Thickheaded Thursday - November 27, 2025
Howdy, /r/sysadmin!
It's that time of the week, Thickheaded Thursday! This is a safe (mostly) judgement-free environment for all of your questions and stories, no matter how silly you think they are. Anybody can answer questions! My name is AutoModerator and I've taken over responsibility for posting these weekly threads so you don't have to worry about anything except your comments!
https://redd.it/1p7yid3
@r_systemadmin
Howdy, /r/sysadmin!
It's that time of the week, Thickheaded Thursday! This is a safe (mostly) judgement-free environment for all of your questions and stories, no matter how silly you think they are. Anybody can answer questions! My name is AutoModerator and I've taken over responsibility for posting these weekly threads so you don't have to worry about anything except your comments!
https://redd.it/1p7yid3
@r_systemadmin
Reddit
From the sysadmin community on Reddit
Explore this post and more from the sysadmin community
Teams governance
Hi,
How is everyone else governing Teams these days? The general lifecycle management, self service, governance and overall experience of Teams from a sysadmin point of view seems really lackluster and annoying to deal with.
We have been scouting for a proper solution to govern our Teams and Sharepoint setup and allow for our end users to create Teams, with guard rails and governance such as a naming convention, forced ownership, automatic archiving and thing like that, but it is difficult to find the right solution, or perhaps i am just getting hit with this "FOMO" where if i pick a solution and find a better one the next day, i am dug in for at least a year.
So far we have looked at Teams Manager from Solutions2Share and gotten a quote on it. Seems a bit Pricey 17.000€ for a year for 1000-4000 users. We only have around 3000 users at the moment, which is why i hate the 1000-4000 tier, as you pay the same regardless of having 1000 users or 4000 users.
It seems like a good product though, and mayb it is the right choice. Maybe not, i was hoping for some recommendations for other products or some feedback from others using Teams Manager, pros, cons, what is annoying, what works well, what does not work well and so on.
Hopefully we are not the only organization using Teams and are tired of the manual workload of keeping it tidy heh.
https://redd.it/1p7zazg
@r_systemadmin
Hi,
How is everyone else governing Teams these days? The general lifecycle management, self service, governance and overall experience of Teams from a sysadmin point of view seems really lackluster and annoying to deal with.
We have been scouting for a proper solution to govern our Teams and Sharepoint setup and allow for our end users to create Teams, with guard rails and governance such as a naming convention, forced ownership, automatic archiving and thing like that, but it is difficult to find the right solution, or perhaps i am just getting hit with this "FOMO" where if i pick a solution and find a better one the next day, i am dug in for at least a year.
So far we have looked at Teams Manager from Solutions2Share and gotten a quote on it. Seems a bit Pricey 17.000€ for a year for 1000-4000 users. We only have around 3000 users at the moment, which is why i hate the 1000-4000 tier, as you pay the same regardless of having 1000 users or 4000 users.
It seems like a good product though, and mayb it is the right choice. Maybe not, i was hoping for some recommendations for other products or some feedback from others using Teams Manager, pros, cons, what is annoying, what works well, what does not work well and so on.
Hopefully we are not the only organization using Teams and are tired of the manual workload of keeping it tidy heh.
https://redd.it/1p7zazg
@r_systemadmin
Reddit
From the sysadmin community on Reddit
Explore this post and more from the sysadmin community
We need one view for everything. Is that too much to ask?
I need ONE platform that unifies everyone and lets us track dependencies in a way humans can actually understand. Design, product, marketing, and dev teams all contribute to our releases, but no one sees the same information. Marketing launches features before they’re done. Product teams write requirements no one reads. Devs don’t know what’s blocked until it's too late.
https://redd.it/1p7zmik
@r_systemadmin
I need ONE platform that unifies everyone and lets us track dependencies in a way humans can actually understand. Design, product, marketing, and dev teams all contribute to our releases, but no one sees the same information. Marketing launches features before they’re done. Product teams write requirements no one reads. Devs don’t know what’s blocked until it's too late.
https://redd.it/1p7zmik
@r_systemadmin
How many of you have done AI related projects?
Interested if anyone has had any projects to implement AI in their environment.
Setting up a LLM (in cloud or on-prem), integrating AI into an app that you host, creating an AI tool for your m365 services, etc.
Not trying to make a point, just curious if anybody in the real world has had to do this.
https://redd.it/1p7y3fc
@r_systemadmin
Interested if anyone has had any projects to implement AI in their environment.
Setting up a LLM (in cloud or on-prem), integrating AI into an app that you host, creating an AI tool for your m365 services, etc.
Not trying to make a point, just curious if anybody in the real world has had to do this.
https://redd.it/1p7y3fc
@r_systemadmin
Reddit
From the sysadmin community on Reddit
Explore this post and more from the sysadmin community
Cleaning up a decade of user-level ACL chaos… I ended up building a tool to survive it
We had one of those “beautiful” environments where every department insisted on per-user NTFS permissions “for traceability”, inheritance disabled everywhere, and 500+ folders with unique ACLs.
You know the type... the kind where only the guy who left the company few years ago actually had Full Control on most of folders.
Auditing was a nightmare.
Figuring out “what does this user have access to?” was a nightmare.
Transitioning to groups was even worse because you first have to discover the full effective footprint of each user before you can rebuild anything cleanly.
I got tired of manually walking through Explorer, checking advanced security on every folder, and trying to piece together what actually exists. So over the last several months, I built a PowerShell-based GUI tool that lets me:
search any domain user or group and instantly see all explicit ACLs across shares
detect all unique ACL paths
compare two identities (“give me the same perms as that guy”)
and most importantly: use it to migrate from user-based ACLs → group-based structure much faster (find the user who represents the role, create a group, clone the ACEs onto the group, add the right members, remove the users)
I posted about it yesterday on r/PowerShell and the thread blew up... lots of debate, but also tons of admins saying they’re stuck in similar legacy environments and that visibility tools like this would have saved them days.
A few people asked if I could share the viewer part, so I published the read-only version, it’s just the ACL discovery / auditing engine with no write functions at all.
No credential storing, no privilege tricks, just reading explicit ACEs the user already has rights to read.
If anyone wants to take a look or give feedback, it’s linked on my profile (FSWorks Lab).
This whole thing came out of pure survival instinct, so if it helps someone else drag their file server out of permission hell, great.
Curious how many of you are still dealing with user-level ACL legacy… because based on yesterday’s reactions, it’s more common than I thought.
https://redd.it/1p82ll2
@r_systemadmin
We had one of those “beautiful” environments where every department insisted on per-user NTFS permissions “for traceability”, inheritance disabled everywhere, and 500+ folders with unique ACLs.
You know the type... the kind where only the guy who left the company few years ago actually had Full Control on most of folders.
Auditing was a nightmare.
Figuring out “what does this user have access to?” was a nightmare.
Transitioning to groups was even worse because you first have to discover the full effective footprint of each user before you can rebuild anything cleanly.
I got tired of manually walking through Explorer, checking advanced security on every folder, and trying to piece together what actually exists. So over the last several months, I built a PowerShell-based GUI tool that lets me:
search any domain user or group and instantly see all explicit ACLs across shares
detect all unique ACL paths
compare two identities (“give me the same perms as that guy”)
and most importantly: use it to migrate from user-based ACLs → group-based structure much faster (find the user who represents the role, create a group, clone the ACEs onto the group, add the right members, remove the users)
I posted about it yesterday on r/PowerShell and the thread blew up... lots of debate, but also tons of admins saying they’re stuck in similar legacy environments and that visibility tools like this would have saved them days.
A few people asked if I could share the viewer part, so I published the read-only version, it’s just the ACL discovery / auditing engine with no write functions at all.
No credential storing, no privilege tricks, just reading explicit ACEs the user already has rights to read.
If anyone wants to take a look or give feedback, it’s linked on my profile (FSWorks Lab).
This whole thing came out of pure survival instinct, so if it helps someone else drag their file server out of permission hell, great.
Curious how many of you are still dealing with user-level ACL legacy… because based on yesterday’s reactions, it’s more common than I thought.
https://redd.it/1p82ll2
@r_systemadmin
Reddit
From the sysadmin community on Reddit
Explore this post and more from the sysadmin community
How do you handle frequent password resets for students and teachers?
Hi everyone, I am new to the sysadmin community and I'm dealing with a pretty annoying problem.
I work with students and teachers who seem to lose their passwords all the time. We have about 30 students and 10 teachers calling us every 1 or 2 months because they've lost their password, or worse, they don't tell us and lose access to their sessions and Teams.
We currently have a 3-month password expiration policy (I don't make the rules, and personally I think this policy is bad). Students and teachers don't really understand why we ask them to change it every 3 months.
Passwords are already synced between Office 365 and Active Directory, but I don't know how to handle these lost passwords efficiently to save time and make users more independent. Does anyone have advice?
https://redd.it/1p81hlk
@r_systemadmin
Hi everyone, I am new to the sysadmin community and I'm dealing with a pretty annoying problem.
I work with students and teachers who seem to lose their passwords all the time. We have about 30 students and 10 teachers calling us every 1 or 2 months because they've lost their password, or worse, they don't tell us and lose access to their sessions and Teams.
We currently have a 3-month password expiration policy (I don't make the rules, and personally I think this policy is bad). Students and teachers don't really understand why we ask them to change it every 3 months.
Passwords are already synced between Office 365 and Active Directory, but I don't know how to handle these lost passwords efficiently to save time and make users more independent. Does anyone have advice?
https://redd.it/1p81hlk
@r_systemadmin
Reddit
From the sysadmin community on Reddit
Explore this post and more from the sysadmin community
"Stress, anxiety, depression, and other negative mental health effects can result from lack of transparency, continuous surveillance, and productivity monitoring" - GAO report on bossware
The GAO has a new report on digital surveillance in the workplace ("bossware"): https://www.gao.gov/products/gao-25-107126.
Do you administer a tool you would consider "bossware" in your workplace? What has the response been?
This stood out to me too:
>When employers misinterpret or misuse data collected by digital surveillance tools, workers’ employment opportunities could be negatively affected, according to stakeholders we interviewed. These negative effects could include reprimands, low performance evaluations, lower pay, reduced work hours, or termination.
https://redd.it/1p85cf2
@r_systemadmin
The GAO has a new report on digital surveillance in the workplace ("bossware"): https://www.gao.gov/products/gao-25-107126.
Do you administer a tool you would consider "bossware" in your workplace? What has the response been?
This stood out to me too:
>When employers misinterpret or misuse data collected by digital surveillance tools, workers’ employment opportunities could be negatively affected, according to stakeholders we interviewed. These negative effects could include reprimands, low performance evaluations, lower pay, reduced work hours, or termination.
https://redd.it/1p85cf2
@r_systemadmin
www.gao.gov
Digital Surveillance: Potential Effects on Workers and Roles of Federal Agencies
Employers monitor workers for many reasons such as tracking their safety or productivity. This Q&A examines digital surveillance’s effects on workers...
Full admin access on wifi?
We are currently implementing 802.1X on wifi and ethernet and we had a discussion if the admin VLAN should be extended to wifi or not.
Right now, there is sort of admin access if you pop on VPN while being connected to wifi, which I find strange but I didn't see that many wifi setups.
So, how do you handle it? Admin access only wired? Or with wifi too?
https://redd.it/1p854b2
@r_systemadmin
We are currently implementing 802.1X on wifi and ethernet and we had a discussion if the admin VLAN should be extended to wifi or not.
Right now, there is sort of admin access if you pop on VPN while being connected to wifi, which I find strange but I didn't see that many wifi setups.
So, how do you handle it? Admin access only wired? Or with wifi too?
https://redd.it/1p854b2
@r_systemadmin
Reddit
From the sysadmin community on Reddit
Explore this post and more from the sysadmin community
Compliance is slowly choking actual work
Trying to add anything new to the stack now feels like punishment. I’m not proposing a bank merger, I just want to test a tool. But no, gotta do a security review, risk form, data flow diagram, legal sign-off, “how does this map to our framework”, three Jira tickets and sacrificing your first born
By the time it’s “approved”, the problem it was supposed to solve has either been worked around, forgotten, or replaced with an external agency for 4x the cost.
Compliance was supposed to stop stupid decisions, not make every small improvement feel like a six-week project. At this point, the process doesn’t keep bad tools out of the stack, it just kills any motivation to improve it.
https://redd.it/1p8728z
@r_systemadmin
Trying to add anything new to the stack now feels like punishment. I’m not proposing a bank merger, I just want to test a tool. But no, gotta do a security review, risk form, data flow diagram, legal sign-off, “how does this map to our framework”, three Jira tickets and sacrificing your first born
By the time it’s “approved”, the problem it was supposed to solve has either been worked around, forgotten, or replaced with an external agency for 4x the cost.
Compliance was supposed to stop stupid decisions, not make every small improvement feel like a six-week project. At this point, the process doesn’t keep bad tools out of the stack, it just kills any motivation to improve it.
https://redd.it/1p8728z
@r_systemadmin
Reddit
From the sysadmin community on Reddit
Explore this post and more from the sysadmin community
Deprecation and removal of WINS after Windows Server 2025
It's official; Microsoft has announced that WINS is now deprecated, and *will be removed* from all Windows Server releases after Windows Server 2025 and will remain under the standard support lifecycle through November 2034.
No flowers
https://support.microsoft.com/en-gb/topic/wins-removal-moving-forward-with-modern-name-resolution-f00381f0-7237-4f7b-8e78-aa6f9c5b279f
https://redd.it/1p885nv
@r_systemadmin
It's official; Microsoft has announced that WINS is now deprecated, and *will be removed* from all Windows Server releases after Windows Server 2025 and will remain under the standard support lifecycle through November 2034.
No flowers
https://support.microsoft.com/en-gb/topic/wins-removal-moving-forward-with-modern-name-resolution-f00381f0-7237-4f7b-8e78-aa6f9c5b279f
https://redd.it/1p885nv
@r_systemadmin
Docs
Fixed Lifecycle Policy - Microsoft Lifecycle
The Microsoft Fixed Lifecycle Policy provides consistent, predictable guidelines for product support and servicing.
How do you handle IAM access visibility and access reviews?
Hey all,
Curious how other sysadmins handle access visibility and access reviews across Okta / Entra-connected apps.
I see approaches ranging from fully manual spreadsheets to automated review cycles, and I’m curious how teams here structure this in practice.
Nothing commercial, just trying to compare real-world practices with others who deal with this stuff daily :)
Would love to hear how you handle it in your environment.
Thanks!
For anyone who is up to share their experience with more background, I put together a very short 3–5 min form. Link: https://forms.gle/RtK1jjpKjyPh67bf8
Happy to share the aggregated results back with the community once enough responses come in.
https://redd.it/1p89vo1
@r_systemadmin
Hey all,
Curious how other sysadmins handle access visibility and access reviews across Okta / Entra-connected apps.
I see approaches ranging from fully manual spreadsheets to automated review cycles, and I’m curious how teams here structure this in practice.
Nothing commercial, just trying to compare real-world practices with others who deal with this stuff daily :)
Would love to hear how you handle it in your environment.
Thanks!
For anyone who is up to share their experience with more background, I put together a very short 3–5 min form. Link: https://forms.gle/RtK1jjpKjyPh67bf8
Happy to share the aggregated results back with the community once enough responses come in.
https://redd.it/1p89vo1
@r_systemadmin
Google Docs
Short IAM/Governance Survey
Context
I’m collecting anonymous insights from people working with IAM, application access, or related IT operations. The goal is simply to understand how different teams handle identity/application visibility, reviews, and access patterns. Nothing commercial…
I’m collecting anonymous insights from people working with IAM, application access, or related IT operations. The goal is simply to understand how different teams handle identity/application visibility, reviews, and access patterns. Nothing commercial…
Personal Keyboard
I’m trying to look for a wireless keyboard for me to use at the office. I currently have a Logitech MX650 that I’ve been using for a few years. I’m not a huge fan of it as it just feels cheap. I think I want a mechanical keyboard but I want a more silent option. I’m moving to a more automation/programming role and I’m worried that it could get loud. The space I work in has two other people and at times I can hear my current keyboard in the background of our call recordings. I’ve looked at Aula F108, keychrone, Cherry kc 200, among others. All the YouTube videos I find they like to do the full ASMR which doesn’t help. I want to be able to swap keys and make it my own at some point if possible. What are you all using and does anyone have any recommendations? I’m trying not to do trial and error as I tend to be forgetful about returns lol
https://redd.it/1p8d1dl
@r_systemadmin
I’m trying to look for a wireless keyboard for me to use at the office. I currently have a Logitech MX650 that I’ve been using for a few years. I’m not a huge fan of it as it just feels cheap. I think I want a mechanical keyboard but I want a more silent option. I’m moving to a more automation/programming role and I’m worried that it could get loud. The space I work in has two other people and at times I can hear my current keyboard in the background of our call recordings. I’ve looked at Aula F108, keychrone, Cherry kc 200, among others. All the YouTube videos I find they like to do the full ASMR which doesn’t help. I want to be able to swap keys and make it my own at some point if possible. What are you all using and does anyone have any recommendations? I’m trying not to do trial and error as I tend to be forgetful about returns lol
https://redd.it/1p8d1dl
@r_systemadmin
Reddit
From the sysadmin community on Reddit
Explore this post and more from the sysadmin community
DFS - Sharing Folder
Hi
Hoping you can help or point me in the right direction.
I’m trying to setup a shared folder via DFS Management.
The folder itself gets created on the C drive of Win Server Core which I’m accessing through File Explorer and I can see it but when I double click on it errors with either permissions and DFS tab shows it as inaccessible.
Any advice or pointers or a simple guide to get this sorted would’ve greatly appreciated.
Thanks in advance.
https://redd.it/1p8af7z
@r_systemadmin
Hi
Hoping you can help or point me in the right direction.
I’m trying to setup a shared folder via DFS Management.
The folder itself gets created on the C drive of Win Server Core which I’m accessing through File Explorer and I can see it but when I double click on it errors with either permissions and DFS tab shows it as inaccessible.
Any advice or pointers or a simple guide to get this sorted would’ve greatly appreciated.
Thanks in advance.
https://redd.it/1p8af7z
@r_systemadmin
Reddit
From the sysadmin community on Reddit
Explore this post and more from the sysadmin community
Me every time: testing if VPN works using my phone's hotspot. Thinking it works. Then realizing my hotspot acts as a repeater for the office WiFi.
Gets me every time!
https://redd.it/1p8flvl
@r_systemadmin
Gets me every time!
https://redd.it/1p8flvl
@r_systemadmin
Reddit
From the sysadmin community on Reddit
Explore this post and more from the sysadmin community
Which is the most popular CI/CD tool used nowadays?
SO, there are many CI/CD tools like Jenkins, Azure pipelines, GitHub Actions etc., Which one is the most popularly used in current market? I guess it would be GtHub actions based on its ease of use and flexibility. Any other tool apart from these that you can mention here? Thank you
https://redd.it/1p8gmp0
@r_systemadmin
SO, there are many CI/CD tools like Jenkins, Azure pipelines, GitHub Actions etc., Which one is the most popularly used in current market? I guess it would be GtHub actions based on its ease of use and flexibility. Any other tool apart from these that you can mention here? Thank you
https://redd.it/1p8gmp0
@r_systemadmin
Reddit
From the sysadmin community on Reddit
Explore this post and more from the sysadmin community
Happy Thanksgiving, fellow sysadmins. I’m the new (and first) in-house IT Administrator for a ~70-endpoint company. No servers, no domain, and until two weeks ago everything went through an MSP. Now all requests come to me first, and I escalate only when necessary. Here’s what I walked into:
Almost every workstation is running Windows 11 Home
A handful are Windows 11 Pro
All users log in with local accounts
About half the company is on M365 Business Premium, the other half on Business Standard
No Intune, no Entra ID join, no AD (on-prem or cloud), no real identity management
The MSP provides ThreatLocker and Huntress, and the long-term goal is to reduce the monthly spend and move IT responsibilities more in-house while maintaining a co-managed relationship with the MSP.
My first major project, already approved by leadership, is to:
1. Upgrade all appropriate users to Business Premium
2. Upgrade all endpoints to Windows 11 Pro
3. Entra-join every workstation
4. Enroll everything into Intune
5. Begin modernizing the environment and decreasing MSP dependency
My background is seven years as a server engineer, so this is a big shift for me. I’m learning a lot as I go, and I’d appreciate any advice, lessons learned, or “watch out for this” insights from anyone who has gone through a similar small-business modernization or MSP off-ramp process.
What pitfalls should I expect? What would you tackle first?
Thanks in advance and enjoy the holiday.
Edit: Leadership mentioned that in about 6-9 months we will reevaluate and if needed we can either bring in another IT person or continue co-managed with the MSP.
ALSO, the long term (3-5 years) plan for my role is to transition into a Director of IT.
https://redd.it/1p8i2ia
@r_systemadmin
Almost every workstation is running Windows 11 Home
A handful are Windows 11 Pro
All users log in with local accounts
About half the company is on M365 Business Premium, the other half on Business Standard
No Intune, no Entra ID join, no AD (on-prem or cloud), no real identity management
The MSP provides ThreatLocker and Huntress, and the long-term goal is to reduce the monthly spend and move IT responsibilities more in-house while maintaining a co-managed relationship with the MSP.
My first major project, already approved by leadership, is to:
1. Upgrade all appropriate users to Business Premium
2. Upgrade all endpoints to Windows 11 Pro
3. Entra-join every workstation
4. Enroll everything into Intune
5. Begin modernizing the environment and decreasing MSP dependency
My background is seven years as a server engineer, so this is a big shift for me. I’m learning a lot as I go, and I’d appreciate any advice, lessons learned, or “watch out for this” insights from anyone who has gone through a similar small-business modernization or MSP off-ramp process.
What pitfalls should I expect? What would you tackle first?
Thanks in advance and enjoy the holiday.
Edit: Leadership mentioned that in about 6-9 months we will reevaluate and if needed we can either bring in another IT person or continue co-managed with the MSP.
ALSO, the long term (3-5 years) plan for my role is to transition into a Director of IT.
https://redd.it/1p8i2ia
@r_systemadmin
Reddit
From the sysadmin community on Reddit
Explore this post and more from the sysadmin community
I fucked up. I removed ACL inheritance from a folder and broke quickbooks. Windows server 2016.
Right so I fucked up and now need some guidance from more experienced wizards.
What happened was, in an effort to lock down a bunch of folders for an RDP user, I disabled inheritance for a ton of folders in D:\ that are owned by the administrators group.
Within this D:\ folder is a mix of administrator-created folders and files along with user created folders and files.
One of the folders I did this in is D:\SHARE
D:\SHARE also happens to be a network shared folder which holds our company.QBW database file along with the .TLG, .NG and the quickbooks attachment folder.
After disabling and deleting inheritance for D:\SHARE, I started receiving reports that the accounting users could no longer upload .PDF documents to invoices and other users could no longer upload files directly to D:\SHARE
I’m now in a situation where I cannot manipulate certain ACLs for certain files because they were uploaded to D:\SHARE by network shared drive users.
So far, my game plan is to re-take ownership of D:\SHARE as the administrators group and propagate the ownership to all objects within D:\SHARE, then re-apply “modify”, “read”, “write” perms to D:\SHARE and make sure that every file within D:\SHARE that relates to a quickbooks service has “QBDataServiceUserXX” group defined with full access.
This is a huge issue because we have yearly audits coming up soon and I need to make sure that there are no permissions-related hangups when the audit comes around so that we accurately provide auditors with the data they need.
I am way over my head when it comes to figuring out a solution to making sure things work properly again, at least for Quickbooks Desktop.
The silver lining is that at least one user can open the quickbooks database file stored in D:\SHARE and I’ve resolved the general write perms for users so they can put data into D:\SHARE but how on gods green earth can I ensure that quickbooks services like the following work and where do these permissions changes need to happen:
PDF attachments
Multi User Mode
Saving Transactions
Printing
Emailing invoices
Backups
Verify/rebuilding
Invoice history
Logging
Am I fucked, gents?
Edit: the only silver lining here is this happened the day before we went on thanksgiving break so I have until Sunday night to resolve this issue as there won’t be anyone in the office.
https://redd.it/1p8ek4d
@r_systemadmin
Right so I fucked up and now need some guidance from more experienced wizards.
What happened was, in an effort to lock down a bunch of folders for an RDP user, I disabled inheritance for a ton of folders in D:\ that are owned by the administrators group.
Within this D:\ folder is a mix of administrator-created folders and files along with user created folders and files.
One of the folders I did this in is D:\SHARE
D:\SHARE also happens to be a network shared folder which holds our company.QBW database file along with the .TLG, .NG and the quickbooks attachment folder.
After disabling and deleting inheritance for D:\SHARE, I started receiving reports that the accounting users could no longer upload .PDF documents to invoices and other users could no longer upload files directly to D:\SHARE
I’m now in a situation where I cannot manipulate certain ACLs for certain files because they were uploaded to D:\SHARE by network shared drive users.
So far, my game plan is to re-take ownership of D:\SHARE as the administrators group and propagate the ownership to all objects within D:\SHARE, then re-apply “modify”, “read”, “write” perms to D:\SHARE and make sure that every file within D:\SHARE that relates to a quickbooks service has “QBDataServiceUserXX” group defined with full access.
This is a huge issue because we have yearly audits coming up soon and I need to make sure that there are no permissions-related hangups when the audit comes around so that we accurately provide auditors with the data they need.
I am way over my head when it comes to figuring out a solution to making sure things work properly again, at least for Quickbooks Desktop.
The silver lining is that at least one user can open the quickbooks database file stored in D:\SHARE and I’ve resolved the general write perms for users so they can put data into D:\SHARE but how on gods green earth can I ensure that quickbooks services like the following work and where do these permissions changes need to happen:
PDF attachments
Multi User Mode
Saving Transactions
Printing
Emailing invoices
Backups
Verify/rebuilding
Invoice history
Logging
Am I fucked, gents?
Edit: the only silver lining here is this happened the day before we went on thanksgiving break so I have until Sunday night to resolve this issue as there won’t be anyone in the office.
https://redd.it/1p8ek4d
@r_systemadmin
Reddit
From the sysadmin community on Reddit
Explore this post and more from the sysadmin community
Vendor's update crashed our test network, told us it worked fine on their network.
A software vendor for the past few months failed to deliver a working update that met the organization's annual Authority to Operate renewal requirements and also not break something. For a vendor's software or equipment to get a foothold onto our network requires jumping through the ATO hoops. No ATO or failing a renewal means the software or equipment is to be removed from the network, unless someone is willing to take the big office politics risk of signing off on it and hoping it doesn't bite them.
A few weeks ago, they released an update that finally met the ATO, but also hosed our test network. Nobody could log into it.
Upon informing them of the situation, they sent an obviously AI generated email that I summarized the multiple paragraphs as:
- It worked on our network perfectly fine.
- Your test network was probably incorrectly configured.
- Can you roll out the update onto your operational network (which has thousands of users and host numerous services that even more users rely on) to see if it works?
- Can you ask your organization to revise the ATO requirements? They are excessive.
I had to step away from my computer and go walk around the building to calm down.
They later determined that the automatic update function was bugged and suggested that as a workaround, we manually make configuration changes before each update.
Right before Thanksgiving, the vendor reached out to us to ask if the ATO renewal was at risk.
The worst case situation for us of their ATO being pulled is a major disruption to the organization's workflows. Now I'm just waiting on my leadership to decide if they're going to tolerate further delays or dump the vendor and look for a new one.
https://redd.it/1p8ijs5
@r_systemadmin
A software vendor for the past few months failed to deliver a working update that met the organization's annual Authority to Operate renewal requirements and also not break something. For a vendor's software or equipment to get a foothold onto our network requires jumping through the ATO hoops. No ATO or failing a renewal means the software or equipment is to be removed from the network, unless someone is willing to take the big office politics risk of signing off on it and hoping it doesn't bite them.
A few weeks ago, they released an update that finally met the ATO, but also hosed our test network. Nobody could log into it.
Upon informing them of the situation, they sent an obviously AI generated email that I summarized the multiple paragraphs as:
- It worked on our network perfectly fine.
- Your test network was probably incorrectly configured.
- Can you roll out the update onto your operational network (which has thousands of users and host numerous services that even more users rely on) to see if it works?
- Can you ask your organization to revise the ATO requirements? They are excessive.
I had to step away from my computer and go walk around the building to calm down.
They later determined that the automatic update function was bugged and suggested that as a workaround, we manually make configuration changes before each update.
Right before Thanksgiving, the vendor reached out to us to ask if the ATO renewal was at risk.
The worst case situation for us of their ATO being pulled is a major disruption to the organization's workflows. Now I'm just waiting on my leadership to decide if they're going to tolerate further delays or dump the vendor and look for a new one.
https://redd.it/1p8ijs5
@r_systemadmin
Reddit
From the sysadmin community on Reddit
Explore this post and more from the sysadmin community
wtf is the point to vendor account managers? Absolutely useless.
ok so this rant is in particular to our lenovo account manager. Absolutely useless:
barely gives me a discount
orders are never followed up on to give me an update
waits until the last minute, or after, to advise pending payment/transfers
We've gone through 3 different account managers in the last few years - and it is so damn obvious these jobs are from people halfway across the world where culturally, they have no idea, english, they have no idea and overall account management, they seem to have no idea.
Sure, we aren't a huge customer, but we've spent a few hundred thousand over the years.
I couldn't care less if we had a penguin as our account manager, so long as we were taken care. That's all I've ever cared about. Give me the deserved courtesy we've damn well paid for.
I'm finding this across the board with other vendors, and it's why I am open to give huge kudo's to companies that have great support at any point I can - whether thats a phone call or a support ticket feedback.. Because vendors as big as Lenovo are so incompetent to not know how to read their own invoice due dates (stop \&(\^#\^ emailing me for invoices that aren't due!) can't get it right, so it's not about revenue or popularity, it's about the company and how they are taught to treat their customers. Plain and simple.
Ok rant over. thank you for listening. fudge you lenovo.
https://redd.it/1p8lzu4
@r_systemadmin
ok so this rant is in particular to our lenovo account manager. Absolutely useless:
barely gives me a discount
orders are never followed up on to give me an update
waits until the last minute, or after, to advise pending payment/transfers
We've gone through 3 different account managers in the last few years - and it is so damn obvious these jobs are from people halfway across the world where culturally, they have no idea, english, they have no idea and overall account management, they seem to have no idea.
Sure, we aren't a huge customer, but we've spent a few hundred thousand over the years.
I couldn't care less if we had a penguin as our account manager, so long as we were taken care. That's all I've ever cared about. Give me the deserved courtesy we've damn well paid for.
I'm finding this across the board with other vendors, and it's why I am open to give huge kudo's to companies that have great support at any point I can - whether thats a phone call or a support ticket feedback.. Because vendors as big as Lenovo are so incompetent to not know how to read their own invoice due dates (stop \&(\^#\^ emailing me for invoices that aren't due!) can't get it right, so it's not about revenue or popularity, it's about the company and how they are taught to treat their customers. Plain and simple.
Ok rant over. thank you for listening. fudge you lenovo.
https://redd.it/1p8lzu4
@r_systemadmin
Reddit
From the sysadmin community on Reddit
Explore this post and more from the sysadmin community
Weekly 'I made a useful thing' Thread - November 28, 2025
There is a great deal of user-generated content out there, from noscripts and software to tutorials and videos, but we've generally tried to keep that off of the front page due to the volume and as a result of community feedback. There's also a great deal of content out there that violates our advertising/promotion rule, from noscripts and software to tutorials and videos.
We have received a number of requests for exemptions to the rule, and rather than allowing the front page to get consumed, we thought we'd try a weekly thread that allows for that kind of content. We don't have a catchy name for it yet, so please let us know if you have any ideas!
In this thread, feel free to show us your pet project, YouTube videos, blog posts, or whatever else you may have and share it with the community. Commercial advertisements, affiliate links, or links that appear to be monetization-grabs will still be removed.
https://redd.it/1p8r6jr
@r_systemadmin
There is a great deal of user-generated content out there, from noscripts and software to tutorials and videos, but we've generally tried to keep that off of the front page due to the volume and as a result of community feedback. There's also a great deal of content out there that violates our advertising/promotion rule, from noscripts and software to tutorials and videos.
We have received a number of requests for exemptions to the rule, and rather than allowing the front page to get consumed, we thought we'd try a weekly thread that allows for that kind of content. We don't have a catchy name for it yet, so please let us know if you have any ideas!
In this thread, feel free to show us your pet project, YouTube videos, blog posts, or whatever else you may have and share it with the community. Commercial advertisements, affiliate links, or links that appear to be monetization-grabs will still be removed.
https://redd.it/1p8r6jr
@r_systemadmin
Reddit
From the sysadmin community on Reddit
Explore this post and more from the sysadmin community
What's broken today
Another Friday another problem internet issue..
https://redd.it/1p8ropm
@r_systemadmin
Another Friday another problem internet issue..
https://redd.it/1p8ropm
@r_systemadmin
Reddit
From the sysadmin community on Reddit
Explore this post and more from the sysadmin community