I’m working on an industrial laptop that has multiple bootable windows partitions with different configs to run equipment. The main, default OS upgraded from 20h2 to 22h2. The rest are still in 20h2 and none of them will boot. What are my options? Can I upgrade them to 22h2 without booting the OS?

Posted in sysadmin because you guys are the smartest of the computer bunch

https://redd.it/1ot32g6
@r_systemadmin

AlwaysOn VPN with WIN-ACME and certificate auto-renewal

Am just about to build fresh AlwaysON VPN server and am looking to replace our existing wildcard certificate issued via Digicert with one from Let's Encrypt, potentially auto-renewing it via Win-Acme or similar tool. Anyone doing this? Any tips/tricks/traps I should know about?

https://redd.it/1ot56qo
@r_systemadmin

Server 2019 AD upgrade to 2025

Good Morning All,


I started out this week by installing server 2025 as an AD/DNS/DHCP server and... it was a fun time (similar happened to this https://www.reddit.com/r/WindowsServer/comments/1jdefxi/2025\_server\_cant\_login/ )


so I nuked and installed 2019 eval instead.


2019 is working fine currently, but of course we didnt get the downgrade license, so I now have a ticking time bomb of an eval running as a DC.


So, my question really is, is it possible to in place upgrade to 2025 and avoid the issues I had before? or are they likely to come back?


I did try to pssession into the server at the time to try the fixes that others mentioned. but the rest of the network wasnt in place and I couldnt actually get in. time was of the essence, so tinkering wasnt an option at the time.


I did a full windows update on 2025 before adding it as a DC. so if the "bug" from above was "fixed" in an update, how the hell did it still happen?



Regardless, the situation still stands, anyone with experience of this can throw in their 2cents?

I will of course have a full backup taken before performing any upgrade, I just really dont want to have too much downtime.



looking forward to your answers.

https://redd.it/1ot6mho
@r_systemadmin

Anyone else notice how insecure digicerts new login is?

If you log out. You can login by entering ANYTHING into the login form.

You can also bypass the MFA if you had it setup on their old login.

https://redd.it/1ot6lip
@r_systemadmin

My company offered to pay for certifications — which ones should I go for as a beginner in cybersecurity?

Hey everyone,

I just got the opportunity from my company to take some certification courses (they’ll cover the costs). The thing is — I currently have no certifications and I’m just getting started in cybersecurity.

I’m trying to figure out which certifications would make the most sense to start with — both for building a solid foundation and for career growth.

A bit about me:

* Currently working in IT with a growing interest in security
* Have some hands-on experience with Windows, networking, and Microsoft 365
* Finished my bachelor in cybersecurity

I’ve heard about things like CompTIA Security+, Network+, Google Cybersecurity, ISC2 CC, and Microsoft SC-900, but I’m not sure which path makes the most sense for a total beginner.

https://redd.it/1ot9i81
@r_systemadmin

One-man IT department here… is it time to bring in an MSP?

I’m the entire IT “department” for a 50-employee logistics company. I handle everything, servers, email, cybersecurity, onboarding, printer rage therapy, all of it.

Now upper management wants 24/7 monitoring + disaster recovery + compliance documentation, but doesn’t want to hire extra IT staff. I’m burning out.

Anyone here bring in an MSP to supplement internal IT? Worth it or does it turn into a mess of tickets and finger-pointing?

https://redd.it/1otaay1
@r_systemadmin

I finally left the MSP helldesk

After 5 years of working at an MSP as a level one, underpaid and burnt out and no clear career progression I made the decision to quit with no backup plan. 2 months later I'm now working in a L2 support role internally for a company, no more timesheets, no more manager breathing down my neck saying i haven't hit my ticket allowance for the day when i've been dealing with issues that need time and attention, no more after hours phone calls late at night.


I can now just focus on fixing things, learning, and delivering good customer service for the employees.


I've started enjoying IT again and feel my passion I once had coming back. And this place allows me to pivot easily into more infrastructure and networking focus.


Sure MSP may suit some people, but holy crap the sense of relief I felt once I had left was immense

https://redd.it/1otbth3
@r_systemadmin

Why do we still use linear partition tables?

This is a technical and philosophical question...

I just realized as I was trying to resolve an issue that required moving a partition to enable giving more space to another partition infront of the other, that this as on an SSD.

A SSD does not record data in a physical linear way, so why should the partition table be linear?

Why do we still care about what partition is in front, or behind?

Ok, it is a legacy hold over, right, I can see that being a historical reason, but now with GPT, and the use of UUIDs for partitions, is there a good reason why partition tables are linear?

they should simply present to the OS as blobs, where the SSD worries about where on the disk they are located, and the computer simply specifies the ID of a partition when talking to the SSD. Could we not use something similar to LVMs, instead of a rigid partition table?

https://redd.it/1otdveg
@r_systemadmin

ProLiant DL380 Gen9 - Smart Storage

Hey everybody,


One man IT guy at a company that has never had in house IT, only a single person who's been remote for about 10 years. They passed all of their work off to another person who came in for four hours on a certain day of the week.


I recently replaced the server smart battery, as in PRTG & iLO it's showing as degraded. It's recognized the new battery, since it has a new number shown there, but it's still marked as degraded. I've seen to wait a little bit of time, buy so far there's been no change. Any ideas? Thanks in advance.

https://redd.it/1otg62j
@r_systemadmin

My sys admin sucks

I'm not gonna claim to know a lot since I just entered the field as a helpdesk. My sysadmin is an idiot and I have no idea how this guy has been able to fool an organization for years. This is a rant so ill just list off some of the things he's said and done in the past couple months.

Oh also more than half of our employee laptops, this number is in the hundreds, are still on Windows 10 and will be for the foreseeable future.

We do not have Active Directory, he has been setting it up for years, allegedly.

I am required to install ccleaner and 2 different antiviruses ontop of our endpoint protection software we pay for. One of the antivirus software he has me install is from 2000 and has been known to bundle malware

Oh I'm also forced to make sure these softwares are on a specific part of the desktop so "IT can find their tools."

I offered a solution that a friend of mine came up to execute remote code using our endpoint protection software to do all the win10-11 updates en masse but I was told "we do things the right way here"

He claimed he was unable to use his computer for a whole day because it is literally impossible to convert MBR to GPT.

I was required to ask for every employees password so I could "log into their account" since it's "easier than resetting their password on the laptop" and how "we need to confirm their password meets our security requirements"

Runs campaigns against other IT staff who know more than he does (not very hard) talks shit about them for months and they eventually get fired.

Laughs/talks shit about employees who fall for phishing emails (we also have paid for a phishing simulator software but he wont use it).

That's all I can really say without giving away too much.

https://redd.it/1oti0g9
@r_systemadmin

Should I quit?

IT director at a small business, about ~100 people. I’m six months in and I’m about ready to quit—the place is a cybersecurity disaster, HR controls laptop procurement and technical onboarding, and any changes I make are met with torches and pitchforks. Leadership SAYS they support me, but can’t have a difficult conversation to save their lives.

I think I answered my own question, right?

https://redd.it/1otinjm
@r_systemadmin

Can you restart IIS websites during working hours?

Some context:

I work as an infra/devops engineer at a software company. The applications are still fairly old-school, all monoliths hosted as IIS websites. When we need to apply quick fixes, we sometimes modify configuration files like appsettings.json instead of doing a whole new build.

However, for these changes to take effect, we need to restart the specific IIS website. The issue is that we're not allowed to do this during working hours because “we can’t undertake actions that might interrupt live services during core hours, especially without client notice,” as management always says.

From my understanding, restarting an IIS website only causes a very brief blip, just a few seconds of downtime, so it doesn’t seem like a major disruption, especially when the change has already been tested in lower environments.

Am I wrong to think this shouldn’t require an out of hours window, or is this policy fairly standard in other companies?

https://redd.it/1othcfy
@r_systemadmin

How did you learn when first starting your sysadmin career?

I started at this company on the help desk. We support about 300 different remote offices. 6 months later, I started as an IT technician doing site visits and transitions (multifamily residential industry). A year after that (about 3mo ago), I assumed a sysadmin position after a couple members of that team left.

They are still working on backfilling my role, so most of my workload is still for my old position. As a result I’m not involved in many projects for my new role. I’m in a strange limbo state right now. I don’t have most of the foundational knowledge to support most of our systems. Good understanding of networking/troubleshooting/field tech work, but not so much when it comes to enterprise applications, noscripting, server management, that sort of thing.

I was thinking of supplementing with learning on my own time so I can hit the ground running once they backfill my old role. Are there any resources that you leveraged when you first started your sysadmin role that you found valuable?

https://redd.it/1otk0yc
@r_systemadmin

Anyone got WiFi auth working with Entra ID (no on-prem AD, all FortiAPs)?

Hey folks,

Curious if anyone here actually got WiFi authentication working directly against Entra ID.

We’re 100% Entra-based(no on-prem AD, no hybrid setup). Everything lives in the cloud.
We’re also a Forti shop, so all our APs are FortiAPs managed through FortiGate.

What I’m trying to do is have users connect to our office WiFi and authenticate using their Entra ID creds.

Most of what I’ve found so far points to needing a RADIUS server (either on-prem or hosted) or spinning up a local AD just to handle 802.1X, both of which I’d rather avoid completely.

Ideally looking for a clean, cloud-only solution. Something that doesn’t involve setting up or maintaining any RADIUS/AD infra.

Has anyone pulled this off, or is it just not doable yet without a RADIUS middleman?

Would love to hear what others have tried.

https://redd.it/1otmqhw
@r_systemadmin

UPS for every Network Switch?

We are planning a new building with a large production hall and severals racks for sub-distribution with switches. One of our team is worrying that on a power outage, the switches get damaged. (by voltage spikes, etc.)
So what is your opinion on this?
Are the switches resistant enough?
Should there be some kind of surge protection enough?
Or do you go to ups them all?

Location Germany.

https://redd.it/1otigp2
@r_systemadmin

Is it safe to reset the KRBTGT password if the account has been disabled for 12 years?


Hi,
I’m planning to rotate the KRBTGT password in our Active Directory domain. I noticed something unusual — the KRBTGT account has been disabled for about 12 years, but everything in the environment is still working perfectly (Kerberos auth, logons, services, etc.).

Before I run the Microsoft noscript, I want to make sure I’m not missing anything.

My questions:
1. Do I need to enable the KRBTGT account before resetting its password, or can the noscript reset it while it’s disabled?

https://redd.it/1otqkif
@r_systemadmin

Getting to the right level of tech support

Years ago Spectrum/Brighthouse/Time Warner - whoever they were at the time - had a guy in tech support that I could call and no matter what the issue was he could fix it. It wasn't even a special secret number - he was typically the first person to answer. It was unreal.

These days it's near impossible to get to someone like that.

If anyone has a secret tip on how to get to a higher level of tech support with Spectrum or ATT (Firstnet) please do share. I need someone that understands what I mean when i say "there seems to be a subnet routing issue between two ISPs".

https://xkcd.com/806/

https://redd.it/1otr67y
@r_systemadmin

Anyone else see a rise in critical failures straight out of the box with Dell servers?

I'm currently on a project that is using Dell servers ( a couple of different models ) as Active Logic (formerly Sandvine) servers. we are currently working at a 30% failure rate straight out of the box. 1 was Dimms, 1 is a Logic Board, 1 is either a PCI issue or a power supply problem Just trying to get some context here.

https://redd.it/1otsgil
@r_systemadmin

How often do you do demos and projects just to throw it in the trash?

Hi folks,

Headache of the week comes from the director of operations reaching out saying hey, we have too many sales folks that are getting texts to their personal phone because they don’t have another option for clients to reach out to. This is a problem when a sales person leaves as well.

Me: okay well they do have a business line that supports SMS and MMS but yeah I get it when people are off those still sit in their inbox until they get to it. I’ll look into a few options and will get back to you, but you basically want them to be able to use it like a shared mailbox sort of thing?

Dir: yes exactly! Just so we can get quick response times and maybe send out a quick reminder of a relevant promo here or there.

2 weeks later after going back and forth getting 10DLC approval for low volume use case because they wanted to see a “live example texting real people” aka text them from the system, not from a demo number to me.

Me: hey let’s meet today, I found a pretty good option that also integrates with slack that works really nicely.

Dir: awesome!!!!!

Demos account, team really likes it

Me: so it comes down to $20 a month for 10 sales people, $230ish a month after tax per month, no contract so we can adjust up and down as needed. Do y’all want to start with maybe just a sales manager or something? See what their thoughts are?

Dir: that’s a lot of money… what if we all just shared one account?

Me: well… 2FA would be kind of a nightmare. They’d likely get booted each time too many people login at once.

Dir: we’ll just set it up in each employees Authenticator app

Me: how would you know who is texting a client if it’s all under the same account? That’s just not good practice. Like what if the account was compromised? So we just lose 100% access to a texting platform with all of our clients?

Dir:…… never mind let’s scrap this idea. It’s just too expensive just to text clients like they already do from their cell phone.

Ughhhhhhh

Edit:
Valid point I left out, I brought up that things in IT are generally not free, and there would be a cost to this service and was told “yeah yeah I know, we’ll deal with the budget when we find something we like, just look for something good is reliable.”

I don’t know what they thought it would cost, and I still don’t think this is a crazy cost for a company that does 90m in revenue, but whatever. The only part that really rubbed me the wrong way is when one of the team leads said hey, thanks for trying to put this together, didn’t mean to waste your time on this and the director goes it’s not a waste of time, this is what he’s here for. Not technically wrong, but just seemed really douchey like hey don’t worry about the time he spends it isn’t valuable anyway.



https://redd.it/1otxqzt
@r_systemadmin

Laptop Budgets

Sounds like we will be needing to cut our equipment costs down for the end of the year and into 2026... That's probably not all that uncommon right now, but I don't know how much cheaper we can go before we sacrifice quality and usability. I just wanted to see what you guys are spending on your devices so I can get an idea of what's "normal".

For context, we used to be a Dell house but swapped over to Lenovo a few years back. We initially ordered some X1 Carbons but had to find a more cost-effective device to deploy to our standard workers and landed on the T14 and P14s models which have worked really well for us so far.

All devices need to have Intel vPro/AMD Pro and 32GB of ram at a minimum because of our company's standard software. We're spending roughly $1200 on average for these devices that are fully loaded with touchscreens and the works. Getting quotes through our vendors/Lenovo for stripped-down versions or cheaper models (E14/L14) don't seem to be any less expensive than our current devices. Sometimes it's even more expensive to remove the fancy stuff lol.

Are we doing good on price? I just cannot imagine paying that much less for what we're currently getting.

https://redd.it/1otu2zb
@r_systemadmin

My thoughts on my first few months as a new SysAd

I just completed my 4th month as a Linux SysAd. I previously was a Security Engineer but really wanted to move over to something more technical. I work on a small program where I’m the only SysAd. I had a fair amount of Linux Admin experience before beginning, but when I first started, it was a bit overwhelming, but being thrown into the deep-end is usually where I’ve done best.

When I first started, the previous SysAd had implemented almost no automation and my non-technical team members were constantly dealing with small issues that the previous SysAd just spot fixed with “band-aid fixes” and not fixing underlying issues. My first month I worked my butt off trying to get everything automated that were part of daily/weekly processes along with working to eliminate all the “papercuts” team members had. I had a massive list of things I had to do, but they all got completed pretty quickly! I’m kinda happy I walked into this situation because I learned EVERYTHING about the systems super quickly. It was also very enjoyable walking in after about a month and a half and I didn’t have anything pressing I needed to attend to, and no new issues.

After 4 months, the most suprising things is how much the OS can actually do. We use RHEL, and I’ve been continually suprised about what it can do out of the box. Looking back when I was a security engineer, I just feel like the OS was massively underutilized and basically just acted as a wrapper around security tool applications. There’s so many security tools natively available! SELinux is, while annoying sometimes, is legitimately amazing and I can’t believe it’s free.

Along with just the Linux knowledge, I feel like my general IT understanding has massively increased. Due to my program being small, we don’t have a lot of money to throw around, so to get things like SoL, we may not have the money to buy iLO or iDRAC, but we can utilize IPMI which those platforms are built on to still reap massive benefits! Understanding what products are actually built on and being able to use those underlying technologies has been massively beneficial!

Overall I’m extremely happy being a SysAd. The work I’ve done has been extremely intellectually stimulating. I just wish I knew what I know now when I was a Security Engineer. I really feel like a lot of Security Engineers don’t understand what their server OSs are capable of, because I certainly didn’t!

Is there anything you guys found was legitimately interesting when first becoming a SysAd?



https://redd.it/1otys08
@r_systemadmin