What type of wall IP clocks are you using ?

We have multiple wall clocks that are not displaying the correct hour/date and the reason for that is they all are just manual to update hour/date, day savings or just to change the batteries when depleted, e.t.c. basically no maintenance.

One of the reason is that most of them also require a ladder to climb to access the clock.

I am interested to change them with wall IP clocks (one side or two side display) with NTP support (set up our own time-servers for automatic time/date) + PoE (no more batteries to change) + a standard web interface for remote setup + lighted displays to see no matter it is day or night.

What brands/models of IP clocks are you using ?

Thanks.

https://redd.it/1ov28iq
@r_systemadmin

What do you do when you’re bored at work?

For the first time in a very long time, I actually find myself looking for something to do at work. I’ve been a badass and finished all my projects for the year early. I can’t really help out with any of the projects my coworkers are working on. I have ONE ticket in my queue (which by itself is a “holy shit!” accomplishment). We’re entering the holiday season and a lot of key people are out of the office, so there isn’t much grunt work to be done.

To pass the time, I cleaned out the IT storage room and surplussed a bunch of old equipment. I closed a bunch of tickets for the help desk that were probably going to get escalated anyway. I’ve been clearing a lot of alerts that nobody really cares about. Budgets for next year haven’t been approved yet, it’s too late in the year to start any new projects, and I’m kinda running out of “busy work.”

What’s something else I can do so management doesn’t catch me with a bunch of idle time on my hands? Preferably something easy that will score me brownie points outside my own department.

https://redd.it/1ovb65p
@r_systemadmin

User Was Phished

Hey guys, this is my first time dealing with this and I am solo. A user was phished, Huntress caught it and revoked sessions and disabled the account. I have reset credentials and MFA. I checked message trace and it looks like he didn't send anything in the few minutes between authentication and being revoked/disabled. I checked my user's mailbox and didn't see any new rules/filters. Is there anything else I need to do before enabling his account and sending him on his way? Should I assume everything in his mailbox was compromised?

Edit: Anything else I should do besides training. The user *almost* handled the attempt like a pro. He got a suspicious email from somebody he works with frequently. Instead of calling to confirm if the user did in fact send the email, he replied to the email to confirm...

Thanks for all your help, everyone.

https://redd.it/1ovcdx4
@r_systemadmin

Anyone else just realize Windows 11 23H2 is about to go end-of-support?

I somehow missed that Microsoft announced the end-of-support for Windows 11 version 23H2 (Home & Pro) back in August 2025 — it completely flew under my radar.

After checking our environment, it turns out this affects a noticeable part of our fleet.
I really hope I’m not the only one who missed this stealth announcement.

To all of you who caught it early and already have everything patched and polished:
You absolute legends. Please, feel free to bask in the misery of the rest of us scrambling to catch up.

And to everyone else who’s just finding out now — you’re not alone. Grab a coffee, open Intune or PDQ, and let’s suffer together in good company.

https://redd.it/1ovfvq0
@r_systemadmin

What things do you have at your desk to make you look more official?

I see a lot of unique items working at different users desks and that made me realize that my desk is kind of boring. What cool 'tech' things can I have to make it look like I'm THE tech guy when someone stops by?

https://redd.it/1ovfdc3
@r_systemadmin

Weird call today that felt off. Anyone else getting voice impersonation attempts like this?

I had something odd happen today and I’m still not sure what to make of it.


One of our helpdesk guys pinged me saying someone called in asking for an urgent password reset because they were “locked out during a client meeting” and needed a quick MFA bypass.

The part that threw everyone off was the voice. He sounded exactly like this employee I know. I even had lunch with him. Same way of speaking, same tone, even the weird breathing he always has when talking fast.

The helpdesk guy stuck to the noscript and said he needed a ticket and manager approval.
The caller immediately got angry and said, “I literally cannot get into my account to file a ticket. Just reset it.” Then he hung up.

It was hella weird... so we checked. Turns out that the real employee was on vacation, and had not called anyone.

We have no idea whether this was just a random scammer or someone who actually spoofed the voice. Either way it freaked me out a bit because our verification process is honestly not built for this.


If this had been one of our newer support folks, they might have gone ahead and reset it.

So I’m curious, have any of you actually dealt with voice based impersonation yet?


Is this happening more often or was this just a one off for us?


And if you have seen it, how are you handling verification over phone now?

https://redd.it/1ovksk6
@r_systemadmin

Best way to get PCI compliant

We process payments through Stripe and we got told we need to complete PCI compliance. I opened the self assessment questionnaire and it's has 200+ questions about security that the majority of our team doesn’t really know how to tackle


I know the options are to basically either hire a consultant, use some compliance software or do it ourselves. Has anyone gone through this recently? What's the best approach? I just need to check the box so Stripe is happy and doesn’t start causing issues. Thanks




https://redd.it/1ovn5p5
@r_systemadmin

isp failover

so i deployed a firewall and had a second isp (att) do a fiber drop so i could implement a failover solution. our primary is currently spectrum over coax. before att did the drop, i plotted on a temporary solution in case att was gonna do a dia drop instead of best effort fiber (was told by the broker it would be around 3 months). the temporary solution i would’ve had in place was a peplink cellular router with verizon sim.

i ended up having att do best effort and it happened quick so i never got to use the peplink. the environment in question is a small call center using soft phones. so, i’m thinking of getting rid of spectrum altogether and making the peplink wan2 but im aware the soft phones will have to deal with cgnat. how bad can it be? is it better to just keep spectrum instead?

https://redd.it/1ovsj5y
@r_systemadmin

Teamviewer vs. Bomgar: Advice Needed

Hi everyone,
We’re looking for a remote support platform for our tech support team. Initially, we’ll have 4 technicians and 100 endpoints, with plans to scale soon. we’re considering BeyondTrust (Bomgar) and TeamViewer, but none of our teammates have experience with these tools on larger projects.

What have you liked or disliked about using these platforms? Your insights would be greatly appreciated.

Thanks in advance!

https://redd.it/1ovujqm
@r_systemadmin

Are there any trustworthy AI meeting recorders/notetakers?

We use Teams Premium which works for most of our users, but we occasionally have requests for an AI meeting recorder/notetaker that can join Zoom, Google Meet, and Teams meetings that are hosted by other orgs who have recording disabled.

One of our users wants to use Read AI but is open to alternatives. I looked at Read's privacy policy and online reputation and it's one of the worst I've seen. I know a lot of these AI companies are fly-by-night pop-up shops that invest very little in security and data privacy. Are there any trustworthy AI meeting recorders/notetakers that are more highly regarded and respectful of user data?

I'm planning on evaluating Fellow next, but I wanted to ping the community and see if anyone is using one they trust. Thank you!

https://redd.it/1ovpadl
@r_systemadmin

Thickheaded Thursday - November 13, 2025

Howdy, /r/sysadmin!

It's that time of the week, Thickheaded Thursday! This is a safe (mostly) judgement-free environment for all of your questions and stories, no matter how silly you think they are. Anybody can answer questions! My name is AutoModerator and I've taken over responsibility for posting these weekly threads so you don't have to worry about anything except your comments!

https://redd.it/1ovx7s0
@r_systemadmin

A screw-up that’s very easy to make with APC UPS

Honestly, this was the first time in my life something like this happened. I didn’t even think it was possible — but it is. Hope it will help somebody to avoid this.
I was moving devices from an old Ethernet switch to a new one that I had installed in a server rack, while the old switch was still sitting on a shelf in another spot.

The first thing I decided to reconnect was the APC UPS located in the same rack. I grabbed a new, fairly short patch cable, unplugged the old one from the UPS’s Ethernet port, plugged in the new one, ran it through the rack, and connected it to the new Cisco switch.

And suddenly… the whole rack went silent.

I didn’t understand what was happening at first. I thought that since I had the rack open for a while, the temperature had dropped a bit, so the switches and other devices cooled down and the fans got quieter.

Then I noticed that a nearby PC had no network connection. I rushed to the rack and realized the switches were off. The UPS was off too.
I pressed the power button, it turned on, but it refused to enable output power no matter what I tried from the front panel.

I tried plugging the Ethernet cable into another switch — and then the UPS powered up normally. I breathed a sigh of relief, turned the equipment back on, checked that everything was working, and went to look at the UPS status on the monitoring site.
The UPS was offline. And then it hit me.

I went back, looked at the UPS rear panel … and of course I found that I had plugged the Ethernet cable into the serial port — the RJ45 one that looks exactly the same as Ethernet and sits right next to it on these APC units. And since the new switch had PoE, it probably pushed voltage into that serial port, making the UPS instantly shut down.

So yeah, guys — double-check what port you’re plugging into on your UPS, especially when it’s mounted low, in a dark spot, or otherwise hard to see.

https://redd.it/1ovxqhf
@r_systemadmin

BT Net

Anyone else having BTnet issues? BT voice seems to be still working


Edit: forget that - its back (had a few sites go down for 30mins)

https://redd.it/1ovzj5f
@r_systemadmin

WAN subnet routing

I need to receive a /28 v4 and /64 v6 subnet from my ISP. And I'm being asked how I want to receive it. Via a transit IP (p2p) or onlink.

Now, what I need is to have at least 1 or 2 IPs that will live on the WAN because I want to run WireGuard on my Unifi EFG.

But the rest I want to assign to a VLAN and then distribute that to my servers/VMs.

What is the best solution and can I achieve this with a onlink/WAN subnet?

https://redd.it/1ovvi9j
@r_systemadmin

SysAdmin Quote of the Day: "It's not the work; it's the worry of it."

I ran across this quote in a thread recently, and thought... that's exactly how I feel some weeks, working in this field. Doing the actual, technical, nitty-gritty parts is generally enjoyable, and occasionally awesome. But the incessant, nagging feeling that something, somewhere, is about to pop/have a critical CVE/a user or junior IT Admin will fug something up steals all the sunshine — and places a dark, angry little storm cloud perpetually over my shoulder, just waiting to strike.

I'm sure waking up and reading The Hacker News/Cyber Security News feeds on Telegram don't help the situation... but then again... neither is Microsoft.

Anyone else find it fitting? Have you come across other quotes that stand out and speak to the Sisyphean roles we fill?

https://www.reddit.com/r/Life/s/S0y2wzSF8D

https://redd.it/1ow1wnh
@r_systemadmin

IT perspective: How many employees in your org have accidentally leaked sensitive data during screen shares?

Curious to hear from other IT folks about this. We've had three incidents this quarter alone:



1. Sales rep showed customer list in browser tabs during prospect call

2. HR person had salary spreadsheet visible in recent files

3. Engineer's password manager popped up during client demo



None were catastrophic, but each could have been avoided. We've done the standard security training, but screen sharing feels like this massive blind spot that nobody talks about until something embarrassing happens.



Are you seeing similar issues? What policies or tools have actually worked to prevent this without being too restrictive?



I'm trying to build a case for better solutions beyond just "be careful" training that clearly isn't working.



https://redd.it/1ow1j3e
@r_systemadmin

IT Admin turns into all IT

Hey everyone,


So for context, I've started at this position a few months back, fresh out of college, as a full time IT Admin. They've never had in house IT before, which I attribute to most of these issues. Between having over 500 employees and over that computers, etc. there's been a few things I'd like to share.


Firstly, there is no naming scheme in AD. Sometimes it firstname - last inital, sometimes it's full name, last name, you name it.


Second, we're still on a 192. addressing scheme with now 192.168.0 - 192.168.4. Servers and switches are all just floating somewhere in those subnets, no way of telling why they have that static or if it's always been like that. I'd LOVE moving to 10.10.


Speaking of IP Addresses, we ran out a few weeks ago.. so we need to expand DHCP again to be able to catch up. When I first got hired, all 6 UPS's we had were failed, so power outages completely shut down everything.


All users passwords are set by IT, they don't make it themselves.. and the best part? They're all local admin on their machines. What could go wrong?


So I've been trying to clean up while dealing with day to day stuff, whilst now doing Sysadmin, Networking, and so on. Maybe that's what IT Admin is. I'm younger, but have been in IT since 15, so I have some ground to stand on. Is 75,000 worth this? I don't know enough since I've not been around, but i had to work my way to 75 from 60.


Thoughts?

https://redd.it/1ow4b9f
@r_systemadmin

Rogue Action1 agent installed on a random VM-looking machine - all normal causes ruled out. It's all very strange.

Bit of a weird one and I’m hoping someone else has seen something similar.

We use Action1 RMM in a small \~60-user UK company. Today, a completely unknown endpoint appeared in New Endpoints.

Machine details:

User: `BRIDGETTEEVJS\Administrator`
OS: Windows 10 20H2 (!!)
Status: Disconnected
Platform: Windows (manual install)
Health: • 585 critical • 3592 non-critical • 2 critical patching • 7 non-critical patchings
Domain: Not ours
Subnet: Not ours
Hostname/User: Not ours
Manufacturer: Not Apple Inc.
CPU: Intel Xeon E5-2683 v4 @ 2.10 GHz (4 cores)
GPU: Microsoft Basic Display Adapter (SeaBIOS Developers)
RAM: 4 GB
Disk: 60 GB Generic
NIC: Intel PRO/1000 MT
IP: [192.168.36.29](http://192.168.36.29)
MAC: 00:1B:21:13:36:29

Action1 shows the agent was installed minutes before it appeared. I removed the endpoint and regenerated the MSI (so I assume the old MSI token is now dead).

To avoid going down the usual rabbit holes, here’s what I’ve already eliminated:

No user home PC has access to our file server – no VPN, no mapped drives, no offline sync, no OneDrive/SharePoint paths pointing to the Tech folder.
No one in the company except me runs VMs, and no forgotten VMs exist – ESXi checked, no old test VMs, no dev machines, no orphaned lab systems.
The Action1 MSI is only ever installed over UNC by me; never uploaded, never emailed, never copied to desktops/Downloads/OneDrive/etc. Users can browse the Tech share but cannot run MSI/EXE files due to policy. Even if they did somehow run the installer, it would just reinstall Action1 on their existing work machine, not spin up a random VM on a different subnet.
No external vendors have SMB access – no MSP, no external techs, no legacy provider accounts.

While It’s theoretically possible a user copied the MSI (if i'd left it on their desktop or something), based on our staff skill level and restrictions, it’s extremely improbable. None of them would even know what Action1 is, what a UNC path is, or what a VM is (which is what i assume this thing was running on).

None of it makes sense.

TL;DR:
A random Win10 20H2 VM showed up in Action1. Users can’t run MSI/EXE, no home access, no VMs, no forgotten systems, no vendors, nothing.

Any ideas? Spooked me a bit!

https://redd.it/1ow1269
@r_systemadmin

APC powerchute serial shutdown - can't reset battery replacement

I have a BRG 1500 at a small remote office, I replaced the battery in 2019 and used the powerchute software to change the replacement date. This was the legacy version which installed and ran on a windows machine and launched as a program.

Today, the legacy software has been replaced by this

https://www.se.com/us/en/product/SFPCSS/software-powerchute-serial-shutdown-unattended-graceful-shutdown-ups-monitoring-configuration-energy-management/

and this software appears to do the same thing but it is web based and accessible via localhost in a browser...no problem, looks to be the same exact software just browser based.

I ordered a replacement battery (legit APC battery, not 3rd party) and changing the replacement battery date in the software works, it accepts 11 and 2025 values, but running a self test fails and stated that the battery needs to be replaced.

Is it possible I got a bad battery? Of course it is. However, I did some googling and this seems to be a very common problem.

I saw a few posts indicating that a registry value can be changed, but I don't have the registry folders that were listed in the posts, likely because they are for the legacy program and not the updated program.

I just went through this process, about a month ago, at another remote site with a camera NVR PC and this PC still had the legacy software installed so when I changed the battery and launched the software and clicked the button that I replaced the battery, it accepted the date and passed a self test that I manually ran.

Anyone else run into this issue?

Thanks.

https://redd.it/1ow1kt8
@r_systemadmin

Active Directory -Demoting half-functioning DC

Hey fellow Sysadmins, AD question for you.

I haven't touched AD in close to four years because I've sort of floated over to the Entra Side, but I now have a client in this sitch:

Someone apparently at some point shut down some firewalls and a DC in a site lost communication with most other DCs.

The they created their own replication links to try and fix it, and it limped along for a while but it just wasn't quite right, according to them.

Now, their Tombstone Lifetime has been breached and the DC in question will now accept changes from the rest of AD but the rest of AD will not accept changes from the isolated DC.

They have fixed all their firewall issues and communication works between all DCs now but they want me to fix the broken one.

My thought is this:

\- Move isolated DC Subnets to another site so authentication doesn't break of get delayed

\- Demote isolated DC by a forced demotion

\- Wipe the DC manually from AD via MetaData cleanup

\- Wipe the site from AD

\- Wait for Replication

\- Recreate the site

\- Re-promote the DC

\- Wait for it to fully come on line

\- Move the subnets back to the isolated site

If my AD memory serves me correctly, that should work right? I know I can maybe clean up the conflicting objects and get them to talk again, but that seems more risky and labor intense.

Thanks all.



https://redd.it/1ow4htt
@r_systemadmin

How do you get an Apple sales rep ?

How does one go about getting an Apple sales rep ? Do you get better small volume pricing that way ?

https://redd.it/1owagt3
@r_systemadmin