Constant remote access problems since going hybrid
Our team has been struggling with remote access problems ever since we shifted to hybrid work. VPN keeps dropping connections, users can't reach internal apps reliably, and troubleshooting takes forever when someone's working from a coffee shop.
What are you all using to handle secure remote access that actually works consistently? Getting tired of the daily "I can't connect" tickets.
https://redd.it/1o543o0
@r_systemadmin
Our team has been struggling with remote access problems ever since we shifted to hybrid work. VPN keeps dropping connections, users can't reach internal apps reliably, and troubleshooting takes forever when someone's working from a coffee shop.
What are you all using to handle secure remote access that actually works consistently? Getting tired of the daily "I can't connect" tickets.
https://redd.it/1o543o0
@r_systemadmin
Reddit
From the sysadmin community on Reddit
Explore this post and more from the sysadmin community
How do you account you on-call into the Flex Time when there is nothing done during on-call?
I have been on-call for last week. Work my usual 8-5 but also available outside of those hours with phone ringer on and able to jump on in 15 minutes or less. During the week I only spent maybe 3 hours at most doing on-call work.
The workplace has something they call Flex Time and I am salaried with expectation to be available 8-5.
In your experience how do you, if at all, count your on-call time against your actual expected work period and hours?
https://redd.it/1o567da
@r_systemadmin
I have been on-call for last week. Work my usual 8-5 but also available outside of those hours with phone ringer on and able to jump on in 15 minutes or less. During the week I only spent maybe 3 hours at most doing on-call work.
The workplace has something they call Flex Time and I am salaried with expectation to be available 8-5.
In your experience how do you, if at all, count your on-call time against your actual expected work period and hours?
https://redd.it/1o567da
@r_systemadmin
Reddit
From the sysadmin community on Reddit
Explore this post and more from the sysadmin community
Any other AEC sysadmins here?
Just joined an AEC (engineering) firm and wow..this isn’t your usual “Office Suite and printers” setup. I’m now wrangling render farms, beastly GPUs, dealing with all the Autodesk issues and workstations that I haven’t dealt with my entire career.
It’s way more work, but also kinda awesome.
Any other AEC admins out there? Do you actually enjoy the chaos too?
https://redd.it/1o56xsv
@r_systemadmin
Just joined an AEC (engineering) firm and wow..this isn’t your usual “Office Suite and printers” setup. I’m now wrangling render farms, beastly GPUs, dealing with all the Autodesk issues and workstations that I haven’t dealt with my entire career.
It’s way more work, but also kinda awesome.
Any other AEC admins out there? Do you actually enjoy the chaos too?
https://redd.it/1o56xsv
@r_systemadmin
Reddit
From the sysadmin community on Reddit
Explore this post and more from the sysadmin community
ZIP SharePoint folder(s) and export to S3 without local download/upload?
Is there an easy way - maybe with noscripting, or Power Automate/AppFlow - to compress a folder in a SP document library and save it into an S3 bucket without having to download it locally and re-upload it?
We're running out of SP space and need to move old/unused project folders to an S3 bucket. I'm currently doing it manually - tick the folder in Web SharePoint, click Download to get the ZIP, drag-drop into S3 then delete the original folder. This works fine, except there's hundreds of folders with over 1TB of data, which with my time/WiFi speed/laptop space is not really feasible. So I need something that can do it automated in the cloud. I looked into Skyvia which we've used before, but apparently they have no SP<->S3 connectors. Any recommendations? We'd be using a rule - any subfolder in a given directory whose contents have not been modified in over a year.
https://redd.it/1o55vrb
@r_systemadmin
Is there an easy way - maybe with noscripting, or Power Automate/AppFlow - to compress a folder in a SP document library and save it into an S3 bucket without having to download it locally and re-upload it?
We're running out of SP space and need to move old/unused project folders to an S3 bucket. I'm currently doing it manually - tick the folder in Web SharePoint, click Download to get the ZIP, drag-drop into S3 then delete the original folder. This works fine, except there's hundreds of folders with over 1TB of data, which with my time/WiFi speed/laptop space is not really feasible. So I need something that can do it automated in the cloud. I looked into Skyvia which we've used before, but apparently they have no SP<->S3 connectors. Any recommendations? We'd be using a rule - any subfolder in a given directory whose contents have not been modified in over a year.
https://redd.it/1o55vrb
@r_systemadmin
Reddit
From the sysadmin community on Reddit
Explore this post and more from the sysadmin community
Stupid question: how does ad connect to entra id?
I know they sync but I've never had to do it nor on my own lab. Just curious how the syn/setup process works. Most training mentions it but dont show how it works.
I know when you setup a new dc ot has capability to sync with entra id(azure ad).
I know a stupid question but never seen a stand up done before.
https://redd.it/1o5a68r
@r_systemadmin
I know they sync but I've never had to do it nor on my own lab. Just curious how the syn/setup process works. Most training mentions it but dont show how it works.
I know when you setup a new dc ot has capability to sync with entra id(azure ad).
I know a stupid question but never seen a stand up done before.
https://redd.it/1o5a68r
@r_systemadmin
Reddit
From the sysadmin community on Reddit
Explore this post and more from the sysadmin community
College folks, what sort of questions should I prepare efor?
Landed an interview for a help desk gig with a college. What do you or they expect? Just trying to prepare as i suck at interviews and i want to nail it out of 20+ candidates.
The soft skills i have down to the tee. Technical questions in flabbergasted and space out often. Not that I dont know what to dk but ky mind seems to fail explaining unless I show folks. Lol.
https://redd.it/1o5a1cy
@r_systemadmin
Landed an interview for a help desk gig with a college. What do you or they expect? Just trying to prepare as i suck at interviews and i want to nail it out of 20+ candidates.
The soft skills i have down to the tee. Technical questions in flabbergasted and space out often. Not that I dont know what to dk but ky mind seems to fail explaining unless I show folks. Lol.
https://redd.it/1o5a1cy
@r_systemadmin
Reddit
From the sysadmin community on Reddit
Explore this post and more from the sysadmin community
How to create a confined user in Ubuntu?
I have a question that looks like basic to system administration, but surprisingly I cannot find information about that.
I have a multi user system. I want to make sure that a particular user has access only to a set of resources like a set of applications.
Traditional Unix DAC permissions don’t seem to provide a simple solution to role-based access control. It seems MAC using SeLinux or AppArmor is required.
RHEL/Fedora have SeLinux with targeted policy which comes with labels for users, like, guest_u label for the context of a predefined confined user. I can create a new user and label it with guest_u. This way the user will be confined to capabilities defined by guest_u. It’s hard to cherry pick and compile new modules (guest is more like a kiosk), but at least there is something.
But I have Debian/Ubuntu. To my surprise, I found it difficult to create a user that is confined in Ubuntu. I can remove the user from the sudo group and prevent the user from running certain commands like su. I can create a group, but you don’t want to change group membership of system binaries. There is restricted bash, but it’s kind of a hack and there are escape routes. The issue is compounded by the fact that when the user runs an application, obviously there will be child processes and so, and that there are numerous entry and exit points.
I want to define a user that has access to certain folders and can run certain applications (like a browser, vscode, editors, other basic utilities) and nothing more. How could this be done?
The closest that I found was installing and configuring an obscure module called AppArmor PAM module. I might be wrong but there might be just one example in the internet on this module and almost none in Reddit. AppArmor has limited support for RBAC and that module is not well documented.
There ought to be an easy way to confine a user in Ubuntu.
https://redd.it/1o5dgfk
@r_systemadmin
I have a question that looks like basic to system administration, but surprisingly I cannot find information about that.
I have a multi user system. I want to make sure that a particular user has access only to a set of resources like a set of applications.
Traditional Unix DAC permissions don’t seem to provide a simple solution to role-based access control. It seems MAC using SeLinux or AppArmor is required.
RHEL/Fedora have SeLinux with targeted policy which comes with labels for users, like, guest_u label for the context of a predefined confined user. I can create a new user and label it with guest_u. This way the user will be confined to capabilities defined by guest_u. It’s hard to cherry pick and compile new modules (guest is more like a kiosk), but at least there is something.
But I have Debian/Ubuntu. To my surprise, I found it difficult to create a user that is confined in Ubuntu. I can remove the user from the sudo group and prevent the user from running certain commands like su. I can create a group, but you don’t want to change group membership of system binaries. There is restricted bash, but it’s kind of a hack and there are escape routes. The issue is compounded by the fact that when the user runs an application, obviously there will be child processes and so, and that there are numerous entry and exit points.
I want to define a user that has access to certain folders and can run certain applications (like a browser, vscode, editors, other basic utilities) and nothing more. How could this be done?
The closest that I found was installing and configuring an obscure module called AppArmor PAM module. I might be wrong but there might be just one example in the internet on this module and almost none in Reddit. AppArmor has limited support for RBAC and that module is not well documented.
There ought to be an easy way to confine a user in Ubuntu.
https://redd.it/1o5dgfk
@r_systemadmin
Reddit
From the sysadmin community on Reddit
Explore this post and more from the sysadmin community
Moronic Monday - October 13, 2025
Howdy, /r/sysadmin!
It's that time of the week, Moronic Monday! This is a safe (mostly) judgement-free environment for all of your questions and stories, no matter how silly you think they are. Anybody can answer questions! My name is AutoModerator and I've taken over responsibility for posting these weekly threads so you don't have to worry about anything except your comments!
https://redd.it/1o5fkua
@r_systemadmin
Howdy, /r/sysadmin!
It's that time of the week, Moronic Monday! This is a safe (mostly) judgement-free environment for all of your questions and stories, no matter how silly you think they are. Anybody can answer questions! My name is AutoModerator and I've taken over responsibility for posting these weekly threads so you don't have to worry about anything except your comments!
https://redd.it/1o5fkua
@r_systemadmin
Reddit
From the sysadmin community on Reddit
Explore this post and more from the sysadmin community
Another M365 Outage?
I'm not seeing any outages on my end and so far I haven't heard from any users (it IS 7am, so that's not a shock), but is anyone seeing impacts from this alert?
Users:
Users are unable to access Microsoft 365 apps.
Scope of Impact:
Impact is specific to some users who are served through the affected infrastructure, attempting to access Microsoft 365 apps.
Updates
We're continuing to review service monitoring telemetry to isolate the source of the issue and establish a fix.
* Oct 13, 2025, 6:18 AM EDT Next update by:
https://redd.it/1o5gtrv
@r_systemadmin
I'm not seeing any outages on my end and so far I haven't heard from any users (it IS 7am, so that's not a shock), but is anyone seeing impacts from this alert?
Users:
Users are unable to access Microsoft 365 apps.
Scope of Impact:
Impact is specific to some users who are served through the affected infrastructure, attempting to access Microsoft 365 apps.
Updates
We're continuing to review service monitoring telemetry to isolate the source of the issue and establish a fix.
* Oct 13, 2025, 6:18 AM EDT Next update by:
https://redd.it/1o5gtrv
@r_systemadmin
Reddit
From the sysadmin community on Reddit
Explore this post and more from the sysadmin community
How to make a Disaster Recovery Plan when (almost) all services are managed by external parties?
Hello,
I have to make a Disaster Recovery Plan (DRP) for a small Logistics company, but my problem is that almost al services that are used are managed by external parties. (examples of services are like the websites that are used in the different departments in HR or finance which are mostly websites for some specific function).
Some services we have a little control in for example the Office Suite, but if we have problems with that it goes first to the IT department if they don't know an external company will fix it.
The goal of the the DRP is "What to do when (acces to) data is lost".
I don't know how I have to do this in the DRP. My current idea was to write something like "If service XYZ is not avaiable or not working correctly then contact mail@xyz.abc or phonenumber.
Also some specific cases the IT department is only allowed to contact the service, but that's for just a few services.
But this way my DRP will look like and contact list book.
https://redd.it/1o5dbrl
@r_systemadmin
Hello,
I have to make a Disaster Recovery Plan (DRP) for a small Logistics company, but my problem is that almost al services that are used are managed by external parties. (examples of services are like the websites that are used in the different departments in HR or finance which are mostly websites for some specific function).
Some services we have a little control in for example the Office Suite, but if we have problems with that it goes first to the IT department if they don't know an external company will fix it.
The goal of the the DRP is "What to do when (acces to) data is lost".
I don't know how I have to do this in the DRP. My current idea was to write something like "If service XYZ is not avaiable or not working correctly then contact mail@xyz.abc or phonenumber.
Also some specific cases the IT department is only allowed to contact the service, but that's for just a few services.
But this way my DRP will look like and contact list book.
https://redd.it/1o5dbrl
@r_systemadmin
Reddit
From the sysadmin community on Reddit
Explore this post and more from the sysadmin community
So what am I? Duties and responsibility
Recently was talking with my coworkers that Systems Admin is broad but not exactly the best noscript for what I do, so what am I?
I handle/have, Domain Admin, Azure Global Admin, OneDrive/M365 Admin, Hybrid Exchange Admin, DNS, DHCP servers, Vmware ESXI admin, Hyper V, backups, Apple Business manager, Intune MDM management, 3 Data center sites, 2 hot, 1 cold, 200VM's, 1 critical zero trust site, cross-trained on access control, SIEM escalation and logging, ADFS, Azure, AD, GPO, DFS, Fileshares, OAuth, SSO, Intranet sites, manage and configure meeting room hardware, Camera surveillance administrator, tier 3 escalation, cjis certified, and other wonderful government data standards - on call and hourly exempt status (not salary) for about 70k in USA.
Been in this role about 2 years, would not quite think the word senior would be in the noscript but maybe based on the responsibilities.
https://redd.it/1o5icso
@r_systemadmin
Recently was talking with my coworkers that Systems Admin is broad but not exactly the best noscript for what I do, so what am I?
I handle/have, Domain Admin, Azure Global Admin, OneDrive/M365 Admin, Hybrid Exchange Admin, DNS, DHCP servers, Vmware ESXI admin, Hyper V, backups, Apple Business manager, Intune MDM management, 3 Data center sites, 2 hot, 1 cold, 200VM's, 1 critical zero trust site, cross-trained on access control, SIEM escalation and logging, ADFS, Azure, AD, GPO, DFS, Fileshares, OAuth, SSO, Intranet sites, manage and configure meeting room hardware, Camera surveillance administrator, tier 3 escalation, cjis certified, and other wonderful government data standards - on call and hourly exempt status (not salary) for about 70k in USA.
Been in this role about 2 years, would not quite think the word senior would be in the noscript but maybe based on the responsibilities.
https://redd.it/1o5icso
@r_systemadmin
Reddit
From the sysadmin community on Reddit
Explore this post and more from the sysadmin community
Meraki alternatives?
So I'm about 6 months into a new gig and inherited a ton of Meraki gear across about 200 locations. Most of these locations are 5 computers or less, but all have a site-to-site back to HQ for file share access
We're moving to a model where file shares will not be needed, so we'd like to shrink our network footprint. PCs will be Entra ID joined, or we'll have a thin client connecting to Azure Virtual Desktop both of which don't need our internal network on site
I've been cloud-only the past 7 years, so the on-prem networking world has not been top of my mind. I'd like to shrink our Meraki footprint and get away from paying Cisco prices. Many of our locations will be on small business internet access from the likes of AT&T or Charter, so we'll have ISP-provided gateways that can serve DHCP and NAT, but, I also feel like having *zero* visibility or management of the network hardware might be a step too far
I use Ubiquiti at home, but not sure it's ready for the scale we need. Again, no site-to-site VPNs, except perhaps our corporate office might need a VPN to Azure
Is there a lighter weight network platform that is controllable through a single pane of glass, is cheaper that Cisco, but is reliable enough without VPNs that we can trust it across 200-odd retail like locations?
https://redd.it/1o5jxoz
@r_systemadmin
So I'm about 6 months into a new gig and inherited a ton of Meraki gear across about 200 locations. Most of these locations are 5 computers or less, but all have a site-to-site back to HQ for file share access
We're moving to a model where file shares will not be needed, so we'd like to shrink our network footprint. PCs will be Entra ID joined, or we'll have a thin client connecting to Azure Virtual Desktop both of which don't need our internal network on site
I've been cloud-only the past 7 years, so the on-prem networking world has not been top of my mind. I'd like to shrink our Meraki footprint and get away from paying Cisco prices. Many of our locations will be on small business internet access from the likes of AT&T or Charter, so we'll have ISP-provided gateways that can serve DHCP and NAT, but, I also feel like having *zero* visibility or management of the network hardware might be a step too far
I use Ubiquiti at home, but not sure it's ready for the scale we need. Again, no site-to-site VPNs, except perhaps our corporate office might need a VPN to Azure
Is there a lighter weight network platform that is controllable through a single pane of glass, is cheaper that Cisco, but is reliable enough without VPNs that we can trust it across 200-odd retail like locations?
https://redd.it/1o5jxoz
@r_systemadmin
Reddit
From the sysadmin community on Reddit
Explore this post and more from the sysadmin community
Vodafone UK Major Outage
Major Vodafone outage in the UK, started 15:00 local time. Both leased line and mobile data impacted. Spicy Monday.
Edit: leased line not leaded line, need to slow down and enjoy the downtime…
Edit2: 130K+ customers impacted, BBC: https://www.bbc.co.uk/news/articles/c5yldldx659o
https://redd.it/1o5lftf
@r_systemadmin
Major Vodafone outage in the UK, started 15:00 local time. Both leased line and mobile data impacted. Spicy Monday.
Edit: leased line not leaded line, need to slow down and enjoy the downtime…
Edit2: 130K+ customers impacted, BBC: https://www.bbc.co.uk/news/articles/c5yldldx659o
https://redd.it/1o5lftf
@r_systemadmin
BBC News
Vodafone says outage affecting thousands of customers resolved
Vodafone said its Monday outage, which knocked broadband and mobile data users offline for several hours, was caused by a "non-malicious software issue".
Cost effective cloud database location?
Hi all,
My manager wants us to move a SQL database into the cloud. The database has membership data that is archival and would only need to be accessible for 3-4 users. They access it a few times per week only to run read queries and no longer receiving updates or additions. I feel like it may still need to be some sort of hot storage tier because they access it semi frequently. I have suggested the business owners to reduce the size of the database as well since it's 1.5TB which will increase costs. We are a small/medium size non profit so looking for suggestions on the cheapest/safest way to store this in the cloud. Any suggestions are appreciated.
https://redd.it/1o5lg1s
@r_systemadmin
Hi all,
My manager wants us to move a SQL database into the cloud. The database has membership data that is archival and would only need to be accessible for 3-4 users. They access it a few times per week only to run read queries and no longer receiving updates or additions. I feel like it may still need to be some sort of hot storage tier because they access it semi frequently. I have suggested the business owners to reduce the size of the database as well since it's 1.5TB which will increase costs. We are a small/medium size non profit so looking for suggestions on the cheapest/safest way to store this in the cloud. Any suggestions are appreciated.
https://redd.it/1o5lg1s
@r_systemadmin
Reddit
From the sysadmin community on Reddit
Explore this post and more from the sysadmin community
A little help to make the Co Pilot madness stop for a bit.
Starting in October 2025, Microsoft will begin installing the Copilot app automatically on Windows devices that have the M365 desktop apps installed.
https://lazyadmin.nl/office-365/microsoft-365-copilot-app-will-auto-install-how-to-opt-out/
https://redd.it/1o5qi1l
@r_systemadmin
Starting in October 2025, Microsoft will begin installing the Copilot app automatically on Windows devices that have the M365 desktop apps installed.
https://lazyadmin.nl/office-365/microsoft-365-copilot-app-will-auto-install-how-to-opt-out/
https://redd.it/1o5qi1l
@r_systemadmin
LazyAdmin
Microsoft 365 Copilot App Will Auto-Install - How to Opt Out
Microsoft 365 Copilot App will auto-install October 2025 on Windows. Opt-out now to prevent the installation on your user devices.
Hot take: People shouldn't go into DevOps or Cybersecurity right out of school
So this may sound like gating, and maybe it is, but I feel like there's far too many people going into "advanced" career paths right out of school, without having gone through the paces first. To me, there are definitively levels in computing jobs. Helpdesk, Junior Developer, those are what you would expect new graduates to go into. Cybersecurity, DevOps, those are advanced paths that require more than book knowledge.
The main issue I see is that something like DevOps is all about bridging the realm of developers and IT operations together. How are you going to do that if you haven't experienced how developers and operations work? Especially in an enterprise setting. On paper, building a Jenkins pipeline or GitHub action is just a matter of learning which button to press and what noscript to write. But in reality there's so much more involved, including dealing with various teams, knowing how software developers typically deploy code, what blue/green deployment is, etc.
Same with cybersecurity. You can learn all about zero-day exploits and how to run detection tools in school, but when you see how enterprises deal with IT in the real world, and you hear about some team deploying a PoC 6 months ago, you should instantly realize that these resources are most likely still running, with no software updates for the past 6 months. You know what shadow IT is, what arguments are likely to make management act on security issues, why implementing a simple AWS Backup project could take 6+ months and a team of 5 people when you might be able to do it over a weekend for your own workloads.
I guess I just wanted to see whether you all had a different perspective on this. I fear too many people focus on a specific career path without first learning the basics.
https://redd.it/1o5sh3a
@r_systemadmin
So this may sound like gating, and maybe it is, but I feel like there's far too many people going into "advanced" career paths right out of school, without having gone through the paces first. To me, there are definitively levels in computing jobs. Helpdesk, Junior Developer, those are what you would expect new graduates to go into. Cybersecurity, DevOps, those are advanced paths that require more than book knowledge.
The main issue I see is that something like DevOps is all about bridging the realm of developers and IT operations together. How are you going to do that if you haven't experienced how developers and operations work? Especially in an enterprise setting. On paper, building a Jenkins pipeline or GitHub action is just a matter of learning which button to press and what noscript to write. But in reality there's so much more involved, including dealing with various teams, knowing how software developers typically deploy code, what blue/green deployment is, etc.
Same with cybersecurity. You can learn all about zero-day exploits and how to run detection tools in school, but when you see how enterprises deal with IT in the real world, and you hear about some team deploying a PoC 6 months ago, you should instantly realize that these resources are most likely still running, with no software updates for the past 6 months. You know what shadow IT is, what arguments are likely to make management act on security issues, why implementing a simple AWS Backup project could take 6+ months and a team of 5 people when you might be able to do it over a weekend for your own workloads.
I guess I just wanted to see whether you all had a different perspective on this. I fear too many people focus on a specific career path without first learning the basics.
https://redd.it/1o5sh3a
@r_systemadmin
Reddit
From the sysadmin community on Reddit
Explore this post and more from the sysadmin community
Handling requests to Merge PDF or sign without Acrobat?
What’s everyone doing for users who just need to sign or edit PDFs occasionally? Buying full Acrobat licenses for everyone feels like total overkill.
https://redd.it/1o5rhic
@r_systemadmin
What’s everyone doing for users who just need to sign or edit PDFs occasionally? Buying full Acrobat licenses for everyone feels like total overkill.
https://redd.it/1o5rhic
@r_systemadmin
Reddit
From the sysadmin community on Reddit
Explore this post and more from the sysadmin community
How to approach an IT employee about possible theft?
This is an ongoing investigation.
I did an audit of our business phone portal, and noticed several ex employees still on the account. At first I thought to re-visit our offboarding procedures, and ask the support team why they haven’t off-boarded these lines from our account.
I decided to dig deeper instead. I discovered several of these ex employees had brand new phone upgrades, and the transaction history, in all cases, shows one specific IT staff member fulfilling these orders.
I decided to call a few of these numbers. None answered, but one number did go to a real human voicemail, of an even older user that hasn’t worked here in 10 years. What’s even weirder: that phone number is associated with a different ex employee!
Is my IT employee stealing, or (this is me giving them a huge benefit of doubt) do they have some whacky convoluted way of organizing our accounts, which needs to change anyways because wtf is this mess
https://redd.it/1o5x48o
@r_systemadmin
This is an ongoing investigation.
I did an audit of our business phone portal, and noticed several ex employees still on the account. At first I thought to re-visit our offboarding procedures, and ask the support team why they haven’t off-boarded these lines from our account.
I decided to dig deeper instead. I discovered several of these ex employees had brand new phone upgrades, and the transaction history, in all cases, shows one specific IT staff member fulfilling these orders.
I decided to call a few of these numbers. None answered, but one number did go to a real human voicemail, of an even older user that hasn’t worked here in 10 years. What’s even weirder: that phone number is associated with a different ex employee!
Is my IT employee stealing, or (this is me giving them a huge benefit of doubt) do they have some whacky convoluted way of organizing our accounts, which needs to change anyways because wtf is this mess
https://redd.it/1o5x48o
@r_systemadmin
Reddit
From the sysadmin community on Reddit
Explore this post and more from the sysadmin community
Leadership wants to nuke staging and test everything in prod. am I being paranoid or is
this a terrible idea?
Newish Senior DevOps at a 80 eng company. Standard setup: local dev → dev env → staging (mirrors prod) → production. Costs are being scrutinized and staging is eating 25–30% of infra spend. New leadership wants to delete staging entirely. Basically he believes “staging never mirrors prod anyway and feature flags + progressive rollouts + good monitoring > staging". He plans to kill staging, deploy everything to prod behind feature flags and use progressive rollouts (1% → 5% → 25% → 100%).
Here’s why I’m panicking we’re not a FAANG, we only have three DevOps people, our test coverage is a flaky @ 60%, and we deal with sensitive financial data where a production breakage would be a lawsuit. I don't know how we're supposed to "progressively roll out" something like a database schema migration, especially when our monitoring is a basic combination of Grafana, logs, and vibes, and some of our devs still hotfix the main branch directly without PRs.
When I brought this up, my manager's reply was, “If you can't safely deploy to prod, that’s a culture problem, not an environment problem.” Now the junior devs are hyped, the seniors and PMs are confused, its a shit show This is all happening at a company that already deploys 15–20 times daily, had three production incidents last quarter (including a 45-minute outage), and where rollbacks are basically just revert and pray. I'm the one expected to lead this rollout, so someone please tell me if I’m just being an old man yelling at clouds or if this is as bad as it feels.
https://redd.it/1o5xleg
@r_systemadmin
this a terrible idea?
Newish Senior DevOps at a 80 eng company. Standard setup: local dev → dev env → staging (mirrors prod) → production. Costs are being scrutinized and staging is eating 25–30% of infra spend. New leadership wants to delete staging entirely. Basically he believes “staging never mirrors prod anyway and feature flags + progressive rollouts + good monitoring > staging". He plans to kill staging, deploy everything to prod behind feature flags and use progressive rollouts (1% → 5% → 25% → 100%).
Here’s why I’m panicking we’re not a FAANG, we only have three DevOps people, our test coverage is a flaky @ 60%, and we deal with sensitive financial data where a production breakage would be a lawsuit. I don't know how we're supposed to "progressively roll out" something like a database schema migration, especially when our monitoring is a basic combination of Grafana, logs, and vibes, and some of our devs still hotfix the main branch directly without PRs.
When I brought this up, my manager's reply was, “If you can't safely deploy to prod, that’s a culture problem, not an environment problem.” Now the junior devs are hyped, the seniors and PMs are confused, its a shit show This is all happening at a company that already deploys 15–20 times daily, had three production incidents last quarter (including a 45-minute outage), and where rollbacks are basically just revert and pray. I'm the one expected to lead this rollout, so someone please tell me if I’m just being an old man yelling at clouds or if this is as bad as it feels.
https://redd.it/1o5xleg
@r_systemadmin
Reddit
From the sysadmin community on Reddit
Explore this post and more from the sysadmin community
Do password resets on Admin Center sync with on prem AD?
I’m fairly new to IT and work for a university.
When staff need their password reset by us, the head of IT says we should change the password for them using both on prem AD and the Admin Center so they can immediately log into their laptops using our network.
However for students, we only need to change their passwords on the Admin Center and not on AD, as they log into their own devices (i.e their VLE or email)
My question is will the Admin Center password reset sync to AD? My understanding was that it syncs from on prem AD > Entra, and not the other way around. Is only changing their password for students using the Admin Center bad service desk etiquette?
https://redd.it/1o6238z
@r_systemadmin
I’m fairly new to IT and work for a university.
When staff need their password reset by us, the head of IT says we should change the password for them using both on prem AD and the Admin Center so they can immediately log into their laptops using our network.
However for students, we only need to change their passwords on the Admin Center and not on AD, as they log into their own devices (i.e their VLE or email)
My question is will the Admin Center password reset sync to AD? My understanding was that it syncs from on prem AD > Entra, and not the other way around. Is only changing their password for students using the Admin Center bad service desk etiquette?
https://redd.it/1o6238z
@r_systemadmin
Reddit
From the sysadmin community on Reddit
Explore this post and more from the sysadmin community
Patch Tuesday Megathread (2025-10-14)
Hello r/sysadmin, I'm u/AutoModerator, and welcome to this month's Patch Megathread!
This is the (mostly) safe location to talk about the latest patches, updates, and releases. We put this thread into place to help gather all the information about this month's updates: What is fixed, what broke, what got released and should have been caught in QA, etc. We do this both to keep clutter out of the subreddit, and provide you, the dear reader, a singular resource to read.
For those of you who wish to review prior Megathreads, you can do so here.
While this thread is timed to coincide with Microsoft's Patch Tuesday, feel free to discuss any patches, updates, and releases, regardless of the company or product. NOTE: This thread is usually posted before the release of Microsoft's updates, which are scheduled to come out at 5:00PM UTC.
Remember the rules of safe patching:
Deploy to a test/dev environment before prod.
Deploy to a pilot/test group before the whole org.
Have a plan to roll back if something doesn't work.
Test, test, and test!
https://redd.it/1o65i4e
@r_systemadmin
Hello r/sysadmin, I'm u/AutoModerator, and welcome to this month's Patch Megathread!
This is the (mostly) safe location to talk about the latest patches, updates, and releases. We put this thread into place to help gather all the information about this month's updates: What is fixed, what broke, what got released and should have been caught in QA, etc. We do this both to keep clutter out of the subreddit, and provide you, the dear reader, a singular resource to read.
For those of you who wish to review prior Megathreads, you can do so here.
While this thread is timed to coincide with Microsoft's Patch Tuesday, feel free to discuss any patches, updates, and releases, regardless of the company or product. NOTE: This thread is usually posted before the release of Microsoft's updates, which are scheduled to come out at 5:00PM UTC.
Remember the rules of safe patching:
Deploy to a test/dev environment before prod.
Deploy to a pilot/test group before the whole org.
Have a plan to roll back if something doesn't work.
Test, test, and test!
https://redd.it/1o65i4e
@r_systemadmin
Reddit
Sysadmin
A reddit dedicated to the profession of Computer System Administration.