recreate things. but all current functionality was available.

· I managed user complaints and requests one-on-one, often resolving issues within the hour, including late-night and early-morning support.

Hiroshima.

· Despite the crisis aversion, the project lead began to receive complaints from A user about the nature of the system (e.g., minor user complaints about differences in the temporary system’s functionality, like meeting setups. [Literally the only complaint\])

· He publicly blamed me in the company group chat, harshly criticizing my work and suggesting that he would have recommended using a more simple manual way and that this method would have been better for DLP than having me do it

The Financials

· I invested heavy hours of intense labor (20+hrs), alongside a personal financial investment in the different extension domain. My pay rate is only mid 40-60/hr

· I was told by a friend in the field that the market value for this level of "crisis management" and migration is easily $5,000 - $10,000+.

· Out of goodwill for a really really good future opportunity that was being promised by the project lead (or rather dangled Infront of me), I initially proposed a fee of $565 which was a cap that was mentioned not for this particular project but in the ones previous (my other projects were with the same project lead) + the domain reimbursement.

· He never responded to that email, but had the time to just blast me in front of the clients. Still hasnt responded either.

I wanted to end this off by saying, the whole project deliverables were done only by me and without much support other than good ole google and sum elbow grease.

Splash the cold water on me and give me yalls thoughts, while I hate the public embarrassment, i need to learn what i need to do in the future so i dont do this stuff again.

Thank you

https://redd.it/1o4e84f
@r_systemadmin

New Oracle EBS vulnerability CVE-2025-61884

New Oracle EBS vulnerability CVE-2025-61884

Just released -> https://www.oracle.com/security-alerts/alert-cve-2025-61884.html

Affects the Runtime UI component of Oracle configurator.

Remotely exploitable without authentication


https://redd.it/1o4eupk
@r_systemadmin

Powertoys

I just found out about powertoys, why isn't this something thats talked about? Microsoft powertoys has so much funtion I wish I new about and features I've bought stand alone versions for personal use.

https://redd.it/1o4gijd
@r_systemadmin

Windows 11 multiple VLANs one NIC and the Microsoft Store

A while ago I switched my home network Unifi and created different VLANs including one for management purposes.

I want to be able to access the main "private" VLAN as well as that management VLAN from my PC while using one NIC.

As Intel stopped support for it's advanced network services for Windows 11 I used a Hyper-V switch and added the second VLAN that way (the "private" VLAN is the native one of the port switch so I only needed one additional VLAN):

New-VMSwitch -name VLAN-vSwitch -NetAdapterName '2,5Gb Ethernet' -AllowManagementOS $true
Add-VMNetworkAdapter -ManagementOS -Name "VLAN1234" -SwitchName "VLAN-vSwitch" -Passthru | Set-VMNetworkAdapterVlan -Access -VlanId 1234

This worked great but a while ago I noticed the Microsoft Store not working anymore (more precisely: not downloading updates).

After trying lots of troubleshooting methods (dism, sfc, wsreset, inplace upgrade, reinstalling the store...) without anything working I noticed that besides all updates showing "in queue" one would always say "waiting for wifi" and found this thread: https://learn.microsoft.com/en-us/answers/questions/2292159/windows-store-updates-hung-on-waiting-for-wi-fi-wh

After I removed the vSwitch the store worked again but that is only a temporary fix of course.

I have now added the switch again after the updates are done but I need a permanent fix.

Any ideas?

https://redd.it/1o4kmdl
@r_systemadmin

From Hybrid to full out RTO

Context: Medium sized business of 180 users, 17 locations spread across 3 different states. Two-man IT team me being one of them in the Sr. sys admin role. I report to an executive who is not an IT person so technically you could say I’m the highest IT leadership in the company. Im salary exempt and I put in usually 50-60 hours per week a lot of those hours being evenings and weekends. I have 13 years in this industry, 4 of them as a sys admin. 6 years with current company.

Our department already got the shaft from the get-go with remote work. We are allowed 1 single day at home, office the other 4 days. Permission is normally granted to WFH due to circumstances (sick, sick kid, had a system emergency at 2am, etc.) overall good flexibility. Other departments are WFH 3-4 days which is kinda shit but whatever.

Welp, upper management has decided to eliminate WFH all together and is now requiring all departments to RTO 5 days per week effective 11/1. They will still allow remote work for special circumstances. This came about due to all the folks who bitch that they are not able to work from home due to their role which simply couldn’t be possible so they have decided upon a one size fits all solution.

To the point: how are others handling this? Tell uppers to fuck off? Deal with it but make it as painful for them as possible such as no more evening and weekend work? Lol, just start patching servers at 9am.

I think brushing off my resume over remote work would be a bad choice in this market, but at the same time, we work our asses off to keep the systems running at all hours of the day. To say I’m a little disappointed would be an understatement. I’m deciding how to approach my boss about this.







https://redd.it/1o4l259
@r_systemadmin

Windows 11 Pro new computer will not complete setup

The page I'm on says Let's set things up for your work or school. When I use the work email address, that we've used for a hundred other machines without issue, it says:

>That username looks like it belongs to another organization. Try signing in again or start over with a different account.

I've tried other accounts, none work. This is Windows 11 PRO. I'd return the machine, but this sat too long and we are past the return window.

I've tried a full reinstall from scratch - same issue.

Some googling I've done suggests that this might be caused by the manufacturer using an original image that was tied to their intune account. I've tried contacting them but they've been useless.

Any ideas?

https://redd.it/1o4rgux
@r_systemadmin

PSA: Do NOT use Windows Server 2025 as the schema master before installing Exchange Server SE RTM

PSA: Do NOT use Windows Server 2025 as the schema master before installing Exchange Server SE RTM. The Windows Server team is working on a permanent fix for this issue (to be released in the following months). If you are already affected by this issue, contact Microsoft Support (Active Directory team) and they have a process to allow AD replication to work (but it might require manual schema editing).

https://techcommunity.microsoft.com/blog/exchange/active-directory-schema-extension-issue-if-you-use-a-windows-server-2025-schema-/4460459

\#WindowsServer2025 #MSExchangeSE #ADSchema

As cross posting is not allowed, I took this from r/exchangeserver

https://redd.it/1o4t4nv
@r_systemadmin

How do you assign M365 licenses when you have both active and inactive ones?

Our M365 licenses expired this week, and we now have a mix of old licenses, which still seem to work (at least I'm able to send/receive email), and a couple of new ones I bought. The problem is that they're shown together on the assign licenses page.

How do I know that an account has been assigned a new license when both old and new ones are listed together (the license count is old + new on this page)?

I've tried to reactivate the licenses, but this is greyed out in the admin panel and I've talked to MS support, but I'm not sure they understand the problem.

https://redd.it/1o4t6jq
@r_systemadmin

Mikrotik CRS312-4C+8XG-RM

I need to upgrade a few switches at several locations, what do you think about the Mikrotik CRS312-4C+8XG-RM - it's 8 ports 10G RJ45 Ethernet. Have you used this switch? Is there anything I should know about it?

https://mikrotik.com/product/crs312\_4c\_8xg\_rm#fndtn-specifications

https://redd.it/1o4vel5
@r_systemadmin

SMBServer-Operational Error 1016 on File Server 2022

Hi,





I recently migrated from a 2019 file server to a 2022 OS. Users began experiencing slowness in Excel files.



I did not use the same hostname and IP address as the old file server.



I am using a new hostname and a new IP address.



The server is running on VMware.



The Windows firewall is disabled.



Trend Micro Endpoint Security is running as AV on the server.



When I checked the event viewer on the server,

There error I'm getting on the File Server is:////////SMBServer-Operational//////





Reopen failed.



Client Name: \\\\10.10.10.3

Client Address: 10.10.10.3:61372

User Name: CONTOSO\\user

Session ID: 0xAC0074000C81

Share Name: SHARE

File Name: IT\\test.xlsx

Resume Key: {341104c5-a5d2-11f0-bbd0-38f3ab75ca9e}

Status: Object Name not found. (0xC0000034)

RKF Status: STATUS_SUCCESS (0x0)

Durable: false

Resilient: false

Persistent: false

Reason: Reconnect durable file



Guidance:



The client attempted to reopen a continuously available handle, but the attempt failed. This typically indicates a problem with the network or underlying file being re-opened.

https://redd.it/1o4taxv
@r_systemadmin

Which is more in demand, Linux or Windows sysadmin?

Asking so I know which path to go down. I like both Linux and Windows so I wouldn't mind doing either one.

https://redd.it/1o4y699
@r_systemadmin

24H2 "Windows setup cannot parse the provide command-line options"

I've got \~20 Win11 VMs that I need to manually upgrade to 24H2. On the first one the "setup.exe /auto upgrade /DynamicUpdate enable" worked just fine. On the subsequent VM, mapped to the same setup location, setup.exe gave me "Windows setup cannot parse the provide command-line options" -- even when then only remaining switch was "/auto upgrade", so I had to run setup.exe by itself.

Anyone else come across this, and know what the reason/fix is?

https://redd.it/1o5286k
@r_systemadmin

Backup NetApp environment with cold data tier

Evening everyone,

I’ve been tasked with researching backup and DR options for a our NetApp environment (a couple of Petabytes of mixed audio/video data, millions of files) and would love to hear what others are doing in production.

Our main challenge:
We need a disk-based daily backup solution that can leverage NetApp snapshots without causing cold data to move back to hot storage during backup operations. We have looked at Veeam and use it already internally. However to backup the NetApp it is very expensive. We would like to compare against other products.

Separately, we also have a requirement for a long-term tape-based archive (think multi-year retention), but that’s considered a different workflow — the primary goal right now is to find a day-to-day backup solution that works efficiently with tiered storage.

If you’re managing large NetApp volumes, I’d love to know:

What backup product(s) you’re using (and why)
How you handle cold vs. hot data tiering during backups
Whether your solution integrates cleanly with NetApp snapshot technology
Gotchas or lessons learned at this kind of scale

Thanks in advance for sharing your setups and experiences!

https://redd.it/1o535yh
@r_systemadmin

Kiosk mode in tablets

Hello everyone. I work as an IT in a medical clinic. And recently they brought around 30 Samsung tablets to work with.
My boss asked me to see if I can lock them down and show only "odoo app" that has the clinic's information system
I asked chatgpt about it and said something about kiosk mode. But i found only paid ones nothing free
Any suggestions? Or help is appreciated

https://redd.it/1o538xe
@r_systemadmin

Constant remote access problems since going hybrid

Our team has been struggling with remote access problems ever since we shifted to hybrid work. VPN keeps dropping connections, users can't reach internal apps reliably, and troubleshooting takes forever when someone's working from a coffee shop.

What are you all using to handle secure remote access that actually works consistently? Getting tired of the daily "I can't connect" tickets.

https://redd.it/1o543o0
@r_systemadmin

How do you account you on-call into the Flex Time when there is nothing done during on-call?

I have been on-call for last week. Work my usual 8-5 but also available outside of those hours with phone ringer on and able to jump on in 15 minutes or less. During the week I only spent maybe 3 hours at most doing on-call work.

The workplace has something they call Flex Time and I am salaried with expectation to be available 8-5.

In your experience how do you, if at all, count your on-call time against your actual expected work period and hours?



https://redd.it/1o567da
@r_systemadmin

Any other AEC sysadmins here?

Just joined an AEC (engineering) firm and wow..this isn’t your usual “Office Suite and printers” setup. I’m now wrangling render farms, beastly GPUs, dealing with all the Autodesk issues and workstations that I haven’t dealt with my entire career.

It’s way more work, but also kinda awesome.

Any other AEC admins out there? Do you actually enjoy the chaos too?

https://redd.it/1o56xsv
@r_systemadmin

ZIP SharePoint folder(s) and export to S3 without local download/upload?

Is there an easy way - maybe with noscripting, or Power Automate/AppFlow - to compress a folder in a SP document library and save it into an S3 bucket without having to download it locally and re-upload it?

We're running out of SP space and need to move old/unused project folders to an S3 bucket. I'm currently doing it manually - tick the folder in Web SharePoint, click Download to get the ZIP, drag-drop into S3 then delete the original folder. This works fine, except there's hundreds of folders with over 1TB of data, which with my time/WiFi speed/laptop space is not really feasible. So I need something that can do it automated in the cloud. I looked into Skyvia which we've used before, but apparently they have no SP<->S3 connectors. Any recommendations? We'd be using a rule - any subfolder in a given directory whose contents have not been modified in over a year.

https://redd.it/1o55vrb
@r_systemadmin

Stupid question: how does ad connect to entra id?

I know they sync but I've never had to do it nor on my own lab. Just curious how the syn/setup process works. Most training mentions it but dont show how it works.
I know when you setup a new dc ot has capability to sync with entra id(azure ad).

I know a stupid question but never seen a stand up done before.


https://redd.it/1o5a68r
@r_systemadmin

College folks, what sort of questions should I prepare efor?

Landed an interview for a help desk gig with a college. What do you or they expect? Just trying to prepare as i suck at interviews and i want to nail it out of 20+ candidates.
The soft skills i have down to the tee. Technical questions in flabbergasted and space out often. Not that I dont know what to dk but ky mind seems to fail explaining unless I show folks. Lol.

https://redd.it/1o5a1cy
@r_systemadmin

How to create a confined user in Ubuntu?

I have a question that looks like basic to system administration, but surprisingly I cannot find information about that.

I have a multi user system. I want to make sure that a particular user has access only to a set of resources like a set of applications.

Traditional Unix DAC permissions don’t seem to provide a simple solution to role-based access control. It seems MAC using SeLinux or AppArmor is required.

RHEL/Fedora have SeLinux with targeted policy which comes with labels for users, like, guest_u label for the context of a predefined confined user. I can create a new user and label it with guest_u. This way the user will be confined to capabilities defined by guest_u. It’s hard to cherry pick and compile new modules (guest is more like a kiosk), but at least there is something.

But I have Debian/Ubuntu. To my surprise, I found it difficult to create a user that is confined in Ubuntu. I can remove the user from the sudo group and prevent the user from running certain commands like su. I can create a group, but you don’t want to change group membership of system binaries. There is restricted bash, but it’s kind of a hack and there are escape routes. The issue is compounded by the fact that when the user runs an application, obviously there will be child processes and so, and that there are numerous entry and exit points.

I want to define a user that has access to certain folders and can run certain applications (like a browser, vscode, editors, other basic utilities) and nothing more. How could this be done?

The closest that I found was installing and configuring an obscure module called AppArmor PAM module. I might be wrong but there might be just one example in the internet on this module and almost none in Reddit. AppArmor has limited support for RBAC and that module is not well documented.

There ought to be an easy way to confine a user in Ubuntu.

https://redd.it/1o5dgfk
@r_systemadmin