monitor on a portable screen. He is insistent on standing in the furthest corner away from our 85" TV in the boardroom and frustrated that he cannot read the financials.

Without looking at purchasing a permanent second monitor/TV or to run an app-enabled screen - what are any ideas to give this GM the ability to have a personalized monitor to watch through a presentation?

My only idea is to run a portable monitor with a wireless HDMI dongle, but that's still cables galore that needs to be managed. Hoping maybe someone has done something as stupid as this.

https://redd.it/1nzx4f8
@r_systemadmin

Microsoft killing more methods that allow local account creation during W11 oobe

https://www.windowscentral.com/microsoft/windows-11/microsoft-triples-down-and-blocks-even-more-microsoft-account-bypasses-on-windows-11-an-online-account-is-non-negotiable

>"We are removing known mechanisms for creating a local account in the Windows Setup experience (OOBE). While these mechanisms were often used to bypass Microsoft account setup, they also inadvertently skip critical setup screens, potentially causing users to exit OOBE with a device that is not fully configured for use. Users will need to complete OOBE with internet and a Microsoft account, to ensure device is setup correctly."

Gotta trap people in the MS OneDrive ecosystem

https://redd.it/1o01y1m
@r_systemadmin