Teams is apparently going to soon start offering location tracking, not just in buildings but also to identify people working outside of the office

https://www.windowscentral.com/microsoft/microsoft-teams/microsoft-teams-is-about-to-become-your-boss-lapdog

Sitting here wondering just what kind of fallout this is going to engender, particularly with the subset of remote users who pretend to be working from one location but are actually nowhere even close to where they should be. The tracking will apparently be automatic whenever Teams is running, not just when on a call.

https://redd.it/1oewcr8
@r_systemadmin

PSA: Update your WSUS servers ASAP CVSS 9.8 RCE with OOB Updates for Server 2012 and above

MSRC Link: CVE-2025-59287 - Security Update Guide - Microsoft - Windows Server Update Service (WSUS) Remote Code Execution Vulnerability

"A remote, unauthenticated attacker could send a crafted event that triggers unsafe object deserialization in a legacy serialization mechanism, resulting in remote code execution."

ETA: care of u/rich2778, note that this update will apply to _all_ servers since WSUS is an OS feature. Probably don't need to rush it out the door on non-WSUS servers.

https://redd.it/1oewrm6
@r_systemadmin

Most overlooked IT ticketing system for smaller teams?

We've been testing a few IT ticketing systems for a while now and keep running into the same issue: everything feels built for massive enterprises (too many upcharges and side fees)

We did demos with Freshdesk and Jira Service Management, but they both feel too heavy for our team of around 260 people.

At that scale, the pricing and setup overhead don't make a lot of sense anymore.

Curious what smaller or more "under-the-radar" ITSM tools people here have actually used and liked. Looking for something clean, efficient, and not overcomplicated.

https://redd.it/1oey65f
@r_systemadmin

File Explorer automatically disables the preview feature for files downloaded from the internet

Will this was a buzz kill all of a sudden users could not preview PDF's from the scanner....

https://www.bleepingcomputer.com/news/microsoft/microsoft-disables-preview-pane-for-downloads-to-block-ntlm-theft-attacks/

https://redd.it/1oezz2b
@r_systemadmin

What do you hate about your job?

I’ll go first. I’m been in tech for over 8yrs. I’m basically a one man shop so I do everything. I can buy whatever I want, and basically almost do whatever I want. I get paid relatively okay.

The problem : the end users.

Being the one man shop means I also gotta do all the terrible stuff like change toners, explain to basic people that if they have 20years of emails on their computer their email is gonna be slow. That they need to try a reboot.

It’s so baddddd. I keep studying at work so I can stop dealing with end users .

Rant over

https://redd.it/1of15vb
@r_systemadmin

Employee forgot MacBook password

Hoping you can point me in the right direction as I am not an Apple person.

Company is completely remote. All computers are on intune with laps. Users are setup as standard.

Got a call saying new employee already forgot their login password to their computer.

Anyway to reset it remotely with local admin login? Wipe and do over as they are new?

I would love to be able to just reset or change the password but as it is Friday and already pissed off, wipe is an option.

https://redd.it/1of0rg6
@r_systemadmin

In honor of this week's AWS outage: The weirdest "It was DNS!" I've yet encountered!

This was a couple of months ago, and it took us nearly 4 days to figure it out - but once we did, we had a fix in place within half an hour.

It started with users reporting cryptic error messages when trying to connect to our ERP system using Chrome: "ERR_QUIC_PROTOCOL_ERROR". Then other users started reporting the same error when trying to connect to our ticketing system. Some quick googling led us to the flag to disable QUIC protocol, but this just gave the users a different error: "ERR_ECH_FALLBACK_CERTIFICATE_INVALID". Users who had already connected weren't affected and could use either system just fine. Then just as suddenly as the errors appeared, they went away, and everyone could use the systems again.

Obviously, knowing "It's always DNS!", one of the first things we checked was DNS logs. The error code seemed to indicate a mismatched certificate, so an early theory was that somehow an incorrect A record was making it into our DNS cache - but DNS was consistently answering with the correct record, and even packet traces confirmed Chrome was connecting to the correct server. As the issue was always exclusive to Chromium-based browsers (1 person was for some reason using Edge, but everyone else was on Chrome), we began to suspect some secret Google experiment was affecting us. Firefox was never affected, but unfortunately our ERP vendor insisted only Chrome could be used for that system.

Then as I was trying to explain to the CITO that it wasn't DNS, I noticed something else in the DNS logs: Queries of type=65 for these host names. I looked up that record - HTTPS, a specialization of the relatively new SVCB records - and discovered that it can be used to provide public keys for, you guessed it, ECH.

Turns out our web filter - a cloud-based DNS service - had some glitch in their system that was occasionally answering DNS requests for HTTPS records, which it normally should be denying. And every impacted system was a split-DNS scenario: On our internal network, users connected directly to the server, but outside users would connect through a Cloudflare Tunnel. And Cloudflare sets up HTTPS records for you for all your Tunnels! So occasionally this HTTPS record would make it into our internal DNS caches, which would prevent anyone from connecting successfully due to ECH failing, until the record's TTL expired.

Once we realized this, we set up "no record" records for these hosts for HTTPS on our internal DNS servers, and just like magic the issue was solved.

TL;DR: It's not DNS. There's no way it's DNS. It was DNS.

https://redd.it/1of66eq
@r_systemadmin

Microsoft Store download fail 0x80244007 on every application (Possibly fix)

I just came here to share this piece of information that saved my weekend at least.

I recently reinstalled my main computer with Win 11 Pro, which is connected to my Azure AD. It has a Business Premium license, so nothing fancy — i.e. no rules, CAs, or anything set that might cause issues described below. I use my account with Hello, and I have been using this machine daily since the reinstallation.

Today I needed an app from Microsoft Store, and it kept loading only 390 Kb and failed — every app that I tried. Same thing. The error was:

Problem signature:
P1: Acquisition;Microsoft.WindowsStore_8wekyb3d8bbwe-Microsoft.WindowsStore_8wekyb3d8bbwe-StartProductInstallWithOptionsForUserAsync
P2: 80244007
P3: 26100
P4: 6899
P5: Windows.Desktop

Sadly, it didn't explain anything, as it pointed in the Windows Update direction — which was working perfectly well. But I went the rocky road with wsreset, Store reinstall, Store “find the problem” assist, Windows updates, cleaning update caches, and all those tiny things that the internet can suggest you should do in these cases. Even though I knew that none of those would work.

I even tried my other machine (same Entra connection, same account, same Windows, etc.), and it worked perfectly well. So the issue had to be in my machine. I tried logging in with another account, and the funny thing is that this didn’t solve the issue either...

But read on...

Then I had to log back in again with my normal account, and for some reason it threw out my Hello sign-in just for that time and requested a password. I signed in with my password and tadaa — Store started to work!

So, I double-dared myself and signed back in with the second account — again with Hello. Store didn’t work. Signed out, signed back in with that same account but this time I used the password. And Store started to work as it should.

I went back to my standard account — with Hello sign-in this time. Store was still working.

Conclusion: I have absolutely no idea what is the connection between Store (which was not signed in!) download and Hello account... So no conclusions.

But I hope that this will someday save someones day as it did today for myself.

https://redd.it/1ofa76l
@r_systemadmin

What would happen if 4.2.2.2 and 8.8.8.8 went down?

I have worked with hundreds of smaller customers using Google DNS for their devices and even mid size companies with them on servers, routers, firewalls, literally every kind of device.

https://redd.it/1ofcbxi
@r_systemadmin

Variety is the spice of life!

So this morning I migrated us from Jira to Desk365 for our ticketing solution. I hated how convoluted Jira is to configure. It took me a few days to get it where I almost wanted it. I had Desk365 completely done in two hours.

For the afternoon I got to fix a dishwasher as one of our buildings has a commercial kitchen and there’s this fancy Miele dishwasher that wasn’t happy and wanted some salt. Turns out you have to add the salt a certain way and fill it so far (like 3 lbs of salt!). Then you need to let the dishwasher sit there and think about life for a few minutes and then it’s happy and ready to go!

But you know, it definitely was a different mental box to find myself in and it’s just another day of enjoying the variety of things I find myself working on.

https://redd.it/1ofeqet
@r_systemadmin

How do you manage/record change in your IT systems?

We have a very small IT team in a small business.

But because of the industry we are in and its regulatory requirements we have a very complicated setup for the size of our team (3).

With lots of VM’s, data, network segments multiple firewalls and domains etc etc.

We manage OK and stay on top of things generally.

However we just chuck a lot of our changes into teams channels rather than anything more concrete. Things get lost if you want to refer back to them, Teams search is not great. I’m talking things like expanding C: drives, allocating more RAM to a VM, configs changes and issues basically.

We pay for a ticketing system but it isn’t currently used (it was bundled with other tools we do use).

Are tickets right for this kind of thing? Excel sheets? Hell, I’d try pen and paper at this point.

Basically things are getting lost as we spend a bit of time on something then come back to it 6 months later and cant figure out why something was done a certain way or how we fixed x or y last time.

We need a better way to record things. Something quick and simple but I’m not sure what. Any recommendations?

We don’t have a tonne of time to invest in learning a solution for it to not work out. So I want to pick well first time around.


https://redd.it/1ofnxck
@r_systemadmin

Discussion: Evaluating MDR (Proficio, Arctic Wolf, Rapid7) - What's the actual day-to-day difference?

Hey everyone,
My team is deep in the evaluation process for a new MDR / SOC-as-a-Service partner, and honestly, all the marketing jargon is starting to blend together.
We've narrowed our shortlist down to what seem to be three strong contenders: Proficio, Arctic Wolf, and Rapid7.

On paper (and in the demos), they all promise the world: 24/7 monitoring, AI-powered detection, expert analysts, and rapid response. What I'm trying to cut through is the reality of working with them day-to-day.

For anyone who has experience with these providers, I'd love to get your real-world feedback:

Alert Fatigue: Are you still drowning in false positives? Or do they actually do a good job of tuning and only escalating real, actionable threats?

Integration: How painful was the onboarding and integration with your existing stack (e.g., EDRs like CrowdStrike/SentinelOne, cloud environments, O365, etc.)? Any "gotchas"?

Transparency: Is it a total "black box" where you just get a report, or do you have good visibility into their platform and what their analysts are doing?

Response: When a real incident happens, are they just sending you an alert at 3 AM and it's your problem, or is it a true "hands-on-keyboard" response where they are actively containing the threat?

I'm looking for any "I wish I'd known..." advice before we sign a contract.
Thanks in advance!

https://redd.it/1ofri4y
@r_systemadmin

Sanity Check here please 🤬

Hey all. So im coming up on 15 years in IT, majority of it revolves around 365, Identity, Exchange migrations and so on

Recently started a new job, won't disclose. But Goverment agency, highly confidential medical records/reports. I am in the job a good bit now but am on the fringe of most stuff. I have highlighted the following things to senior people and no one has acknowledged any of it. I'm losing my mind 🤣.

Issue 1- MisConfigured Hybrid Exchange Server 2016(eol and patched quaterlyl) open on 443 and 25 to all external IPs publishing all Virtual Directories including /OWA and /ECP to the Internet with Basic Auth, and logging in to Mailboxes and Exch Admin. No reverse proxy etc.

Issue 2- Misconfigured/Outdated, one or the other, VPN Client storing all Domain Passwords in Users AppData Folder logs in plain text upon every vpn connection attempt.

Issue 3 - Both issues above have been highlighted, emails with clear issues and screenshot to senior people and no one has done anything.

I need a sanity check here as now im feeling that because im getting no response to the above that maybe they aren't such a big issue 🤣.

Please help me

https://redd.it/1ofpbd4
@r_systemadmin

Calendar invite phishing - bypassing Avanan and M365's native email Defender filters

This is getting concerning: I’m now seeing several instances of this in the last few weeks, and it looks like Avanan can’t do much about it:

Here’s what’s happening: a user receives a calendar invite containing a phishing link disguised as “ACTION REQUIRED: Microsoft Domain Expiry – Email Service Affected,” and inside the invite there’s a fake link labeled “Attached Admin Portal: Microsoft_365_Admin_Portal.”

When I check Avanan, the original email is already quarantined. However, it appears that phishing attacks delivered through Outlook calendar invites can still slip through due to how Outlook handles meeting invitations. Outlook automatically add calendar invites even if the invitation email is flagged as junk or isn’t a typical email message. One other possibility is that outlook or Siri on the iPhone is detecting a calendar invite and automatically adding it to the calendar on the iPhone itself.

Maybe I haven't had my coffee yet, but I am a bit puzzled as what to do here. I know users actually like seeing calendar invites already in their calendar, because they are lazy to hit accept, most of the time, even if this is the feature that I can turn off and force them to either accept or deny a meeting invite. Anybody has thoughts on how to approach this better?

https://redd.it/1ofw457
@r_systemadmin

Looking for an IT management tool that brings everything together (asset management, MDM, SSO)

We’re using a mix of different tools for device management, SSO, and asset tracking, and it’s getting messy as we grow. Our IT manager wants to centralize everything because we’ve started running into issues like assets not being reclaimed after offboarding and users keeping access to apps longer than they should.

We’ve got around 478 employees across three regions, and roughly 500-600 laptops plus phones and peripherals to track. The IT team is 5 people, so we’re trying to avoid something that needs tons of custom setup or noscripting.

We’d like a solution that combines MDM, asset management, and SSO under one platform, or at least integrates cleanly with what we already use. Currently looking at Allwhere, Workwize, NinjaOne and Kandji but I’m curious what others are using for this kind of setup and whether it’s actually reduced your manual workload.



https://redd.it/1ofq10w
@r_systemadmin

Just a reminder: Redis is not a database

Redis is a caching service. Not a database. Stop using it like a database.

Once again a team using this as a database has bit me. It annoys me every time.

https://redd.it/1ofzaq7
@r_systemadmin

How to get tough with vendors without being an asshole?

I do not confrontation, and I try to be as nice as possible with everyone. Lately there have been 2 incidents where that is kind of biting me and some users are getting annoyed at their issue.


One is I had asked our Verizon rep a month ago about seeing if 4 lines we use for ipads can be set on their backend to use a certain DNS as the team that uses those ipads have a app that will not work with native Verizon 5G settings, and the ipad you cannot manually set a DNS. The rep told me they would check with their engineers and get back with me. I let it go 2 weeks and did not hear anything. I sent a follow up email touching base. Did not get a response to that, but instead got a sales email from the rep the next day asking about upgrading hotspots.

I waited another week and sent another followup email and no response to that. At this point the ipad team is getting annoyed that they cannot use their app. They told me to email every single day until I get a response. To me that is excessive and rude. But I did send one more follow up email, and I did finally get a response the next day saying that they were going to have a meeting with the engineer the next morning and will have info for me then.

It has now been 3 days since that email and I heard nothing.


Other one was we got a new piece of software last year for 2 users to replace a 20 year old piece of software they had been using. From day one this new software has not worked correctly. Every time the vendor fixes a bug they make a new one that directly impacts how these users use the software. 3 weeks ago the vendor sent a fix that fixed a big issue, but it then created another big issue. Our users were pissed and sent a email directly to the vendor account manager saying how garbage their software was and that it actively makes their job harder. They also twisted my words a bit and said in the email that they do not contact me for days when I submit a ticket, but what I told the user was that it would take days for the vendor to fix the issue.

So I felt bad for their support team who have been very nice, but I also kind of get it from the user perspective and if you are trying to do your job and crap keeps bugging out on software you are paying thousands for, that's not good.

I was told I need to put my foot down more with these vendors but not sure how to do that without coming across as an asshole.

https://redd.it/1og0grn
@r_systemadmin

Compliance wants CIS-hardened containers but Alpine/Distroless don't have the packages we need. What's your strategy for minimal + customizable images?

Compliance is breathing down my neck for CIS-hardened containers but our Alpine/distroless approach breaks when devs need specific packages. We're stuck between bloated "compliant" images that balloon our CVE count and minimal images that can't pass audit requirements.

Anyone found a middle ground? Looking at options that let us start minimal but add necessary packages without losing hardening posture. Daily rebuilds help with patch currency but doesn't solve the base compatibility issue.

What's worked for your org when auditors want both minimal attack surface AND specific compliance benchmarks?



https://redd.it/1og0w1j
@r_systemadmin

YubiKey/U2F/Fido: where do I start ?

Hello there!

I have a few leftover Yubikeys from my previous employer. I would like to learn how to use them both for my personal use as well as for use with some work stuff (eg: logging into the AWS console).

My end goal is to push the adoption of this kind of security keys (might be yubikey, might be some other vendor) at work. Ideally, I think at the very least high-profile/high-privileges people should be provided with such tool and be ~~asked~~ required to use it.

I'm getting lost between yubikey-specific docs, U2F, FIDO standards, WebAuthn and all these things.

Can somebody please enlighten me on this topics?

Ideally, I'd like to have a series of documents to read one after another in order to:

1. Understand what's going on
2. Understand, when hardware tokens are involved, what are the actors at play and how they interact
3. Learn the relevant standards so that I can then integrate it in our security systems (eg: our SSO solution).

I know this is a big ask, thank you to whomever will help me out!

https://redd.it/1og1jl0
@r_systemadmin

Networking VM options

Not sure if this is a better r/networking or r/vmware question but I'm going to be recabling a pair of VM hosts. They have 2x 1g ports and 2x 10g ports. Switches have a couple but limited 10G ports.

They are currently hooked up with all 4 ports just providing redundancy to the same switch. Any wisdom or possible danger in hooking the pair of machines up to each other with 1/2 the ports? So one 10G link to each other, with a 1G as a standby and the other 10G links to the rack switch with the 1G links as standby there.

Current networking is simple, one Vswitch and everything is tied into that. Anything I should lookup or read before I try something like that?


https://redd.it/1og32x7
@r_systemadmin

As a system administrator, do you ever feel like your brain never stops thinking?

I’ve been working as a system administrator for some time, and lately I’ve noticed something — my brain never seems to take a break. Even when I’m off work, it keeps thinking about servers, networks, backups, updates, or possible problems that might happen.

It’s like my mind is always running in the background, just like the systems we maintain. Sometimes it feels good because I’m always alert and ready to fix things. But other times, it’s really tiring because I can’t fully relax or stop thinking about work.

I’m just curious — how many of you feel the same way? Do your thoughts keep running all the time, even when you’re trying to rest or sleep? How do you deal with it and give your brain some real peace?

https://redd.it/1og7rj1
@r_systemadmin