Qsn about Secure boot Cert in VM

Hi Sysadmins,

I have read all the articles regarding secure boot certificate expiration in physical devices. can you help me with the situation in case of a virtual machines (Vmware or Azure)

My Exact questions are:

1. Are the cert expiration applicable for virtual machines?
2. what are the to-dos in case of that?

https://redd.it/1oh3bwb
@r_systemadmin

Weird 6gx and doculink emails hitting our domain

We’ve started seeing a lot of quarantined phishing emails coming through. The sender addresses are really strange. Some start with “/6gx…” followed by a long string of random-ish characters (242 characters, with slashes, plus signs, etc). Others start with “doculink…” and a different random string. Different domains each time.

Feels like these are supposed to trigger something on our domain but are getting blocked instead.

My guess is one of two things:

1. We tightened up DMARC/DKIM recently. Maybe it’s just DMARC doing its job and these are failed encodings getting blocked.
2. Or it’s some kind of noscript injection landing in our global quarantine.

Anyone seen anything like this? Thoughts on what’s actually happening or how to deal with it?



https://redd.it/1oh86jr
@r_systemadmin

Microsoft heading to Australian Federal Court for misleading 2.7 million Australians.

Microsoft is heading to Australia's Federal Court, with the ACCC alleging the tech giant mislead 2.7 million Australians when they bundled the company's AI assistant, Copilot, into Office 365 and hiked the cost of subnoscriptions.

https://youtube.com/shorts/qZJCuNIZr0w?si=lU-oVgCXTQ_KwVBR


https://redd.it/1oh8yg9
@r_systemadmin

How are teams automapping container configs to compliance standards like NIST or PCI?

my compliance want runtime evidence that container configs and images should align with frameworks like NIST SP 800 190 or CIS benchmarks. Generating these mappings manually across dozens of microservices is painful and time consuming. I want dashboards that show me where each container stands against specific compliance checks. Anyone know how to auto map containers to frameworks and export audit ready data?



https://redd.it/1ohaj84
@r_systemadmin

OSDCloud - Offline Imaging Help

Hi All,

I'm trying to figure out an issue creating an OSDCloud USB deployment with an offline image. For whatever reason once I've created the USB using the steps below, the USB drive does not use the offline image/drivers. In my troubleshooting I've noticed that the OSDCloudUSB partition is not mounted. I've tried various WinPE drivers, including the Intel Rapid Storage driver, different devices, different external drives, but I cannot get the partition mounted. Which I assume will be needed for WinPE to see the offline images.

Diskpart and all related commands don't pick up the external storage either.


There's a chance I'm just missing a step, but for the life of me I cannot work it out. Or completely misunderstanding the documentation.

Below are the steps I was following last week to get the USB created. Hopefully not missed a step from memory.

1. Creating a new workspace from a template with included WinRE wireless support.
1. `Set-OSDCloudTemplate -Name 'Offline\` -WinRE`
2. I'm then creating my new Workspace
1. `Set-OSDCloudWorkspace -WorkspacePath C:\OSDCloudOffline`
3. Adding all the WinPE drivers to the image
1. `Edit-OSDCloudWinPE -CloudDriver *`
4. I've then gone ahead and added some device specific WinPE USB drivers to try and weed out the issue
1. `Edit-OSDCloudWinPE -DriverPath 'C:\Drivers\'`
5. Added the OS of choice
1. `Update-OSDCloudUSB -OS`
6. Added device specific drivers
1. `Update-OSDCloudUSB -DriverPack Dell`
7. Then finally. Create the USB.
1. `New-OSDCloudUSB`
8. I can see all the files, drivers, OS images on the OSDCloudUSB partition of the USB

I am aware there are other solutions for offline image servicing like FFU, but currently testing all the solutions available to me.


Any help/tips/advice would be greatly appreciated.

Thanks!

https://redd.it/1oha0bb
@r_systemadmin

security team handed us 600 vulns to fix. half werent even reachable from internet

Infosec ran their quarterly scan and dropped 600 vulnerabilities on us. 200 marked critical. Leadership wants remediation timeline by Friday.

Spent two days triaging with DevOps. Most criticals were libraries we import but never actually call. Internal APIs behind VPN flagged as publicly exposed. Staging environments with test data treated same as production.

Best one was a critical vuln in a Lambda that runs once a month. Scanner sees vulnerable package but has no idea if the code even executes or if anyone hits that endpoint.

Asked security how to prioritize. They said fix criticals first. Cool, but which ones are actually exploitable versus sitting in unused code? Scanner can't tell the difference.

Devs are ignoring security findings now because we've cried wolf too many times. Then we miss actual issues buried under the noise.

We spent half our sprint on vulnerabilities that didn't matter. Meanwhile an actual exploit attempt last month took 8 hours to detect because buried under 300 false positives.

Security team is mad we're not moving fast enough. We're mad they can't tell us what actually needs fixing versus theoretical risk.

Has anyone solved this or do security and engineering just hate each other everywhere?

https://redd.it/1ohcjl6
@r_systemadmin

Are we automating enterprise service desks into a corner? The weird paradox nobody's talking about

I've been thinking about something that doesn't quite add up in the IT support world right now.

Everyone's racing to implement AI-driven service desks. The numbers look incredible - ticket deflection rates hitting 53%, resolution times dropping from 30 hours to under 15, costs per ticket potentially falling to near-zero for routine stuff. On paper, this is exactly what we need.

But here's what's bugging me: we're also seeing data that employees are losing 10+ workdays per year to tech issues, and 46% report losing more than three hours weekly to tech problems. If automation is working so well, why are people more frustrated than ever?

I think we've created this weird paradox where we're optimizing for speed and deflection rates, but we're not measuring the actual experience. Like, yeah, your chatbot resolved my ticket in 3 seconds by sending me a knowledge base article I'd already tried. Ticket closed, metrics look great, but my laptop still won't connect to the VPN and now I've wasted 20 minutes in a loop.

The thing that really gets me is how we talk about AI "freeing up agents for complex issues" while simultaneously pushing more users toward self-service. What happens when everyone who actually needs a human can't get through because they're stuck in automated triage? Some research I saw mentioned that only 12% of organizations see actual ROI from self-service investments, which feels about right based on what I'm seeing.

Don't get me wrong. I'm not anti-automation. Password resets and basic provisioning absolutely should be automated. But it feels like we're so focused on the "shift-left" movement that we've forgotten some problems legitimately need the right-shift to skilled humans who can actually solve them.

Has anyone else noticed this? Are your service desks getting simultaneously faster and worse, or is it just the places I'm seeing?

https://redd.it/1ohcpy2
@r_systemadmin

Some questions about self hosted Snipe IT

We've just recently lost the asset section of FreshService due to budget cuts. We still have everything else in FreshService, just missing the asset part.

Honestly, at first, I was going to create my own (terrible) asset system and have it hosted on one of our VMs and use Azure Runbook Invoke requests to get the client devices to create and update html files. Our budget for this is virtually 0.

But I then had a look at some free options and SnipeIT looks great. It does seem to have "too many" features though. Only thing we really need is these fields:

Device Name
Model
Serial Number
Location
Assigned User
Last Logged in user
Status

It would be ideal (Although not necessary) if each asset had it's own page which I believe SnipeIT does.

We also need some way to link the assets back to the tickets in FreshService. Even if it's just a bunch of hyperlinks in one of the tabs on the asset page.

Also, probably a very stupid question, but how easy is the API to use? And, because it's self hosted, api calls are unlimited, right? Most of the time, we'll be getting the devices themselves to add and update the data on Snipe, most likely through PowerShell API calls.

https://redd.it/1ohbyjo
@r_systemadmin

MS365 admin panel down? Also the status page.

Hi, anyone else not able to get to the MS365 admin panel?

Also tried to go to: https://status.cloud.microsoft and check the status from there and it fails too.

I'm in the Northeast of the US.

Edit 10:05 EST: Downdetector is showing a lot of outage reports this morning, for what it's worth.

https://downdetector.com/status/microsoft-365/

Edit2 10:54 EST: Did some digging and it looks like MS is transitioning from admin.microsoft.com to admin.cloud.microsoft.com (new domain scheme for all the online infrastructure).

Anyone having any issues connecting should clear their cache (signing out of the portal) and then try connecting/logging in again. I'm in now. I bet a lot of the Downdetector reports are encountering the same thing. Gotta love MS rolling changes...

https://redd.it/1ohd8vm
@r_systemadmin

Basic Understanding of SQL Servers?

Fellow sysadmins, how much do you know about SQL? In my role I don't directly work with SQL servers often, but they always seem to come up and occasionally i will have to make changes in a sql db (minor stuff).

What is the best way to get a basic understanding or become the "SQL guy" in a group of folks who don't usually deal with SQL.

TIA

https://redd.it/1ohht45
@r_systemadmin

Another on call rant.

Ive been doing IT at major corporation for about 4 years. Aside from the constant brow beating, meetings that could be emails and shitty infastructure, i find the on call the worst part of my job. About 4 weeks a year, your on call for 7 straight days. Someone locked out of windows at 4 am? Get put of bed, solve it and you better be on time in the morning. Someone cant print? Fix it. 2 am . If you dont anwser thr phone within 15 minutes, your fired. By day 7, you are exhausted, overwhelmed and stressed out. You cant go anywhere, or do anytging after work or in your " free time' . We were doing this with no extra pay until someone went to HR and now we make about 100 bucks extra for the week. I realize this is normal for IT, but my issue is im the lowest paid team, pc operations tech, and i asked for a raise. I was told im capped out at about 70k a year, 40k after taxes. Im starting to feel underpaid for the workload. Is this a normal salary? Should i move companies? Im feeling very trapped in my job and i think the stress is killing me.

https://redd.it/1ohim8x
@r_systemadmin

It's time to rally around the AWS folks...

To the AWS folks,

It's another Monday, we're seeing AWS-dependent services go non-responsive or significant delays, and we're not the only ones: https://downdetector.com/status/aws-amazon-web-services/

I doubt you're watching Reddit at a time like this but know that we're all here for you if you need us.

https://redd.it/1ohkk0v
@r_systemadmin

AWS Outage? - Again?

We're starting to lose access to various cloud hosted things. Down detector is showing AWS Spiking again.


Anyone else seeing it?

https://redd.it/1ohk8p2
@r_systemadmin

Call from CISA?

Hello everyone. I just received a call from a CISA Cybersecurity Advisor, saying that one my user's account was compromised for January until July this year, with a list of recommendations. He also sent me an email with the recommendations. The email sender seems to be a legit from mail.cisa.dhs.gov . I am veery suspicious of this call, but at the same time it looks legit. Has any of you received a similar call in the past? How can I verify if this person is legit?


UPDATE: I reached out to CISA and they confirm the email is legit. I called the cybersecurity advisor and he was very helpful! I am surprised how fast CISA responded to my email and that they contact companies and try to help.

https://redd.it/1ohkurc
@r_systemadmin

User expectations

Hello all. Maybe a silly question, but how do you all handle user expectations?

For example, we rolled out a pre approved signature this morning, and the amount of complaining is wild.

I knew there were going to be users who didn’t like it, but I find that sometimes it’s hard to not take their criticism personally.

How do you all handle it?

https://redd.it/1ohpc3j
@r_systemadmin

Someone ran an augur through the fiber to one of our offices and slurped up about 1800 feet of it like spaghetti at about 3pm today.

How was your Monday?

https://redd.it/1ohvtbp
@r_systemadmin

m365.cloud.microsoft reported as unsafe website in Microsoft Edge

https://i.imgur.com/tOlKgtH.png

Great, especially when setup as a new tab page for users...

https://redd.it/1ohz2au
@r_systemadmin

For mid-sized enterprises, whats been the most effective layer of defense lately?

If you have upgraded your stack recently, what made you biggest impact?

https://redd.it/1oi2xb5
@r_systemadmin

.NET Framework being removed by Windows 11

Hi, I am upgrading the last of my Windows 10 devices to W11 and users are getting .NET framework 2.5/3.5 missing.

I reinstalled it for the low number of users, however today the same error is back there today - W11 appears to be removing this overnight.

Is this a thing, and is there an easy fix, besides not using the software that requires the old .NET?!

https://redd.it/1oi56mp
@r_systemadmin

Best practices for letting contractors access internal SaaS securely from personal laptops?

We got few short term contractors who need to access Jira, confluence and slack. They refuse to install company agents or use VDI. Any secure access methods that dont require full device management?

https://redd.it/1oi2f5a
@r_systemadmin

Trusted Tech team reviews for an overthinker?

Wh⁤at are yalls thoughts on Tr⁤ustedT⁤ech? Does anyone currently work with them or have in the past? Are the discounts real? Is it worth it?
Are they the real deal??

Renewal seasons coming up and we're trying to review our spend across the board...

https://redd.it/1oi9zeg
@r_systemadmin