Windows 10 ESU Applied with slmgr.vbs -- still shows "your version of Windows has reached End of Support"

Hey there! We have a few Windows 10 PCs on which we have applied Year 1 ESU licenses using slmgr.vbs (we followed info here). All of them show "License Status: Licensed". But in Windows Update it still shows "Your version of Windows has reached End of Support. Your device is no longer receiving security updates." I just wanted to check if we missed something, or is this what everyone else is experiencing? Thanks!

https://redd.it/1oa8t6z
@r_systemadmin

A question about Microsoft 365 licenses and MSP‘s/CSP‘s

I am retiring.

I was getting m365 licenses for clients thru D&H.

A client has annual licenses that I got them that expire on 12/ 31. I turned off auto renew with D&H.

A new firm is taking over on November 1.

The new firm said this:

We won’t do any MSP to MSP transfer of current licenses….

Just curious – does anybody know what that means?

I’m a one-man shop and never had to deal with taking over or releasing a tenant

The license is I got them are already in tenant admin portal.

Is that for sinking up the license expiration dates - my licenses versus licenses they buy?

If they buy through a different CSP and buy another year, without the transfer they talk about, the new license would start immediately?

I do think I saw where you could set a time for the license to start in the future with DH

But CSP’s have their own interface for buying m365 / not all offer that?



https://redd.it/1oa7fm4
@r_systemadmin

Autohotkey good or bad!?

I love this thing. How can I make it bullet proof so security team won’t make me uninstall it?(silly fear but)

I imagine if i set up alerts on if the ahk file changes or is even open that would be reasonably secure?

Windows Defender Controlled Folder Access ?

Or is having it on disk create a vulnerability?


Ooo can I digitally sign my .ahk!?

I would like help making a strong case for having it and to show that I made an effort to be secure



https://redd.it/1oadd75
@r_systemadmin

PSA: Keyboard/mouse won't work in WinRE after October 2025 Patch Tuesday

Microsoft broke the mouse/keyboard in WinRE. Means you can't really use it.

"After installing the Windows security update released on October 14, 2025 (KB5066835), USB devices, such as keyboards and mice, do not function in the Windows Recovery Environment (WinRE). This issue prevents navigation of any of the recovery options within WinRE. Note that the USB keyboard and mouse continue to work normally within the Windows operating system." -- https://learn.microsoft.com/en-us/windows/release-health/status-windows-11-24h2#3696msgdesc

Was driving our IT team crazy on a Saturday, but replacing the WinRE image from an older ISO works: https://www.windowslatest.com/2025/10/18/microsoft-confirms-windows-11-october-2025-update-breaks-winre-recovery-input/

https://redd.it/1oa7w8n
@r_systemadmin

Anyone else having Bitlocker recovery key issues after installing the latest October 2025 Windows 11 KB5066835 update and then restarting?

Been getting reports of computers getting Bitllocker recovery key screen after installing the latest October 2025 Windows 11 KB5066835 update. Anyone else having this issue? We opened a Microsoft Support Case but the issue has not been acknowledged by Microsoft Support.

https://redd.it/1oadz4t
@r_systemadmin

Weird powershell command running and I need advice.

Past couple of days a couple of my servers have been spawning these powershell command ran by SYSTEM

Powershell.exe -ExecutionPolicy Restricted -Command function Get-UEFIX509Certificates{ $Certs = @(); try { $UefiDb = Get-SecureBootUEFI -Name db }

And this command can either be spawned with multiple processes or just one and it’s taking up a % of memory where SW is triggering alerts for high memory. Our end point security has not been triggered with this spawned powershell noscript.

I started an internal incident and investigation with my other colleagues but they haven’t seen this command before.

Our MCM team only uses “Powershell.exe -ExecutionPolicy Bypass” with Software Center to deploy updates, so it’s not related to windows updates.


Copilot threw this together since I can’t find anyone else that has ran across this noscript before.

this is what copilot said about the noscripts that are running
 
powershell.exe -ExecutionPolicy Restricted -Command function Get-UEFIX509Certificates { $Certs = @(); try { $UefiDb = Get-SecureBootUEFI -Name db }
What this means:
    1.    ExecutionPolicy Restricted
This is the most restrictive policy in PowerShell, which normally prevents noscripts from running. However, the -Command parameter allows inline commands to execute despite the restriction.
    2.    Custom Function: Get-UEFIX509Certificates
The code defines a function intended to retrieve UEFI X.509 certificates. These certificates are part of the Secure Boot infrastructure in UEFI firmware.
    3.    Key Operation: Get-SecureBootUEFI -Name db
This command queries the UEFI Secure Boot database (db). The database contains trusted certificates and keys used to validate boot loaders and drivers during Secure Boot.
In short:
PowerShell is trying to read Secure Boot configuration data from the UEFI firmware, specifically the certificate database. This is typically done for:
    •    Auditing Secure Boot settings.
    •    Checking trusted certificates.
    •    Security compliance or troubleshooting boot integrity.

I’m reaching out to see if anyone else in the community has seen this happen and can shed light on what and why these commands are spawning.

https://redd.it/1oafv3h
@r_systemadmin

RAID Rebuild Time

Hey All!

Hoping someone with more storage experience could help me. I have a server that houses my company's VMS and Access Control System, It is currently at 44TB of Video storage and 16TB was just added today for expansion into a new site next door. I followed the instructions at How to Reconfigure a Virtual Disk With OpenManage Server Administrator (OMSA) | Dell to add the drives to the array but here 5 hours later it is still showing at 0% in OMSA. Anyone have any guess how long it will take a raid 5 array of this size to reconfigure? I heard it could take a week. Is that true? Im pretty good on the software side of Sysadmin but now that Im with a company that Im the single IT guy the hardware side of this is new to me. Thanks in advance and sorry if this is a stupid question lol

https://redd.it/1oaah1z
@r_systemadmin

Receiving offensive, racist and homophobic support emails

Hi,

I'm not sure if this is the right place to ask, but I'll give it a shot anyway.

For the past few days, I've been receiving offensive, racist, and homophobic emails. These messages are from a customer complaining about a free product they're using.

I won’t go into too many details, but essentially, the person is being extremely offensive, making racist and homophobic remarks towards both me and the product. The person is also demanding that I remove certain features simply because he/she don't like them.

Over the years, I've learned to ignore this type of negativity, but this feels on another level.

I don’t want to waste too much time nor resources on this, but if there's anything I can do to prevent it, I’m happy to fill out any necessary report forms.

The individual is also using their own agency/company domain to send these emails.

https://redd.it/1oam2oj
@r_systemadmin

New job!

TL;DR Taking over as school IT manager with limited experience and wanted guidance on what to become skilled at. On prem AD and Google Workspace environment.

Hi all,

I am going to be taking over as a sysadmin/IT manager of a school. Altogether 2000 students and staff.

I will be replacing someone who has worked there for 30+ years and is retiring. From what I’ve heard a lot of the systems and procedures are outdated and I am fairly nervous to slowly make changes to modernise things due to my lack of experience.

I have had experience in IT since 2022 but in a proper MSP environment since 2023 which includes being an IT engineer for around 10 different schools.

I am still fairly new to IT and obviously there is a sense of imposter syndrome (which is fine- it’s always good to feel like you need to learn more) but I wanted to get some advice from others around here on what I should get better at and solidify.

The school is using a hybrid environment which includes on prem AD and Google Workspace.

Some things I am specifically nervous about is the backup solutions and how to implement the disaster recovery plan.
Also, managing and troubleshooting complex windows server issues.

Any advice and guidance would be truly appreciated!

https://redd.it/1oamhvp
@r_systemadmin

How much do you trust immutable storage to be immutable?

I've just got Veeam writing backups out to a hardened repository and I must admit it feels damned good.

Immutable setup using single use credentials no SSH etc. all done by the guides.

But there's always that little nagging doubt that there's still a way to get at the backups.

My absolute last line of defence is having a copy on tape. You can fit a lots of bandwidth on a shelf.

But if you've got immutable storage and you have management interfaces disabled so there's no iDRAC/iLO/SSH or other access how much faith do you have that there really no way for the bad guys to get at it?

https://redd.it/1oam23u
@r_systemadmin

Reusing “deleted” users username/email address

Would anyone like to explain why this can be a bad idea? We are standing up an IAM system that noscripts the creation disablement and to my dismay deletion of accounts after 90 days but I don’t see why we care to “reclaim” a username and I sense there being issues with doing so.

What’s your experience with deleting user accounts and then resurrecting them ??

https://redd.it/1oalz5u
@r_systemadmin

Where can I buy non-copilot laptops?

See noscript. I have a blind user in my org who cannot use it because the copilot key took the place of the right ctrl key.

https://redd.it/1oaruop
@r_systemadmin

Strange behavior in linux: user can still run sudo commands and switch users even though pam prohibits it

If a user is removed from the sudo group and tries to run sudo some-command they correctly receive a permission denied error.
Additionally, PAM can be configured so that when the user runs su some-user a "su: permission denied" message is shown, even if the correct password is entered for some-user.

However, I found this restriction applies only to command-line. There are other ways for the same user to perform privileged actions. For example, instead of running:

sudo systemctl restart cron.service

they can simply run:

systemctl restart cron.service

In this case, GDM displays a graphical password prompt for the root password, and the operation completes successfully. This makes membership in the sudo group useless, since the same command can be executed without sudo ! The only difference is that the password is entered in a graphical window instead of the command line! The graphical display has root privileges and follows its own policy not PAM.

The same issue occurs with su: a user can switch to another account, even root, through graphical tools, even if they are not in the sudo group and cannot run su from the terminal.

This seems like a design flaw. There appears to be backdoors that bypass PAM restrictions and group-based privilege control.

question:

How can I configure Linux desktop so that a user is confined, that is, they cannot run any executable requiring elevated privileges (even if they know the root password), and they cannot switch to another user context even through Wayland/GDM?

In other words, I want to ensure that users can execute only the commands for which they have explicit execution permissions.



https://redd.it/1oaqvg4
@r_systemadmin

Windows on ARM

Has anyone started using Windows Arm laptops in a enterprise space?

We use HP Elite Books (most are AMD) but we've had some interest in the ARM varients, if anyone has rolled them out, do they work fine with AD / standard office applications?

We are going to get a couple for our digital team to test but thought it's always good to do research on it and get others opinions

https://redd.it/1oau5gr
@r_systemadmin

Does having a CSP Azure subnoscription affect support for your non-CSP subnoscriptions in the same tenant?

I've been in this situation once before at a previous org but want to confirm that what I remember is actually the case:

We are planning to add a new subnoscription to our Azure tenant via our CSP to support PAYG Teams Phone billing. All our current Azure subnoscriptions are direct billing with Microsoft. I know that when you buy through a CSP, Microsoft won't support that subnoscription directly (even if you have Unified Support) and you have to work through the CSP, which we have no problem with.

We want to keep direct support available for the existing subs, especially because the product teams that manage some of the other subnoscriptions are considering Unified Support in future. I'm about 98% sure that adding this new sub this won't affect support eligibility for the non-CSP subs, and that we can still go direct to Microsoft for support on them. Our CSP agrees but asked me to confirm with Microsoft just to be sure since it will upset our product teams if things change because of something my team purchased, but of course all our Microsoft contacts are unresponsive.

Can others here who have this sort of setup confirm/deny that you can still get direct MS support on your non-CSP subnoscriptions?

https://redd.it/1oaqxdi
@r_systemadmin

Mac connecting to wireless printers - only one wifi network causing issues

Hi all,

Background: I install and manage all the hardware and software for my small law firm with fewer than 10 employees. I do okay and troubleshoot a lot of issues by searching through Google, forums, etc. I recently bought new laptops for everyone and switched myself back to a Macbook Pro after about three years with a PC. The Macbook is a pleasure and has spoken seamlessly to all of our cloud-based file and case management apps, Microsoft Office has behaved, etc. Except for one thing.

I cannot get the Macbook Pro to connect to our wireless printers (one large Brother, one all-in-one HP) in the office. They wouldn't autodetect, so I tried by using the IP address, tried installing drivers. It connected to the HP for about half a day, then started reading it as offline. I removed and tried to reinstall the HP and now it won't connect at all. I've restarted all the things, reset all the things, cleaned cache, etc. etc. No dice. The Macbook Pro connects wirelessly to my home printer (a Brother) and a friend's home printer (another HP) without a hiccup.

We have a typical typical high-speed wifi set up with a router and extender. I just set up four new PC laptops and they all connected without a hitch. The PC laptops have had occasional issues, for example where an employee will need to reinstall the Brother printer every few weeks because it just gets slow or stops connecting. But that has seemed pretty normal.

Any suggestions before I have to pull in an outside IT person for the first time?

https://redd.it/1oaxzuy
@r_systemadmin

BT fiber connection

Hi,


iv just recently had a line installed via a reseller who are complete garbage BT left me with a adva in a remote office that terminates to fiber but i can find nothing in my order paperwork on what this termination is so i am struggling to order a media convertor.


Its two strand but the lad on site isnt the best so i dont want to ask him to pull the SFP anyone know what the standard is ? i was looking at https://amzn.eu/d/fxSqJvq and a patch lead https://amzn.eu/d/58XfHdr but honestly iv no clue its always come with the media convertor before.

thanks in advance



https://redd.it/1oazm6x
@r_systemadmin

Reboot Restore Rx Pro

Anyone have experience with this software? It seems like it's not the best for handling Windows Updates despite the option being available in the UI. I have been running a public access kiosk computer with this software for years now with the Windows Update option disabled and automatic Windows Updates disabled in general. It seems to cause too many problems. This isn't just when feature updates happen. It seems to be a problem for general security updates.

I recently upgraded a PC to Windows 11 and continued to use version 12 of Reboot Restore since the license doesn't carry over for the new version supposedly (Version 13 - Enterprise). I decided to retry the update option and it once again causes problems. I even had problems with Windows Update working altogether, even when I went into services.msc and manually restarted Windows Updates.

Am I doing something wrong?

https://redd.it/1ob1a1q
@r_systemadmin

Basic Server Security Questions

Hey Everyone -

Long story short, I manage a team of about 15 people in our warehouse/logistics area that uses a small app I've built that basically connects via SOAP API to another system (3rd party). Theres one function it tho that we can basically only send one request every 1 minute or things get stuck. So currently I had built out kind of a broker on each app that says "send request...wait 1 minute...send next request...wait 1 min" - the problem is obviously that each persons computer would just be doing the same thing and they would all still be sending to many requests to our third party service.

So my thought process was to get a small VPS and rig up a queue manager to a database in the air. Our app sends the request up to the vps, it gathers all the requests and then shoots them out to the third party service. I'm not an IT guy - im just a manager try to help live an easier life by using this app.

Anyways, I've got it setup. And it works fine. My question is im just concerned about basic security because now I am shooting up a username/ssh key into the server and it holds it there.

What I have done so far - and honestly, this is just me reading online for several days:

For Basic Security -

\- for the domain/nameservers i got cloudflare which seems to offer protection against DDOS and offers basic SSL certificate for the domain. Have the domain running from https://

\- Installed fail2Ban on the server

\- closed access to all ports except 22, 80, 443

\- (I have in my notes to also change port 22 to something else but havent done it yet)

\- disabled root access

On the App on the desktop side - the username/ssh is already using encryption for windows dpai and I added an AES-256 encryption for when it sends the code i have a key on the desktop side and got a key on the server side. on the server side it holds the key just until it processes and then dumps it.


Just wanted opinions if I am on the right track here - am i not doing enough? am i doing too much? or am I complete idiot? I'm not doing much and I dont think my small little thing would attract much attention - but never know. I just need to be able to tell the boss that were secure lol. Thank you all!

https://redd.it/1ob2jax
@r_systemadmin

Scammers

Recently got hit by some scammers* claiming to be Verifone support. End user followed their instructions and sold things, faked with cash, them provided card numbers to refund to. Then requested the clerk tie a card number to the clerks personal apple wallet and do.the refund again.

Be on the lookout and let your end users know.

I have 2 phone numbers, but I'm sure they're spoofed or VoIP. They answered when I called and definitely sound like they're state side.

https://redd.it/1ob4am2
@r_systemadmin

Oct emergency patch question

I haven’t approved Oct updates yet in WSUS. With this emergency patch MS is putting out, will that overwrite the existing bad patch in WSUS? Are they pulling the bad patch and I’ll see the new one listed at some point?

https://redd.it/1ob77up
@r_systemadmin