"Layed off after 14 years 355 days" Update
Hey guys, I posted this here back in mid-september after being laid off (Reduction in Force in the US) from the company I was with for just shy of 15 years.
https://www.reddit.com/r/sysadmin/comments/1ndzitt/rifd_after_14_years_355_days/
As an update, I put my resume in a few places and did some social networking and although I had initially only put my resume in at a few places, I did get a hit back and accepted a job offer.
One of the two places it was a Sr Network Engineer - Unified Communications position with the company itself, and the second is a Systems Engineer position for an MSP.
I went with the MSP, primarily because the other company didn't offer (lol). I could tell in the interview for the Sr. Network Engineer position that I had been pegged as an "Operations guy" given that I worked at an MSP for 15 years.
It's a little tragic, as it makes me feel like I'm an MSP guy for life. I've done countless upgrades, planning for such upgrades, compatibility checks and advisement on other products that need to come in-line on versioning, brought up new call centers, sunset others... I've done it all, so it's really depressing to hear the remark "Ah, so you're an operations guy" and the next day hear they aren't interested in continuing. Bah.
For me, maintaining income and avoiding unemployment was paramount. I was able to secure a new role with less, but relatively comparable salary as I had previously, and I accepted the job offer about 3-3.5 weeks after I was let go. I was amazed I was able to get into a place that quickly.
At any rate, it's back to MSP land for me. I'll be working with some lovely sysadmins on their Cisco Unified Communications environments, cursed to manage upteen environments instead of a single one. :(
https://redd.it/1o84ai6
@r_systemadmin
Hey guys, I posted this here back in mid-september after being laid off (Reduction in Force in the US) from the company I was with for just shy of 15 years.
https://www.reddit.com/r/sysadmin/comments/1ndzitt/rifd_after_14_years_355_days/
As an update, I put my resume in a few places and did some social networking and although I had initially only put my resume in at a few places, I did get a hit back and accepted a job offer.
One of the two places it was a Sr Network Engineer - Unified Communications position with the company itself, and the second is a Systems Engineer position for an MSP.
I went with the MSP, primarily because the other company didn't offer (lol). I could tell in the interview for the Sr. Network Engineer position that I had been pegged as an "Operations guy" given that I worked at an MSP for 15 years.
It's a little tragic, as it makes me feel like I'm an MSP guy for life. I've done countless upgrades, planning for such upgrades, compatibility checks and advisement on other products that need to come in-line on versioning, brought up new call centers, sunset others... I've done it all, so it's really depressing to hear the remark "Ah, so you're an operations guy" and the next day hear they aren't interested in continuing. Bah.
For me, maintaining income and avoiding unemployment was paramount. I was able to secure a new role with less, but relatively comparable salary as I had previously, and I accepted the job offer about 3-3.5 weeks after I was let go. I was amazed I was able to get into a place that quickly.
At any rate, it's back to MSP land for me. I'll be working with some lovely sysadmins on their Cisco Unified Communications environments, cursed to manage upteen environments instead of a single one. :(
https://redd.it/1o84ai6
@r_systemadmin
Reddit
From the sysadmin community on Reddit
Explore this post and more from the sysadmin community
Are you fluent in Powershell?
Hello sysadmins of the world.
Im a jr sysadmin trying dipping my first toe into powershell waters. Offcourse Chatgpt/Copilot is a big help but I think I rely on it way to much and I dont feel like I learn anything, just "vibe noscripting".
I find it very hard when I read throught the code that AI write to understand and remember all the syntax.
So, to the question. Are you senior dudes/dudets fluent enough in powershell to write an entire complecated noscript without using AI or referencing everything?
If this is a stupid ass question then im really sorry.
https://redd.it/1o82bu3
@r_systemadmin
Hello sysadmins of the world.
Im a jr sysadmin trying dipping my first toe into powershell waters. Offcourse Chatgpt/Copilot is a big help but I think I rely on it way to much and I dont feel like I learn anything, just "vibe noscripting".
I find it very hard when I read throught the code that AI write to understand and remember all the syntax.
So, to the question. Are you senior dudes/dudets fluent enough in powershell to write an entire complecated noscript without using AI or referencing everything?
If this is a stupid ass question then im really sorry.
https://redd.it/1o82bu3
@r_systemadmin
Reddit
From the sysadmin community on Reddit
Explore this post and more from the sysadmin community
Why tf would msft send out marketing emails to every 365 email in existence
Last night and throughout the night I was awoken by pager duty. The subject "Try Microsoft 365 Copilot Chat with GPT-5"
We have 40+ integrations in pager duty which all have their own email. In some cases, I believe we have shared mailboxes set to forward all emails to those integration emails (not my own doing, I inherited this).
This caused a flurry of alerts in PD.
We also have a big chunk of slack channels that have a channel email, which we then use a shared mailbox to forward to that slack channel email. So that was fun too.
Many channels got 2 emails forwarded.
1. The initial email
2. an email from defender saying that this email was put in quarantine.
The IRONY of defender quarantining a message that was from msft... sounds like they were trying to undo their mistake.
What fuckin marketing intern thought it was a good idea to send a marketing email to shared/group inboxes....
msft spams everyone in the world. Even mailboxes that aren't tied to a user. makes sense.
https://redd.it/1o89j38
@r_systemadmin
Last night and throughout the night I was awoken by pager duty. The subject "Try Microsoft 365 Copilot Chat with GPT-5"
We have 40+ integrations in pager duty which all have their own email. In some cases, I believe we have shared mailboxes set to forward all emails to those integration emails (not my own doing, I inherited this).
This caused a flurry of alerts in PD.
We also have a big chunk of slack channels that have a channel email, which we then use a shared mailbox to forward to that slack channel email. So that was fun too.
Many channels got 2 emails forwarded.
1. The initial email
2. an email from defender saying that this email was put in quarantine.
The IRONY of defender quarantining a message that was from msft... sounds like they were trying to undo their mistake.
What fuckin marketing intern thought it was a good idea to send a marketing email to shared/group inboxes....
msft spams everyone in the world. Even mailboxes that aren't tied to a user. makes sense.
https://redd.it/1o89j38
@r_systemadmin
Reddit
From the sysadmin community on Reddit
Explore this post and more from the sysadmin community
How to fully remove Otter.ai from M365?
One of our clients thought Otter.ai would be a great idea until they realized it attends meetings on their behalf without wanting it to.
We have revoked delegate permissions using MS Graph, changed the Enterprise App to requiring admin consent to install (forget the wording as not in front of Entra ID), removed all users from being assigned to the app and it’s still turning up to meetings.
Users believe they never logged into any Otter.ai account but I would think by nuking the permissions side in 365 this would prevent the bot from joining meetings?
Am I missing something obvious?
https://redd.it/1o8fs5f
@r_systemadmin
One of our clients thought Otter.ai would be a great idea until they realized it attends meetings on their behalf without wanting it to.
We have revoked delegate permissions using MS Graph, changed the Enterprise App to requiring admin consent to install (forget the wording as not in front of Entra ID), removed all users from being assigned to the app and it’s still turning up to meetings.
Users believe they never logged into any Otter.ai account but I would think by nuking the permissions side in 365 this would prevent the bot from joining meetings?
Am I missing something obvious?
https://redd.it/1o8fs5f
@r_systemadmin
Reddit
From the sysadmin community on Reddit
Explore this post and more from the sysadmin community
I don’t understand the MSP hate
I am new to the IT career at the age of 32. My very first job was at this small MSP at a HCOL area.
The first 3 months after I was hired I was told study, read documentation, ask questions and draw a few diagrams here and there, while working in a small sized office by myself and some old colo equipment from early 2010s. I watched videos for 10 hours a day and was told “don’t get yourself burned out”.
I started picking some tickets from helpdesk, monitor issue here, printer issue there and by last Christmas I had the guts to ask to WFH as my other 3 colleagues who are senior engineers.
Now, a year later a got a small tiny bump in salary, I work from home and visit once a week our biggest client for onsite support.
I am trained on more complex and advanced infrastructure issues daily and my work load is actually no more than 10h a week.
I make sure I learn in the meanwhile using Microsoft Learn, playing with Linux and a home lab and probably the most rewarding of all I have my colleagues over for drinks and dinner Friday night.
I’m not getting rich, but I love everything else about it.
MSP rules!
P.S: CCNA cert and dumb luck got me thru the door and can’t be happier with my career choice
https://redd.it/1o8gtt6
@r_systemadmin
I am new to the IT career at the age of 32. My very first job was at this small MSP at a HCOL area.
The first 3 months after I was hired I was told study, read documentation, ask questions and draw a few diagrams here and there, while working in a small sized office by myself and some old colo equipment from early 2010s. I watched videos for 10 hours a day and was told “don’t get yourself burned out”.
I started picking some tickets from helpdesk, monitor issue here, printer issue there and by last Christmas I had the guts to ask to WFH as my other 3 colleagues who are senior engineers.
Now, a year later a got a small tiny bump in salary, I work from home and visit once a week our biggest client for onsite support.
I am trained on more complex and advanced infrastructure issues daily and my work load is actually no more than 10h a week.
I make sure I learn in the meanwhile using Microsoft Learn, playing with Linux and a home lab and probably the most rewarding of all I have my colleagues over for drinks and dinner Friday night.
I’m not getting rich, but I love everything else about it.
MSP rules!
P.S: CCNA cert and dumb luck got me thru the door and can’t be happier with my career choice
https://redd.it/1o8gtt6
@r_systemadmin
Reddit
From the sysadmin community on Reddit
Explore this post and more from the sysadmin community
Locked out of Microsoft tenant HELP!
Rookie mistake, today I turned on a Conditional Access Policy and locked the entire company out of our Microsoft tenant.
We do not have break-glass accounts configured.
I've been trying all day to get in touch with someone at Microsoft who could help us without luck.
Does anyone have a direct contact or an email address or something that I can reach out to to help us get back into the tenant? Please! At this point I'm desperate for solutions.
https://redd.it/1o8k6iz
@r_systemadmin
Rookie mistake, today I turned on a Conditional Access Policy and locked the entire company out of our Microsoft tenant.
We do not have break-glass accounts configured.
I've been trying all day to get in touch with someone at Microsoft who could help us without luck.
Does anyone have a direct contact or an email address or something that I can reach out to to help us get back into the tenant? Please! At this point I'm desperate for solutions.
https://redd.it/1o8k6iz
@r_systemadmin
Reddit
From the sysadmin community on Reddit
Explore this post and more from the sysadmin community
188 applications 40 generic no thank you messages and 2 interviews I finally landed a job
Nearly 6 months ago I was let go from my old position. And it was scary. Yes I had a severance package, yes we had savings, but it's shocking how quickly you burn through all of that. Monday I start a new role in the public sector as a Windows admin. Wish me luck.
https://redd.it/1o8lwhr
@r_systemadmin
Nearly 6 months ago I was let go from my old position. And it was scary. Yes I had a severance package, yes we had savings, but it's shocking how quickly you burn through all of that. Monday I start a new role in the public sector as a Windows admin. Wish me luck.
https://redd.it/1o8lwhr
@r_systemadmin
Reddit
From the sysadmin community on Reddit
Explore this post and more from the sysadmin community
Are we in the ONLY time to ever see ONE Supported Windows Version?
I think so. XP support ended in 2014, then we had Vista, 7, and 8.
Maybe Windows 95? But this was before security updates were a thing.
https://redd.it/1o8mue2
@r_systemadmin
I think so. XP support ended in 2014, then we had Vista, 7, and 8.
Maybe Windows 95? But this was before security updates were a thing.
https://redd.it/1o8mue2
@r_systemadmin
Reddit
From the sysadmin community on Reddit
Explore this post and more from the sysadmin community
How clean is your office?
Just wondering what everyone’s office looks like these days. Mine is a mess currently because we just got VoIP phones (yes you read that correctly) and I had a graveyard of old Toshiba phones. Plus, exchanging old laptops for new and some other things.
https://redd.it/1o8j2r0
@r_systemadmin
Just wondering what everyone’s office looks like these days. Mine is a mess currently because we just got VoIP phones (yes you read that correctly) and I had a graveyard of old Toshiba phones. Plus, exchanging old laptops for new and some other things.
https://redd.it/1o8j2r0
@r_systemadmin
Reddit
From the sysadmin community on Reddit
Explore this post and more from the sysadmin community
I'm going through the account lockout from Hell
I've been doing IT in one form or another for 30 years. I've never had a lockout problem like this. This is happening to my admin account, and it gets locked out just about constantly all day. I know the server that the locking out is happening on because of the lockout events on the DC.
Server 2022 Datacenter running on VMWare
This server runs our Azure AD sync
This server is our PDQ Deploy and Inventory machine (Those services are stopped)
Double and triple checked that there is NOT a service or scheduled task using my creds
This has been going on for two weeks now
It seems like a service, but I can NOT figure out which one.
With PowerShell I wrote a noscript to find all .ini, .cfg and .xml files on my c: and search those for my username. It found two xml files that were task manager exports. The username was just a refernce to <owner> and </owner>, not using my creds.
I've cleared credential manager and Windows Vault
There are no mapped network drives,
Backups are hypervisor based so there's nothing running in the guest OS in that regard
I've tried the Netwrix Account Lockout Examiner and it didn't find anything useful.
I've search all running services and asked Perplexity which ones might be using user impersonation. It gave me a list. I stopped the ones that it would let me stop, but that didn't have any affect.
As you can tell, I'm getting a bit desperate. I could really use a Reddit hive mind miracle.
Thanks!
https://redd.it/1o8oxe7
@r_systemadmin
I've been doing IT in one form or another for 30 years. I've never had a lockout problem like this. This is happening to my admin account, and it gets locked out just about constantly all day. I know the server that the locking out is happening on because of the lockout events on the DC.
Server 2022 Datacenter running on VMWare
This server runs our Azure AD sync
This server is our PDQ Deploy and Inventory machine (Those services are stopped)
Double and triple checked that there is NOT a service or scheduled task using my creds
This has been going on for two weeks now
It seems like a service, but I can NOT figure out which one.
With PowerShell I wrote a noscript to find all .ini, .cfg and .xml files on my c: and search those for my username. It found two xml files that were task manager exports. The username was just a refernce to <owner> and </owner>, not using my creds.
I've cleared credential manager and Windows Vault
There are no mapped network drives,
Backups are hypervisor based so there's nothing running in the guest OS in that regard
I've tried the Netwrix Account Lockout Examiner and it didn't find anything useful.
I've search all running services and asked Perplexity which ones might be using user impersonation. It gave me a list. I stopped the ones that it would let me stop, but that didn't have any affect.
As you can tell, I'm getting a bit desperate. I could really use a Reddit hive mind miracle.
Thanks!
https://redd.it/1o8oxe7
@r_systemadmin
Reddit
From the sysadmin community on Reddit
Explore this post and more from the sysadmin community
Struggling to host my own game server need some direction
Hey everyone
I have been experimenting with hosting my own game server at home. I have got Truenas running smoothly, but I am getting stuck while setting up pterodacty for a valheim server inside an ubuntu container. the guides I have followed so far feel a bit incomplete, and I keep hitting roadblocks midway.
I am open to suggestions should I try a different setup or panel, or just spin up a vps instead and host it there? I am mostly doing this to learn but I would still like it to run reliably without constant restarts.
Would appreciate any advice detailed walkthroughs or even alternative setups that worked for you.
Thanks in advance
https://redd.it/1o8uah6
@r_systemadmin
Hey everyone
I have been experimenting with hosting my own game server at home. I have got Truenas running smoothly, but I am getting stuck while setting up pterodacty for a valheim server inside an ubuntu container. the guides I have followed so far feel a bit incomplete, and I keep hitting roadblocks midway.
I am open to suggestions should I try a different setup or panel, or just spin up a vps instead and host it there? I am mostly doing this to learn but I would still like it to run reliably without constant restarts.
Would appreciate any advice detailed walkthroughs or even alternative setups that worked for you.
Thanks in advance
https://redd.it/1o8uah6
@r_systemadmin
Reddit
From the sysadmin community on Reddit
Explore this post and more from the sysadmin community
Chronic headaches from being a One man IT
I was managing 4 windows servers, 8 switches, fortigate, 110 systems, responsible for building website designs, ui/ux, and developing asset mgmt sys nas for my org. Few months in I started having mild headaches to sharp headaches which became chronic. Quitting the job had made me feel immensely peaceful. These jokers didn't have a single backup in place for anything. I basically had to replace hdds to all sata and nvme whenever a drive failed for over 20 systems. 400 cat6 terminations and 200 keystone what a pain. The previous IT guy didn't even know how to CLR bios, replace the dead ram and reinstall the corrupt os hence they kept the system aside. They never invested in IT and they don't respect IT. I really wish I didn't do like 5 years worth of work in such a short span of time. Only leading to severe burnout. And amount of trauma I have from this job jeez.
https://redd.it/1o8uo3z
@r_systemadmin
I was managing 4 windows servers, 8 switches, fortigate, 110 systems, responsible for building website designs, ui/ux, and developing asset mgmt sys nas for my org. Few months in I started having mild headaches to sharp headaches which became chronic. Quitting the job had made me feel immensely peaceful. These jokers didn't have a single backup in place for anything. I basically had to replace hdds to all sata and nvme whenever a drive failed for over 20 systems. 400 cat6 terminations and 200 keystone what a pain. The previous IT guy didn't even know how to CLR bios, replace the dead ram and reinstall the corrupt os hence they kept the system aside. They never invested in IT and they don't respect IT. I really wish I didn't do like 5 years worth of work in such a short span of time. Only leading to severe burnout. And amount of trauma I have from this job jeez.
https://redd.it/1o8uo3z
@r_systemadmin
Reddit
From the sysadmin community on Reddit
Explore this post and more from the sysadmin community
Weekly 'I made a useful thing' Thread - October 17, 2025
There is a great deal of user-generated content out there, from noscripts and software to tutorials and videos, but we've generally tried to keep that off of the front page due to the volume and as a result of community feedback. There's also a great deal of content out there that violates our advertising/promotion rule, from noscripts and software to tutorials and videos.
We have received a number of requests for exemptions to the rule, and rather than allowing the front page to get consumed, we thought we'd try a weekly thread that allows for that kind of content. We don't have a catchy name for it yet, so please let us know if you have any ideas!
In this thread, feel free to show us your pet project, YouTube videos, blog posts, or whatever else you may have and share it with the community. Commercial advertisements, affiliate links, or links that appear to be monetization-grabs will still be removed.
https://redd.it/1o8x88e
@r_systemadmin
There is a great deal of user-generated content out there, from noscripts and software to tutorials and videos, but we've generally tried to keep that off of the front page due to the volume and as a result of community feedback. There's also a great deal of content out there that violates our advertising/promotion rule, from noscripts and software to tutorials and videos.
We have received a number of requests for exemptions to the rule, and rather than allowing the front page to get consumed, we thought we'd try a weekly thread that allows for that kind of content. We don't have a catchy name for it yet, so please let us know if you have any ideas!
In this thread, feel free to show us your pet project, YouTube videos, blog posts, or whatever else you may have and share it with the community. Commercial advertisements, affiliate links, or links that appear to be monetization-grabs will still be removed.
https://redd.it/1o8x88e
@r_systemadmin
Reddit
From the sysadmin community on Reddit
Explore this post and more from the sysadmin community
Some Simple Tips Every SysAdmin Should Know
As a sysadmin, there’s always something new to learn, but sometimes the basics are what save us the most time and headaches. Here are a few quick tips that every sysadmin should keep in mind:
1. Document Everything This one can’t be stressed enough. Whether it’s a simple configuration change or a full system overhaul, documenting every step makes life a lot easier down the line. It’s also a huge help for troubleshooting when you or someone else comes across an issue months later.
2. Backup, Backup, Backup Always have a backup strategy in place. And no, a single backup doesn’t count. Having multiple copies, preferably stored in different locations (e.g., local and cloud) is essential. And remember to periodically test your backups to ensure they actually work.
3. Automate Where You Can Manual processes are error-prone and time-consuming. Whether it’s using noscripts to automate server deployments or using tools like Ansible, SaltStack, or Puppet, automating your tasks will save you countless hours. It also reduces the risk of human error.
4. Keep Security Tight This might seem obvious, but ensuring your systems are secure is always a priority. Regularly patch your software, review access logs, and use strong, unique passwords (or better yet, a password manager). Also, implement the principle of least privilege—only give users the permissions they absolutely need.
5. Plan for Disaster Recovery Things will break. Servers will crash. It’s just a matter of when, not if. Having a solid disaster recovery plan is crucial. Make sure you know exactly what steps to take when things go south. And don’t forget about regular testing to ensure your recovery process works smoothly.
Sysadmins are the unsung heroes keeping things running behind the scenes. These tips are just the start—never stop learning and improving your skills!
https://redd.it/1o8ybg9
@r_systemadmin
As a sysadmin, there’s always something new to learn, but sometimes the basics are what save us the most time and headaches. Here are a few quick tips that every sysadmin should keep in mind:
1. Document Everything This one can’t be stressed enough. Whether it’s a simple configuration change or a full system overhaul, documenting every step makes life a lot easier down the line. It’s also a huge help for troubleshooting when you or someone else comes across an issue months later.
2. Backup, Backup, Backup Always have a backup strategy in place. And no, a single backup doesn’t count. Having multiple copies, preferably stored in different locations (e.g., local and cloud) is essential. And remember to periodically test your backups to ensure they actually work.
3. Automate Where You Can Manual processes are error-prone and time-consuming. Whether it’s using noscripts to automate server deployments or using tools like Ansible, SaltStack, or Puppet, automating your tasks will save you countless hours. It also reduces the risk of human error.
4. Keep Security Tight This might seem obvious, but ensuring your systems are secure is always a priority. Regularly patch your software, review access logs, and use strong, unique passwords (or better yet, a password manager). Also, implement the principle of least privilege—only give users the permissions they absolutely need.
5. Plan for Disaster Recovery Things will break. Servers will crash. It’s just a matter of when, not if. Having a solid disaster recovery plan is crucial. Make sure you know exactly what steps to take when things go south. And don’t forget about regular testing to ensure your recovery process works smoothly.
Sysadmins are the unsung heroes keeping things running behind the scenes. These tips are just the start—never stop learning and improving your skills!
https://redd.it/1o8ybg9
@r_systemadmin
Reddit
From the sysadmin community on Reddit
Explore this post and more from the sysadmin community
Ransomware-Proofing your organization and customers
Always worth asking what steps people are taking to try to improve their ransomware stance in their org and/or customers.
We typically deploy NetApps so we're using snapshots and trying to get more and more "file" type backups on CIFS shares so they have SnapMirror protection where hopefully unless someone gets the NetApp admin credentials and goes in via OOB management there is no way to remove those snapshots.
We've using Veeam hardened repos for virtual machine backups where the hope is that unless someone gets physical or OOB management access they can't get to the backups.
We keep around 30 days depending on disk space on the physical repos.
I am interested how you're backing up Active Directory other than virtual machine backups of the domain controllers.
I've used Windows Backup before to schedule a backup to a UNC share on one of the NetApps.
I'm coming at this more from a infra/servers angle right now so what other things are you doing to try to prevent issues and to try to make sure you at least have backups and copies of data that can't be changed unless you can get OOB access to the physical hardware it sits on?
Jas
https://redd.it/1o8xcku
@r_systemadmin
Always worth asking what steps people are taking to try to improve their ransomware stance in their org and/or customers.
We typically deploy NetApps so we're using snapshots and trying to get more and more "file" type backups on CIFS shares so they have SnapMirror protection where hopefully unless someone gets the NetApp admin credentials and goes in via OOB management there is no way to remove those snapshots.
We've using Veeam hardened repos for virtual machine backups where the hope is that unless someone gets physical or OOB management access they can't get to the backups.
We keep around 30 days depending on disk space on the physical repos.
I am interested how you're backing up Active Directory other than virtual machine backups of the domain controllers.
I've used Windows Backup before to schedule a backup to a UNC share on one of the NetApps.
I'm coming at this more from a infra/servers angle right now so what other things are you doing to try to prevent issues and to try to make sure you at least have backups and copies of data that can't be changed unless you can get OOB access to the physical hardware it sits on?
Jas
https://redd.it/1o8xcku
@r_systemadmin
Reddit
From the sysadmin community on Reddit
Explore this post and more from the sysadmin community
Phish Resistant MFA - Tricky Authentication Contexts
We've implemented phish-resistant MFA for our cloud admin accounts, using the passkey option which is set up in our authenticator app on our phones. For 90% of scenarios this is working flawlessly. We are however having trouble with some tricky authentication contexts which are forcing us to temporarily bypass admin's from the phish-resistant MFA CA policy (falling back to our standard MFA CA policy). Examples are:
* Autopilot Hash Upload during OOBE - the authentication box which pops up when doing an online upload doesn't support the Bluetooth passkey method.
* Potential workarounds: provide staff with a USB hardware token as their phish-resistant factor, staff copy the hardware hash to a USB to upload from their workstation.
* Authenticating using 'New-AzureADSSOAuthenticationContext' - we need to run this on our server running Entra Connect Sync, which is an Azure VM accessed using RDP. Our phone passkeys are unable to connect to this VM via Bluetooth so can't authenticate. I haven't found a secure workaround for this one (yet!)
Generally, how are you all dealing with the usage of phish-resistant MFA? What challenges are you facing, and what solutions have you found to them? Especially anything relating to the examples above!
https://redd.it/1o8wid2
@r_systemadmin
We've implemented phish-resistant MFA for our cloud admin accounts, using the passkey option which is set up in our authenticator app on our phones. For 90% of scenarios this is working flawlessly. We are however having trouble with some tricky authentication contexts which are forcing us to temporarily bypass admin's from the phish-resistant MFA CA policy (falling back to our standard MFA CA policy). Examples are:
* Autopilot Hash Upload during OOBE - the authentication box which pops up when doing an online upload doesn't support the Bluetooth passkey method.
* Potential workarounds: provide staff with a USB hardware token as their phish-resistant factor, staff copy the hardware hash to a USB to upload from their workstation.
* Authenticating using 'New-AzureADSSOAuthenticationContext' - we need to run this on our server running Entra Connect Sync, which is an Azure VM accessed using RDP. Our phone passkeys are unable to connect to this VM via Bluetooth so can't authenticate. I haven't found a secure workaround for this one (yet!)
Generally, how are you all dealing with the usage of phish-resistant MFA? What challenges are you facing, and what solutions have you found to them? Especially anything relating to the examples above!
https://redd.it/1o8wid2
@r_systemadmin
Reddit
From the sysadmin community on Reddit
Explore this post and more from the sysadmin community
Teams Crashing Windows 11
I'm pushing this out to the ether in hope that a fellow sys admin does not have to suffer like I did. I Reset/wiped machines then re-imaged, obviously deleted teams and re-installed but the below is the only fix that worked.
The devices in question for me where a number of Dell Latitudes 5550 I purchased for my org (all remote users)
After a few weeks all users started reporting an issue with teams crashing in different ways when joining calls/ meetings. In our case teams is loaded with an Office Package, I have searched around different forums and tried all sort of fixes but here's a centralised fix.
1. Disable Hardware acceleration Team-Settings- General - disable hardware acceleration. Or run this in cmd setx WEBVIEW2_ADDITIONAL_BROWSER_ARGUMENTS --disable-gpu - can be ran without admin privileges
2. Set Power Mode to best performance instead of balanced on user machine
3. Clear cache - in %appdata%\\Microsoft\\Teams or if installed with office package clear out %localappdata%\\Packages\\MSTeams_8wekyb3d8bbwe\\ delete all from local cache folder.
If anyone has come across this and has found other fixes do reply !
https://redd.it/1o91cny
@r_systemadmin
I'm pushing this out to the ether in hope that a fellow sys admin does not have to suffer like I did. I Reset/wiped machines then re-imaged, obviously deleted teams and re-installed but the below is the only fix that worked.
The devices in question for me where a number of Dell Latitudes 5550 I purchased for my org (all remote users)
After a few weeks all users started reporting an issue with teams crashing in different ways when joining calls/ meetings. In our case teams is loaded with an Office Package, I have searched around different forums and tried all sort of fixes but here's a centralised fix.
1. Disable Hardware acceleration Team-Settings- General - disable hardware acceleration. Or run this in cmd setx WEBVIEW2_ADDITIONAL_BROWSER_ARGUMENTS --disable-gpu - can be ran without admin privileges
2. Set Power Mode to best performance instead of balanced on user machine
3. Clear cache - in %appdata%\\Microsoft\\Teams or if installed with office package clear out %localappdata%\\Packages\\MSTeams_8wekyb3d8bbwe\\ delete all from local cache folder.
If anyone has come across this and has found other fixes do reply !
https://redd.it/1o91cny
@r_systemadmin
Reddit
From the sysadmin community on Reddit
Explore this post and more from the sysadmin community
Our developer says they still do not officially support server 2022 and are still testing. Isn't this a bit long to be testing?
I don't want to be unreasonable, but isn't this a long time to wait for a developer to test their software? Is there a standard as far as when a developer of an app should be compatible with the current version of Windows Server?
https://redd.it/1o934jb
@r_systemadmin
I don't want to be unreasonable, but isn't this a long time to wait for a developer to test their software? Is there a standard as far as when a developer of an app should be compatible with the current version of Windows Server?
https://redd.it/1o934jb
@r_systemadmin
Reddit
From the sysadmin community on Reddit
Explore this post and more from the sysadmin community
Are you guys experiencing issues with the latest patch that breaks localhost?
https://www.techpowerup.com/341976/microsoft-breaks-localhost-with-windows-11-october-update-users-forced-to-revert Getting ready to see what this actually does -- does it break just https://localhost or all bindings against localhost. UGH UGH thanks MS
https://redd.it/1o917ou
@r_systemadmin
https://www.techpowerup.com/341976/microsoft-breaks-localhost-with-windows-11-october-update-users-forced-to-revert Getting ready to see what this actually does -- does it break just https://localhost or all bindings against localhost. UGH UGH thanks MS
https://redd.it/1o917ou
@r_systemadmin
TechPowerUp
Microsoft Breaks Localhost with Windows 11 October Update, Users Forced to Revert
Just two days after Windows 10 reached its end of life, issues with Microsoft's latest Windows 11 October update have begun to surface. Users on Microsoft Support Forums, Stack Overflow, and Server Fault have reported that the localhost functionality in Windows…
Are Your Windows 10 Extended Software Updates (ESU) Keys Working?
Hello everyone,
Did some searching in r/sysadmin before posting this, so apologies if there is another thread that deals with this specific topic.
We have purchased Windows 10 ESU licenses for our Windows 10 workstations. All of them are running Windows 10 Enterprise - activated via volume licensing using an on-premise KMS server. Testing the activation of these MAK keys using the documentation here:
https://learn.microsoft.com/en-us/windows/whats-new/enable-extended-security-updates
I was issued 5 MAK keys to use, which I'm told have a large number of activations available to them - at least more than we will ever need for our environment. My two test workstations are clean freshly imaged systems running Windows 10 Enterprise build 10.0.19045.6456 which I believe is latest available from Microsoft Update. This also means the workstations have satisfied the requirement of patch KB5046613 being installed. Verified this by trying to manually trying to install that patch and receiving the error that the computers are not eligible to install the MSU.
I've attempted to activate all five of my MAK keys using the following command:
(where xxxxx would be my MAK keys)
I'm receiving the following errors on all the keys:
I proceed to run the command in that message, and receive the following additional error output:
I have verified the volume licensing contract that the licenses were purchased through is valid and active. There's one other thread where I found similar errors posted, but it looks like it may have been a conflict between different times of Windows licenses already activated on the workstations in question. Our fleet runs entirely on Windows 10 Enterprise via KMS activation.
Has anyone experienced this issue? Is the only solution here a Microsoft Support ticket to verify the keys are valid and activated? I'm unable to get past this step on two different workstations that by all accounts and research should be able to activate the MAK and receive the updates.
At a minimum, I'm posting here to journal my experiences as I'm assuming I'm not the only one working through this now that October 14 has past...
UPDATE 10/17/25 11:15 AM EDT
So I learned that our organization has multiple volume licensing contracts and "License ID" associated with our volume licensing - we have two that are active. To make sure there weren't any conflicts I removed KMS license activation from the Windows 10 Enterprise devices and instead activated with MAK license for Windows 10 Enterprise on the same active contract number/License ID as our "Windows 10 Supplemental Servicing MAK" that I have been unsuccessful in activating. Unfortunately that did not work, and I received the same errors, so a Microsoft Support Ticket is being opened.
https://redd.it/1o90ktw
@r_systemadmin
Hello everyone,
Did some searching in r/sysadmin before posting this, so apologies if there is another thread that deals with this specific topic.
We have purchased Windows 10 ESU licenses for our Windows 10 workstations. All of them are running Windows 10 Enterprise - activated via volume licensing using an on-premise KMS server. Testing the activation of these MAK keys using the documentation here:
https://learn.microsoft.com/en-us/windows/whats-new/enable-extended-security-updates
I was issued 5 MAK keys to use, which I'm told have a large number of activations available to them - at least more than we will ever need for our environment. My two test workstations are clean freshly imaged systems running Windows 10 Enterprise build 10.0.19045.6456 which I believe is latest available from Microsoft Update. This also means the workstations have satisfied the requirement of patch KB5046613 being installed. Verified this by trying to manually trying to install that patch and receiving the error that the computers are not eligible to install the MSU.
I've attempted to activate all five of my MAK keys using the following command:
slmgr.vbs /ipk xxxxx-xxxxx-xxxxx-xxxxx-xxxxx(where xxxxx would be my MAK keys)
I'm receiving the following errors on all the keys:
Error: 0xC004E016 On a computer running Microsoft Windows non-core edition, run 'slui.exe 0x2a 0xC004E016' to display the error textI proceed to run the command in that message, and receive the following additional error output:
Code: 0xC004E016Denoscription: The Software Licensing Service reported that the product key is invalidI have verified the volume licensing contract that the licenses were purchased through is valid and active. There's one other thread where I found similar errors posted, but it looks like it may have been a conflict between different times of Windows licenses already activated on the workstations in question. Our fleet runs entirely on Windows 10 Enterprise via KMS activation.
Has anyone experienced this issue? Is the only solution here a Microsoft Support ticket to verify the keys are valid and activated? I'm unable to get past this step on two different workstations that by all accounts and research should be able to activate the MAK and receive the updates.
At a minimum, I'm posting here to journal my experiences as I'm assuming I'm not the only one working through this now that October 14 has past...
UPDATE 10/17/25 11:15 AM EDT
So I learned that our organization has multiple volume licensing contracts and "License ID" associated with our volume licensing - we have two that are active. To make sure there weren't any conflicts I removed KMS license activation from the Windows 10 Enterprise devices and instead activated with MAK license for Windows 10 Enterprise on the same active contract number/License ID as our "Windows 10 Supplemental Servicing MAK" that I have been unsuccessful in activating. Unfortunately that did not work, and I received the same errors, so a Microsoft Support Ticket is being opened.
https://redd.it/1o90ktw
@r_systemadmin
Docs
Enable Windows 10 Extended Security Updates (ESU)
Learn how to enable the Extended Security Updates (ESU) keys for Windows 10. The ESU program gives customers the option to receive security updates for Windows 10.