Windows SMB: Cannot rename folder at root of share though I have full control

I can change at subfolders, but when it comes to folders at the root of the share, I am unable to change the folder names. It tells me to notify the owner of the folder. Do i need to be owner of the folder before I can rename it? why does that not hold for subfolders...
Share permissions is full control, while the ntfs permissions are "full control" for "this folder, subfolders and files". Am i missing something?

https://redd.it/1oyvm8a
@r_systemadmin

IT Specialist Simulator

Well then, looks like we have now entered the era of full blown sys admin simulation. New PC game on being a sys admin.

https://youtu.be/sfy78FiUYNA?si=6QH2TC_7K2ne0E0p

https://redd.it/1oyxf1f
@r_systemadmin

Windows Server 2022 not reporting proper update status to WSUS

I have a on prem windows server 2022 WSUS. Which services windows 11 and windows server 2022 machines. For some reason half of the windows server 2022 machines are displaying they are at 100% for installed updates. They have no needed updates even though they are missing the accumulative updates for the past 3 months. I tried removing the device from WSUS, recreating the software folder on the client, deleting the registry key for the wsus uid on the client but still no luck. Any advice would be appreciated.

https://redd.it/1oywvbz
@r_systemadmin

Which DNS approach is considered "best practice"?

We have 4 DNS servers in our environment:

2 Active Directory DNS Servers Which act as our authoritative DNS and 2 PowerDNS Recursor DNS servers which act as our Recursive servers.

Now, which of the following approaches do you think is better and more secure?

1. Clients > AD , *[If external query, forward to]* > PDNS > Internet
This approach requires to enable recursion on AD DNS and set PDNS as forwarders in the AD DNS.

2. Clients > PDNS *[if internal query, forward to]* > AD, *[if external query forward to]* > Internet
This approach requires to disable recursion on AD DNS and set the PDNS to forward internal domains (*.domain.local) to AD DNS and everything else to the Internet

3. Put all 4 servers on clients. Windows will query them simultaneously and first server with answer will respond. [In case of internal domains that would be AD and external domain that would be PDNS]
In this case we also disable recursion on AD DNS.

Which approach is preferable?

https://redd.it/1oyvyny
@r_systemadmin

Dante AV?

Any system admins troubleshooting AV systems communicating through Dante? It feels like networking 🙄



https://redd.it/1oyz311
@r_systemadmin

Anyone else seeing Office apps crashing after recent Monthly Enterprise Channel update? (Version 2509 Build 19231.20246)

Pushing this out because I’m running into the same mess across multiple users and I want to know if this is widespread.

We’re on **Microsoft 365 Apps – Monthly Enterprise Channel**, and several users updated today to:

**Office Version:** 2509
**Build:** 19231.20246

Since updating, **various Office apps are regularly crashing**. For most people it’s **Outlook**, but I’m also seeing Word/Excel instability here and there.

What I’ve tried (no improvement):

* Online repair
* Full reinstall
* Reboot (obviously)
* Verified no add-ins causing the issue
* Tried launching safe mode

Same behavior every time.

Anyone else getting hammered by this build?


If you’ve found a workaround or rolled back successfully, drop details — I’m trying to figure out whether to force a downgrade or wait for MS to unfuck the build.

https://redd.it/1oz3tv4
@r_systemadmin

Limiting access to two particular folders in OneDrive for Business

I’m a little unfamiliar with OneDrive in this aspect but how do you restrict access to just two folders in OneDrive for a user?

https://redd.it/1oz4prb
@r_systemadmin

How do you handle non Windows PXE boot

We currently push 3 windows flavors (23h2 24 25) through PXE managed by sccm/wds but are looking at adding our main linux distribution as well as blancco amd so far looks like theres not really a way without rebuilding our entire pxe setup

https://redd.it/1oz50bf
@r_systemadmin

Can I disable Windows 11 from defaulting to a non-admin user in UAC?

I just upgraded to Windows 11. For security reasons, I have setup an admin account that I don't actually log in to, and I use a separate standard local account for daily use.

If I try to open anything as admin, UAC pops up and the preselected username is usually the standard account (although not sure why but other times the admin account is pre-selected).

I don't remember seeing this behavior on Windows 10 but I could be wrong. Is there any way to get UAC to only default to an admin user? It's a bit annoying having to scroll and make a few clicks when it should know already the standard user can't get past this screen lol.

Thank you

https://redd.it/1oz6h96
@r_systemadmin

Finding the best KVM

I’m trying to find a KVM that I can plug my laptop (via USBC) and PC (via Display Port) into that has EDID emulation. Hopefully with 2 DisplayPort outputs for two monitors. I know this is a very specific thing to ask for so that’s why I need help with suggestions. I’m not worried about cost (as long as it’s reasonable) and I want a reputable brand. Thanks for any help!

https://redd.it/1oz6y04
@r_systemadmin

Wrapping RDP inside SSH to protect NTLM?

We have some Windows servers and appliances that are not AD-joined and never will be. They're OT. When we RDP to them, they're unfortunately using NTLM because that's what Windows requires when you're not using Kerberos (and Kerberos requires a KDC/domain controller). These are all on-prem so the risk is already pretty low, but we still don't like NTLM hashes floating across our network.

Does anyone have any experience with wrapping RDP sessions inside SSH sessions? I don't mind doing an extra step of establishing an SSH session when we need to RDP into them, but I do want the sessions to be stable.

https://redd.it/1oz8ufh
@r_systemadmin

Dumper v1.9.0 — This is a CLI utility for creating backups databases of various types (PostgreSQL, MySQL and etc.)

1. support docker
2. support shell noscript before and after backup

https://redd.it/1oz9cwp
@r_systemadmin

Cheapest - secure way to clean Fortinet firewalls

Hello,

We did a network upgrade recently and have lots of 101E which is close to End of life with some HP switches. What is the easiest way to clean and dispose them?

I checked and they do not have any financial value at the moment.

Ps: I am junior system eng.

Thanks in advance!

https://redd.it/1ozaojc
@r_systemadmin

Exchange Server migration

Hi,

I'm tasked with migrating an Exchange Server 2016 currently sitting on a Windows Server 2012 R2. Management wants me to move this to a 2016 Server (And eventually further to 2019 Exchange/2022 Server) using CommVault.

Has anyone done that? I've already indexed/backed up the mailbox contents that need to be moved but I have 0 idea on if there's a procedure that needs to be followed in terms of setting up the new server. CommVault also allows Exchange Database (DAG) Backups. Should I restore the Database on the target server and then the content? Any suggestions/help would be appreciated.

Thanks!

https://redd.it/1ozbz4i
@r_systemadmin

OPNSense and Netgate firewall appliance reliability

Hello Experts,


We’re planning to upgrade our perimeter firewall in the next few months and are currently evaluating our options. Right now, we’re using a SonicWall NSA-series appliance, but over the past two years Dell has increased the cost of its security service licenses nearly fourfold. Because of this, we’re considering switching to an open-source solution, specifically OPNsense or pfSense.

I’d like to get your feedback on the following hardware options:

Netgate 8300 series
OPNsense DEC4240 appliance

Specifically, I’m interested in hearing about:

Their overall reliability (we plan to deploy two units in an HA setup with hot standby)
The effectiveness of their web-filtering and anti-malware plugins
Your experience with ZenArmor—especially stability, performance, and ease of configuration
Can they last over 5+ years of use

Any insights, real-world experiences, or recommendations would be greatly appreciated.

https://redd.it/1oz96xf
@r_systemadmin

Advice on Domain Server 2012 R2 migration to 2022/2025

The one and only domain server is running windows server 2012 and we seriously need to upgrade besides all the security issues some of the software is no longer updating.

What is the best way to go about this? (we have a 2025 license ready to apply to the 2012)
The domain server is also doing DNS and file server, what worries me the most here is the file server part, because its a mixed setup:

* OS drive with 3 file partitions
* Another Drive with a single 4TB partition
* 2 ISCSI Partitions

We have another server 2022 that is supposed to take over as the domain controller but it already has 2 HyperV VMs running production Portals.

I have looked through a couple of reddit posts and they seem to also migrate the files but we don't have enough space to migrate the files.
At first my colleague was thinking of doing a inplace upgrade on the server 2012 but I read that there's a very high chance of failure and not the best way to do it.


How would the IP/DNS work in case we migrate to the other server when the other servers/pc will be pointing to the old domain controller?


So I want the opinion of everyone what you would do in this situation?


Thanks for any help.

https://redd.it/1ozdzb8
@r_systemadmin

Thinking through why branch deployment is still so painfully slow.

Reflecting on why every new location rollout is a multi month slog and I think part of it is structural not just vendor incompetence. Traditional MPLS circuits still offer SLAs that broadband doesn’t so we rely on them for critical sites. But ordering them takes forever. On top of that our SD WAN setup is supposed to help but there’s so much configuration complexity routing BGP failover that it adds its own delay. Even our zero touch devices don’t always behave how we expect once on site.

Maybe the real hang up is that we haven’t fully reconciled business speed expectations with network reality. Maybe it’s not about picking faster tech but about building a rollout model that matches how we actually grow.



https://redd.it/1ozedxc
@r_systemadmin

PSA: November 2025 Update is failing to use server-index for Search/File Explorer SMB search

As the noscript says, the November 2025 Update is failing to use the server-index for Search/File Explorer SMB search. This is apparently a known issue now and being investigated: https://www.windowslatest.com/2025/11/17/windows-11-kb5068861-issues-update-wont-install-file-explorer-smb-search-not-working-on-network-shares-handheld-performance/

If you are affected, you will see empty results or slow results, as the index is messed up.

https://redd.it/1ozh2ph
@r_systemadmin

Ennoscriptd/spoiled users rant

Okay so bit of a rant to get opinions how to deal with spoiled users. So I'm basically the solo IT-guy, I take care of everything sysadmin & IT-support for some odd 60 people, there's one guy who took care of the IT stuff before me but he swiveled away from it, he still sometimes helps me if he has time aside from his main job. When I started there were little over 40 people and I was the first dedicated inhouse IT-guy here.

At the start I got a proper hang on things, the work wasn't overwhelming and it was going smooth, there never was any ticket system in place just users coming to my door and I'd jump on to fix their problem no matter what I had going on at the moment(this is where they start to get spoiled and that's on me). There was plenty of administration to be done, we have two servers on-site with different environments and requirements, but it was all good.

We moved to new and bigger office mid 2024 and for the past year I've started to get behind on my duties. I'm a bit of a yes-guy, talked to HR about that too and they suggested I'd start saying no to things when I have too much on my table, which I have since, but now the users are acting pretty damn ennoscriptd and spoiled. For example when I have to tell them there has been changes on ISP side, software side or what ever, not in our our control "why do I have to press one more button while scanning - why is the new outlook like this - why can't things be this and that and what not".. When I'm on a lunch or on a coffee break they just imagine I'll drop the fork and jump on to solve their usually bs problems, I mean I have been doing that for years so ofc they think I'll do it.

The thing is I'm a people person and have been managing it for years, just now it's been getting too much since I keep falling behind on my own administration work because of that and I'm getting bit burn out by it all.

It doesn't help that I have created/raised these ennoscriptd users myself by bending over and backwards for them, for them to have it easy... I just realised (from reddit promoting me joblistings in my area lol) that I get paid way too little for the work which isn't helping to deal with the whole thing. I don't want to say I'm one foot out of the door but I have been putting few applications to new jobs all because of the current situation.


Now I know the problem, I know I created it, and I know the solution (to put a ticket system up and tell the users to put ticket in or don't get service, rather than come up to my door disrupting my work... I wouldn't want to leave this place to another poor sysadmin like this.. The thing is I'm too burnt out to do anything about it, just get to office, say yes, yes, yes, fall behind some more and just do work on weekends like yesterday.. It's not healthy and I just thought if ranting here would get some perspective on things.

Have you had to interact with users expecting you to act on their every whim? And if So how have you dealt with it?


TL;DR I spoiled the users and need to deal with it now

https://redd.it/1ozib9d
@r_systemadmin

How are you providing NTP in your company?

So we have an on-premise Active Directory so every DC is serving NTP by default but all syncing to the FSMO master.

Right now we have an internal dns alias of time.internal.ad that has the IP of the FSMO master.

Hypervisors point to external NTP.

In that sort of setup what are you pointing on-prem stuff to like switches and firewalls for NTP please?

https://redd.it/1ozlj8u
@r_systemadmin

I fixed an issue and don't know what was broken. Networking issue.

I just fixed an issue by flushing DNS on a local computer, that had issues accessing the DC, which is hosted on Azure.
Ticket came in as "i cant print". First thing I noticed the printer names on her PC had different naming than what they actually are. The PC had ping to the DC, but would not able to open the \\\\dc01\\ in file explorer. I was getting error "0x800004005", which I did not follow up on.
I tried deleting the printer and re-adding it, but I could not find it in the Manually Adding it either. I did restart the PC at this point, but the issue persisted.

First thing that came to my mind was two things:
1. ICMP doesn't mean everything is working.
2. It's always DNS joke

I ran ipconfig /flushdns and restarted the computer. If this didn't work I was going to try using the VPN, they usually use for remote work, but seems that flushdns fixed the issue.

PC was connected via ethernet, WiFi was off, VPN was off.

Now, I wonder what was broken.

https://redd.it/1ozlj95
@r_systemadmin