A screw-up that’s very easy to make with APC UPS

Honestly, this was the first time in my life something like this happened. I didn’t even think it was possible — but it is. Hope it will help somebody to avoid this.
I was moving devices from an old Ethernet switch to a new one that I had installed in a server rack, while the old switch was still sitting on a shelf in another spot.

The first thing I decided to reconnect was the APC UPS located in the same rack. I grabbed a new, fairly short patch cable, unplugged the old one from the UPS’s Ethernet port, plugged in the new one, ran it through the rack, and connected it to the new Cisco switch.

And suddenly… the whole rack went silent.

I didn’t understand what was happening at first. I thought that since I had the rack open for a while, the temperature had dropped a bit, so the switches and other devices cooled down and the fans got quieter.

Then I noticed that a nearby PC had no network connection. I rushed to the rack and realized the switches were off. The UPS was off too.
I pressed the power button, it turned on, but it refused to enable output power no matter what I tried from the front panel.

I tried plugging the Ethernet cable into another switch — and then the UPS powered up normally. I breathed a sigh of relief, turned the equipment back on, checked that everything was working, and went to look at the UPS status on the monitoring site.
The UPS was offline. And then it hit me.

I went back, looked at the UPS rear panel … and of course I found that I had plugged the Ethernet cable into the serial port — the RJ45 one that looks exactly the same as Ethernet and sits right next to it on these APC units. And since the new switch had PoE, it probably pushed voltage into that serial port, making the UPS instantly shut down.

So yeah, guys — double-check what port you’re plugging into on your UPS, especially when it’s mounted low, in a dark spot, or otherwise hard to see.

https://redd.it/1ovxqhf
@r_systemadmin

BT Net

Anyone else having BTnet issues? BT voice seems to be still working


Edit: forget that - its back (had a few sites go down for 30mins)

https://redd.it/1ovzj5f
@r_systemadmin

WAN subnet routing

I need to receive a /28 v4 and /64 v6 subnet from my ISP. And I'm being asked how I want to receive it. Via a transit IP (p2p) or onlink.

Now, what I need is to have at least 1 or 2 IPs that will live on the WAN because I want to run WireGuard on my Unifi EFG.

But the rest I want to assign to a VLAN and then distribute that to my servers/VMs.

What is the best solution and can I achieve this with a onlink/WAN subnet?

https://redd.it/1ovvi9j
@r_systemadmin

SysAdmin Quote of the Day: "It's not the work; it's the worry of it."

I ran across this quote in a thread recently, and thought... that's exactly how I feel some weeks, working in this field. Doing the actual, technical, nitty-gritty parts is generally enjoyable, and occasionally awesome. But the incessant, nagging feeling that something, somewhere, is about to pop/have a critical CVE/a user or junior IT Admin will fug something up steals all the sunshine — and places a dark, angry little storm cloud perpetually over my shoulder, just waiting to strike.

I'm sure waking up and reading The Hacker News/Cyber Security News feeds on Telegram don't help the situation... but then again... neither is Microsoft.

Anyone else find it fitting? Have you come across other quotes that stand out and speak to the Sisyphean roles we fill?

https://www.reddit.com/r/Life/s/S0y2wzSF8D

https://redd.it/1ow1wnh
@r_systemadmin

IT perspective: How many employees in your org have accidentally leaked sensitive data during screen shares?

Curious to hear from other IT folks about this. We've had three incidents this quarter alone:



1. Sales rep showed customer list in browser tabs during prospect call

2. HR person had salary spreadsheet visible in recent files

3. Engineer's password manager popped up during client demo



None were catastrophic, but each could have been avoided. We've done the standard security training, but screen sharing feels like this massive blind spot that nobody talks about until something embarrassing happens.



Are you seeing similar issues? What policies or tools have actually worked to prevent this without being too restrictive?



I'm trying to build a case for better solutions beyond just "be careful" training that clearly isn't working.



https://redd.it/1ow1j3e
@r_systemadmin

IT Admin turns into all IT

Hey everyone,


So for context, I've started at this position a few months back, fresh out of college, as a full time IT Admin. They've never had in house IT before, which I attribute to most of these issues. Between having over 500 employees and over that computers, etc. there's been a few things I'd like to share.


Firstly, there is no naming scheme in AD. Sometimes it firstname - last inital, sometimes it's full name, last name, you name it.


Second, we're still on a 192. addressing scheme with now 192.168.0 - 192.168.4. Servers and switches are all just floating somewhere in those subnets, no way of telling why they have that static or if it's always been like that. I'd LOVE moving to 10.10.


Speaking of IP Addresses, we ran out a few weeks ago.. so we need to expand DHCP again to be able to catch up. When I first got hired, all 6 UPS's we had were failed, so power outages completely shut down everything.


All users passwords are set by IT, they don't make it themselves.. and the best part? They're all local admin on their machines. What could go wrong?


So I've been trying to clean up while dealing with day to day stuff, whilst now doing Sysadmin, Networking, and so on. Maybe that's what IT Admin is. I'm younger, but have been in IT since 15, so I have some ground to stand on. Is 75,000 worth this? I don't know enough since I've not been around, but i had to work my way to 75 from 60.


Thoughts?

https://redd.it/1ow4b9f
@r_systemadmin

Rogue Action1 agent installed on a random VM-looking machine - all normal causes ruled out. It's all very strange.

Bit of a weird one and I’m hoping someone else has seen something similar.

We use Action1 RMM in a small \~60-user UK company. Today, a completely unknown endpoint appeared in New Endpoints.

Machine details:

User: `BRIDGETTEEVJS\Administrator`
OS: Windows 10 20H2 (!!)
Status: Disconnected
Platform: Windows (manual install)
Health: • 585 critical • 3592 non-critical • 2 critical patching • 7 non-critical patchings
Domain: Not ours
Subnet: Not ours
Hostname/User: Not ours
Manufacturer: Not Apple Inc.
CPU: Intel Xeon E5-2683 v4 @ 2.10 GHz (4 cores)
GPU: Microsoft Basic Display Adapter (SeaBIOS Developers)
RAM: 4 GB
Disk: 60 GB Generic
NIC: Intel PRO/1000 MT
IP: [192.168.36.29](http://192.168.36.29)
MAC: 00:1B:21:13:36:29

Action1 shows the agent was installed minutes before it appeared. I removed the endpoint and regenerated the MSI (so I assume the old MSI token is now dead).

To avoid going down the usual rabbit holes, here’s what I’ve already eliminated:

No user home PC has access to our file server – no VPN, no mapped drives, no offline sync, no OneDrive/SharePoint paths pointing to the Tech folder.
No one in the company except me runs VMs, and no forgotten VMs exist – ESXi checked, no old test VMs, no dev machines, no orphaned lab systems.
The Action1 MSI is only ever installed over UNC by me; never uploaded, never emailed, never copied to desktops/Downloads/OneDrive/etc. Users can browse the Tech share but cannot run MSI/EXE files due to policy. Even if they did somehow run the installer, it would just reinstall Action1 on their existing work machine, not spin up a random VM on a different subnet.
No external vendors have SMB access – no MSP, no external techs, no legacy provider accounts.

While It’s theoretically possible a user copied the MSI (if i'd left it on their desktop or something), based on our staff skill level and restrictions, it’s extremely improbable. None of them would even know what Action1 is, what a UNC path is, or what a VM is (which is what i assume this thing was running on).

None of it makes sense.

TL;DR:
A random Win10 20H2 VM showed up in Action1. Users can’t run MSI/EXE, no home access, no VMs, no forgotten systems, no vendors, nothing.

Any ideas? Spooked me a bit!

https://redd.it/1ow1269
@r_systemadmin

APC powerchute serial shutdown - can't reset battery replacement

I have a BRG 1500 at a small remote office, I replaced the battery in 2019 and used the powerchute software to change the replacement date. This was the legacy version which installed and ran on a windows machine and launched as a program.

Today, the legacy software has been replaced by this

https://www.se.com/us/en/product/SFPCSS/software-powerchute-serial-shutdown-unattended-graceful-shutdown-ups-monitoring-configuration-energy-management/

and this software appears to do the same thing but it is web based and accessible via localhost in a browser...no problem, looks to be the same exact software just browser based.

I ordered a replacement battery (legit APC battery, not 3rd party) and changing the replacement battery date in the software works, it accepts 11 and 2025 values, but running a self test fails and stated that the battery needs to be replaced.

Is it possible I got a bad battery? Of course it is. However, I did some googling and this seems to be a very common problem.

I saw a few posts indicating that a registry value can be changed, but I don't have the registry folders that were listed in the posts, likely because they are for the legacy program and not the updated program.

I just went through this process, about a month ago, at another remote site with a camera NVR PC and this PC still had the legacy software installed so when I changed the battery and launched the software and clicked the button that I replaced the battery, it accepted the date and passed a self test that I manually ran.

Anyone else run into this issue?

Thanks.

https://redd.it/1ow1kt8
@r_systemadmin

Active Directory -Demoting half-functioning DC

Hey fellow Sysadmins, AD question for you.

I haven't touched AD in close to four years because I've sort of floated over to the Entra Side, but I now have a client in this sitch:

Someone apparently at some point shut down some firewalls and a DC in a site lost communication with most other DCs.

The they created their own replication links to try and fix it, and it limped along for a while but it just wasn't quite right, according to them.

Now, their Tombstone Lifetime has been breached and the DC in question will now accept changes from the rest of AD but the rest of AD will not accept changes from the isolated DC.

They have fixed all their firewall issues and communication works between all DCs now but they want me to fix the broken one.

My thought is this:

\- Move isolated DC Subnets to another site so authentication doesn't break of get delayed

\- Demote isolated DC by a forced demotion

\- Wipe the DC manually from AD via MetaData cleanup

\- Wipe the site from AD

\- Wait for Replication

\- Recreate the site

\- Re-promote the DC

\- Wait for it to fully come on line

\- Move the subnets back to the isolated site

If my AD memory serves me correctly, that should work right? I know I can maybe clean up the conflicting objects and get them to talk again, but that seems more risky and labor intense.

Thanks all.



https://redd.it/1ow4htt
@r_systemadmin

How do you get an Apple sales rep ?

How does one go about getting an Apple sales rep ? Do you get better small volume pricing that way ?

https://redd.it/1owagt3
@r_systemadmin

Microsoft Issue - Workaround? Buy Copilot

So Microsoft has identified an issue. If you want to avoid impact, you can buy Copilot and the next update on the issue is set to be 8 days after the issue was reported.

Thanks Microsoft

Microsoft:

>Some users who are scheduling meetings may not receive accurate declined email messages in Exchange Online

>Issue ID: EX1184307

>Affected services: Exchange Online

>Status: Service degradation

>Issue type: Advisory

>Start time: Nov 10, 2025, 1:15 AM EST

>User impact

>Users who are scheduling meetings may not receive accurate declined email messages in Exchange Online.

>More info

>Specifically, when users send a meeting invitation that is declined by a resource room, the email response may be missing the Organizer's details.

> As a way to avoid impact, users can enable Auto Room Booking for the event. To enable this feature, once the users add attendees and select the correct time, there is an "Add room with Copilot" button which will enable Auto Room Booking. Once this is enabled, users will see "Copilot Managed" and "Copilot will rebook if the room declines or the meeting is rescheduled". Additionally, when viewing the "Places finder", it will also show this feature enabled once users click "Add a room or location", then "Browse all rooms", users will see "Rebook declined rooms" toggled on.

>In order to enable this feature, users must have an active Copilot license and be scheduling meetings using the Outlook (new), Outlook on the web or Microsoft Teams.

>Scope of impact

>Some users who are scheduling meetings that are being declined by a resource room may be impacted.

>Root cause

>A recent deployment implemented a design change that's preventing the Organizers details from reflecting properly when a meeting invitation is declined by a resource room.

>Current status

>Nov 10, 2025, 1:47 AM EST

>We’ve identified a recent deployment implemented a design change that's preventing the Organizers details from reflecting properly when a meeting invitation is declined by a resource room. We're developing a fix to restore the Organizers details when meeting invitations are declined by a resource room, which will undergo validations and internal testing before deploying it to the impacted environment. We'll aim to provide a deployment timeline once available.

>Next update by:

>Tuesday, November 18, 2025 at 3:00 AM EST

>History of updates

>Nov 10, 2025, 1:16 AM EST

>We're investigating a potential issue with Exchange Online and checking for impact to your organization. We'll provide an update within 30 minutes.

https://redd.it/1ow852q
@r_systemadmin

NinjaOne down?

Eastern US here, anyone else experience extreme slowness or RMM just not loading at all?

https://redd.it/1owas2z
@r_systemadmin

Top 3 Powershell Commands

Hi guys, what are your top 3 favourite commands? I’m currently working on a project at the moment to mass deploy VMs on various server HyperVs.

I’m trying to get better at automating network configuration, computer renaming, IP setting, VM creation, junk/temp file schedule deletion etc etc. Just things that result in better quality of life for the user , but also ease of deployment and maintenance for the admins.

I’ve really started to like Powershell and right now I’m trying to figure out what I CAN’T do with PS haha. Curious how others like to use it to automate or alleviate their work?

https://redd.it/1oweno3
@r_systemadmin

Wireless AP\system recommendations

I am looking to replace our wireless AP's and I am looking for wireless recommendations. We are a medium sized business currently using 6 UniFi UAP-HC-HD AP's. These have been pretty solid but due to POE issues they are incompatible with our current Cisco switches. They will not power on with POE.

Per an open Cisco case, these UAP-HC-HD access point present parameters outside of the IEEE spec.

Since they are about 4 years old and there is no support for them, we are looking at replacing them.


We have a fairly simple setup and only run a corporate and a guest network. Indoor only. We need to secure with certificates this next year so that is needed.


What is everyone using and what would a recommendation be?

https://redd.it/1owauwk
@r_systemadmin

How the hell are faxes HIPAA compliant but email isn’t?

EDIT: This is a rhetorical question. Read the absurdity below.

I’m helping a client of mine implement a new phone system, and the phone system vendor is doing an assisted implementation. As part of the staging in the system, the new provider is using temporary (real) phone numbers until the commissioning and porting date. This particular vendor also has e-fax capabilities on each DID on the phone system.

Apparently, one of the temporary numbers used to be the fax line for a local fertility doctor’s office because one user has received several emails with faxes from Labcorp showing various ladies lab reports.

Faxes are NOT SECURE. Regular-ass email, even sent over unencrypted SMTP on port 25 is less likely to end up in the wrong hands than a “boy I sure hope I typed this phone number in right and there’s a fax machine on the other end” best effort fax. Network packets don’t randomly get sent to the wrong place over a WAN connection, and with as virtually ubiquitous TLS encryption is on everything from SMTP to HTTPS, transferring data across the “open” internet is pretty damned safe.

I 100% know what happened too: our local ILEC started killing old copper POTS accounts in the area, the doctors office didn’t see or understand the notice on the bill, and their account got killed and the phone number released. I’m sure that the office manager at the doc’s office has said something like “It’s weird we haven’t received any faxes in the last few days, right?”

Yeah, we got the fax, and Mary’s estradiol level is 262.6. 🙄 C’mon people, make a web portal for this shit or integrated your EHR. We know you have one… it’s required by HIPAA.

https://redd.it/1owjhk7
@r_systemadmin

Phishing message in Teams

If a phishing message appears in Teams as one of the existing chat participants and the participant says they didn’t post it, where do you start at finding the cause?

I looked in the user’s sign in logs and see no new sign in locations.

Malware on their device?

https://redd.it/1owitbd
@r_systemadmin

Jack of all trades, master of none?

How many different systems are you responsible for? How many is too many? I feel like I may be becoming a jack of all trades and a master of none. Some of my responsibilities are being a Google admin, identity and access management, the firewall, email security, EDR, and I dabble a little in our VM environment.

Is it normal to be responsible for this many systems? Im still pretty new to this, going on 3 years in a few months.

https://redd.it/1owlsb9
@r_systemadmin

I take a deep breath each morning as I open the ticket queue audio

https://www.youtube.com/watch?v=XXsTBKhsSBw

I have started reading poorly worded hyperbolic tickets in my head as if a metal band were singing it. All work and no play makes the help desk a dull boy.

Come up with a good ticket pasted as lyrics and maybe I'll turn it into one for some commiserative laughs - cheers.

https://redd.it/1owo6jw
@r_systemadmin

Management security

Context, I’m responsible for the whole IT in a small company (around 20 people). No specific background, just Reddit under my arm.
We have been asked lately to strengthen our general security to be compliant in regards to one of our client. Task that I’ve taken and done quite well (i think), it’s quite general stuff, like DNS filtering and zero trust policy on computers.

Now, obviously dns filtering is going to block illegal streaming services. But what to do when top management, owner of the company says that she can’t watch here favorite netflix show (not on Netflix) anymore and is simply asking for those security updates to be taken down ?

I’m hesitating between, it’s your company I get paid to do what want yolo and well this is kind of the last computer you want to have compromised as being an owner she by default has access to a lot of sensitive information.

https://redd.it/1owp2ke
@r_systemadmin

Multiple unknown WordPress Administrator accounts suddenly appeared. How bad is this and what should I check?

I logged into the WordPress dashboard of an eCommerce site I manage and found several user accounts with the Administrator role that neither I nor my business partner created.

Screenshot of the User List

We have not checked the User list in months, so these accounts may have existed for a while. The strange part is that the site looks completely normal (as far as I can tell).



Here are the details:

A plugin called File Manager Advanced was installed earlier. I recently learned that this plugin has a long history of security issues.
The site had many outdated plugins and themes before we discovered the problem.
Functionality in the store seems normal, and no strange orders have appeared.
I am trying to understand how serious this is and what the correct cleanup steps should be without damaging the existing eCommerce setup.



My questions:

1. Does this automatically confirm a hack or is there any legitimate explanation for unknown Administrator accounts appearing?
2. What should I inspect to confirm whether attackers left backdoors?
3. Should I check theme files like functions.php, the uploads directory, scheduled tasks, or the database user table?
4. Is deleting the accounts, changing passwords, running Wordfence, and regenerating SALT keys enough, or should I do a full reinstall of WordPress core?
5. Is File Manager Advanced a likely attack vector in this situation?
6. I would appreciate advice from anyone who has dealt with similar silent compromises. I want to clean this properly without breaking the store.



Thanks in advance.

https://redd.it/1ownvuv
@r_systemadmin

Weekly 'I made a useful thing' Thread - November 14, 2025

There is a great deal of user-generated content out there, from noscripts and software to tutorials and videos, but we've generally tried to keep that off of the front page due to the volume and as a result of community feedback. There's also a great deal of content out there that violates our advertising/promotion rule, from noscripts and software to tutorials and videos.

We have received a number of requests for exemptions to the rule, and rather than allowing the front page to get consumed, we thought we'd try a weekly thread that allows for that kind of content. We don't have a catchy name for it yet, so please let us know if you have any ideas!

In this thread, feel free to show us your pet project, YouTube videos, blog posts, or whatever else you may have and share it with the community. Commercial advertisements, affiliate links, or links that appear to be monetization-grabs will still be removed.

https://redd.it/1owshxp
@r_systemadmin