Teams meeting AI note taker virus

We use teams to meet with external parties often. Occasionally someone will click on a link in a meeting that says it's an AI not taker. The user just clicks the link out of curiosity. Suddenly that AI is adding itself to every meeting that user is in and then it spreads to the rest of Teams. The one I'm dealing with right now is fireflies.ai. Seems like the only way to get it to stop is go to their site and delete the account. How is it possible that Microsoft would allow a vulnerability like this? Is there not a way to prevent this kind of thing? I have blocked the app as stated here https://learn.microsoft.com/en-us/answers/questions/4429002/removing-fireflies-ai-note-taker-bot-from-microsof
but that doesn't seem to fix the problem of the note taker messaging everyone after every meeting. Any advice?

https://redd.it/1o0njwy
@r_systemadmin

Anyone else getting Entra Connect Alerts today (10/7/25)?

Earlier I got "Password Hash Synchronization heartbeat was skipped in last 120 minutes". I restarted our Entra Connect server even though everything seemed to be running fine. I checked M365 admin center and the password and directory sync are working without errors. Now I get another warning "Health service data is not up to date". Is anyone else getting Microsoft Security emails about this or see it on the Azure portal? Running various powershell cmds and everything seems healthy on my server.

https://redd.it/1o0p1d2
@r_systemadmin

A PowerShell module to help recover from "oops, we deleted C:\Windows\Installer to save space"

So… you (or someone before you) tried to free up disk space by “cleaning” `C:\Windows\Installer` — maybe even ran one of those noscripts floating around that only checks the *Patches* registry keys (`HKLM\...\Installer\UserData\S-1-5-18\Patches`) and deletes everything else.

Congratulations, you just broke updates and uninstalls for half the apps on the server.
SQL Server? Exchange? Azure Arc Agent? Yeah, they’re all crying now.

The [FixMissingMSI](https://github.com/suyouquan/SQLSetupTools) tool can find and repair those missing cache files, but it’s GUI-only and not really practical when you have hundreds of systems.

I built [FixMissingMSI.PowerShell](https://github.com/ITJoeSchmo/FixMissingMSI.PowerShell) to automate that process.

* Runs FixMissingMSI *non-interactively* through .NET reflection (no GUI)
* Collects per-host CSV reports of missing MSI/MSP files
* Builds a **shared cache** that’s *demand-driven* \-- only uploads files that a server has reported actually missing
* Lets you re-run repair jobs after the cache fills so other hosts self-heal
* Includes `Get-InstallerRegistration` / `Remove-InstallerRegistration` for dealing with broken product registrations. Remove-InstallerRegistration is built off of the PowerShell within [Microsoft's Program Install and Uninstall Troubleshooter](https://support.microsoft.com/en-us/topic/fix-problems-that-block-programs-from-being-installed-or-removed-cca7d1b6-65a9-3d98-426b-e9f927e1eb4d) for scrubbing broken MSI registrations (when repair/uninstall is hopeless, this enables a clean install).

Repo: [github.com/ITJoeSchmo/FixMissingMSI.PowerShell](http://github.com/ITJoeSchmo/FixMissingMSI.PowerShell)
PSGallery: [powershellgallery.com/packages/FixMissingMSI.PowerShell/1.1.4](http://powershellgallery.com/packages/FixMissingMSI.PowerShell/1.1.4)

MECM deployment example: [FixMissingMSI.PowerShell/examples/MECM.ps1](https://github.com/ITJoeSchmo/FixMissingMSI.PowerShell/blob/main/examples/MECM.ps1)

Feel free to use, fork, and adapt. If you’ve been bitten by a "cleanup noscript" before, this might save you a rebuild.

https://redd.it/1o0ra4c
@r_systemadmin

I think our public facing IP is getting blacklisted

A few weeks ago a dev at our company thought it was a good idea to write a noscript to check the Apple website for the availability of an iPhone he was looking for. It was a python noscript that hit a web page every 180 seconds and looked for certain keywords. He ran it for a little over 24 hours until it appears Apple started blocking it. The requests were failing with a page not found - 541 error.

At this point he told me about the noscript, he shuts it down, and we move on. I think it's probably not a big deal, and just a temporary IP block or something at Apple.

Ever since then other sites have slowly been blocking traffic from our corp network., and Apple is still blocking -- not the main site, just when you try to put an item in your "bag" to purchase.

New sites that appears to be blocking us are:

>\- Try to open the Sign In page on Costco.com \- This site can't be reached Error - ERR_HTTP2_PROTOCOL_ERROR

>\- Today, try to track a package at UPS.com \- Access Denied - You don't have permission to access "http://www.ups.com/track?" on this server.

We can access these sites without issue if we connect to our guest Wi-Fi, which goes out via a different ISP.

Maybe it's not related, but it sure seems like something is going on. Anyone seen anything like this? Any suggestions to try or resolve?

https://redd.it/1o0nbvo
@r_systemadmin

Got a ticket from a director… couldn’t find him because his Teams photo looks AI-generated from 2004

Just joined a new company this week, still figuring out who’s who and which coffee machine actually works.

Got a ticket from one of the directors, so I thought I’d be proactive and reach out to him in the office.
Naturally, I check Teams to see what he looks like.

Click his profile.. and I’m greeted by what can only be described as an AI-generated headshot from the Windows XP era.
Perfect skin, mysterious blur, warm studio lighting.

So there I am, wandering around the office like a lost intern, trying to match this perfectly airbrushed corporate relic to an actual human.
Spoiler: the real guy looks nothing like that picture. Easily 20 years older


Anyone else notice this trend? Or is my new office stuck in a parallel timeline where everyone still looks like their 2003 LinkedIn profile? 😅

https://redd.it/1o0wpy1
@r_systemadmin

To sysadmins solo or in a small team, what sneaky things do you do that you probably shouldn't?

Nothing malicious or illegal of course, I'm talking minor "workarounds" that you probably shouldn't be doing but do anyway, because you can. Similar to jaywalking, yes you probably shouldn't do it, but it doesn't hurt anyone when you do it.

I'll start, we have a standard password reset policy every 90 or so days, and obviously you can't reuse a previous password. I'll change mine, then use AD to simply revert it back to my original. Before people scream this is a security violation, this is a non-elevated account with zero admin privilege (yes I also understand changing passwords helps against the hash being accessible locally on the machine, but unless you change passwords every few days, it won't matter that much). I wouldn't do this on any privilege accounts (we utilize a PAM solution anyway).

Understandably, in larger organizations, it's harder to "get away" with stuff like this.

https://redd.it/1o0vtkq
@r_systemadmin

Microsoft Simplifies File Transfers of Departing Employees

Microsoft is planning to introduce several enhancements to simplify OneDrive file transfers for departing employees.

Key enhancements include:

Automatic OneDrive access delegation, where access is granted to the manager or designated secondary owner when a user account is deleted.
New filters to help managers quickly identify shared and important files.
An enhanced Move and Share feature that enables bulk file transfers while preserving existing permissions.
More prominent account cleanup notifications, making it less likely for them to be missed.

https://redd.it/1o11o43
@r_systemadmin

Normalize invoicing recruiters for wasting your time.

I have done this twice now and gotten payed.
I am doing this when they insist going forward with a long shot or fishnet recruitment.

https://redd.it/1o14mkf
@r_systemadmin

How do you stop sensitive data leaking in ChatGPT at work?

Hey everyone, need advice please. Lately,In my team, I keep seeing they’re pasting client’s info and internal docs into ChatGPT for quick answers or summaries. The problem is, they’re literally copying and pasting emails, client data and internal docs into it. At first, it seemed harmless but now I’m really concerned. I’ve seen posts like this one where users noticed unexpected chats with their personal info, and this one where someone found internal emails from a real estate agency they never had access to.

I know this can leak sensitive company info, and honestly, it feels like a ticking time bomb. We want to let the team use AI but not risk anything confidential.

I’m trying to figure out what’s the best path

1. Turn off ChatGPT or other GenAI tools completely
2. Let them use but track or monitor what’s being pasted
3. Only allow a few trusted people to use it
4. Make strict rules on what can/can’t be shared
5. Get some tool that secures or governs AI use

I’m 100% sure someone at NASA, finance firms or other professional companies must have enterprise workflows for this. Open to any suggestion

thanks

https://redd.it/1o15g06
@r_systemadmin

Why is everything these days so broken and unstable?

Am I going crazy? Feels like these days every new software, update, hardware or website has some sort of issues. Things like crashing, being unstable or just plain weird bugs.

These days I am starting to dread when we deploy anything new. No matter how hard we test things, always some weird issues starting popping up and then we have users calling.

https://redd.it/1o15s25
@r_systemadmin

What is your happiest moment in I.T.

I see lots of posts in this group that are negative. From users being stupid, High maintenance owners and leadership teams pissing us off or messing things up, and technology just being unenjoyable to work with.
That being said lets here some stories from the community about the awesome moments of this line of work to give people a little bit of happiness and joy.

https://redd.it/1o1caxo
@r_systemadmin

ms entra and 365 admin portals?

We are getting 504 errors. Anyone else?

https://redd.it/1o1f1ud
@r_systemadmin

Open TCP/9100???

I was just asked to forward TCP/9100 so that a vendor can connect to an on premise printer from the outside. This, coming from the customer that claims to take security very, very seriously. Unless, of course, security means they have to use legitimate vendors.

😩

https://redd.it/1o1gug1
@r_systemadmin

So this was a first for me.

# Ever gone searching for help with an issue, only to find your own advice from years ago staring back at you? I just leveled that up in a weird way.

I was searching for an answer to a problem we’ve been having with Windows 11 updates breaking GPO-applied printers, when I happened across a long, well-written post that seemed to describe my issue exactly. I thought

>Finally! An answer!

Unfortunately, it didn’t really offer any solutions, but it did link to its source. That article, in turn, cited “reports on Reddit” as its source.

By this point, I was starting to have déjà vu. Guess what? Those reports on Reddit referred to my own damn post. 😂

That’s a first for me. Of course, I’ve found my own posts from the past past while searching a current problem before. But finding AI slop, sourced by AI slop, sourced by my own posts from the past was a whole new level.

https://redd.it/1o1l996
@r_systemadmin

Story of A Company that Lags Behind

Hello,

I was hired at my current place of employment about 6 months ago. I am proficient with AD and good with PowerShell and all things 365. My experience lies in my past work with the military and Level 3. I cannot share anymore, otherwise, too much personal info is given. Mind you, the company is around 50 to 100 people, and there are only two of us.

When I first started, my company had just gotten through a ransomware attack, and my COO, as well as the IT Manager, wore it like a badge of pride, even though the attackers got all of our data. It should have been a huge red flag to me when I was only two months in and they were bragging about an abject failure. Well, 4 months after this hits, I find that we don't have great backups, by accidentally deleting portions of critical data. A story in of itself and a mistake I admit too. We had to rebuild it all. I was told that it was my fault, but thinking back on it, why is our last good backup 3 months old? A month after, raising the flag on failed backups, which was tasked to the IT Manager, I find that we still have not gotten good backups. well, 4 months go by, and we finally make the switch to a real backup solution, which turns out to be VEAM. It works wonderfully, but the fact that it took 4 months past the initial discovery to build a working backup was mind-boggling. In the meantime, I had brought our original ticket queue that averaged 36 tickets down to 3 in the queue at any given time on top of all this. I have been given an unofficial corrective action due to my role in installing appropriate security measures without process approval. A process that was not written down.

So, I raised the red flag after my IT manager failed to come up with a solution which I had offered in writing 3 options. Thinking I was doing the right thing, as the company relies on us to properly function. Turns out, he is hiding everything we are not doing. I started to push BitLocker; as that was not on our devices and the passwords were not in Intune. We also had no DLP, TPM Delegation, MDM, or MAM; which I eventually deployed them all in the span of 3 months for our 168 devices. Over the course of each one, management requested an explanation and approval process, which was not written down. We have no formal process as we are so small.

In all of this, i have to write a page report for everything, no matter how simple a change. I want to implement basic DLP. Well, i will have to write a report with all of the technical steps on how to do it. Same with any other change that is not as basic as resetting a password. I have a OneNote with everything i do down to the detail, and have even shown my COO. Is this typical of Management, or am I in bad company?

Fast forward to month 6, and I am working on a project as well as handling IT helpdesk and Networking tickets. I have no problem with this and love staying busy. Well, it was a minor project that involved building our company portal applications and pushing them to devices through Intune. Something I have already done for multiple applications that we currently use. I was cussed out by one of our consultants after implementing this particular application, which can easily be reversed in Intune. All for creating a remote installer for software we already use (ShareFile). Well, this one was "not vetted" properly, so I was called in for a one-on-one, which I requested HR for. The COO then decided to come down 30 minutes before the meeting and bring me up to her office, so it became a one-on-one. While I should have held my ground, I did not. Well, the COO lectured me on trust and how i need to do more to earn it from her. She then sent an email explaining how the meeting went, and how my authority to operate will be greatly reduced in the days to come. This, coming from someone who doesn't support practicing industry standards, is aggravating, but she is the boss. I fear that when we do get breached, I will be scapegoated, even though only half of my security recommendations are even being looked

at, and out of those few are greenlighted for implementation. I currently have 14 projects, some of which could be done in 20 minutes, but are pending 5 meetings and approval from higher. These are no-cost, easy moves.

It drives me up a wall. Anyway, back to it tomorrow. What do you think, Reddit? Am I just burning out or is something else going on?

https://redd.it/1o1sllt
@r_systemadmin

Would you leave this job if you were me?

So I got nofified that I was being laid off at the end of November because my employers contract got cut by the company that subcontracted to them. I started applying to other roles that afternoon and got a hit later that day. By Friday afternoon I had gotten notified I got the job and have since accepted the role and put in my intiial paperwork.

Since that time I found out that the company that subcontracted to my company is likely taking back everyone that they can and rehiring them for our same roles. I'm not an admin but I'm an AV tech / Deskside Support person who does remote work from the office. The new employer sounds great, it's a nice little tight nit group and they seem like a fantastic place to grow. It's a Service Desk role that they want us to be field techs and versatile. Basically, networking, service desk, probably some systems administration and whatever else.

Problem is that the new role is paying terribly, I make 70k here in Boston and I'd have to go down to $28.50/h for the contract and when I convert then it'd go up to 65k/y. I'd be struggling hard for a long time financially. It's a better role overall and what I actually want to do but I'd be on a shoe string budget. I did the math and if I picked up a part time job and worked 24 hours after work I could do it and have some money to save and carry myself better.

I need advice from other admins, would it work better if I took the other lower paying job and got the experience and did all the part time work to make ends meet or would it be better for me to stay at my current role and make more but do less technical work and stagnate? I'm working on certs but I feel like I might not be fast enough and might fall behind.

https://redd.it/1o1sgkl
@r_systemadmin

Website Host Change, Now Can't Access Subdomains from LAN?

TLDR; After a website refresh (Hosted via External Vendor) sub-domains unreachable from the LAN.

We had a relatively standard DNS records change request for a new website overhaul, which included CNAME records for each sub-domain, and typical @ A record IP change. The old site did not use any CNAME records for the subdomains.

The website name is the same as the internal domain (Wasn't me.) but we are using ad.example.com for internal resources.

On our internal DNS servers, we have a forward lookup zone for example.com which includes an A record pointing to the new website host IP, that works fine. Attempting to get to subdomain.example.com hits a browser error "This site can't be reached".

nslookups for subdomain.example.com return "Can't find. Non-existent domain", the nslookup for example.com externally returns the new site IP, whereas the nslookup for subdomain.example.com externally returns a round-robin list of IPs.

I've tried mirroring the CNAME record changes, and adding an A record for subdomain.example.com to point to the IP of the new site, no change.



Please reddit hive mind, share some words of (kind) wisdom!

https://redd.it/1o1xtnq
@r_systemadmin

LDAP keeps breaking and we have no idea why

So, we have LDAP set up on several copiers throughout the company so users can scan to their email. We also use it on our SonicWall for user authentication against AD as well as few other appliances on the network. I'll get a call from a user that the copiers aren't pulling up any results, go to check using the LDAP tools in the copiers web interfaces, and confirm the issue. Then within 10-15 minutes, it resolves itself, and everything works again.

The AD server isn't going down, resources aren't getting tied up, and there's nothing running that shouldn't be. This only started happening recently, so I was thinking maybe an update was to blame, but nothing comes up in any search results.

Server is running Windows server 2019 standard, if that helps. It is also used for DNS, DHCP, and primary domain controller

https://redd.it/1o1u139
@r_systemadmin

admin.microsoft.com

For the past two days now when attempting to access admin.microsoft.com I am getting the error message:

We are sorry, something went wrong.

Please try refreshing the page in a few minutes. If the problem persists, please visit **status.cloud.microsoft** for updates regarding known issues.

I have tried inprivate browsing as well, has anyone else had this issue?

Only work around so far is going to https://admin.cloud.microsoft/?#/homepage directly.

https://redd.it/1o20e7l
@r_systemadmin

Thickheaded Thursday - October 09, 2025

Howdy, /r/sysadmin!

It's that time of the week, Thickheaded Thursday! This is a safe (mostly) judgement-free environment for all of your questions and stories, no matter how silly you think they are. Anybody can answer questions! My name is AutoModerator and I've taken over responsibility for posting these weekly threads so you don't have to worry about anything except your comments!

https://redd.it/1o21vn7
@r_systemadmin