Which is the most popular CI/CD tool used nowadays?
SO, there are many CI/CD tools like Jenkins, Azure pipelines, GitHub Actions etc., Which one is the most popularly used in current market? I guess it would be GtHub actions based on its ease of use and flexibility. Any other tool apart from these that you can mention here? Thank you
https://redd.it/1p8gmp0
@r_systemadmin
SO, there are many CI/CD tools like Jenkins, Azure pipelines, GitHub Actions etc., Which one is the most popularly used in current market? I guess it would be GtHub actions based on its ease of use and flexibility. Any other tool apart from these that you can mention here? Thank you
https://redd.it/1p8gmp0
@r_systemadmin
Reddit
From the sysadmin community on Reddit
Explore this post and more from the sysadmin community
Happy Thanksgiving, fellow sysadmins. I’m the new (and first) in-house IT Administrator for a ~70-endpoint company. No servers, no domain, and until two weeks ago everything went through an MSP. Now all requests come to me first, and I escalate only when necessary. Here’s what I walked into:
Almost every workstation is running Windows 11 Home
A handful are Windows 11 Pro
All users log in with local accounts
About half the company is on M365 Business Premium, the other half on Business Standard
No Intune, no Entra ID join, no AD (on-prem or cloud), no real identity management
The MSP provides ThreatLocker and Huntress, and the long-term goal is to reduce the monthly spend and move IT responsibilities more in-house while maintaining a co-managed relationship with the MSP.
My first major project, already approved by leadership, is to:
1. Upgrade all appropriate users to Business Premium
2. Upgrade all endpoints to Windows 11 Pro
3. Entra-join every workstation
4. Enroll everything into Intune
5. Begin modernizing the environment and decreasing MSP dependency
My background is seven years as a server engineer, so this is a big shift for me. I’m learning a lot as I go, and I’d appreciate any advice, lessons learned, or “watch out for this” insights from anyone who has gone through a similar small-business modernization or MSP off-ramp process.
What pitfalls should I expect? What would you tackle first?
Thanks in advance and enjoy the holiday.
Edit: Leadership mentioned that in about 6-9 months we will reevaluate and if needed we can either bring in another IT person or continue co-managed with the MSP.
ALSO, the long term (3-5 years) plan for my role is to transition into a Director of IT.
https://redd.it/1p8i2ia
@r_systemadmin
Almost every workstation is running Windows 11 Home
A handful are Windows 11 Pro
All users log in with local accounts
About half the company is on M365 Business Premium, the other half on Business Standard
No Intune, no Entra ID join, no AD (on-prem or cloud), no real identity management
The MSP provides ThreatLocker and Huntress, and the long-term goal is to reduce the monthly spend and move IT responsibilities more in-house while maintaining a co-managed relationship with the MSP.
My first major project, already approved by leadership, is to:
1. Upgrade all appropriate users to Business Premium
2. Upgrade all endpoints to Windows 11 Pro
3. Entra-join every workstation
4. Enroll everything into Intune
5. Begin modernizing the environment and decreasing MSP dependency
My background is seven years as a server engineer, so this is a big shift for me. I’m learning a lot as I go, and I’d appreciate any advice, lessons learned, or “watch out for this” insights from anyone who has gone through a similar small-business modernization or MSP off-ramp process.
What pitfalls should I expect? What would you tackle first?
Thanks in advance and enjoy the holiday.
Edit: Leadership mentioned that in about 6-9 months we will reevaluate and if needed we can either bring in another IT person or continue co-managed with the MSP.
ALSO, the long term (3-5 years) plan for my role is to transition into a Director of IT.
https://redd.it/1p8i2ia
@r_systemadmin
Reddit
From the sysadmin community on Reddit
Explore this post and more from the sysadmin community
I fucked up. I removed ACL inheritance from a folder and broke quickbooks. Windows server 2016.
Right so I fucked up and now need some guidance from more experienced wizards.
What happened was, in an effort to lock down a bunch of folders for an RDP user, I disabled inheritance for a ton of folders in D:\ that are owned by the administrators group.
Within this D:\ folder is a mix of administrator-created folders and files along with user created folders and files.
One of the folders I did this in is D:\SHARE
D:\SHARE also happens to be a network shared folder which holds our company.QBW database file along with the .TLG, .NG and the quickbooks attachment folder.
After disabling and deleting inheritance for D:\SHARE, I started receiving reports that the accounting users could no longer upload .PDF documents to invoices and other users could no longer upload files directly to D:\SHARE
I’m now in a situation where I cannot manipulate certain ACLs for certain files because they were uploaded to D:\SHARE by network shared drive users.
So far, my game plan is to re-take ownership of D:\SHARE as the administrators group and propagate the ownership to all objects within D:\SHARE, then re-apply “modify”, “read”, “write” perms to D:\SHARE and make sure that every file within D:\SHARE that relates to a quickbooks service has “QBDataServiceUserXX” group defined with full access.
This is a huge issue because we have yearly audits coming up soon and I need to make sure that there are no permissions-related hangups when the audit comes around so that we accurately provide auditors with the data they need.
I am way over my head when it comes to figuring out a solution to making sure things work properly again, at least for Quickbooks Desktop.
The silver lining is that at least one user can open the quickbooks database file stored in D:\SHARE and I’ve resolved the general write perms for users so they can put data into D:\SHARE but how on gods green earth can I ensure that quickbooks services like the following work and where do these permissions changes need to happen:
PDF attachments
Multi User Mode
Saving Transactions
Printing
Emailing invoices
Backups
Verify/rebuilding
Invoice history
Logging
Am I fucked, gents?
Edit: the only silver lining here is this happened the day before we went on thanksgiving break so I have until Sunday night to resolve this issue as there won’t be anyone in the office.
https://redd.it/1p8ek4d
@r_systemadmin
Right so I fucked up and now need some guidance from more experienced wizards.
What happened was, in an effort to lock down a bunch of folders for an RDP user, I disabled inheritance for a ton of folders in D:\ that are owned by the administrators group.
Within this D:\ folder is a mix of administrator-created folders and files along with user created folders and files.
One of the folders I did this in is D:\SHARE
D:\SHARE also happens to be a network shared folder which holds our company.QBW database file along with the .TLG, .NG and the quickbooks attachment folder.
After disabling and deleting inheritance for D:\SHARE, I started receiving reports that the accounting users could no longer upload .PDF documents to invoices and other users could no longer upload files directly to D:\SHARE
I’m now in a situation where I cannot manipulate certain ACLs for certain files because they were uploaded to D:\SHARE by network shared drive users.
So far, my game plan is to re-take ownership of D:\SHARE as the administrators group and propagate the ownership to all objects within D:\SHARE, then re-apply “modify”, “read”, “write” perms to D:\SHARE and make sure that every file within D:\SHARE that relates to a quickbooks service has “QBDataServiceUserXX” group defined with full access.
This is a huge issue because we have yearly audits coming up soon and I need to make sure that there are no permissions-related hangups when the audit comes around so that we accurately provide auditors with the data they need.
I am way over my head when it comes to figuring out a solution to making sure things work properly again, at least for Quickbooks Desktop.
The silver lining is that at least one user can open the quickbooks database file stored in D:\SHARE and I’ve resolved the general write perms for users so they can put data into D:\SHARE but how on gods green earth can I ensure that quickbooks services like the following work and where do these permissions changes need to happen:
PDF attachments
Multi User Mode
Saving Transactions
Printing
Emailing invoices
Backups
Verify/rebuilding
Invoice history
Logging
Am I fucked, gents?
Edit: the only silver lining here is this happened the day before we went on thanksgiving break so I have until Sunday night to resolve this issue as there won’t be anyone in the office.
https://redd.it/1p8ek4d
@r_systemadmin
Reddit
From the sysadmin community on Reddit
Explore this post and more from the sysadmin community
Vendor's update crashed our test network, told us it worked fine on their network.
A software vendor for the past few months failed to deliver a working update that met the organization's annual Authority to Operate renewal requirements and also not break something. For a vendor's software or equipment to get a foothold onto our network requires jumping through the ATO hoops. No ATO or failing a renewal means the software or equipment is to be removed from the network, unless someone is willing to take the big office politics risk of signing off on it and hoping it doesn't bite them.
A few weeks ago, they released an update that finally met the ATO, but also hosed our test network. Nobody could log into it.
Upon informing them of the situation, they sent an obviously AI generated email that I summarized the multiple paragraphs as:
- It worked on our network perfectly fine.
- Your test network was probably incorrectly configured.
- Can you roll out the update onto your operational network (which has thousands of users and host numerous services that even more users rely on) to see if it works?
- Can you ask your organization to revise the ATO requirements? They are excessive.
I had to step away from my computer and go walk around the building to calm down.
They later determined that the automatic update function was bugged and suggested that as a workaround, we manually make configuration changes before each update.
Right before Thanksgiving, the vendor reached out to us to ask if the ATO renewal was at risk.
The worst case situation for us of their ATO being pulled is a major disruption to the organization's workflows. Now I'm just waiting on my leadership to decide if they're going to tolerate further delays or dump the vendor and look for a new one.
https://redd.it/1p8ijs5
@r_systemadmin
A software vendor for the past few months failed to deliver a working update that met the organization's annual Authority to Operate renewal requirements and also not break something. For a vendor's software or equipment to get a foothold onto our network requires jumping through the ATO hoops. No ATO or failing a renewal means the software or equipment is to be removed from the network, unless someone is willing to take the big office politics risk of signing off on it and hoping it doesn't bite them.
A few weeks ago, they released an update that finally met the ATO, but also hosed our test network. Nobody could log into it.
Upon informing them of the situation, they sent an obviously AI generated email that I summarized the multiple paragraphs as:
- It worked on our network perfectly fine.
- Your test network was probably incorrectly configured.
- Can you roll out the update onto your operational network (which has thousands of users and host numerous services that even more users rely on) to see if it works?
- Can you ask your organization to revise the ATO requirements? They are excessive.
I had to step away from my computer and go walk around the building to calm down.
They later determined that the automatic update function was bugged and suggested that as a workaround, we manually make configuration changes before each update.
Right before Thanksgiving, the vendor reached out to us to ask if the ATO renewal was at risk.
The worst case situation for us of their ATO being pulled is a major disruption to the organization's workflows. Now I'm just waiting on my leadership to decide if they're going to tolerate further delays or dump the vendor and look for a new one.
https://redd.it/1p8ijs5
@r_systemadmin
Reddit
From the sysadmin community on Reddit
Explore this post and more from the sysadmin community
wtf is the point to vendor account managers? Absolutely useless.
ok so this rant is in particular to our lenovo account manager. Absolutely useless:
barely gives me a discount
orders are never followed up on to give me an update
waits until the last minute, or after, to advise pending payment/transfers
We've gone through 3 different account managers in the last few years - and it is so damn obvious these jobs are from people halfway across the world where culturally, they have no idea, english, they have no idea and overall account management, they seem to have no idea.
Sure, we aren't a huge customer, but we've spent a few hundred thousand over the years.
I couldn't care less if we had a penguin as our account manager, so long as we were taken care. That's all I've ever cared about. Give me the deserved courtesy we've damn well paid for.
I'm finding this across the board with other vendors, and it's why I am open to give huge kudo's to companies that have great support at any point I can - whether thats a phone call or a support ticket feedback.. Because vendors as big as Lenovo are so incompetent to not know how to read their own invoice due dates (stop \&(\^#\^ emailing me for invoices that aren't due!) can't get it right, so it's not about revenue or popularity, it's about the company and how they are taught to treat their customers. Plain and simple.
Ok rant over. thank you for listening. fudge you lenovo.
https://redd.it/1p8lzu4
@r_systemadmin
ok so this rant is in particular to our lenovo account manager. Absolutely useless:
barely gives me a discount
orders are never followed up on to give me an update
waits until the last minute, or after, to advise pending payment/transfers
We've gone through 3 different account managers in the last few years - and it is so damn obvious these jobs are from people halfway across the world where culturally, they have no idea, english, they have no idea and overall account management, they seem to have no idea.
Sure, we aren't a huge customer, but we've spent a few hundred thousand over the years.
I couldn't care less if we had a penguin as our account manager, so long as we were taken care. That's all I've ever cared about. Give me the deserved courtesy we've damn well paid for.
I'm finding this across the board with other vendors, and it's why I am open to give huge kudo's to companies that have great support at any point I can - whether thats a phone call or a support ticket feedback.. Because vendors as big as Lenovo are so incompetent to not know how to read their own invoice due dates (stop \&(\^#\^ emailing me for invoices that aren't due!) can't get it right, so it's not about revenue or popularity, it's about the company and how they are taught to treat their customers. Plain and simple.
Ok rant over. thank you for listening. fudge you lenovo.
https://redd.it/1p8lzu4
@r_systemadmin
Reddit
From the sysadmin community on Reddit
Explore this post and more from the sysadmin community
Weekly 'I made a useful thing' Thread - November 28, 2025
There is a great deal of user-generated content out there, from noscripts and software to tutorials and videos, but we've generally tried to keep that off of the front page due to the volume and as a result of community feedback. There's also a great deal of content out there that violates our advertising/promotion rule, from noscripts and software to tutorials and videos.
We have received a number of requests for exemptions to the rule, and rather than allowing the front page to get consumed, we thought we'd try a weekly thread that allows for that kind of content. We don't have a catchy name for it yet, so please let us know if you have any ideas!
In this thread, feel free to show us your pet project, YouTube videos, blog posts, or whatever else you may have and share it with the community. Commercial advertisements, affiliate links, or links that appear to be monetization-grabs will still be removed.
https://redd.it/1p8r6jr
@r_systemadmin
There is a great deal of user-generated content out there, from noscripts and software to tutorials and videos, but we've generally tried to keep that off of the front page due to the volume and as a result of community feedback. There's also a great deal of content out there that violates our advertising/promotion rule, from noscripts and software to tutorials and videos.
We have received a number of requests for exemptions to the rule, and rather than allowing the front page to get consumed, we thought we'd try a weekly thread that allows for that kind of content. We don't have a catchy name for it yet, so please let us know if you have any ideas!
In this thread, feel free to show us your pet project, YouTube videos, blog posts, or whatever else you may have and share it with the community. Commercial advertisements, affiliate links, or links that appear to be monetization-grabs will still be removed.
https://redd.it/1p8r6jr
@r_systemadmin
Reddit
From the sysadmin community on Reddit
Explore this post and more from the sysadmin community
What's broken today
Another Friday another problem internet issue..
https://redd.it/1p8ropm
@r_systemadmin
Another Friday another problem internet issue..
https://redd.it/1p8ropm
@r_systemadmin
Reddit
From the sysadmin community on Reddit
Explore this post and more from the sysadmin community
Considering moving endpoints to cloud only. Experiences?
Hey everyone,
We’re currently running a hybrid setup with on-prem AD and cloud identities. Most of our users are remote, and managing VPNs, GPOs, and password resets has become a real pain in ***
I’ve been thinking about two directions. One is keeping some on-prem AD servers but having laptops join Entra ID directly and manage settings through Intune. The other is going fully cloud… no AD servers, all devices Entra joined, everything managed through Intune and SaaS apps. Fewer servers, simpler DR, no VPN headaches.
I can see the appeal of cloud only, but I’m not sure what hidden issues might come up with apps, legacy dependencies, or hybrid scenarios.
For those who’ve done this: what actually worked and what caused headaches? Did hybrid identity solve your problems, or just add complexity? And for full cloud setups, were there any surprises we should plan for?
https://redd.it/1p8s75k
@r_systemadmin
Hey everyone,
We’re currently running a hybrid setup with on-prem AD and cloud identities. Most of our users are remote, and managing VPNs, GPOs, and password resets has become a real pain in ***
I’ve been thinking about two directions. One is keeping some on-prem AD servers but having laptops join Entra ID directly and manage settings through Intune. The other is going fully cloud… no AD servers, all devices Entra joined, everything managed through Intune and SaaS apps. Fewer servers, simpler DR, no VPN headaches.
I can see the appeal of cloud only, but I’m not sure what hidden issues might come up with apps, legacy dependencies, or hybrid scenarios.
For those who’ve done this: what actually worked and what caused headaches? Did hybrid identity solve your problems, or just add complexity? And for full cloud setups, were there any surprises we should plan for?
https://redd.it/1p8s75k
@r_systemadmin
Reddit
From the sysadmin community on Reddit
Explore this post and more from the sysadmin community
Can my employer find my identity?
Anonymously reported the healthcare facility I work at to the health department for unsafe conditions. Using my iPhone on public WiFi, VPN, DuckDuckGo browser. I also have MDM on my phone for work apps. I assume with an investigation they could make an educated guess it’s me, but I doubt they’d waste time and resources for that since their IT department is almost non existent due to cuts. I’m willing to take the risk if it saves patients from harm.
https://redd.it/1p8umnp
@r_systemadmin
Anonymously reported the healthcare facility I work at to the health department for unsafe conditions. Using my iPhone on public WiFi, VPN, DuckDuckGo browser. I also have MDM on my phone for work apps. I assume with an investigation they could make an educated guess it’s me, but I doubt they’d waste time and resources for that since their IT department is almost non existent due to cuts. I’m willing to take the risk if it saves patients from harm.
https://redd.it/1p8umnp
@r_systemadmin
Reddit
From the sysadmin community on Reddit
Explore this post and more from the sysadmin community
Hardware Domain Controller + Fileserver
Hey folks,
I was researching for a few days already, but couldn't get a good solution for my problem.
Our company is still staying on-prem with mostly all services, soft- and hardware. So we're using physical domain controllers and fileserver and other things over here.
Now one of our domain controllers is already a few years old (8) at the moment, so we're going to upgrade it. At the moment it is a running windows server which functions as domain controller and fileserver role at the same time. Now I learned, that it is best practice to disconnect both roles from another. In a small company like ours (about 150-200 devices), it would be enough to use hyper-v and use a vm for each role (DC + Fileserver).
I was wondering, if you have better ideas, hints or anything, which could help me in decision making.
We configured a Supermicro Mainboard X14SBI-TF with 2x 1TB NMVe SSD for Windows and 2x 4TB NVMe SSD with a Asus PCI-E Adapter Card for storage. We configured a Xeon 6507P and 64GB of RAM. I know the hardware is pretty much overkill, that's why I'm asking for advice. The Server costs about 8k Euros.
Any ideas, what hardware to get? How powerful should it be? Should we use two different servers/hardware? Any advice?
Thanks in advance for your input!
https://redd.it/1p8usjz
@r_systemadmin
Hey folks,
I was researching for a few days already, but couldn't get a good solution for my problem.
Our company is still staying on-prem with mostly all services, soft- and hardware. So we're using physical domain controllers and fileserver and other things over here.
Now one of our domain controllers is already a few years old (8) at the moment, so we're going to upgrade it. At the moment it is a running windows server which functions as domain controller and fileserver role at the same time. Now I learned, that it is best practice to disconnect both roles from another. In a small company like ours (about 150-200 devices), it would be enough to use hyper-v and use a vm for each role (DC + Fileserver).
I was wondering, if you have better ideas, hints or anything, which could help me in decision making.
We configured a Supermicro Mainboard X14SBI-TF with 2x 1TB NMVe SSD for Windows and 2x 4TB NVMe SSD with a Asus PCI-E Adapter Card for storage. We configured a Xeon 6507P and 64GB of RAM. I know the hardware is pretty much overkill, that's why I'm asking for advice. The Server costs about 8k Euros.
Any ideas, what hardware to get? How powerful should it be? Should we use two different servers/hardware? Any advice?
Thanks in advance for your input!
https://redd.it/1p8usjz
@r_systemadmin
Reddit
From the sysadmin community on Reddit
Explore this post and more from the sysadmin community
Applied for new job that fell on my lap. Gave employer some pretty minimal asks - they have made promises but everything else is rubbing me the wrong way
Hey all,
I started here and took what was technically a step back in role, for more opportunity. I went to senior on helpdesk. My manager had plans for me to step into an Engineer role, with the lone Sysadmin who was overworked.
It eventually happened but was delayed by a year mostly due to HR getting in the way of what the team wanted. The other guy got it first on the condition that a backup (me) would be coming down the road. That was dragged out and he went on stress leave, they gave it to me then but forced me to do a temp contract - this really rubbed me the wrong way then, but it eventually worked out. We're both engineers, I've done so much including an Azure migration and setting up a SQL data warehouse for analytics, migrated acquired companies all in a short period of time.
Everything else about the job and environment are pretty great. Wfh, flexible, great boss, fun work.
---
IT manager job popped up at a smaller company nearby in the same industry. I got an offer. All in all its a slight pay bump, some benefits are slightly better, some a little worse. I told my company I was interested. They promised me next year there would be higher roles coming and that they have me in mind for them, these are delivery, architect, project manager roles, etc... that are all slated to come thru and actually going through the approval/posting processes right now.
I have no doubt that I will eventually get one of them, but also that I'm going to go through the same HR battle of posting - not promotion, contract work, etc...
I pushed back and said I am really looking for something right now to reassure me that these barriers wont be there next year, or that at least we can get over 1 or 2 of them. An extra week of vacation, a little out of bracket pay increase.
My boss, his C suite boss are all for it. But HR rubber stamps this stuff. They instead requested to dive in to the 1:1 likeness of the other company's offer. Quoting differences between personal/vacation/sick days.
This is really rubbing me the wrong way. And at this point I feel a little backed into a corner, that they need to offer anything other than promises at this point or I have to jump.
Just looking for advice from those who have gone through this before. The other job will be more of a 1 man show with either a MSP or junior. Both companies are pretty flexible, but I'll be in the office in the new one and they commit to building out a hybrid arrangement - they actually want me to create this for the company. It'll be extra hats, but as a smaller company I'll be able to get a lot more done and see the impact of my work more. Both companies are growing very fast, the other one is around 1/4 the size of mine. 80 people 4 locations versus 320 people 20 locations.
https://redd.it/1p8ww2k
@r_systemadmin
Hey all,
I started here and took what was technically a step back in role, for more opportunity. I went to senior on helpdesk. My manager had plans for me to step into an Engineer role, with the lone Sysadmin who was overworked.
It eventually happened but was delayed by a year mostly due to HR getting in the way of what the team wanted. The other guy got it first on the condition that a backup (me) would be coming down the road. That was dragged out and he went on stress leave, they gave it to me then but forced me to do a temp contract - this really rubbed me the wrong way then, but it eventually worked out. We're both engineers, I've done so much including an Azure migration and setting up a SQL data warehouse for analytics, migrated acquired companies all in a short period of time.
Everything else about the job and environment are pretty great. Wfh, flexible, great boss, fun work.
---
IT manager job popped up at a smaller company nearby in the same industry. I got an offer. All in all its a slight pay bump, some benefits are slightly better, some a little worse. I told my company I was interested. They promised me next year there would be higher roles coming and that they have me in mind for them, these are delivery, architect, project manager roles, etc... that are all slated to come thru and actually going through the approval/posting processes right now.
I have no doubt that I will eventually get one of them, but also that I'm going to go through the same HR battle of posting - not promotion, contract work, etc...
I pushed back and said I am really looking for something right now to reassure me that these barriers wont be there next year, or that at least we can get over 1 or 2 of them. An extra week of vacation, a little out of bracket pay increase.
My boss, his C suite boss are all for it. But HR rubber stamps this stuff. They instead requested to dive in to the 1:1 likeness of the other company's offer. Quoting differences between personal/vacation/sick days.
This is really rubbing me the wrong way. And at this point I feel a little backed into a corner, that they need to offer anything other than promises at this point or I have to jump.
Just looking for advice from those who have gone through this before. The other job will be more of a 1 man show with either a MSP or junior. Both companies are pretty flexible, but I'll be in the office in the new one and they commit to building out a hybrid arrangement - they actually want me to create this for the company. It'll be extra hats, but as a smaller company I'll be able to get a lot more done and see the impact of my work more. Both companies are growing very fast, the other one is around 1/4 the size of mine. 80 people 4 locations versus 320 people 20 locations.
https://redd.it/1p8ww2k
@r_systemadmin
Reddit
From the sysadmin community on Reddit
Explore this post and more from the sysadmin community
Internet being scrubbed of tribal knowledge: Dell Power Edge RAID Controller Activity Lights
Need some help,
Dell PowerEdge Raid Controllers - if you put a non dell certified drive in the server the hdd activity light will work in reverse. this has been a thing since the beginning of time, there is a command you can run to correct this issue / ignore the non-certified drive and then it will behave normally. i have boxes still where this has been done and is true.
I've done it many times on past machines, but now i cant find any info on the internet of it at all. it seems every day more and more tribal knowledge is gone and impossible to find.
If you have this in your notes anywhere, please share.
Thanks.
https://redd.it/1p8xyif
@r_systemadmin
Need some help,
Dell PowerEdge Raid Controllers - if you put a non dell certified drive in the server the hdd activity light will work in reverse. this has been a thing since the beginning of time, there is a command you can run to correct this issue / ignore the non-certified drive and then it will behave normally. i have boxes still where this has been done and is true.
I've done it many times on past machines, but now i cant find any info on the internet of it at all. it seems every day more and more tribal knowledge is gone and impossible to find.
If you have this in your notes anywhere, please share.
Thanks.
https://redd.it/1p8xyif
@r_systemadmin
Reddit
From the sysadmin community on Reddit
Explore this post and more from the sysadmin community
Hotel software integration issues are absolutely killing me, tell me I'm not alone
Im managing tech for a small hotel group, 8 properties total around 50-70 rooms each, and I'm genuinely at my breaking point with integration nightmares. We've got a PMS that's supposed to integrate with our booking engine, channel manager, payment processor, and guest messaging system. Except nothing actually works together the way it's supposed to.
Last week we had a guest's payment process through Stripe but it didn't sync to the PMS, so front desk tried charging them again at checkout. Guest was understandably pissed off and left us a 2 star review. This happens at least once a week across our properties. Our channel manager randomly stops syncing inventory and we end up with double bookings, then we're scrambling to relocate guests or comp rooms. Guest messaging doesn't pull reservation details automatically so staff has to manually look up everything.
I spent 3 hours on a vendor support call yesterday and basically got told to refresh the connection and clear the cache like I'm some kind of idiot who doesn't know how computers work. I have a CS degree, I understand how APIs are supposed to function, these systems are just poorly built.
Everything claims seamless integration but really it's a bunch of manual workarounds and constant firefighting. I seriously started considering consolidating to fewer vendors even if we lose some functionality, just to stop dealing with integration headaches every single day.
Do larger hotel groups deal with this constantly or is it just mid-size operations like ours that get screwed? Anyone successfully consolidated their tech stack and actually seen improvement?
https://redd.it/1p8swgg
@r_systemadmin
Im managing tech for a small hotel group, 8 properties total around 50-70 rooms each, and I'm genuinely at my breaking point with integration nightmares. We've got a PMS that's supposed to integrate with our booking engine, channel manager, payment processor, and guest messaging system. Except nothing actually works together the way it's supposed to.
Last week we had a guest's payment process through Stripe but it didn't sync to the PMS, so front desk tried charging them again at checkout. Guest was understandably pissed off and left us a 2 star review. This happens at least once a week across our properties. Our channel manager randomly stops syncing inventory and we end up with double bookings, then we're scrambling to relocate guests or comp rooms. Guest messaging doesn't pull reservation details automatically so staff has to manually look up everything.
I spent 3 hours on a vendor support call yesterday and basically got told to refresh the connection and clear the cache like I'm some kind of idiot who doesn't know how computers work. I have a CS degree, I understand how APIs are supposed to function, these systems are just poorly built.
Everything claims seamless integration but really it's a bunch of manual workarounds and constant firefighting. I seriously started considering consolidating to fewer vendors even if we lose some functionality, just to stop dealing with integration headaches every single day.
Do larger hotel groups deal with this constantly or is it just mid-size operations like ours that get screwed? Anyone successfully consolidated their tech stack and actually seen improvement?
https://redd.it/1p8swgg
@r_systemadmin
Reddit
From the sysadmin community on Reddit
Explore this post and more from the sysadmin community
Distributed wan monitoring system.
Our network is currently a star configuration of a core network and a load of remote branch offices connected over fixed vpns. We occasionally have speed or connectivity issues and it would help if we had a non-user machine on site that we could connect to and do testing, and diagnostics etc. as well as something to record historical statistics for various local metrics.
My proposed "solution" at the moment would be getting something like a raspberry pi or similar micro pc running linux to effectively sit as a client on these branch offices. We could then run docker with containers for things like "SmokePing", "MySpeed", "OpenSpeedTest" and similar tools to give us some live and historical statistics on the connections, as well as tailscale so we can still get on to it if/when the WAN vpn drops to aid management and diagnostics of the local devices to avoid sending someone out to the sites.
This is technically a workable solution, but feels a bit klunky. Is there an off the shelf appliance that could give us this functionality? Or possibly a one click install rather than having to setup and maintain multiple monitoring products?
We are predominately a MS/Azure/Windows house, so any linux based options are frowned upon, but not completely ruled out. So anything that simplifies the setup is a benefit.
I have had a look around and couldnt find anything that seems to meet the bill. There are a lot of tools that do middle-out monitoring like solarwinds, cacti, zabbix etc. but I've not seen anything that seems to do edge-in monitoring, and certainly nothing that combines that with remote control to allow ssh/https onto edge-local devices.
We also need something that can be easily secured and maintained to comply with the UK Cyber Essentials+ certification.
Any suggestions?
https://redd.it/1p907o1
@r_systemadmin
Our network is currently a star configuration of a core network and a load of remote branch offices connected over fixed vpns. We occasionally have speed or connectivity issues and it would help if we had a non-user machine on site that we could connect to and do testing, and diagnostics etc. as well as something to record historical statistics for various local metrics.
My proposed "solution" at the moment would be getting something like a raspberry pi or similar micro pc running linux to effectively sit as a client on these branch offices. We could then run docker with containers for things like "SmokePing", "MySpeed", "OpenSpeedTest" and similar tools to give us some live and historical statistics on the connections, as well as tailscale so we can still get on to it if/when the WAN vpn drops to aid management and diagnostics of the local devices to avoid sending someone out to the sites.
This is technically a workable solution, but feels a bit klunky. Is there an off the shelf appliance that could give us this functionality? Or possibly a one click install rather than having to setup and maintain multiple monitoring products?
We are predominately a MS/Azure/Windows house, so any linux based options are frowned upon, but not completely ruled out. So anything that simplifies the setup is a benefit.
I have had a look around and couldnt find anything that seems to meet the bill. There are a lot of tools that do middle-out monitoring like solarwinds, cacti, zabbix etc. but I've not seen anything that seems to do edge-in monitoring, and certainly nothing that combines that with remote control to allow ssh/https onto edge-local devices.
We also need something that can be easily secured and maintained to comply with the UK Cyber Essentials+ certification.
Any suggestions?
https://redd.it/1p907o1
@r_systemadmin
Reddit
From the sysadmin community on Reddit
Explore this post and more from the sysadmin community
Does anybody else have issues magically resolve just by looking at them?
I know it sounds cliche but "magic touch" seems to be true for me. A lot of problems get solved as soon as I watch the user show me what’s happening. That's all i wanted to say.
https://redd.it/1p94d2p
@r_systemadmin
I know it sounds cliche but "magic touch" seems to be true for me. A lot of problems get solved as soon as I watch the user show me what’s happening. That's all i wanted to say.
https://redd.it/1p94d2p
@r_systemadmin
Reddit
From the sysadmin community on Reddit
Explore this post and more from the sysadmin community
Active Directory remote logoff
Hey sysadmins!
I needed a way to terminate Active Directory sessions on remote PCs, so I decided to create a small GUI program for it. After a bit of research, I built this handy tool that's simple and user-friendly (at least, I hope you’ll find it so).
If you want to check it out, you can find it here <--- here you can access the source code, its a wrapper for quser command and Microsoft AD Object Picker
You have to get the exe or compile it from source, run it and then you can select the AD Computer, serach for sessions using quser in the backend and the you can select the session or logoff all sessions
Feel free to try it and let me know what you think!
https://redd.it/1p9bggc
@r_systemadmin
Hey sysadmins!
I needed a way to terminate Active Directory sessions on remote PCs, so I decided to create a small GUI program for it. After a bit of research, I built this handy tool that's simple and user-friendly (at least, I hope you’ll find it so).
If you want to check it out, you can find it here <--- here you can access the source code, its a wrapper for quser command and Microsoft AD Object Picker
You have to get the exe or compile it from source, run it and then you can select the AD Computer, serach for sessions using quser in the backend and the you can select the session or logoff all sessions
Feel free to try it and let me know what you think!
https://redd.it/1p9bggc
@r_systemadmin
Gitea: Git with a cup of tea
remote-logoff
Project focused on creating a tool for administrators to terminate AD sessions
Help with Blocking External Shares in Google Workspace
Hi, we are planning to disable external sharing in Google Workspace due to recent security concerns, as some users have been accessing publicly shared files outside our domain that may be unsafe.
Our understanding is that disabling external sharing will prevent any new external shares. However, we would like to confirm whether this change will also affect existing externally shared or publicly accessible files that currently appear in users’ “Shared with me” sections in Google Drive.
For reference, we are navigating to: Apps > Google Workspace > Settings for Drive and Docs > Sharing Settings > Sharing Options, and setting external sharing to “OFF,” as well as unchecking “Allow users in our domain to receive files from users or shared drives outside of our domain.”
Our goal is to block both future and past external access. Any confirmation or guidance before we make these changes would be greatly appreciated. Thanks! This was posted before and was for some reason removed.
TLDR; Does anyone know if a user has previously accessed a publicly shared document from outside our domain in the past, will that file automatically disappear from their Drive once we disable external sharing?
EDIT: Using a test OU to check... Simply turning off external sharing for the OU seems to stop future shares as it should. But, it seems that when we uncheck “Allow users in our domain to receive files from users or shared drives outside of our domain” this seems to stop the previous/pre-existing shares with external domains for our test user. I checked Google vault and the files do not appear anymore in the test users drive. I hope someone here can also confirm!!
https://redd.it/1p9gc7z
@r_systemadmin
Hi, we are planning to disable external sharing in Google Workspace due to recent security concerns, as some users have been accessing publicly shared files outside our domain that may be unsafe.
Our understanding is that disabling external sharing will prevent any new external shares. However, we would like to confirm whether this change will also affect existing externally shared or publicly accessible files that currently appear in users’ “Shared with me” sections in Google Drive.
For reference, we are navigating to: Apps > Google Workspace > Settings for Drive and Docs > Sharing Settings > Sharing Options, and setting external sharing to “OFF,” as well as unchecking “Allow users in our domain to receive files from users or shared drives outside of our domain.”
Our goal is to block both future and past external access. Any confirmation or guidance before we make these changes would be greatly appreciated. Thanks! This was posted before and was for some reason removed.
TLDR; Does anyone know if a user has previously accessed a publicly shared document from outside our domain in the past, will that file automatically disappear from their Drive once we disable external sharing?
EDIT: Using a test OU to check... Simply turning off external sharing for the OU seems to stop future shares as it should. But, it seems that when we uncheck “Allow users in our domain to receive files from users or shared drives outside of our domain” this seems to stop the previous/pre-existing shares with external domains for our test user. I checked Google vault and the files do not appear anymore in the test users drive. I hope someone here can also confirm!!
https://redd.it/1p9gc7z
@r_systemadmin
Reddit
From the sysadmin community on Reddit
Explore this post and more from the sysadmin community
ADFS token signing and decrypting cert question.
I renewed our token signing and token decrypting certs in ADFS and am going to start distributing the certs sine we have apps that can’t update from metadata. Do relying party trusts ever use the token decrypting certificate, or just the token signing certificate? It’s my understanding that the token decrypting cert would only be used if ADFS is receiving tokens from an upstream IdP. Any “gotchas” that I should be aware of? My assumption is that the new token signing cert that is secondary just needs to be given to any applications that use ADFS a then once all apps are updated we can roll over the certificate.
https://redd.it/1p9fmwa
@r_systemadmin
I renewed our token signing and token decrypting certs in ADFS and am going to start distributing the certs sine we have apps that can’t update from metadata. Do relying party trusts ever use the token decrypting certificate, or just the token signing certificate? It’s my understanding that the token decrypting cert would only be used if ADFS is receiving tokens from an upstream IdP. Any “gotchas” that I should be aware of? My assumption is that the new token signing cert that is secondary just needs to be given to any applications that use ADFS a then once all apps are updated we can roll over the certificate.
https://redd.it/1p9fmwa
@r_systemadmin
Reddit
From the sysadmin community on Reddit
Explore this post and more from the sysadmin community
Recruiting
I'm not currently looking to leave my role, but I've been caught in a few waves in the past 10 years of horrible work environment that I had been looking to leave. I applied for a few jobs but they never really went too far, despite me (I think) being a pretty solid candidate. I've only ever had a helpdesk job at my college and then got an internship in college which led to a FTE where I've been in different internal roles ever since (so I've never really had to seriously go through the process). My company ended up hiring a few good people through a recruiting agency, but how does that work as a job seeker (I'd ask those people who are now my peers but I don't want them to think I'm looking to leave)? All I know is by looking on Indeed or just knowing what the big companies in my area are. I'm honestly just curious how it would work in case I do need to seriously look for a job again.
https://redd.it/1p9mo7i
@r_systemadmin
I'm not currently looking to leave my role, but I've been caught in a few waves in the past 10 years of horrible work environment that I had been looking to leave. I applied for a few jobs but they never really went too far, despite me (I think) being a pretty solid candidate. I've only ever had a helpdesk job at my college and then got an internship in college which led to a FTE where I've been in different internal roles ever since (so I've never really had to seriously go through the process). My company ended up hiring a few good people through a recruiting agency, but how does that work as a job seeker (I'd ask those people who are now my peers but I don't want them to think I'm looking to leave)? All I know is by looking on Indeed or just knowing what the big companies in my area are. I'm honestly just curious how it would work in case I do need to seriously look for a job again.
https://redd.it/1p9mo7i
@r_systemadmin
Reddit
From the sysadmin community on Reddit
Explore this post and more from the sysadmin community
Okay, but how do you SSH into 1,000 devices??
My company has a few thousand devices in the field (vending machines). And recently my team got report that many machines is having a problem. We figured that those devices are using ‘develop’ branch of our kiosk application, instead of ‘production’ branch.
Th fix is to change git branch to production. But the problem is there's about 700 devices (that we know) that went out with ‘develop’ branch.
For this problem, my team already manual remote SSH into each devices and solve them all. Took us one whole day.
This isn't first time we need to do this. But mostly it wasn't as many devices as this.
I wonder if I can do something like sending same cli command to multiple SSH addresses at once of if there's any tool that let me do that. We use reverse tunnel for SSH endpoint.
Or if your company deals with similar fleet size. How are you dealing with such case?
https://redd.it/1p926bi
@r_systemadmin
My company has a few thousand devices in the field (vending machines). And recently my team got report that many machines is having a problem. We figured that those devices are using ‘develop’ branch of our kiosk application, instead of ‘production’ branch.
Th fix is to change git branch to production. But the problem is there's about 700 devices (that we know) that went out with ‘develop’ branch.
For this problem, my team already manual remote SSH into each devices and solve them all. Took us one whole day.
This isn't first time we need to do this. But mostly it wasn't as many devices as this.
I wonder if I can do something like sending same cli command to multiple SSH addresses at once of if there's any tool that let me do that. We use reverse tunnel for SSH endpoint.
Or if your company deals with similar fleet size. How are you dealing with such case?
https://redd.it/1p926bi
@r_systemadmin
Reddit
From the sysadmin community on Reddit
Explore this post and more from the sysadmin community
Network segment is receiving DHCP address info but not communicating on LAN or internet
Hi all, this problem started late on Thurs and my normal networking consultant is bedridden with the flu and can't help. This one is stumping me.... I'm seeing symptoms that could be something like a network loop and I'm seeing symptoms that might be DNS/DHCP(?)
We have multiple managed switches in the building but this problem is only happening to devices connected to one of them.
SOME of the devices connected to this switch are fine but others can't communicate on the LAN or internet even though they are receiving valid DHCP address info.... no pings, traceroutes die right away.
I rebooted the switch and the devices, it didn't make any difference.
We have an access point plugged into the switch and I can see that access point on the network, it's accepting clients but the clients can't connect anything.
If I plug my laptop into any of the ports connected to that switch it will work normally.
I'm stumped and over my head - if anyone has any recommendations please let me know!
EDIT: Additional Info:
* the DHCP servers (a pair of Windows 2019 servers) are still giving out addresses within the last 24 hours and I have lease expirations of 12/7 (8 days from now)
* I have a DHCP range of (10.0.20.1 - 10.0.21.254) and all devices have addresses witihn that range so I don't think there is a rouge DHCP server on the network.
* Some of the "problem" devices seem to be able to ping the gateway but others cannot.
https://redd.it/1p9tkwa
@r_systemadmin
Hi all, this problem started late on Thurs and my normal networking consultant is bedridden with the flu and can't help. This one is stumping me.... I'm seeing symptoms that could be something like a network loop and I'm seeing symptoms that might be DNS/DHCP(?)
We have multiple managed switches in the building but this problem is only happening to devices connected to one of them.
SOME of the devices connected to this switch are fine but others can't communicate on the LAN or internet even though they are receiving valid DHCP address info.... no pings, traceroutes die right away.
I rebooted the switch and the devices, it didn't make any difference.
We have an access point plugged into the switch and I can see that access point on the network, it's accepting clients but the clients can't connect anything.
If I plug my laptop into any of the ports connected to that switch it will work normally.
I'm stumped and over my head - if anyone has any recommendations please let me know!
EDIT: Additional Info:
* the DHCP servers (a pair of Windows 2019 servers) are still giving out addresses within the last 24 hours and I have lease expirations of 12/7 (8 days from now)
* I have a DHCP range of (10.0.20.1 - 10.0.21.254) and all devices have addresses witihn that range so I don't think there is a rouge DHCP server on the network.
* Some of the "problem" devices seem to be able to ping the gateway but others cannot.
https://redd.it/1p9tkwa
@r_systemadmin
Reddit
From the sysadmin community on Reddit
Explore this post and more from the sysadmin community