Windows on ARM

Has anyone started using Windows Arm laptops in a enterprise space?

We use HP Elite Books (most are AMD) but we've had some interest in the ARM varients, if anyone has rolled them out, do they work fine with AD / standard office applications?

We are going to get a couple for our digital team to test but thought it's always good to do research on it and get others opinions

https://redd.it/1oau5gr
@r_systemadmin

Does having a CSP Azure subnoscription affect support for your non-CSP subnoscriptions in the same tenant?

I've been in this situation once before at a previous org but want to confirm that what I remember is actually the case:

We are planning to add a new subnoscription to our Azure tenant via our CSP to support PAYG Teams Phone billing. All our current Azure subnoscriptions are direct billing with Microsoft. I know that when you buy through a CSP, Microsoft won't support that subnoscription directly (even if you have Unified Support) and you have to work through the CSP, which we have no problem with.

We want to keep direct support available for the existing subs, especially because the product teams that manage some of the other subnoscriptions are considering Unified Support in future. I'm about 98% sure that adding this new sub this won't affect support eligibility for the non-CSP subs, and that we can still go direct to Microsoft for support on them. Our CSP agrees but asked me to confirm with Microsoft just to be sure since it will upset our product teams if things change because of something my team purchased, but of course all our Microsoft contacts are unresponsive.

Can others here who have this sort of setup confirm/deny that you can still get direct MS support on your non-CSP subnoscriptions?

https://redd.it/1oaqxdi
@r_systemadmin

Mac connecting to wireless printers - only one wifi network causing issues

Hi all,

Background: I install and manage all the hardware and software for my small law firm with fewer than 10 employees. I do okay and troubleshoot a lot of issues by searching through Google, forums, etc. I recently bought new laptops for everyone and switched myself back to a Macbook Pro after about three years with a PC. The Macbook is a pleasure and has spoken seamlessly to all of our cloud-based file and case management apps, Microsoft Office has behaved, etc. Except for one thing.

I cannot get the Macbook Pro to connect to our wireless printers (one large Brother, one all-in-one HP) in the office. They wouldn't autodetect, so I tried by using the IP address, tried installing drivers. It connected to the HP for about half a day, then started reading it as offline. I removed and tried to reinstall the HP and now it won't connect at all. I've restarted all the things, reset all the things, cleaned cache, etc. etc. No dice. The Macbook Pro connects wirelessly to my home printer (a Brother) and a friend's home printer (another HP) without a hiccup.

We have a typical typical high-speed wifi set up with a router and extender. I just set up four new PC laptops and they all connected without a hitch. The PC laptops have had occasional issues, for example where an employee will need to reinstall the Brother printer every few weeks because it just gets slow or stops connecting. But that has seemed pretty normal.

Any suggestions before I have to pull in an outside IT person for the first time?

https://redd.it/1oaxzuy
@r_systemadmin

BT fiber connection

Hi,


iv just recently had a line installed via a reseller who are complete garbage BT left me with a adva in a remote office that terminates to fiber but i can find nothing in my order paperwork on what this termination is so i am struggling to order a media convertor.


Its two strand but the lad on site isnt the best so i dont want to ask him to pull the SFP anyone know what the standard is ? i was looking at https://amzn.eu/d/fxSqJvq and a patch lead https://amzn.eu/d/58XfHdr but honestly iv no clue its always come with the media convertor before.

thanks in advance



https://redd.it/1oazm6x
@r_systemadmin

Reboot Restore Rx Pro

Anyone have experience with this software? It seems like it's not the best for handling Windows Updates despite the option being available in the UI. I have been running a public access kiosk computer with this software for years now with the Windows Update option disabled and automatic Windows Updates disabled in general. It seems to cause too many problems. This isn't just when feature updates happen. It seems to be a problem for general security updates.

I recently upgraded a PC to Windows 11 and continued to use version 12 of Reboot Restore since the license doesn't carry over for the new version supposedly (Version 13 - Enterprise). I decided to retry the update option and it once again causes problems. I even had problems with Windows Update working altogether, even when I went into services.msc and manually restarted Windows Updates.

Am I doing something wrong?

https://redd.it/1ob1a1q
@r_systemadmin

Basic Server Security Questions

Hey Everyone -

Long story short, I manage a team of about 15 people in our warehouse/logistics area that uses a small app I've built that basically connects via SOAP API to another system (3rd party). Theres one function it tho that we can basically only send one request every 1 minute or things get stuck. So currently I had built out kind of a broker on each app that says "send request...wait 1 minute...send next request...wait 1 min" - the problem is obviously that each persons computer would just be doing the same thing and they would all still be sending to many requests to our third party service.

So my thought process was to get a small VPS and rig up a queue manager to a database in the air. Our app sends the request up to the vps, it gathers all the requests and then shoots them out to the third party service. I'm not an IT guy - im just a manager try to help live an easier life by using this app.

Anyways, I've got it setup. And it works fine. My question is im just concerned about basic security because now I am shooting up a username/ssh key into the server and it holds it there.

What I have done so far - and honestly, this is just me reading online for several days:

For Basic Security -

\- for the domain/nameservers i got cloudflare which seems to offer protection against DDOS and offers basic SSL certificate for the domain. Have the domain running from https://

\- Installed fail2Ban on the server

\- closed access to all ports except 22, 80, 443

\- (I have in my notes to also change port 22 to something else but havent done it yet)

\- disabled root access

On the App on the desktop side - the username/ssh is already using encryption for windows dpai and I added an AES-256 encryption for when it sends the code i have a key on the desktop side and got a key on the server side. on the server side it holds the key just until it processes and then dumps it.


Just wanted opinions if I am on the right track here - am i not doing enough? am i doing too much? or am I complete idiot? I'm not doing much and I dont think my small little thing would attract much attention - but never know. I just need to be able to tell the boss that were secure lol. Thank you all!

https://redd.it/1ob2jax
@r_systemadmin

Scammers

Recently got hit by some scammers* claiming to be Verifone support. End user followed their instructions and sold things, faked with cash, them provided card numbers to refund to. Then requested the clerk tie a card number to the clerks personal apple wallet and do.the refund again.

Be on the lookout and let your end users know.

I have 2 phone numbers, but I'm sure they're spoofed or VoIP. They answered when I called and definitely sound like they're state side.

https://redd.it/1ob4am2
@r_systemadmin

Oct emergency patch question

I haven’t approved Oct updates yet in WSUS. With this emergency patch MS is putting out, will that overwrite the existing bad patch in WSUS? Are they pulling the bad patch and I’ll see the new one listed at some point?

https://redd.it/1ob77up
@r_systemadmin

State of ReFS on Windows 11 25H2

Deploying a new desktop and took the opportunity to mess around with ReFS as the Bootable Partition on Windows 11 25H2.

HP EliteDesk 8 G1i Mini
Intel Core Ultra 7 265
64GB RAM
Samsung SSD 980 Pro 2TB with Heatsink

Features that are available and probably worked:
• ReFS Integrity on and off
• ReFS Compression
• ReFS DeDuplication
• ReFS DeDupe & Compression

Features that did not work in my case:
• Booting Win 11 25H2 from ReFS (it was not stable)
• Block Cloning in File Explorer
(I've just read the restrictions on block cloning and saw that the max file size is 4GB. Possibly I was testing with 10GB files (I don't remember). Bit disappointing as I do a lot of duplicating of large files and was very interested in "instant" copy creation. However this feature apparently is a game changer with Hyper-V, and vhdx are all over 4GB, so maybe Hyper-V does it's block copy intelligently, breaking it down into >4GB blocks, while File Explorer doesn't).

CrystalDiskMark 9.0.1 with default settings

All benchmarks were performed with ReFS Integrity Off. (NTFS doesn't have integrity streams). I was going to do additional benchmarks with DeDupe and Compression&DeDupe as well as storage use, and then repeat with ReFS integrity on, however the OS kept freezing so was unusable.

| | Integrity Off | | Compression (ZSTD L3) | | | | NTFS | | | |
|:-------------:|:-------------:|:------------:|:---------------------:|:------------:|:------:|:-------:|:-----------:|:------------:|:------:|:-------:|
| | Read (MB/S) | Write (MB/s) | Read (MB/S) | Write (MB/s) | % Read | % Write | Read (MB/S) | Write (MB/s) | % Read | % Write |
| SEQ1M Q8T1 | 6778.33 | 4939.53 | 6682.05 | 4944.06 | -1% | 0% | 6725.4 | 4857.13 | -1% | -2% |
| SEQ1M Q1T1 | 3179.05 | 2363.24 | 1987.87 | 2679.29 | -37% | 13% | 3239.23 | 2419.95 | 2% | 2% |
| RND4K Q32T1 | 414.32 | 340.42 | 414.31 | 361.3 | 0% | 6% | 395.45 | 394.05 | -5% | 16% |
| RND4K Q1T1 | 61.09 | 120.88 | 29.43 | 113.79 | -52% | -6% | 45.38 | 126.18 | -26% | 4% |

All the benchmarks I'd read were with ReFS with default settings (Integrity on) against NTFS (which doesn't have integrity streams) and were showing performance deficits of ReFS. Based on above, possibly ReFS has very comparable performance to NTFS when configured with the same feature set.

Compression benchmarks were very odd. Big speedup for write and big slowdown for read are not logical. One would expect slowdown for write and similar or possible slight speedup for read (with costs to CPU). Seeing as the benchmarks were run once, and I paid little attention to if background tasks were running, it's possible this is just a bad benchmark result.

As I understand the features:
Compression
With ReFS, you set the compression state using PowerShell Set-ReFsDedupVolume, however the PowerShell command doesn't seem to let you specify the compression settings. If you use 'refsutil compression', you can enable/disable compression, set the format (LZ4 - Fast or ZSTD - Balance between compression and speed) as well as the compression level and chunk size.

Using refsutil also causes a job to run to de/compress the entire drive. Using PowerShell requires a

separate command to run the initial compression pass: Start-ReFSDedupJob, which is were you specify the compression properties, but it's unclear if that sets the default for the volume or just for that run?

Unless I'm remembering it incorrectly, setting compression on with refsutil resulted in PowerShell saying that it wasn't enabled for the volume and refsutil saying it was enabled. I enabled it with both just to be sure.

DeDupe
DeDuplication volume properties are set with the PowerShell Set-ReFsDedupVolume command. Then DeDupe passes are scheduled with Start-ReFSDedupJob/SetReFSDedupeSchedule. A DeDupe pass seems to run with relatively low priority (in my very limited experience of one partial pass) doesn't seem to take much CPU or drive resources on a relatively idle machine, takes a very long time, and as expected, uses inclemently more RAM as it continues. ReFS DeDupe only scans the entire volume on the initial pass. Subsequent scans will do an incremental DeDupe.

DeDupe and Compression can be combined.

Integrity Streams
Integrity steams can be enabled/disabled on format /I:enable or disable. The property can then be adjusted for a volume, a folder or a file with Set-FileIntegrity, which I believe will calculate the checkums for each included file/folder so may take significant time.

By default ReFS runs a File Integrity Scrubber every four weeks to validate infrequently accessed data checksums. This can be configured with PS.

Installing Win 11 onto ReFS
a) Install Win 11. I like to install it onto an unpartitioned drive and Win 11 will create the default FAT32 UEFI and NTFS Recovery partitions, in addition to the main partition for OS.
b) Once complete, boot back into Win 11 setup USB, and on the disk selection screen press Shift+F10 for command prompt, format the main partition with ReFS with your desired properties and then close CMD.
c) Select the main partition in the installer and it will install Win 11 onto ReFS.

Notes:
• Win 11 25H2 booted from ReFS was NOT stable. After some number of hrs of use, the storage would stop responding properly and the system would run incredibly slow.
• Same machine booted on NTFS did not have the same issue.
• This was just for fun, and the benchmarks are rough indications only and were not performed in was designed to generate exactly reproduceable results.

https://redd.it/1ob92me
@r_systemadmin

Thickheaded Thursday - October 23, 2025

Howdy, /r/sysadmin!

It's that time of the week, Thickheaded Thursday! This is a safe (mostly) judgement-free environment for all of your questions and stories, no matter how silly you think they are. Anybody can answer questions! My name is AutoModerator and I've taken over responsibility for posting these weekly threads so you don't have to worry about anything except your comments!

https://redd.it/1odz8ea
@r_systemadmin

An ATM jackpotting incident has increased my hatred for dealing with law enforcement.

The credit union I work at had two of their ATMs jackpoted and every law enforcement agency involved wants the footage a different way. Between the two cities, one state, and two federal agencies that want footage we have 7 different versions archived for two different ATMs. That is before what insurance wants. I swear the next person who asks is just getting the 7 hour raw footage. It is legitimately less paperwork at this point to get robbed at gunpoint. Also, given how close NCR thinks they are to a countermeasure for the technique used it would have been nice of them to let people know a bypass for the dispenser security was in the wild. Our ATM support company was seemingly unaware that was done. Still determining if that was on NCR or them.

https://redd.it/1oe7bqa
@r_systemadmin

I genuinely struggle to find any use case for AI

When ChatGPT first hit the market I was genuinely impressed, but then I played with it for a few hours and quickly learnt that it's pretty dumb. Fast forward to today and I still test various glorified keyword predictors a.k.a AI from time to time and it's mostly the same slop generator as it always was.

Take my job for example, mainly dealing with networks and linux. If you give it a denoscription of a problem and ask for suggestions, it always spills out the same slop which usually goes like "check the obvious thing A, then another obvious thing B, and if it fails consult user manual". Wow thanks, I've already tried all of that, that's why I'm searching for the solution online now. And don't even get me started on it inventing brand new commands that do not exist.

What I noticed though is that a lot of my let's call it less technically gifted colleagues seem to love it. They use it every day and think they're great at their job, leaving the mess for me to often clean up after. If they manage to implement/fix something using AI it often results in super insecure implementations or messed up configs that affect other services they haven't considered. The AI slop gets copied into emails, tickets, teams messages; It's everywhere to the point I can spot it from miles away and usually just chose to completely ignore it.

The only good use case I observed is that some of my foreign colleagues use it to clean up their English grammar when sending emails. Pretty cool I guess, however as someone whose English is not their first language I believe that the only way to learn a language is to make mistakes.

My company is now pushing co-pilot and encourages everyone to use it to improve productivity, is there any good use case for it that I am missing? It genuinely feels to me like it's a tool to enable people who just can't read, write or think on their own.

Edit: Ok, plenty of comments here. The ones were people claim it to be useful talk about using it to digest data, filter through documentation, or use it as a base for quick noscripts. I will try to force myself to use it like that and see where it goes.

https://redd.it/1odxk0c
@r_systemadmin

Fuck Atlassian, and Fuck AI

This is a full on rant spilling out of the absolute trash heap that is now support in all areas, especially with Atlassian. I don't want your fucking chat bot, I want a real human working with me to answer my questions.

Especially when you make it SO INCREDIBLY EASY for users to accidentally create organizations within our tenant and then make me wait 60 fucking days to delete them and ONLY if there are no actual "services" (even if they're free) in an active state. Especially especially if you roll out your stupid "rovo" AI nonsense app to all of said organizations without my opt in consent, then make it actually impossible for me to remove Rovo without opening a support request for some reason. Because there's no way to deactivate it or delete.

And a special fuck you for now forcing me to type in the form to contact support only to reach an AI chat bot, and then have to hunt down the tiny link to click because actually no thank you I need to have a human do something on my account even though I should be able to do it myself and I don't think a chatbot could perform this work, so please give me a human, only to have that link do...nothing. Absolutely nothing. Except blank out the page and make me start over.

So here I am, trying to remove 6 rogue, empty, annoying organizations in my Atlassian tenant with no way to do it and no way to contact support.

Fuck your chat bots, and fuck you.

https://redd.it/1odirup
@r_systemadmin

Finally made the jump to Sysadmin.

After being burnt out at my last job (Desktop Support) I made the jump over to a 6 month contract doing IT support during a transition from GCP, with the possibility of extension or conversion after it ended. Now that the contract is finally coming to an end, and I just got the good news from my boss that they want to not only keep me, but convert me as well. I was initially hired on as support for their transition from one cloud platform to another, but now I’m being converted over to the infrastructure team, and my new noscript will be Jr SysAdmin for a bit while I get my bearings and learn the systems/tools. Then after 6 months or so I’ll get the full Sysadmin noscript (and a pay bump)! So, just wanted to hop on here to say thanks for all the good advice that you guys give in this sub (and r/ITCareerQuestions) and thanks for the encouragement to keep pushing up the career ladder for bigger and better positions. If it could happen for me, someone with no related college degree and no certs, it can happen for you. Cheers! 🍻

https://redd.it/1oecxn7
@r_systemadmin

I barely have any work to do, should I be worried about getting fired?

I honestly only have about three hours of actual work per week. During daily standup meetings, I usually have to come up with things to say, like “I’m doing this or that,” which is technically true , but those tasks are very manual and only take a few minutes to complete.

This is a remote job, so it basically feels like being on paid vacation. For some people, that might sound great, but for me it’s stressful because I constantly feel like I could be fired at any moment.

I’m also not learning anything new, since I don’t have much access within the company. There are just two of us working as sysadmins, and the other guy barely does anything, he actually has another job. Sometimes after the daily standup he messages me asking if there’s anything to do, and my answer is always “no.” Then that’s it for the day.

Nobody seems to care about what we’re doing, or maybe they’ve just forgotten about us. For example, the last time I did any real work was almost two weeks ago. Since then, I’ve just been going to the gym and watching stuff online.

What would you do in my situation? I feel like it’s only a matter of time before I get fired , it doesn’t make sense for a company to keep an employee who’s doing nothing. Has anyone else been through something similar?

https://redd.it/1oeegur
@r_systemadmin

Solo IT guy - What now?

Well, I have been at a place for 2 years now and everything is running like a toyota hilux. No breaches, no spam emails, no phishing, not internet outages. Intune has been implemented; iOS devices are no longer activation locked to personal accounts. No laptops lying around with less than 8 GB of RAM and Windows 10 has been removed from the office environment, we have an offsite failover.

It was what I would call a low complexity environment, where you have your standard ADsync domain server, 1 app server, firewalls, a VPN tunnel between sites and a whole bunch of random web applications.

My question is. What now? There are some things that can be done, but I no longer know what.

https://redd.it/1oefwnm
@r_systemadmin

I’m curious how other admins weigh buying criteria between Dell PowerEdge and HPE ProLiant.

My take:


The main decision factor isn’t CPU, RAM, or bay count.

It’s remote management. I generally prefer iDRAC over iLO for day-to-day work (UX feels quicker, fewer clicks), and I also find Dell boxes arrive fully assembled and are easier to rack, which speeds up deployment.

Questions for the room:

Do you also view OOB management as the #1 differentiator? If not, what is?
Which vendor has treated you better on firmware hygiene and RMA in the last 12–24 months?

https://redd.it/1oed8my
@r_systemadmin

Looking for a Postman alternative that works fully offline

I’ve been relying on Postman for API testing and documentation for a while, but lately the heavy cloud sync and account requirements have been driving me nuts especially when working in restricted or air-gapped environments.

I’m curious what others here are using as an offline or self-hosted alternative to Postman?
Ideally something that:

Runs fully locally (no cloud dependencies)

Can import Postman collections

Supports environment variables and OpenAPI specs

Works cross-platform (Windows/Linux/macOS)


I recently came across a few options like Bruno, Hoppscotch (self-hosted mode), and Apicat curious if anyone here has tried them in a production or secure network environment.

Would love to hear what’s worked best for your workflow.

https://redd.it/1odz605
@r_systemadmin

Alaska Airlines IT staff...

Y'all have my sympathies. Hopefully it's not DNS....

Alaska Airlines issues temporary ground stop for IT outage
https://mynorthwest.com/chokepoints/alaska-airlines-3/4146461

https://redd.it/1oel8bs
@r_systemadmin

What's your go-to PC deployment method in 2025?

Curious what everyone’s go-to method for PC deployment is these days! I used to be a PXE boot guy myself - boot, image, throw at user. Now I’ve joined the Autopilot + Intune club and I must say, It’s great! That is if you survive the initial setup. 😂

https://redd.it/1oendam
@r_systemadmin