For mid-sized enterprises, whats been the most effective layer of defense lately?

If you have upgraded your stack recently, what made you biggest impact?

https://redd.it/1oi2xb5
@r_systemadmin

.NET Framework being removed by Windows 11

Hi, I am upgrading the last of my Windows 10 devices to W11 and users are getting .NET framework 2.5/3.5 missing.

I reinstalled it for the low number of users, however today the same error is back there today - W11 appears to be removing this overnight.

Is this a thing, and is there an easy fix, besides not using the software that requires the old .NET?!

https://redd.it/1oi56mp
@r_systemadmin

Best practices for letting contractors access internal SaaS securely from personal laptops?

We got few short term contractors who need to access Jira, confluence and slack. They refuse to install company agents or use VDI. Any secure access methods that dont require full device management?

https://redd.it/1oi2f5a
@r_systemadmin

Trusted Tech team reviews for an overthinker?

Wh⁤at are yalls thoughts on Tr⁤ustedT⁤ech? Does anyone currently work with them or have in the past? Are the discounts real? Is it worth it?
Are they the real deal??

Renewal seasons coming up and we're trying to review our spend across the board...

https://redd.it/1oi9zeg
@r_systemadmin

Upgrading users from Windows 11 Home to Pro

Hi all!

I was hired into a company with no existing IT infrastructure, and I'm working on getting one implemented, starting with endpoint management via M365 Business Premium and Intune.

Unfortunately, many of the machines folks are using here have Windows 11 Home on them from the OEM, and I need to get them upgraded to Pro in order to be able to switch them to being logged in via Azure AD and manage them.

I know I can upgrade the machines individually for $99 through the Microsoft store, but this gives me bad vibes since it's a digital license seemingly assigned to a random-ish Microsoft account. Ideally I'd purchase a key to upgrade each one, but I can't find a reliable place to do that and was hoping someone could speak to this experience.

What's the best way to go about doing this? I have around 20 or so machines I need to upgrade at our 40 person firm. I just want to do things the "right" way and ensure that the upgrades aren't tied to Microsoft accounts that will eventually be deleted or unused.

Sorry if I'm overthinking this. Thank you for your help!

https://redd.it/1oi9v28
@r_systemadmin

aaannnnd the Amazon layoffs are now incoming

Buddy of mine works at Twitch and is in a pretty senior, non engineering role. I was surprised to see it hit there. Would have thought it would be leaned heavily towards engineering types but after telling him for at least 2 years that he should be looking into other roles it finally hit him. Remote Worker, he worked in a financial role.

Starting to hear the rumblings.

https://redd.it/1oid2ky
@r_systemadmin

Any reason to not block m365copilotupdates@microsoft.com entirely from my domain.

They spam emailed every email we have today with bullshit about chatgpt5. Our zendesk folks were hitting the spam button. 1600 fucking emails man.

https://redd.it/1oic2xh
@r_systemadmin

Cjwdev upgraded NTFS Permissions reporter WHAT?!

So I opened up NTFS Permissions Reporter just now to create a report and got a notification of an upgrade. This is the first notification I have ever received for this app since purchasing in 2022...

https://www.cjwdev.com/Software/NtfsReports/Info.html

So the paranoid in me wonders if he got hacked and the bad guys (who are always lurking) did something to his software...

EDIT1:I just noticed the Build date on my current version 2.1.4.0 is 09NOV15

EDIT2: Blog also not updated for NTFS but did get an AD Info entry in June 2025

https://redd.it/1oifbe4
@r_systemadmin

Defender stating that Teams needs to update (Classic Client already removed)

We already removed all the versions of Classic Teams as far as I'm aware. However, Defender is static that about a third of our devices need to update Teams.

Normally, how I check it is that I go to the actual device page, go to Inventories, and find the Software and it's normally red under "Threats". However, none are red. Instead, all the ones that need "Updating" have multiple copies listed under "Inventories".

https://ibb.co/KxvwKGZ2

https://ibb.co/BVnzJRts

https://ibb.co/CdbBJ8J

As can be seen by "Evidence", there are two versions and the names differ slightly. Not all exposed devices have only two versions. Some have more. Some have only "msteams" as the folders with different numbers, others have only "microsoftteams" as the folders with different numbers. I've checked on the actual devices and the folders themselves do actually exist.

Any idea what the correct remediation would be? I can't even seem to delete it with admin rights as only the System user can delete it.

https://redd.it/1oih42u
@r_systemadmin

YouTube is taking down videos on performing nonstandard Windows 11 installs

Videos from several creators have been taken down on topics including how to install Windows 11 without logging into a Microsoft account and how to install Windows 11 on unsupported hardware.

CyberCPU Tech reports:

https://youtu.be/l6p6g0-JUNA
https://youtu.be/jgU6Web4PPM

https://redd.it/1oimktp
@r_systemadmin

PSA: ChatGPT now has a $25/user/mo Business Plan with SSO, without the 150-seat minimum requirement with Enterprise

One of my users brought this to our attention today. A big hurdle in the past for us was the unavailability of SSO unless you go with the Enterprise plan, which had a 150-seat minimum requirement.

I learned that they renamed the "Team" plan to "Business" and added SSO. This must have happened at some point in the last 2 months because I looked at this back in August and Team did not allow SSO then.

The Business Plan follows their Enterprise Privacy controls, as well: Enterprise privacy at OpenAI | OpenAI

Edit: Yes, thanks for the downvotes. ChatGPT = bad. I get it. This is a step in the right direction and is enough to make the risk worth it for many organizations.

https://redd.it/1oij4yq
@r_systemadmin

My review is tomorrow

One man IT Army. 100+ employees. 2 locations. On-prem environment.

They had a consultant for 10 years before me and never had a full time IT man in house. No documentation, no diagram, no asset list. This dude was so hostile to me when I got hired. never gave me access let alone responded to me. I had to figure out everything on my own. He also caused us to go through 2 ransomwares events due to his poor attention to upcoming renewal cyber security renewals.

I’m the helpdesk,SQL, cyber security, installs, upgrades, backups, documentation. Basically 24/7 and I’ve had to work Saturday’s Sundays and fridays late. 5 days in office no remote.

For all the one men IT Armies out there, you know how the the pressure is. It’s always on

I’m getting paid 80k which is I think is good but I’d like a decent increase cause I’ve had a really good year. How much is reasonable for me to ask for? I’m thinking the range of 86-88k and to go Friday remote. And also have them cover my phone bill because it basically is a work phone at this point because people don’t submit tickets at all.

Only 10 vacation days per year. I accrue 6.67 hours of PTO per month.

I keep the lights on 24/7

Thoughts?

What do I say if if the raise they offer is really disappointing? Display that I don’t agree or just stay quiet and look for another job?

https://redd.it/1oiox1b
@r_systemadmin

Onboarding new employees

Hi all,

Was wondering how does everyone onboard their new employees? Our current proces is to hand over login details to employees the day they start working and recieve the laptop and mobile device. MFA is forced to be configured from a trustee location.

HR wants to automate this proces and make it easier for new employees. They want is to send login details to their personal e-mail adres.

Was wondering if this is normal for anyone else? And if so, how do you deal with MFA setup?

https://redd.it/1oiknlr
@r_systemadmin

How big is the knowledge/skill gap between Help Desk and SysAdmin?

Curious if anybody has any insight on this topic? It seems like going from help desk to sysadmin is the traditional next step.

But it seems like the gap in duties is pretty large at least to me.

On help desk it's mainly trivial tasks that you handle such as PW resets, mapping drives, M365 management, printers, etc.

As a system admin it seems like you'll be managing entire ecosystems of technology. Which does sound daunting to be honest.



https://redd.it/1oifutl
@r_systemadmin

took months to approve a $2k tool, could have bought it myself

Government procurement is insane and i need to vent.

We needed knowledge management. current setup is shared drive with 1000 word docs nobody can find. takes techs 20 minutes to find answers to basic questions.

found a tool. costs $2000 yearly. not huge.

took 6 months for approval. Procurement needed three competitive bids even though this specific tool was only one meeting security requirements. security needed sign off. finance needed budget approval. IT steering needed presentation. 47 page vendor risk assessment.

by approval time pricing changed and we had to restart part of process.

meanwhile wasted probably 200 hours of staff time over 6 months because people couldn't find information. at our hourly cost that's $15k in lost productivity. to avoid spending $2k.

Got approved last week. now wait another month for procurement to process purchase order and get vendor set up.

i could have bought this with my credit card 7 months ago but that's a policy violation.

anyone else dealing with procurement hell or just government?

https://redd.it/1oiuemg
@r_systemadmin

Infosec slam

As a sysadmin, its scary seeing the number of security analysts we hire, that implement tools, that tell us we have a 3 day old missing patch thats scheduled to be installed the Friday of patch Tuesday.

Other than qualifying for insurance policy, I am really struggling to understand why they exist?

Any critical issue they touch nothing and wait for the vendor. They actually cause atleast 50% of our monitoring alerts with unnecessary password rotations, clunky scanning tools they dont understand, and put in requests for honey pot accounts they want to give a STOOPID name like James T Kirk.


And there's now more toddler than sys admins at my company..


Sorry more security analysts than sys admins***


Meanwhile im turning allowing any domain authenticated user to logon locally to prod domain controllers, applying patches to 100s of servers on a subnet they dont even do vulnerability scans on, and requiring MFA for any license user who can connect to Azure.

But cool rotate the enterprise admin password, good idea.

https://redd.it/1oixgow
@r_systemadmin

finally slowly starting to rollout Win11 2025/11/01

We are a smaller textil producer, crippled by debt in every way there is out there. ethics, monetary, knowledge, machines, a will to live.

now 2 weeks after win10 is def. not getting updates anymore(in a corporate setting that is), i am allowed to slowly get win11 in the pipeline. sure we had a few, mostly new bought notebooks over the last 2 years with it already, and a few i had to replace with fresh upcycled pc´s, but still mostly win10.

now i have 2months to get a number on how many need replacement, can be upgraded, and to be upgraded/replaced until i leave this mess of a "workplace". while being L1-3, erp-support, hard/software-support, emotional anchor for the staff to went their frustration and the will to find a new place to work.

at least i am covered in that regard, since i have my next work, in a small team, hopefully with a budget for anything bigger than 2 mice a year. if i could use more than 1 flair, i probably would use all of them.

ah by seeing covid19 in the list, i cleaned out the printer and office supplyroom no one manages anymore yesterday, and found boxes over boxes of masks and unused tests, worth thousands back then...

https://redd.it/1oiyvpt
@r_systemadmin

I wish I could say to some sysadmins that they should look for a new job

I really wish it was ok for me to say to a sysadmin that it's time for them to start looking for a new job and as long as they start looking and keep doing work I will help them, but they need to leave.

But I can't say that.

So instead there is always that one sysadmin where I have to have a painful series of conversations where we set goals knowing that they're not going to be able to do it, and then have to be super fake nice to them while watching them struggle and then go through a series of absurd HR processes that drag the whole thing out and is unpleasant for them where they're overly stressed out that I'm on their ass and I just want them to leave but have to continue with all this.

It's so frustrating for everyone.

https://redd.it/1oit15b
@r_systemadmin

AWS to Bare Metal Two Years Later: Answering Your Toughest Questions About Leaving AWS

Two years after our AWS-to-bare-metal migration, we revisit the numbers, share what changed, and address the biggest questions from Hacker News and Reddit.

https://oneuptime.com/blog/post/2025-10-29-aws-to-bare-metal-two-years-later/view

P.S: I work for oneuptime, please feel to ask any questions you feel like asking.

https://redd.it/1oj1rdz
@r_systemadmin

KeepassXC SSH Agent not working properly on MacOS

I set up the Agent integration as described in the docs and `ssh-add -l` also lists the keys as being loaded:

4096 SHA256:...(RSA)
256 SHA256:...(ED25519)

but when I try to connect to a host I get the following error:

debug1: Offering public key: /Users/myuser/.ssh/id_ed25519 ED25519 SHA256:... agent
debug1: Server accepts key: /Users/myuser/.ssh/id_ed25519 ED25519 SHA256:... agent
sign_and_send_pubkey: signing failed for ED25519 "/Users/myuser/.ssh/id_ed25519" from agent: agent refused operation

Unfortunately I didn't find a way to increase the log-level so that the ssh-agent shows me the reason for the refusal. I also checked the permissions on my files. And they should be alright.

drwx------  .
.rw-r--r--@ ├──  .DS_Store
.rw------- ├── 󰌆 id_ed25519
.rw-r--r--@ ├── 󰷖 id_ed25519.pub
.rw------- ├── 󰌆 id_rsa
.rw-r--r--@ ├── 󰷖 id_rsa.pub

[https://www.reddit.com/r/KeePass/comments/1oj5txn/keepassxc\_ssh\_agent\_not\_working\_properly\_on\_macos/](https://www.reddit.com/r/KeePass/comments/1oj5txn/keepassxc_ssh_agent_not_working_properly_on_macos/)

https://redd.it/1oj616w
@r_systemadmin

Azure portal down?

Getting portal offline - there is no internet connection. UK South.

https://redd.it/1oj86h5
@r_systemadmin