How to create a confined user in Ubuntu?
I have a question that looks like basic to system administration, but surprisingly I cannot find information about that.
I have a multi user system. I want to make sure that a particular user has access only to a set of resources like a set of applications.
Traditional Unix DAC permissions don’t seem to provide a simple solution to role-based access control. It seems MAC using SeLinux or AppArmor is required.
RHEL/Fedora have SeLinux with targeted policy which comes with labels for users, like, guest_u label for the context of a predefined confined user. I can create a new user and label it with guest_u. This way the user will be confined to capabilities defined by guest_u. It’s hard to cherry pick and compile new modules (guest is more like a kiosk), but at least there is something.
But I have Debian/Ubuntu. To my surprise, I found it difficult to create a user that is confined in Ubuntu. I can remove the user from the sudo group and prevent the user from running certain commands like su. I can create a group, but you don’t want to change group membership of system binaries. There is restricted bash, but it’s kind of a hack and there are escape routes. The issue is compounded by the fact that when the user runs an application, obviously there will be child processes and so, and that there are numerous entry and exit points.
I want to define a user that has access to certain folders and can run certain applications (like a browser, vscode, editors, other basic utilities) and nothing more. How could this be done?
The closest that I found was installing and configuring an obscure module called AppArmor PAM module. I might be wrong but there might be just one example in the internet on this module and almost none in Reddit. AppArmor has limited support for RBAC and that module is not well documented.
There ought to be an easy way to confine a user in Ubuntu.
https://redd.it/1o5dgfk
@r_systemadmin
I have a question that looks like basic to system administration, but surprisingly I cannot find information about that.
I have a multi user system. I want to make sure that a particular user has access only to a set of resources like a set of applications.
Traditional Unix DAC permissions don’t seem to provide a simple solution to role-based access control. It seems MAC using SeLinux or AppArmor is required.
RHEL/Fedora have SeLinux with targeted policy which comes with labels for users, like, guest_u label for the context of a predefined confined user. I can create a new user and label it with guest_u. This way the user will be confined to capabilities defined by guest_u. It’s hard to cherry pick and compile new modules (guest is more like a kiosk), but at least there is something.
But I have Debian/Ubuntu. To my surprise, I found it difficult to create a user that is confined in Ubuntu. I can remove the user from the sudo group and prevent the user from running certain commands like su. I can create a group, but you don’t want to change group membership of system binaries. There is restricted bash, but it’s kind of a hack and there are escape routes. The issue is compounded by the fact that when the user runs an application, obviously there will be child processes and so, and that there are numerous entry and exit points.
I want to define a user that has access to certain folders and can run certain applications (like a browser, vscode, editors, other basic utilities) and nothing more. How could this be done?
The closest that I found was installing and configuring an obscure module called AppArmor PAM module. I might be wrong but there might be just one example in the internet on this module and almost none in Reddit. AppArmor has limited support for RBAC and that module is not well documented.
There ought to be an easy way to confine a user in Ubuntu.
https://redd.it/1o5dgfk
@r_systemadmin
Reddit
From the sysadmin community on Reddit
Explore this post and more from the sysadmin community
Moronic Monday - October 13, 2025
Howdy, /r/sysadmin!
It's that time of the week, Moronic Monday! This is a safe (mostly) judgement-free environment for all of your questions and stories, no matter how silly you think they are. Anybody can answer questions! My name is AutoModerator and I've taken over responsibility for posting these weekly threads so you don't have to worry about anything except your comments!
https://redd.it/1o5fkua
@r_systemadmin
Howdy, /r/sysadmin!
It's that time of the week, Moronic Monday! This is a safe (mostly) judgement-free environment for all of your questions and stories, no matter how silly you think they are. Anybody can answer questions! My name is AutoModerator and I've taken over responsibility for posting these weekly threads so you don't have to worry about anything except your comments!
https://redd.it/1o5fkua
@r_systemadmin
Reddit
From the sysadmin community on Reddit
Explore this post and more from the sysadmin community
Another M365 Outage?
I'm not seeing any outages on my end and so far I haven't heard from any users (it IS 7am, so that's not a shock), but is anyone seeing impacts from this alert?
Users:
Users are unable to access Microsoft 365 apps.
Scope of Impact:
Impact is specific to some users who are served through the affected infrastructure, attempting to access Microsoft 365 apps.
Updates
We're continuing to review service monitoring telemetry to isolate the source of the issue and establish a fix.
* Oct 13, 2025, 6:18 AM EDT Next update by:
https://redd.it/1o5gtrv
@r_systemadmin
I'm not seeing any outages on my end and so far I haven't heard from any users (it IS 7am, so that's not a shock), but is anyone seeing impacts from this alert?
Users:
Users are unable to access Microsoft 365 apps.
Scope of Impact:
Impact is specific to some users who are served through the affected infrastructure, attempting to access Microsoft 365 apps.
Updates
We're continuing to review service monitoring telemetry to isolate the source of the issue and establish a fix.
* Oct 13, 2025, 6:18 AM EDT Next update by:
https://redd.it/1o5gtrv
@r_systemadmin
Reddit
From the sysadmin community on Reddit
Explore this post and more from the sysadmin community
How to make a Disaster Recovery Plan when (almost) all services are managed by external parties?
Hello,
I have to make a Disaster Recovery Plan (DRP) for a small Logistics company, but my problem is that almost al services that are used are managed by external parties. (examples of services are like the websites that are used in the different departments in HR or finance which are mostly websites for some specific function).
Some services we have a little control in for example the Office Suite, but if we have problems with that it goes first to the IT department if they don't know an external company will fix it.
The goal of the the DRP is "What to do when (acces to) data is lost".
I don't know how I have to do this in the DRP. My current idea was to write something like "If service XYZ is not avaiable or not working correctly then contact mail@xyz.abc or phonenumber.
Also some specific cases the IT department is only allowed to contact the service, but that's for just a few services.
But this way my DRP will look like and contact list book.
https://redd.it/1o5dbrl
@r_systemadmin
Hello,
I have to make a Disaster Recovery Plan (DRP) for a small Logistics company, but my problem is that almost al services that are used are managed by external parties. (examples of services are like the websites that are used in the different departments in HR or finance which are mostly websites for some specific function).
Some services we have a little control in for example the Office Suite, but if we have problems with that it goes first to the IT department if they don't know an external company will fix it.
The goal of the the DRP is "What to do when (acces to) data is lost".
I don't know how I have to do this in the DRP. My current idea was to write something like "If service XYZ is not avaiable or not working correctly then contact mail@xyz.abc or phonenumber.
Also some specific cases the IT department is only allowed to contact the service, but that's for just a few services.
But this way my DRP will look like and contact list book.
https://redd.it/1o5dbrl
@r_systemadmin
Reddit
From the sysadmin community on Reddit
Explore this post and more from the sysadmin community
So what am I? Duties and responsibility
Recently was talking with my coworkers that Systems Admin is broad but not exactly the best noscript for what I do, so what am I?
I handle/have, Domain Admin, Azure Global Admin, OneDrive/M365 Admin, Hybrid Exchange Admin, DNS, DHCP servers, Vmware ESXI admin, Hyper V, backups, Apple Business manager, Intune MDM management, 3 Data center sites, 2 hot, 1 cold, 200VM's, 1 critical zero trust site, cross-trained on access control, SIEM escalation and logging, ADFS, Azure, AD, GPO, DFS, Fileshares, OAuth, SSO, Intranet sites, manage and configure meeting room hardware, Camera surveillance administrator, tier 3 escalation, cjis certified, and other wonderful government data standards - on call and hourly exempt status (not salary) for about 70k in USA.
Been in this role about 2 years, would not quite think the word senior would be in the noscript but maybe based on the responsibilities.
https://redd.it/1o5icso
@r_systemadmin
Recently was talking with my coworkers that Systems Admin is broad but not exactly the best noscript for what I do, so what am I?
I handle/have, Domain Admin, Azure Global Admin, OneDrive/M365 Admin, Hybrid Exchange Admin, DNS, DHCP servers, Vmware ESXI admin, Hyper V, backups, Apple Business manager, Intune MDM management, 3 Data center sites, 2 hot, 1 cold, 200VM's, 1 critical zero trust site, cross-trained on access control, SIEM escalation and logging, ADFS, Azure, AD, GPO, DFS, Fileshares, OAuth, SSO, Intranet sites, manage and configure meeting room hardware, Camera surveillance administrator, tier 3 escalation, cjis certified, and other wonderful government data standards - on call and hourly exempt status (not salary) for about 70k in USA.
Been in this role about 2 years, would not quite think the word senior would be in the noscript but maybe based on the responsibilities.
https://redd.it/1o5icso
@r_systemadmin
Reddit
From the sysadmin community on Reddit
Explore this post and more from the sysadmin community
Meraki alternatives?
So I'm about 6 months into a new gig and inherited a ton of Meraki gear across about 200 locations. Most of these locations are 5 computers or less, but all have a site-to-site back to HQ for file share access
We're moving to a model where file shares will not be needed, so we'd like to shrink our network footprint. PCs will be Entra ID joined, or we'll have a thin client connecting to Azure Virtual Desktop both of which don't need our internal network on site
I've been cloud-only the past 7 years, so the on-prem networking world has not been top of my mind. I'd like to shrink our Meraki footprint and get away from paying Cisco prices. Many of our locations will be on small business internet access from the likes of AT&T or Charter, so we'll have ISP-provided gateways that can serve DHCP and NAT, but, I also feel like having *zero* visibility or management of the network hardware might be a step too far
I use Ubiquiti at home, but not sure it's ready for the scale we need. Again, no site-to-site VPNs, except perhaps our corporate office might need a VPN to Azure
Is there a lighter weight network platform that is controllable through a single pane of glass, is cheaper that Cisco, but is reliable enough without VPNs that we can trust it across 200-odd retail like locations?
https://redd.it/1o5jxoz
@r_systemadmin
So I'm about 6 months into a new gig and inherited a ton of Meraki gear across about 200 locations. Most of these locations are 5 computers or less, but all have a site-to-site back to HQ for file share access
We're moving to a model where file shares will not be needed, so we'd like to shrink our network footprint. PCs will be Entra ID joined, or we'll have a thin client connecting to Azure Virtual Desktop both of which don't need our internal network on site
I've been cloud-only the past 7 years, so the on-prem networking world has not been top of my mind. I'd like to shrink our Meraki footprint and get away from paying Cisco prices. Many of our locations will be on small business internet access from the likes of AT&T or Charter, so we'll have ISP-provided gateways that can serve DHCP and NAT, but, I also feel like having *zero* visibility or management of the network hardware might be a step too far
I use Ubiquiti at home, but not sure it's ready for the scale we need. Again, no site-to-site VPNs, except perhaps our corporate office might need a VPN to Azure
Is there a lighter weight network platform that is controllable through a single pane of glass, is cheaper that Cisco, but is reliable enough without VPNs that we can trust it across 200-odd retail like locations?
https://redd.it/1o5jxoz
@r_systemadmin
Reddit
From the sysadmin community on Reddit
Explore this post and more from the sysadmin community
Vodafone UK Major Outage
Major Vodafone outage in the UK, started 15:00 local time. Both leased line and mobile data impacted. Spicy Monday.
Edit: leased line not leaded line, need to slow down and enjoy the downtime…
Edit2: 130K+ customers impacted, BBC: https://www.bbc.co.uk/news/articles/c5yldldx659o
https://redd.it/1o5lftf
@r_systemadmin
Major Vodafone outage in the UK, started 15:00 local time. Both leased line and mobile data impacted. Spicy Monday.
Edit: leased line not leaded line, need to slow down and enjoy the downtime…
Edit2: 130K+ customers impacted, BBC: https://www.bbc.co.uk/news/articles/c5yldldx659o
https://redd.it/1o5lftf
@r_systemadmin
BBC News
Vodafone says outage affecting thousands of customers resolved
Vodafone said its Monday outage, which knocked broadband and mobile data users offline for several hours, was caused by a "non-malicious software issue".
Cost effective cloud database location?
Hi all,
My manager wants us to move a SQL database into the cloud. The database has membership data that is archival and would only need to be accessible for 3-4 users. They access it a few times per week only to run read queries and no longer receiving updates or additions. I feel like it may still need to be some sort of hot storage tier because they access it semi frequently. I have suggested the business owners to reduce the size of the database as well since it's 1.5TB which will increase costs. We are a small/medium size non profit so looking for suggestions on the cheapest/safest way to store this in the cloud. Any suggestions are appreciated.
https://redd.it/1o5lg1s
@r_systemadmin
Hi all,
My manager wants us to move a SQL database into the cloud. The database has membership data that is archival and would only need to be accessible for 3-4 users. They access it a few times per week only to run read queries and no longer receiving updates or additions. I feel like it may still need to be some sort of hot storage tier because they access it semi frequently. I have suggested the business owners to reduce the size of the database as well since it's 1.5TB which will increase costs. We are a small/medium size non profit so looking for suggestions on the cheapest/safest way to store this in the cloud. Any suggestions are appreciated.
https://redd.it/1o5lg1s
@r_systemadmin
Reddit
From the sysadmin community on Reddit
Explore this post and more from the sysadmin community
A little help to make the Co Pilot madness stop for a bit.
Starting in October 2025, Microsoft will begin installing the Copilot app automatically on Windows devices that have the M365 desktop apps installed.
https://lazyadmin.nl/office-365/microsoft-365-copilot-app-will-auto-install-how-to-opt-out/
https://redd.it/1o5qi1l
@r_systemadmin
Starting in October 2025, Microsoft will begin installing the Copilot app automatically on Windows devices that have the M365 desktop apps installed.
https://lazyadmin.nl/office-365/microsoft-365-copilot-app-will-auto-install-how-to-opt-out/
https://redd.it/1o5qi1l
@r_systemadmin
LazyAdmin
Microsoft 365 Copilot App Will Auto-Install - How to Opt Out
Microsoft 365 Copilot App will auto-install October 2025 on Windows. Opt-out now to prevent the installation on your user devices.
Hot take: People shouldn't go into DevOps or Cybersecurity right out of school
So this may sound like gating, and maybe it is, but I feel like there's far too many people going into "advanced" career paths right out of school, without having gone through the paces first. To me, there are definitively levels in computing jobs. Helpdesk, Junior Developer, those are what you would expect new graduates to go into. Cybersecurity, DevOps, those are advanced paths that require more than book knowledge.
The main issue I see is that something like DevOps is all about bridging the realm of developers and IT operations together. How are you going to do that if you haven't experienced how developers and operations work? Especially in an enterprise setting. On paper, building a Jenkins pipeline or GitHub action is just a matter of learning which button to press and what noscript to write. But in reality there's so much more involved, including dealing with various teams, knowing how software developers typically deploy code, what blue/green deployment is, etc.
Same with cybersecurity. You can learn all about zero-day exploits and how to run detection tools in school, but when you see how enterprises deal with IT in the real world, and you hear about some team deploying a PoC 6 months ago, you should instantly realize that these resources are most likely still running, with no software updates for the past 6 months. You know what shadow IT is, what arguments are likely to make management act on security issues, why implementing a simple AWS Backup project could take 6+ months and a team of 5 people when you might be able to do it over a weekend for your own workloads.
I guess I just wanted to see whether you all had a different perspective on this. I fear too many people focus on a specific career path without first learning the basics.
https://redd.it/1o5sh3a
@r_systemadmin
So this may sound like gating, and maybe it is, but I feel like there's far too many people going into "advanced" career paths right out of school, without having gone through the paces first. To me, there are definitively levels in computing jobs. Helpdesk, Junior Developer, those are what you would expect new graduates to go into. Cybersecurity, DevOps, those are advanced paths that require more than book knowledge.
The main issue I see is that something like DevOps is all about bridging the realm of developers and IT operations together. How are you going to do that if you haven't experienced how developers and operations work? Especially in an enterprise setting. On paper, building a Jenkins pipeline or GitHub action is just a matter of learning which button to press and what noscript to write. But in reality there's so much more involved, including dealing with various teams, knowing how software developers typically deploy code, what blue/green deployment is, etc.
Same with cybersecurity. You can learn all about zero-day exploits and how to run detection tools in school, but when you see how enterprises deal with IT in the real world, and you hear about some team deploying a PoC 6 months ago, you should instantly realize that these resources are most likely still running, with no software updates for the past 6 months. You know what shadow IT is, what arguments are likely to make management act on security issues, why implementing a simple AWS Backup project could take 6+ months and a team of 5 people when you might be able to do it over a weekend for your own workloads.
I guess I just wanted to see whether you all had a different perspective on this. I fear too many people focus on a specific career path without first learning the basics.
https://redd.it/1o5sh3a
@r_systemadmin
Reddit
From the sysadmin community on Reddit
Explore this post and more from the sysadmin community
Handling requests to Merge PDF or sign without Acrobat?
What’s everyone doing for users who just need to sign or edit PDFs occasionally? Buying full Acrobat licenses for everyone feels like total overkill.
https://redd.it/1o5rhic
@r_systemadmin
What’s everyone doing for users who just need to sign or edit PDFs occasionally? Buying full Acrobat licenses for everyone feels like total overkill.
https://redd.it/1o5rhic
@r_systemadmin
Reddit
From the sysadmin community on Reddit
Explore this post and more from the sysadmin community
How to approach an IT employee about possible theft?
This is an ongoing investigation.
I did an audit of our business phone portal, and noticed several ex employees still on the account. At first I thought to re-visit our offboarding procedures, and ask the support team why they haven’t off-boarded these lines from our account.
I decided to dig deeper instead. I discovered several of these ex employees had brand new phone upgrades, and the transaction history, in all cases, shows one specific IT staff member fulfilling these orders.
I decided to call a few of these numbers. None answered, but one number did go to a real human voicemail, of an even older user that hasn’t worked here in 10 years. What’s even weirder: that phone number is associated with a different ex employee!
Is my IT employee stealing, or (this is me giving them a huge benefit of doubt) do they have some whacky convoluted way of organizing our accounts, which needs to change anyways because wtf is this mess
https://redd.it/1o5x48o
@r_systemadmin
This is an ongoing investigation.
I did an audit of our business phone portal, and noticed several ex employees still on the account. At first I thought to re-visit our offboarding procedures, and ask the support team why they haven’t off-boarded these lines from our account.
I decided to dig deeper instead. I discovered several of these ex employees had brand new phone upgrades, and the transaction history, in all cases, shows one specific IT staff member fulfilling these orders.
I decided to call a few of these numbers. None answered, but one number did go to a real human voicemail, of an even older user that hasn’t worked here in 10 years. What’s even weirder: that phone number is associated with a different ex employee!
Is my IT employee stealing, or (this is me giving them a huge benefit of doubt) do they have some whacky convoluted way of organizing our accounts, which needs to change anyways because wtf is this mess
https://redd.it/1o5x48o
@r_systemadmin
Reddit
From the sysadmin community on Reddit
Explore this post and more from the sysadmin community
Leadership wants to nuke staging and test everything in prod. am I being paranoid or is
this a terrible idea?
Newish Senior DevOps at a 80 eng company. Standard setup: local dev → dev env → staging (mirrors prod) → production. Costs are being scrutinized and staging is eating 25–30% of infra spend. New leadership wants to delete staging entirely. Basically he believes “staging never mirrors prod anyway and feature flags + progressive rollouts + good monitoring > staging". He plans to kill staging, deploy everything to prod behind feature flags and use progressive rollouts (1% → 5% → 25% → 100%).
Here’s why I’m panicking we’re not a FAANG, we only have three DevOps people, our test coverage is a flaky @ 60%, and we deal with sensitive financial data where a production breakage would be a lawsuit. I don't know how we're supposed to "progressively roll out" something like a database schema migration, especially when our monitoring is a basic combination of Grafana, logs, and vibes, and some of our devs still hotfix the main branch directly without PRs.
When I brought this up, my manager's reply was, “If you can't safely deploy to prod, that’s a culture problem, not an environment problem.” Now the junior devs are hyped, the seniors and PMs are confused, its a shit show This is all happening at a company that already deploys 15–20 times daily, had three production incidents last quarter (including a 45-minute outage), and where rollbacks are basically just revert and pray. I'm the one expected to lead this rollout, so someone please tell me if I’m just being an old man yelling at clouds or if this is as bad as it feels.
https://redd.it/1o5xleg
@r_systemadmin
this a terrible idea?
Newish Senior DevOps at a 80 eng company. Standard setup: local dev → dev env → staging (mirrors prod) → production. Costs are being scrutinized and staging is eating 25–30% of infra spend. New leadership wants to delete staging entirely. Basically he believes “staging never mirrors prod anyway and feature flags + progressive rollouts + good monitoring > staging". He plans to kill staging, deploy everything to prod behind feature flags and use progressive rollouts (1% → 5% → 25% → 100%).
Here’s why I’m panicking we’re not a FAANG, we only have three DevOps people, our test coverage is a flaky @ 60%, and we deal with sensitive financial data where a production breakage would be a lawsuit. I don't know how we're supposed to "progressively roll out" something like a database schema migration, especially when our monitoring is a basic combination of Grafana, logs, and vibes, and some of our devs still hotfix the main branch directly without PRs.
When I brought this up, my manager's reply was, “If you can't safely deploy to prod, that’s a culture problem, not an environment problem.” Now the junior devs are hyped, the seniors and PMs are confused, its a shit show This is all happening at a company that already deploys 15–20 times daily, had three production incidents last quarter (including a 45-minute outage), and where rollbacks are basically just revert and pray. I'm the one expected to lead this rollout, so someone please tell me if I’m just being an old man yelling at clouds or if this is as bad as it feels.
https://redd.it/1o5xleg
@r_systemadmin
Reddit
From the sysadmin community on Reddit
Explore this post and more from the sysadmin community
Do password resets on Admin Center sync with on prem AD?
I’m fairly new to IT and work for a university.
When staff need their password reset by us, the head of IT says we should change the password for them using both on prem AD and the Admin Center so they can immediately log into their laptops using our network.
However for students, we only need to change their passwords on the Admin Center and not on AD, as they log into their own devices (i.e their VLE or email)
My question is will the Admin Center password reset sync to AD? My understanding was that it syncs from on prem AD > Entra, and not the other way around. Is only changing their password for students using the Admin Center bad service desk etiquette?
https://redd.it/1o6238z
@r_systemadmin
I’m fairly new to IT and work for a university.
When staff need their password reset by us, the head of IT says we should change the password for them using both on prem AD and the Admin Center so they can immediately log into their laptops using our network.
However for students, we only need to change their passwords on the Admin Center and not on AD, as they log into their own devices (i.e their VLE or email)
My question is will the Admin Center password reset sync to AD? My understanding was that it syncs from on prem AD > Entra, and not the other way around. Is only changing their password for students using the Admin Center bad service desk etiquette?
https://redd.it/1o6238z
@r_systemadmin
Reddit
From the sysadmin community on Reddit
Explore this post and more from the sysadmin community
Patch Tuesday Megathread (2025-10-14)
Hello r/sysadmin, I'm u/AutoModerator, and welcome to this month's Patch Megathread!
This is the (mostly) safe location to talk about the latest patches, updates, and releases. We put this thread into place to help gather all the information about this month's updates: What is fixed, what broke, what got released and should have been caught in QA, etc. We do this both to keep clutter out of the subreddit, and provide you, the dear reader, a singular resource to read.
For those of you who wish to review prior Megathreads, you can do so here.
While this thread is timed to coincide with Microsoft's Patch Tuesday, feel free to discuss any patches, updates, and releases, regardless of the company or product. NOTE: This thread is usually posted before the release of Microsoft's updates, which are scheduled to come out at 5:00PM UTC.
Remember the rules of safe patching:
Deploy to a test/dev environment before prod.
Deploy to a pilot/test group before the whole org.
Have a plan to roll back if something doesn't work.
Test, test, and test!
https://redd.it/1o65i4e
@r_systemadmin
Hello r/sysadmin, I'm u/AutoModerator, and welcome to this month's Patch Megathread!
This is the (mostly) safe location to talk about the latest patches, updates, and releases. We put this thread into place to help gather all the information about this month's updates: What is fixed, what broke, what got released and should have been caught in QA, etc. We do this both to keep clutter out of the subreddit, and provide you, the dear reader, a singular resource to read.
For those of you who wish to review prior Megathreads, you can do so here.
While this thread is timed to coincide with Microsoft's Patch Tuesday, feel free to discuss any patches, updates, and releases, regardless of the company or product. NOTE: This thread is usually posted before the release of Microsoft's updates, which are scheduled to come out at 5:00PM UTC.
Remember the rules of safe patching:
Deploy to a test/dev environment before prod.
Deploy to a pilot/test group before the whole org.
Have a plan to roll back if something doesn't work.
Test, test, and test!
https://redd.it/1o65i4e
@r_systemadmin
Reddit
Sysadmin
A reddit dedicated to the profession of Computer System Administration.
Please tell me my perspectives were right about the error they were getting when trying to Open Powerpoint files using PowerPoint Desktop apps
Actually I have been sick and tired from having to answer them the same fking error they are dealing with. But I hope I am right about it, If you guys have any solutions for this, please help me..
Situation:
\- They are working a pitch powerpoint file, the size is 600MB.
\- They need to work the file "together", so they can see each other updates.
\- So usually the first 2-4 users wouldnt have any issue to open that file using Powerpoint Desktop
\- The problem now is the following 5++, when they open it, they will get an error like :
"UPLOAD FAILED: Your file wasn't uploaded because your changes can't be merged with changes made by someone else. Save a Copy / Discard Changes:
My explanation:
This is due to the users that were managed to access the large ass file (600mb), is doing their editing work. So for those users that were trying to open, it requires to download from the sharepoint first before they can open, but if the first 4 users keep adding / editing stuff into the file, how the fck can the powerpoint downloads it completely. And eventually their powerpoint will crash and boom, my message box will have full of questions like why he can open , but not me. But they doesnt accept my logic.
Solution so far:
I asked the first 2-4 users to STOP editing, let others to open first, only start the editing work. HOWEVER, in spite everyone managed to open, but because the file size is so large, and 7 users editing at the same time, eventually the powerpoint will still crash out for "SOME" of them.
https://redd.it/1o66b91
@r_systemadmin
Actually I have been sick and tired from having to answer them the same fking error they are dealing with. But I hope I am right about it, If you guys have any solutions for this, please help me..
Situation:
\- They are working a pitch powerpoint file, the size is 600MB.
\- They need to work the file "together", so they can see each other updates.
\- So usually the first 2-4 users wouldnt have any issue to open that file using Powerpoint Desktop
\- The problem now is the following 5++, when they open it, they will get an error like :
"UPLOAD FAILED: Your file wasn't uploaded because your changes can't be merged with changes made by someone else. Save a Copy / Discard Changes:
My explanation:
This is due to the users that were managed to access the large ass file (600mb), is doing their editing work. So for those users that were trying to open, it requires to download from the sharepoint first before they can open, but if the first 4 users keep adding / editing stuff into the file, how the fck can the powerpoint downloads it completely. And eventually their powerpoint will crash and boom, my message box will have full of questions like why he can open , but not me. But they doesnt accept my logic.
Solution so far:
I asked the first 2-4 users to STOP editing, let others to open first, only start the editing work. HOWEVER, in spite everyone managed to open, but because the file size is so large, and 7 users editing at the same time, eventually the powerpoint will still crash out for "SOME" of them.
https://redd.it/1o66b91
@r_systemadmin
Reddit
From the sysadmin community on Reddit
Explore this post and more from the sysadmin community
How realiable is file recovery in microsoft365 in real use?
Hey folks,
been digging into how orgs handle file recovery in m365 (onedrive, sharepoint, teams...).
from what ive seen, most admins just rely on version history and the recycle bin, but i keep hearing about people losing stuff after the 93-day window, or overwriting important files with no rollback.
for those of you managing m365:
how often do you actually run into file loss that you cant fix with microsoft's built-in tools?
do you use any third-party backups, or just trust microsoft’s recovery options?
just curious how people deal with this in real life, any lessons learned or horror stories welcome.
https://redd.it/1o62grf
@r_systemadmin
Hey folks,
been digging into how orgs handle file recovery in m365 (onedrive, sharepoint, teams...).
from what ive seen, most admins just rely on version history and the recycle bin, but i keep hearing about people losing stuff after the 93-day window, or overwriting important files with no rollback.
for those of you managing m365:
how often do you actually run into file loss that you cant fix with microsoft's built-in tools?
do you use any third-party backups, or just trust microsoft’s recovery options?
just curious how people deal with this in real life, any lessons learned or horror stories welcome.
https://redd.it/1o62grf
@r_systemadmin
Reddit
From the sysadmin community on Reddit
Explore this post and more from the sysadmin community
Roadmap to Windows Server for a tech support at a school district
Our school district has about 30ish servers, one for each school. Using hyper-v a lot, about 180ish vms to run as file servers, papercut servers and etc. Now we are beginning to fully adopt Intune to manage our pcs, laptops and macbooks & ipads.
As a tech support, school visits and ticketing are not challenging, would like to grow into sysadmin role, especially hands-on experience. Would much appreciate a detailed roadmap for a windows sysadmin in a school district.
Besides pursing MD-102 and MS-102 certs, I really want to b11th Gen Intel(R) Core(TM) i5-11600K @ 3.90GHzuild a homelab that can help me to get familiar with the skills required.
I have a gaming pc (11th Gen Intel(R) Core(TM) i5-11600K @ 3.90GHz, 12 cores, 64gram, 4 T ssd, gpu 3060 12G vram), is this enough to build a virtual homelab for practice? Or I have to purchase the used Dell server, switches to build a physical one? Or is there a cloud playground for Junior windows sysadmin?
https://redd.it/1o641f6
@r_systemadmin
Our school district has about 30ish servers, one for each school. Using hyper-v a lot, about 180ish vms to run as file servers, papercut servers and etc. Now we are beginning to fully adopt Intune to manage our pcs, laptops and macbooks & ipads.
As a tech support, school visits and ticketing are not challenging, would like to grow into sysadmin role, especially hands-on experience. Would much appreciate a detailed roadmap for a windows sysadmin in a school district.
Besides pursing MD-102 and MS-102 certs, I really want to b11th Gen Intel(R) Core(TM) i5-11600K @ 3.90GHzuild a homelab that can help me to get familiar with the skills required.
I have a gaming pc (11th Gen Intel(R) Core(TM) i5-11600K @ 3.90GHz, 12 cores, 64gram, 4 T ssd, gpu 3060 12G vram), is this enough to build a virtual homelab for practice? Or I have to purchase the used Dell server, switches to build a physical one? Or is there a cloud playground for Junior windows sysadmin?
https://redd.it/1o641f6
@r_systemadmin
Reddit
From the sysadmin community on Reddit
Explore this post and more from the sysadmin community
How are you actually tracking assets across 200+ remote employees?
We've gone from 50 to 200+ remote employees in 3 years, and our asset management has become a nightmare.
The main issues we're facing:
Employees moving between states/countries with company equipment Devices falling off our radar when people use personal networks No clear chain of custody when hardware gets refreshed or people leave Shadow IT purchases that bypass procurement entirely Recovery logistics when someone quits (especially international)
For those managing distributed teams:
How are you handling this?
What tools or processes are you using to maintain asset visibility at scale?
https://redd.it/1o68x4d
@r_systemadmin
We've gone from 50 to 200+ remote employees in 3 years, and our asset management has become a nightmare.
The main issues we're facing:
Employees moving between states/countries with company equipment Devices falling off our radar when people use personal networks No clear chain of custody when hardware gets refreshed or people leave Shadow IT purchases that bypass procurement entirely Recovery logistics when someone quits (especially international)
For those managing distributed teams:
How are you handling this?
What tools or processes are you using to maintain asset visibility at scale?
https://redd.it/1o68x4d
@r_systemadmin
Reddit
From the sysadmin community on Reddit
Explore this post and more from the sysadmin community
Anyone managed to get Cisco SmartNet for gear bought from the gray market?
Hey everyone,
Curious if anyone here has gone through this before.
We’re a small IT team running a few Catalyst 9300s and ISR 4Ks. Our local Cisco partner keeps telling us to buy everything new through them — otherwise “no SmartNet, no support.” The thing is, the quotes we’re getting are painful, and our budget isn’t keeping up with Cisco’s licensing changes.
I found a supplier outside our region offering brand-new, sealed Cisco gear. They claim everything’s legit — registered serials, no refurb, no grey tags — and they even offered to share serials for verification before purchase.
So here’s the question:
Has anyone actually been able to register SmartNet for gear that wasn’t bought through a local authorized Cisco partner? Does Cisco really reject SmartNet for gray market hardware, or is it up to the partner handling the request?
Not looking to do anything shady - just trying to keep the network healthy without breaking the bank.
Would love to hear from anyone who’s dealt with this recently.
https://redd.it/1o6adz7
@r_systemadmin
Hey everyone,
Curious if anyone here has gone through this before.
We’re a small IT team running a few Catalyst 9300s and ISR 4Ks. Our local Cisco partner keeps telling us to buy everything new through them — otherwise “no SmartNet, no support.” The thing is, the quotes we’re getting are painful, and our budget isn’t keeping up with Cisco’s licensing changes.
I found a supplier outside our region offering brand-new, sealed Cisco gear. They claim everything’s legit — registered serials, no refurb, no grey tags — and they even offered to share serials for verification before purchase.
So here’s the question:
Has anyone actually been able to register SmartNet for gear that wasn’t bought through a local authorized Cisco partner? Does Cisco really reject SmartNet for gray market hardware, or is it up to the partner handling the request?
Not looking to do anything shady - just trying to keep the network healthy without breaking the bank.
Would love to hear from anyone who’s dealt with this recently.
https://redd.it/1o6adz7
@r_systemadmin
Reddit
From the sysadmin community on Reddit
Explore this post and more from the sysadmin community
evilginx2 detection - Check by Cyberdrain
Looks like the team over at Cyberdrain have released a browser extension that's open source and works to detect evilginx2.
Even supports branding if you want to integrate it into your own stack. All done locally on the device.
GitHub - CyberDrain/Check: Check is an advanced open source browser extension by CyberDrain that provides real-time protection against Microsoft 365 phishing attacks. Designed for enterprises and managed service providers, Check uses sophisticated detection algorithms to identify and block malicious login pages before credentials can be compromised.
https://redd.it/1o6aepp
@r_systemadmin
Looks like the team over at Cyberdrain have released a browser extension that's open source and works to detect evilginx2.
Even supports branding if you want to integrate it into your own stack. All done locally on the device.
GitHub - CyberDrain/Check: Check is an advanced open source browser extension by CyberDrain that provides real-time protection against Microsoft 365 phishing attacks. Designed for enterprises and managed service providers, Check uses sophisticated detection algorithms to identify and block malicious login pages before credentials can be compromised.
https://redd.it/1o6aepp
@r_systemadmin
GitHub
GitHub - CyberDrain/Check: Check is an advanced open source browser extension by CyberDrain that provides real-time protection…
Check is an advanced open source browser extension by CyberDrain that provides real-time protection against Microsoft 365 phishing attacks. Designed for enterprises and managed service providers, C...