Browser extensions are becoming a huge security headache
Our employees keep installing random Chrome extensions some harmless, some sketchy as hell. We can’t realistically block the entire Chrome Web Store, but letting everyone install whatever they want is turning into a mess. Looking for something that can actually control or monitor this without constant manual policing.
https://redd.it/1p2wsni
@r_systemadmin
Our employees keep installing random Chrome extensions some harmless, some sketchy as hell. We can’t realistically block the entire Chrome Web Store, but letting everyone install whatever they want is turning into a mess. Looking for something that can actually control or monitor this without constant manual policing.
https://redd.it/1p2wsni
@r_systemadmin
Reddit
From the sysadmin community on Reddit
Explore this post and more from the sysadmin community
Cloudflare CTO apologises after bot-mitigation bug knocks major web infrastructure
https://www.tomshardware.com/service-providers/cloudflare-apologizes-after-outage-takes-major-websites-offline Tom's Hardware
Another reminder of how much risk we absorb when a single edge provider becomes a dependency for half the internet. A bot-mitigation tweak should never cascade into a global outage, yet here we are, AGAIN.
Curious how many teams are actually planning for multi-edge redundancy, or if we’ve all accepted that one vendor’s internal mistake can take down our production traffic in seconds... ?
https://redd.it/1p2ypz5
@r_systemadmin
https://www.tomshardware.com/service-providers/cloudflare-apologizes-after-outage-takes-major-websites-offline Tom's Hardware
Another reminder of how much risk we absorb when a single edge provider becomes a dependency for half the internet. A bot-mitigation tweak should never cascade into a global outage, yet here we are, AGAIN.
Curious how many teams are actually planning for multi-edge redundancy, or if we’ve all accepted that one vendor’s internal mistake can take down our production traffic in seconds... ?
https://redd.it/1p2ypz5
@r_systemadmin
Tom's Hardware
Cloudflare's CTO apologizes after error takes huge chunk of the internet offline — 'we failed our customers and the broader internet'
CTO blames bot mitigation bug triggered by routine config change.
As sysadmins/endpoint engineers/etc, what do you appreciate from your help desk, and what do you wish they did better?
I'm starting as a new manager of an IT help desk, and I hear I'm inheriting a bit of a mess, and I'll have to do some rebuilding. I'm looking to build some good habits early on, and so I'd like to hear your input in what you guys like to see out of your help desks.
https://redd.it/1p2zjc0
@r_systemadmin
I'm starting as a new manager of an IT help desk, and I hear I'm inheriting a bit of a mess, and I'll have to do some rebuilding. I'm looking to build some good habits early on, and so I'd like to hear your input in what you guys like to see out of your help desks.
https://redd.it/1p2zjc0
@r_systemadmin
Reddit
From the sysadmin community on Reddit
Explore this post and more from the sysadmin community
Again?
X/Twitter seems to be having issues. Down detector is beginning to show some spikes as well, including AWS and cloudflare. Anyone else seeing impacts?
https://redd.it/1p32c8j
@r_systemadmin
X/Twitter seems to be having issues. Down detector is beginning to show some spikes as well, including AWS and cloudflare. Anyone else seeing impacts?
https://redd.it/1p32c8j
@r_systemadmin
Reddit
From the sysadmin community on Reddit
Explore this post and more from the sysadmin community
CloudFlare..... again? Come the fuck on
Here we go again, multiple sites showing Cloudflare issues......
Why? Why a fucking Friday? Really?!
https://redd.it/1p32ry5
@r_systemadmin
Here we go again, multiple sites showing Cloudflare issues......
Why? Why a fucking Friday? Really?!
https://redd.it/1p32ry5
@r_systemadmin
Reddit
From the sysadmin community on Reddit
Explore this post and more from the sysadmin community
40k a year for first sysadmin job
Hi everyone! I am about to finish grad school and I finally got a job offer as a systems administrator. However, I am kind of upset about the salary of 40k a year. Is this really low for a sysadmin job, or a good salary for entry level position? Can I work my way up and make more money in the future? Any advice would be great.
https://redd.it/1p37r9d
@r_systemadmin
Hi everyone! I am about to finish grad school and I finally got a job offer as a systems administrator. However, I am kind of upset about the salary of 40k a year. Is this really low for a sysadmin job, or a good salary for entry level position? Can I work my way up and make more money in the future? Any advice would be great.
https://redd.it/1p37r9d
@r_systemadmin
Reddit
From the sysadmin community on Reddit
Explore this post and more from the sysadmin community
Vendors Using Teams for Remote Support
I'm not sure if it's just me, but it feels like more and more vendor support teams for line of business apps are trying to use Microsoft Teams instead of investing in proper remote support tools.
I just had another one this morning asking me to install Teams on a production server so they could troubleshoot an issue with their product. People think I'm the bad guy for making receiving support "more difficult", but c'mon, man.
Am I the one that's out of line here?
https://redd.it/1p33dgb
@r_systemadmin
I'm not sure if it's just me, but it feels like more and more vendor support teams for line of business apps are trying to use Microsoft Teams instead of investing in proper remote support tools.
I just had another one this morning asking me to install Teams on a production server so they could troubleshoot an issue with their product. People think I'm the bad guy for making receiving support "more difficult", but c'mon, man.
Am I the one that's out of line here?
https://redd.it/1p33dgb
@r_systemadmin
Reddit
From the sysadmin community on Reddit
Explore this post and more from the sysadmin community
Place your bets. which vendor is next to screw themselve...and all of us
Its starting to look like the year where hackers barely need to do anything because the biggest vendors keep taking themselves down with their own hands.
Cloudflare One bad configand half the internet offline.
AWS ...DNS chain reaction and banks, apps, and services collapsed.
Azure... A routing/config change and global authentication failures.
Google...Stacked flawed updates and couse massive outage.
Zoom...Registrar glitch and zoom.us disappears.
Slack.. Internal update issue and no messaging, no channels.
So what’s the real common denominator?
Misconfigurations!
One bad file, one flawed update, one DNS change and entire ecosystems shutdown
Not attackers. Not Ransomware
Place your bets...
Which vendor do you think is next to hit the global outage button?
https://redd.it/1p3afoz
@r_systemadmin
Its starting to look like the year where hackers barely need to do anything because the biggest vendors keep taking themselves down with their own hands.
Cloudflare One bad configand half the internet offline.
AWS ...DNS chain reaction and banks, apps, and services collapsed.
Azure... A routing/config change and global authentication failures.
Google...Stacked flawed updates and couse massive outage.
Zoom...Registrar glitch and zoom.us disappears.
Slack.. Internal update issue and no messaging, no channels.
So what’s the real common denominator?
Misconfigurations!
One bad file, one flawed update, one DNS change and entire ecosystems shutdown
Not attackers. Not Ransomware
Place your bets...
Which vendor do you think is next to hit the global outage button?
https://redd.it/1p3afoz
@r_systemadmin
Reddit
From the sysadmin community on Reddit
Explore this post and more from the sysadmin community
How the hell do I stop apps being installed for new users logging into a Windows 11 PC?
Server admin here. Vary rarely get to play with client devices but I've got a task at the moment to stop certain apps being installed for "new users" logging into a PC for the first time.
Outlook. One Drive. Xbox Games etc.
I've run the below and works well. But only for existing users. But when a new user logs in... boom... it's back.
Get-AppxPackage -AllUsers -Name Microsoft.OutlookForWindows | Remove-AppxPackage -AllUsers
I tried to use to remove the underlying provisioning package:
Get-AppxProvisionedPackage -Online-PackageName Microsoft.OutlookForWindows
But the command fails but I've seen the above mentioned in a lot of places online. I'm at my wits end here. Why make it so sodding complicated MS?
https://redd.it/1p35yf7
@r_systemadmin
Server admin here. Vary rarely get to play with client devices but I've got a task at the moment to stop certain apps being installed for "new users" logging into a PC for the first time.
Outlook. One Drive. Xbox Games etc.
I've run the below and works well. But only for existing users. But when a new user logs in... boom... it's back.
Get-AppxPackage -AllUsers -Name Microsoft.OutlookForWindows | Remove-AppxPackage -AllUsers
I tried to use to remove the underlying provisioning package:
Get-AppxProvisionedPackage -Online-PackageName Microsoft.OutlookForWindows
But the command fails but I've seen the above mentioned in a lot of places online. I'm at my wits end here. Why make it so sodding complicated MS?
https://redd.it/1p35yf7
@r_systemadmin
Reddit
From the sysadmin community on Reddit
Explore this post and more from the sysadmin community
Stuck in the land of zero motivation
Making this hoping it'll boost me toward getting back in IT and building up my resume.
Took this leap of faith by following my wife overseas and putting pause on my career so we can experience living in Europe. I didn't think it would be too hard to find work but with the government shutdown, adjusting to life here, and realizing the lack of job opportunities have burnt me out on looking for work or even looking at anything IT related. Going from dream job to part time babysitter sucks.
I bought a raspberry pi in hopes of doing projects and built a pc that should handle mini projects but I haven't had the motivation of trying to do anything with it. I've just given up on working on things with the minimal job opportunities/lack of true worth of spending time on a project.
But I've realized I can't just sit here and let time past so here's to getting back to the grind with projects then certifications. Maybe I'll get lucky and find a tech job somewhere...
Good luck to me and anyone else needing that push to keep going.
https://redd.it/1p3eq35
@r_systemadmin
Making this hoping it'll boost me toward getting back in IT and building up my resume.
Took this leap of faith by following my wife overseas and putting pause on my career so we can experience living in Europe. I didn't think it would be too hard to find work but with the government shutdown, adjusting to life here, and realizing the lack of job opportunities have burnt me out on looking for work or even looking at anything IT related. Going from dream job to part time babysitter sucks.
I bought a raspberry pi in hopes of doing projects and built a pc that should handle mini projects but I haven't had the motivation of trying to do anything with it. I've just given up on working on things with the minimal job opportunities/lack of true worth of spending time on a project.
But I've realized I can't just sit here and let time past so here's to getting back to the grind with projects then certifications. Maybe I'll get lucky and find a tech job somewhere...
Good luck to me and anyone else needing that push to keep going.
https://redd.it/1p3eq35
@r_systemadmin
Reddit
From the sysadmin community on Reddit
Explore this post and more from the sysadmin community
Microsoft 365 Local is Generally Available
Is anyone planning to investigate / deploy? It was promised a while ago as the ultimate answer to data sovereignty issues - as expected, looks like a fairly out-of-the-box Azure Local (formerly Azure Stack HCI) deployment of Exchange Server, SharePoint Server, and Skype for Business Server with a hardened security baseline and some cloud-based orchestrations. Not surprisingly there’s no on-premises Microsoft Teams functionality but this is still a disappointment. Useful or just another marketing innovation?
https://techcommunity.microsoft.com/blog/azurearcblog/microsoft-365-local-is-generally-available/4470170
https://redd.it/1p3q3td
@r_systemadmin
Is anyone planning to investigate / deploy? It was promised a while ago as the ultimate answer to data sovereignty issues - as expected, looks like a fairly out-of-the-box Azure Local (formerly Azure Stack HCI) deployment of Exchange Server, SharePoint Server, and Skype for Business Server with a hardened security baseline and some cloud-based orchestrations. Not surprisingly there’s no on-premises Microsoft Teams functionality but this is still a disappointment. Useful or just another marketing innovation?
https://techcommunity.microsoft.com/blog/azurearcblog/microsoft-365-local-is-generally-available/4470170
https://redd.it/1p3q3td
@r_systemadmin
TECHCOMMUNITY.MICROSOFT.COM
Microsoft 365 Local is Generally Available | Microsoft Community Hub
In today’s digital landscape, organizations and governments are prioritizing data sovereignty to comply with local regulations, protect sensitive...
Rant: "I'm not technical" is not a badge of pride
When I started in the industry users didn't do computers at school and the home computing revolution hadn't begun, so "I'm not technical" was perhaps a valid claim
Fast-forward 35 years and this phrase is still being said and as if it's a badge of pride.
There are not enough swearwords in the universe to describe what I want to say...but I am sure I am not alone in thinking in '25 ...it should actually be followed by "and I need to fix that"
https://redd.it/1p3rlkq
@r_systemadmin
When I started in the industry users didn't do computers at school and the home computing revolution hadn't begun, so "I'm not technical" was perhaps a valid claim
Fast-forward 35 years and this phrase is still being said and as if it's a badge of pride.
There are not enough swearwords in the universe to describe what I want to say...but I am sure I am not alone in thinking in '25 ...it should actually be followed by "and I need to fix that"
https://redd.it/1p3rlkq
@r_systemadmin
Reddit
From the sysadmin community on Reddit
Explore this post and more from the sysadmin community
DRAM Prices - lol WTF?
You guys seeing this? I know it's slightly off topic of sysadmin stuff, but we do upgrade some systems with 1 year EOL left, take them from 16GB to 32GB just to get them through their final year in service before RPL.
So I decided to lookup the RAM kit I bought for my personal setup. A few days ago, I paid $219.99 at BestBuy. (Solid RAM low timings BTW).
2 Days ago it was $679.99 and today... well.... today it's $906.99.... yep, for 2x32GB DDR5 6400
This isn't 3rd party, it's retail at BestBuy - https://www.bestbuy.com/product/corsair-vengeance-rgb-64gb-2x32gb-ddr5-6400mhz-c32-udimm-desktop-memory-black/J39QHTC43T
Newegg also: https://www.newegg.com/corsair-vengeance-rgb-64gb-ddr5-6400-cas-latency-cl32-desktop-memory-black/p/N82E16820982255
Price Charts: https://pcpartpicker.com/trends/price/memory/
https://redd.it/1p3sbrq
@r_systemadmin
You guys seeing this? I know it's slightly off topic of sysadmin stuff, but we do upgrade some systems with 1 year EOL left, take them from 16GB to 32GB just to get them through their final year in service before RPL.
So I decided to lookup the RAM kit I bought for my personal setup. A few days ago, I paid $219.99 at BestBuy. (Solid RAM low timings BTW).
2 Days ago it was $679.99 and today... well.... today it's $906.99.... yep, for 2x32GB DDR5 6400
This isn't 3rd party, it's retail at BestBuy - https://www.bestbuy.com/product/corsair-vengeance-rgb-64gb-2x32gb-ddr5-6400mhz-c32-udimm-desktop-memory-black/J39QHTC43T
Newegg also: https://www.newegg.com/corsair-vengeance-rgb-64gb-ddr5-6400-cas-latency-cl32-desktop-memory-black/p/N82E16820982255
Price Charts: https://pcpartpicker.com/trends/price/memory/
https://redd.it/1p3sbrq
@r_systemadmin
Bestbuy
CORSAIR VENGEANCE RGB 64GB (2x32GB) DDR5 6400MHz C32 UDIMM Desktop Memory Black CMH64GX5M2Y6400C32 - Best Buy
Shop CORSAIR VENGEANCE RGB 64GB (2x32GB) DDR5 6400MHz C32 UDIMM Desktop Memory Black products at Best Buy. Find low everyday prices and buy online for delivery or in-store pick-up. Price Match Guarantee.
Is there any DLP that’s designed specifically for AI applications?
What I mean is checking at the prompt level by not just blocking but semantically assessing the prompt against policies (e.g. no PII, relevance, etc.) before letting it through
https://redd.it/1p3t826
@r_systemadmin
What I mean is checking at the prompt level by not just blocking but semantically assessing the prompt against policies (e.g. no PII, relevance, etc.) before letting it through
https://redd.it/1p3t826
@r_systemadmin
Reddit
From the sysadmin community on Reddit
Explore this post and more from the sysadmin community
What's the point of having VLAN tagging functionality for server management port (IPMI)?
To my knowledge, unless a port is a shared port (used by hypervisor), vlan tagging should be done on the switch, not by the node itself (IPMI).
My workplace supermicro server have the functionality to vlan tag the traffic going out of the IPMI port.
Why this functionality exists? What is the used for it?
https://redd.it/1p3t47c
@r_systemadmin
To my knowledge, unless a port is a shared port (used by hypervisor), vlan tagging should be done on the switch, not by the node itself (IPMI).
My workplace supermicro server have the functionality to vlan tag the traffic going out of the IPMI port.
Why this functionality exists? What is the used for it?
https://redd.it/1p3t47c
@r_systemadmin
Reddit
From the sysadmin community on Reddit
Explore this post and more from the sysadmin community
Azure File Shares now support kerberos for entra only in preview
https://learn.microsoft.com/en-us/fslogix/how-to-configure-profile-container-entra-id-hybrid?pivots=hybrid-identities
I'm currently running an AVD setup using the Nerdio storage key injection workaround, and so far so good. Mostly for Intune only computers to run Remote Apps, a few teams use privileged desktops, like for database access.
With AVD you can schedule your session hosts to allocate off and on as needed. Same with things like Azure SQL or other back end systems.
I know everyone has their thoughts on cloud, but this basically means that SMBs don't need to run anything 24/7. Your entire infrastructure can allocate on and off on demand or schedule. If you're a 9-5 company this might mean pausing compute for 50% of the year. On-prem is a hard sell over that capability.
I guess the last big hurdle is SMB shares. Not sure we will see an Entra-only workaround for that any time soon, but Entra DS is not so bad if SMB is your only requirement.
https://redd.it/1p3voik
@r_systemadmin
https://learn.microsoft.com/en-us/fslogix/how-to-configure-profile-container-entra-id-hybrid?pivots=hybrid-identities
I'm currently running an AVD setup using the Nerdio storage key injection workaround, and so far so good. Mostly for Intune only computers to run Remote Apps, a few teams use privileged desktops, like for database access.
With AVD you can schedule your session hosts to allocate off and on as needed. Same with things like Azure SQL or other back end systems.
I know everyone has their thoughts on cloud, but this basically means that SMBs don't need to run anything 24/7. Your entire infrastructure can allocate on and off on demand or schedule. If you're a 9-5 company this might mean pausing compute for 50% of the year. On-prem is a hard sell over that capability.
I guess the last big hurdle is SMB shares. Not sure we will see an Entra-only workaround for that any time soon, but Entra DS is not so bad if SMB is your only requirement.
https://redd.it/1p3voik
@r_systemadmin
Docs
Store FSLogix profile containers on Azure Files using Microsoft Entra ID - FSLogix
Set up an FSLogix profile container on an Azure file share with your Microsoft Entra domain.
WHFB + FIDO2 - looking at SCRIL
Users have an issued FIDO2 security key. They use this key to register WHFB and setup a 6 digit pin for WHFB (Cloud Kerberos trust).
Some users on shared workstations will use the FIDO2 key to avoid the (10) machine limit.
They are no longer using their password with Windows or Mobile and no 3rd party apps require the user of their password.
Sadly almost all machines are still hybrid joined - but going forward will be ENTRA only.
I want to start rolling out SCRIL and fine grained passwords but had some questions:
1. Can you still use LAPS with SCRIL? For UAC prompts?
2. Are you changing users passwords before turning on SCRIL? If so, do the users see anything different during login when this happens?
3. Once fine grained passwords is configured and SCRIL enabled - do users see anything on their end as these policies are taking place?
Thanks in Advance!
https://redd.it/1p3xub4
@r_systemadmin
Users have an issued FIDO2 security key. They use this key to register WHFB and setup a 6 digit pin for WHFB (Cloud Kerberos trust).
Some users on shared workstations will use the FIDO2 key to avoid the (10) machine limit.
They are no longer using their password with Windows or Mobile and no 3rd party apps require the user of their password.
Sadly almost all machines are still hybrid joined - but going forward will be ENTRA only.
I want to start rolling out SCRIL and fine grained passwords but had some questions:
1. Can you still use LAPS with SCRIL? For UAC prompts?
2. Are you changing users passwords before turning on SCRIL? If so, do the users see anything different during login when this happens?
3. Once fine grained passwords is configured and SCRIL enabled - do users see anything on their end as these policies are taking place?
Thanks in Advance!
https://redd.it/1p3xub4
@r_systemadmin
Reddit
From the sysadmin community on Reddit
Explore this post and more from the sysadmin community
Do you content filter guest WiFi?
We have guest WiFi that a few thousand random users use per day.
How do you filter it? We want to allow low on-boarding friction to provide a good user experience, but the high-friction methods provide better filtering. We are legally supposed to filter out certain types of porn and other illegal sites, where I work, but the law is slightly ambiguous on how strong-armed the filtering has to be, so most entities have taken the stance of "best effort."
What we have done:
1. At the IP-level, we have blocked the top 30 or so public IP revolvers (Google, Cloudflare, Quad9, etc.).
2. Heavily filtered sites in the DNS resolver we provide to clients via DHCP.
3. Used some of Palo Alto's IP lists to block some sites at the IP level if there is 1:1 relationship (this does not do much these days, admittedly).
Are there any other best-effort things I have forgotten to do?
https://redd.it/1p3yzfz
@r_systemadmin
We have guest WiFi that a few thousand random users use per day.
How do you filter it? We want to allow low on-boarding friction to provide a good user experience, but the high-friction methods provide better filtering. We are legally supposed to filter out certain types of porn and other illegal sites, where I work, but the law is slightly ambiguous on how strong-armed the filtering has to be, so most entities have taken the stance of "best effort."
What we have done:
1. At the IP-level, we have blocked the top 30 or so public IP revolvers (Google, Cloudflare, Quad9, etc.).
2. Heavily filtered sites in the DNS resolver we provide to clients via DHCP.
3. Used some of Palo Alto's IP lists to block some sites at the IP level if there is 1:1 relationship (this does not do much these days, admittedly).
Are there any other best-effort things I have forgotten to do?
https://redd.it/1p3yzfz
@r_systemadmin
Reddit
From the sysadmin community on Reddit
Explore this post and more from the sysadmin community
Why aren’t more companies feeding their internal docs/code into an internal RAG system?
One of the first things I thought of when ChatGPT went mainstream was what if it actually knew our internal docs?
I recently built a system that feeds our team’s wikis, docs, and code into a vector DB for RAG queries, and the feedback has been great. Next we’re planning to use it as the foundation for an agent that helps with ops.
What’s the reason your team hasn’t done this yet?
https://redd.it/1p42jsz
@r_systemadmin
One of the first things I thought of when ChatGPT went mainstream was what if it actually knew our internal docs?
I recently built a system that feeds our team’s wikis, docs, and code into a vector DB for RAG queries, and the feedback has been great. Next we’re planning to use it as the foundation for an agent that helps with ops.
What’s the reason your team hasn’t done this yet?
https://redd.it/1p42jsz
@r_systemadmin
Reddit
From the sysadmin community on Reddit
Explore this post and more from the sysadmin community
mariadb vs mysql
We run both of these, seemingly at random and we need to pick one and standardize. Which do you run and why?
https://redd.it/1p4bunv
@r_systemadmin
We run both of these, seemingly at random and we need to pick one and standardize. Which do you run and why?
https://redd.it/1p4bunv
@r_systemadmin
Reddit
From the sysadmin community on Reddit
Explore this post and more from the sysadmin community
Stepping back
Not even sure why I'm posting this other than I don't have anyone else to rant to.
I've been in IT since 1988. Got my start in the dealer channel back when there was such a thing. Been with a non profit for the last 15 years and I'm just burned out. I've watched things go down the tubes since Covid. Quality of the people being hired has gone down the toilet (talking about "regular" staff, not IT. Shit... I am IT except for the CTO.)
Currently putting out resumes for a lower level desk side support to help desk position. Don't give a shit about pay cuts. Just need to get through the next few years till I can file for SS.
The only reason I don't call it quits tomorrow is because my wife needs health insurance. I can get covered through the VA. She can't and she's not old enough to get medicare yet.
I used to love what I do. Now I'm just disgusted with the level of stupidity, apathy, and lack of respect for our profession that seems to permeate my company.
Thanks for listening to this old jarhead rant.
https://redd.it/1p4d5ev
@r_systemadmin
Not even sure why I'm posting this other than I don't have anyone else to rant to.
I've been in IT since 1988. Got my start in the dealer channel back when there was such a thing. Been with a non profit for the last 15 years and I'm just burned out. I've watched things go down the tubes since Covid. Quality of the people being hired has gone down the toilet (talking about "regular" staff, not IT. Shit... I am IT except for the CTO.)
Currently putting out resumes for a lower level desk side support to help desk position. Don't give a shit about pay cuts. Just need to get through the next few years till I can file for SS.
The only reason I don't call it quits tomorrow is because my wife needs health insurance. I can get covered through the VA. She can't and she's not old enough to get medicare yet.
I used to love what I do. Now I'm just disgusted with the level of stupidity, apathy, and lack of respect for our profession that seems to permeate my company.
Thanks for listening to this old jarhead rant.
https://redd.it/1p4d5ev
@r_systemadmin
Reddit
From the sysadmin community on Reddit
Explore this post and more from the sysadmin community