Infosec slam

As a sysadmin, its scary seeing the number of security analysts we hire, that implement tools, that tell us we have a 3 day old missing patch thats scheduled to be installed the Friday of patch Tuesday.

Other than qualifying for insurance policy, I am really struggling to understand why they exist?

Any critical issue they touch nothing and wait for the vendor. They actually cause atleast 50% of our monitoring alerts with unnecessary password rotations, clunky scanning tools they dont understand, and put in requests for honey pot accounts they want to give a STOOPID name like James T Kirk.


And there's now more toddler than sys admins at my company..


Sorry more security analysts than sys admins***


Meanwhile im turning allowing any domain authenticated user to logon locally to prod domain controllers, applying patches to 100s of servers on a subnet they dont even do vulnerability scans on, and requiring MFA for any license user who can connect to Azure.

But cool rotate the enterprise admin password, good idea.

https://redd.it/1oixgow
@r_systemadmin

finally slowly starting to rollout Win11 2025/11/01

We are a smaller textil producer, crippled by debt in every way there is out there. ethics, monetary, knowledge, machines, a will to live.

now 2 weeks after win10 is def. not getting updates anymore(in a corporate setting that is), i am allowed to slowly get win11 in the pipeline. sure we had a few, mostly new bought notebooks over the last 2 years with it already, and a few i had to replace with fresh upcycled pc´s, but still mostly win10.

now i have 2months to get a number on how many need replacement, can be upgraded, and to be upgraded/replaced until i leave this mess of a "workplace". while being L1-3, erp-support, hard/software-support, emotional anchor for the staff to went their frustration and the will to find a new place to work.

at least i am covered in that regard, since i have my next work, in a small team, hopefully with a budget for anything bigger than 2 mice a year. if i could use more than 1 flair, i probably would use all of them.

ah by seeing covid19 in the list, i cleaned out the printer and office supplyroom no one manages anymore yesterday, and found boxes over boxes of masks and unused tests, worth thousands back then...

https://redd.it/1oiyvpt
@r_systemadmin

I wish I could say to some sysadmins that they should look for a new job

I really wish it was ok for me to say to a sysadmin that it's time for them to start looking for a new job and as long as they start looking and keep doing work I will help them, but they need to leave.

But I can't say that.

So instead there is always that one sysadmin where I have to have a painful series of conversations where we set goals knowing that they're not going to be able to do it, and then have to be super fake nice to them while watching them struggle and then go through a series of absurd HR processes that drag the whole thing out and is unpleasant for them where they're overly stressed out that I'm on their ass and I just want them to leave but have to continue with all this.

It's so frustrating for everyone.

https://redd.it/1oit15b
@r_systemadmin

AWS to Bare Metal Two Years Later: Answering Your Toughest Questions About Leaving AWS

Two years after our AWS-to-bare-metal migration, we revisit the numbers, share what changed, and address the biggest questions from Hacker News and Reddit.

https://oneuptime.com/blog/post/2025-10-29-aws-to-bare-metal-two-years-later/view

P.S: I work for oneuptime, please feel to ask any questions you feel like asking.

https://redd.it/1oj1rdz
@r_systemadmin

KeepassXC SSH Agent not working properly on MacOS

I set up the Agent integration as described in the docs and `ssh-add -l` also lists the keys as being loaded:

4096 SHA256:...(RSA)
256 SHA256:...(ED25519)

but when I try to connect to a host I get the following error:

debug1: Offering public key: /Users/myuser/.ssh/id_ed25519 ED25519 SHA256:... agent
debug1: Server accepts key: /Users/myuser/.ssh/id_ed25519 ED25519 SHA256:... agent
sign_and_send_pubkey: signing failed for ED25519 "/Users/myuser/.ssh/id_ed25519" from agent: agent refused operation

Unfortunately I didn't find a way to increase the log-level so that the ssh-agent shows me the reason for the refusal. I also checked the permissions on my files. And they should be alright.

drwx------  .
.rw-r--r--@ ├──  .DS_Store
.rw------- ├── 󰌆 id_ed25519
.rw-r--r--@ ├── 󰷖 id_ed25519.pub
.rw------- ├── 󰌆 id_rsa
.rw-r--r--@ ├── 󰷖 id_rsa.pub

[https://www.reddit.com/r/KeePass/comments/1oj5txn/keepassxc\_ssh\_agent\_not\_working\_properly\_on\_macos/](https://www.reddit.com/r/KeePass/comments/1oj5txn/keepassxc_ssh_agent_not_working_properly_on_macos/)

https://redd.it/1oj616w
@r_systemadmin

Azure portal down?

Getting portal offline - there is no internet connection. UK South.

https://redd.it/1oj86h5
@r_systemadmin

So how much of Microsoft is down?

Looks like http://office.microsoft.com/, Microsoft.com, and Entra sites are all down for the UK and I can access a UK based VM in Azure and that's seeing the same problems...

Oh... and Azure? Or is it the same issue?
https://www.theregister.com/2025/10/29/aws\_us\_east\_1\_more\_problems/?td=rt-3a

Yes could be Azure US-EAST-1
https://www.tomshardware.com/news/live/aws-outage-strikes-again-colossal-internet-breakdown-strikes-again

Hmmm our VMs are running in Azure but the portal isn't, Microsoft Graph is running in the backend, but the Entra admin center is not.

UPDATE:
Starting at approximately 16:00 UTC, we began experiencing DNS issues resulting in availability degradation of some services. Customers may experience issues accessing the Azure Portal. We have taken action that is expected to address the portal access issues here shortly. We are actively investigating the underlying issue and additional mitigation actions. More information will be provided within 60 minutes or sooner.

https://redd.it/1oj8sgk
@r_systemadmin

Another AWS/O365 Outage

Here we go again. Midwest USA here. If you look at AWS and O365 in DownDetector the outage spike is pretty much the same. Glad Amazon's stock prices are up with the most recent round of firings.... /s

https://redd.it/1oj9h2i
@r_systemadmin

Typical MS

Azure down.

Fine. Shit happens.

But below is the current recommendation from MS

While we dont have an ETA yet. customers can consider implementing failover strategies with Azure Traffic Manager, to fail over from Azure Front Door to your origins: https://learn.microsoft.com/azure/architecture/guide/networking/global-web-applications/overview

Guess what? learn.microsoft.com is also down. I am not sure what they are smoking before spitting out these advices.

I think I need to print out all the manual from now on /s

https://redd.it/1ojbw4l
@r_systemadmin

What a week

Hi guys

Just wanted to let you know about the crazy week I've had.

Last week, I started working working at AWS as a Junior DevOps Engineer. I was working on a product called Route 53. I thought I'd be helpful and as soon as I got my Github login, I logged in that afternoon and saw some code that didn't make much sense, something about $configuration =, so I removed it and pushed my code.

For some reason that day Amazon fired me for no reason. Budget cuts I reckon.

Today I started my first day at Microsoft Azure working on their DNS system, got my Github log in so obviously looked through the source code and found another piece of code that didn't make much sense. It said ENV file no idea what it means so I deleted it and pushed again.

Strangely the executive team at Microsoft has called me into the meeting first thing tomorrow morning. Think I'll be getting praise for my performance!

P.S. one thing I've noticed working at these big companies are these office environments are crazy! Lots of people shouting and running around especially in the afternoons.

https://redd.it/1oje0o0
@r_systemadmin

Are you actually seeing AI revolutionize your workplace, or has it mostly just been Copilot and crappy chatbots?

I keep seeing all these companies doing layoffs attributing it to needing less employees because of AI, but to be honest I don't believe it.

At least within my company, the most we have done is roll out Copilot and a crappy AI chatbot for our customer service chat. As far as I can tell, our employees are primarily using Copilot as a beefed up search engine to find old emails and video recordings, and our customers are attempting to bypass the AI chatbot to speak to a customer service rep, just like they have always done. Neither of these services have really moved the needle for us, other than now we're paying for these AI tools that we weren't paying for two years ago.

I have a strong suspicion that the vast majority of companies are in the same boat. Is anyone here actually seeing AI revolutionize their workplace, or are you seeing these tepid half measures that don't really accomplish much other than costing more money?

https://redd.it/1ojcpsa
@r_systemadmin

Emergency Help - entire domain inacessible

Hello Guys, we are fucked up our entire domain is inacessible - PLESE HELP!

A colleague of mine tried to remove a child domain from the domain forest.

Our Setup:

croot.local is the root domain with two domain controllers on this root level
Four subdomains: childone.croot.local, childtwo.croot.local, childthree.croot.local, childfour.croot.local

A colleague of mine has successfully moved all Users and Groups from chilfrour.croot.local to childthree.croot.local and now wanted to demote/remove childfour.croot.local from the forest.

I have no idea which commands he has used. He has used chatgpt instructions only and was not supported by anyone else.

All clients, domain controllers and servers in the ENTIRE FOREST report:
The username or password is incorrect. Try again

Do you have any idea on how to get back into our system?

https://redd.it/1ojbifu
@r_systemadmin

Tired of your boss sending you messages that start with "But ChatGPT Said…"?

https://stopcitingai.com/

A simple static webpage, inspired by motherfuckingwebsite.com, comicsanscriminal.com, etc.

https://redd.it/1ojhjhj
@r_systemadmin

Thickheaded Thursday - October 30, 2025

Howdy, /r/sysadmin!

It's that time of the week, Thickheaded Thursday! This is a safe (mostly) judgement-free environment for all of your questions and stories, no matter how silly you think they are. Anybody can answer questions! My name is AutoModerator and I've taken over responsibility for posting these weekly threads so you don't have to worry about anything except your comments!

https://redd.it/1ojvk39
@r_systemadmin

Jamf is getting acquired by private equity

https://ir.jamf.com/news/news-details/2025/Jamf-Enters-into-Definitive-Agreement-to-be-Acquired-by-Francisco-Partners-in-2-2-Billion-Transaction/default.aspx



Be prepared for price hikes and degrading quality.





https://redd.it/1ojto7u
@r_systemadmin

Anti Rant - Some users are a joy to work with.

This isn't a Rant, but there is no Anti-Rant flair, so here it is.

I asked a user to come in, for a support case, all is handled nice and easy without much hassle. He then asks about a different problem that he has been experiencing, something trivial that I decided to deal on the spot because it took me only 45 seconds to apply the fix.

5 Minutes later, he creates a ticket to say that the issue was solved by me and he just opened the ticket so we can track it on our side.

Aren't these users a joy to work with? Love to see it on the workplace.

https://redd.it/1ojwtv3
@r_systemadmin

Oldest Technology Still Kicking

I replaced a token ring network at a rural tractor repair place about 20 years ago, and even then it was way out of date. What’s the oldest tech you guys have seen still in use in a working company?

https://redd.it/1ojx6wu
@r_systemadmin

Does anyone else struggle with getting laptops back after employees leave from managers?

After one of the employees left. the manager asked for the physical laptop to get some files off of it. It's been months since then. After asking for it back that manger respond with

we are making slow progress and working through the information on the laptop. Timeline to finish the task is still unknown. Until unless there is a strong reason for the laptop to be returned, we may have to raise a continual request to keep the laptop until we have all the information needed. 

I dont think this really appropriate since 1st off they dont need to have a strong reason to return assets that dont belong to that department.

What would y'all do in this case, or have done in the past? I have not yet responded to this email.

https://redd.it/1ojxape
@r_systemadmin

We're rolling out a time tracker to 500+ remote machines. What are the technical hitches I'm not thinking about?


Our company is standardizing on a single time tracking tool for all remote and hybrid employees, and the deployment has landed on my desk. The tool is Monitask, and I'm responsible for getting it onto about 500 machines.

My job isn't to debate the policy (it's a transparent rollout, all communicated by HR), but to make sure it doesn't become a technical dumpster fire.

I'm already planning for the obvious stuff: noscripting the deployment via GPO/Intune, potential conflicts with our EDR, and testing for resource usage on older laptops.

For the sysadmins here who have had to deploy this kind of agent-based software at scale, what were the unexpected headaches I’m I bound to run into? Any advice from the trenches would be a huge help.

https://redd.it/1oju7sz
@r_systemadmin

The Tragedy of LinkedIn...

A couple of weeks ago some pour soul posted up on Linkedin that his Windows 11 installation went a bit askew and now he was locked of his own dam computer. All he got when he turned it on was a screen asking for a BitLocker key. That is frustrating. So, he went to LinkedIn where all the "experts" hang out.

What happened next was eye-opening. While the poor b@stard needed some actionable advice on how to get back into his system all he got was commentary. For example, the merits of BitLocker vs other encryption packages. The need for encryption on laptops. The importance of encryption for compliance. Difference between different versions of Bitlocker. Whether Bitlocker uses 128-bit or 256-bit..Just pure unadulterated BS.

If this person's house was on fire...there was not one person in the crowd taking a p!ss on the burning house. It was just talk. Stupid talk. Not one piece of actionable advice. I'm now thinking that if I were hiring someone in the morning - that last person on earth I would hire would be a LinkedIn commentator. Useless. Absolutely useless. Give me a do-er, not a LinkedIn commentator, any day...Rant /over

https://redd.it/1ok3lks
@r_systemadmin

Two of our company devices somehow ended up getting assigned the same random hostname by Windows

We just got a bunch of laptops in at another office- we don't have Intune setup, we just have someone go through OOBE and install NinjaOne (yes this is dumb, we're "working on it").

When I remoted in I noticed none of the noscripts had ran- then noticed the username on the Overview was different. Somehow, that machine had ended up with the same exact random hostname as a machine that had already been deployed. They're not even from the same batch- the other machine went out about 3 months ago. I'm absolutely baffled.

Screenshot of the two machines

https://redd.it/1ok3ncq
@r_systemadmin