Hardware Domain Controller + Fileserver
Hey folks,
I was researching for a few days already, but couldn't get a good solution for my problem.
Our company is still staying on-prem with mostly all services, soft- and hardware. So we're using physical domain controllers and fileserver and other things over here.
Now one of our domain controllers is already a few years old (8) at the moment, so we're going to upgrade it. At the moment it is a running windows server which functions as domain controller and fileserver role at the same time. Now I learned, that it is best practice to disconnect both roles from another. In a small company like ours (about 150-200 devices), it would be enough to use hyper-v and use a vm for each role (DC + Fileserver).
I was wondering, if you have better ideas, hints or anything, which could help me in decision making.
We configured a Supermicro Mainboard X14SBI-TF with 2x 1TB NMVe SSD for Windows and 2x 4TB NVMe SSD with a Asus PCI-E Adapter Card for storage. We configured a Xeon 6507P and 64GB of RAM. I know the hardware is pretty much overkill, that's why I'm asking for advice. The Server costs about 8k Euros.
Any ideas, what hardware to get? How powerful should it be? Should we use two different servers/hardware? Any advice?
Thanks in advance for your input!
https://redd.it/1p8usjz
@r_systemadmin
Hey folks,
I was researching for a few days already, but couldn't get a good solution for my problem.
Our company is still staying on-prem with mostly all services, soft- and hardware. So we're using physical domain controllers and fileserver and other things over here.
Now one of our domain controllers is already a few years old (8) at the moment, so we're going to upgrade it. At the moment it is a running windows server which functions as domain controller and fileserver role at the same time. Now I learned, that it is best practice to disconnect both roles from another. In a small company like ours (about 150-200 devices), it would be enough to use hyper-v and use a vm for each role (DC + Fileserver).
I was wondering, if you have better ideas, hints or anything, which could help me in decision making.
We configured a Supermicro Mainboard X14SBI-TF with 2x 1TB NMVe SSD for Windows and 2x 4TB NVMe SSD with a Asus PCI-E Adapter Card for storage. We configured a Xeon 6507P and 64GB of RAM. I know the hardware is pretty much overkill, that's why I'm asking for advice. The Server costs about 8k Euros.
Any ideas, what hardware to get? How powerful should it be? Should we use two different servers/hardware? Any advice?
Thanks in advance for your input!
https://redd.it/1p8usjz
@r_systemadmin
Reddit
From the sysadmin community on Reddit
Explore this post and more from the sysadmin community
Applied for new job that fell on my lap. Gave employer some pretty minimal asks - they have made promises but everything else is rubbing me the wrong way
Hey all,
I started here and took what was technically a step back in role, for more opportunity. I went to senior on helpdesk. My manager had plans for me to step into an Engineer role, with the lone Sysadmin who was overworked.
It eventually happened but was delayed by a year mostly due to HR getting in the way of what the team wanted. The other guy got it first on the condition that a backup (me) would be coming down the road. That was dragged out and he went on stress leave, they gave it to me then but forced me to do a temp contract - this really rubbed me the wrong way then, but it eventually worked out. We're both engineers, I've done so much including an Azure migration and setting up a SQL data warehouse for analytics, migrated acquired companies all in a short period of time.
Everything else about the job and environment are pretty great. Wfh, flexible, great boss, fun work.
---
IT manager job popped up at a smaller company nearby in the same industry. I got an offer. All in all its a slight pay bump, some benefits are slightly better, some a little worse. I told my company I was interested. They promised me next year there would be higher roles coming and that they have me in mind for them, these are delivery, architect, project manager roles, etc... that are all slated to come thru and actually going through the approval/posting processes right now.
I have no doubt that I will eventually get one of them, but also that I'm going to go through the same HR battle of posting - not promotion, contract work, etc...
I pushed back and said I am really looking for something right now to reassure me that these barriers wont be there next year, or that at least we can get over 1 or 2 of them. An extra week of vacation, a little out of bracket pay increase.
My boss, his C suite boss are all for it. But HR rubber stamps this stuff. They instead requested to dive in to the 1:1 likeness of the other company's offer. Quoting differences between personal/vacation/sick days.
This is really rubbing me the wrong way. And at this point I feel a little backed into a corner, that they need to offer anything other than promises at this point or I have to jump.
Just looking for advice from those who have gone through this before. The other job will be more of a 1 man show with either a MSP or junior. Both companies are pretty flexible, but I'll be in the office in the new one and they commit to building out a hybrid arrangement - they actually want me to create this for the company. It'll be extra hats, but as a smaller company I'll be able to get a lot more done and see the impact of my work more. Both companies are growing very fast, the other one is around 1/4 the size of mine. 80 people 4 locations versus 320 people 20 locations.
https://redd.it/1p8ww2k
@r_systemadmin
Hey all,
I started here and took what was technically a step back in role, for more opportunity. I went to senior on helpdesk. My manager had plans for me to step into an Engineer role, with the lone Sysadmin who was overworked.
It eventually happened but was delayed by a year mostly due to HR getting in the way of what the team wanted. The other guy got it first on the condition that a backup (me) would be coming down the road. That was dragged out and he went on stress leave, they gave it to me then but forced me to do a temp contract - this really rubbed me the wrong way then, but it eventually worked out. We're both engineers, I've done so much including an Azure migration and setting up a SQL data warehouse for analytics, migrated acquired companies all in a short period of time.
Everything else about the job and environment are pretty great. Wfh, flexible, great boss, fun work.
---
IT manager job popped up at a smaller company nearby in the same industry. I got an offer. All in all its a slight pay bump, some benefits are slightly better, some a little worse. I told my company I was interested. They promised me next year there would be higher roles coming and that they have me in mind for them, these are delivery, architect, project manager roles, etc... that are all slated to come thru and actually going through the approval/posting processes right now.
I have no doubt that I will eventually get one of them, but also that I'm going to go through the same HR battle of posting - not promotion, contract work, etc...
I pushed back and said I am really looking for something right now to reassure me that these barriers wont be there next year, or that at least we can get over 1 or 2 of them. An extra week of vacation, a little out of bracket pay increase.
My boss, his C suite boss are all for it. But HR rubber stamps this stuff. They instead requested to dive in to the 1:1 likeness of the other company's offer. Quoting differences between personal/vacation/sick days.
This is really rubbing me the wrong way. And at this point I feel a little backed into a corner, that they need to offer anything other than promises at this point or I have to jump.
Just looking for advice from those who have gone through this before. The other job will be more of a 1 man show with either a MSP or junior. Both companies are pretty flexible, but I'll be in the office in the new one and they commit to building out a hybrid arrangement - they actually want me to create this for the company. It'll be extra hats, but as a smaller company I'll be able to get a lot more done and see the impact of my work more. Both companies are growing very fast, the other one is around 1/4 the size of mine. 80 people 4 locations versus 320 people 20 locations.
https://redd.it/1p8ww2k
@r_systemadmin
Reddit
From the sysadmin community on Reddit
Explore this post and more from the sysadmin community
Internet being scrubbed of tribal knowledge: Dell Power Edge RAID Controller Activity Lights
Need some help,
Dell PowerEdge Raid Controllers - if you put a non dell certified drive in the server the hdd activity light will work in reverse. this has been a thing since the beginning of time, there is a command you can run to correct this issue / ignore the non-certified drive and then it will behave normally. i have boxes still where this has been done and is true.
I've done it many times on past machines, but now i cant find any info on the internet of it at all. it seems every day more and more tribal knowledge is gone and impossible to find.
If you have this in your notes anywhere, please share.
Thanks.
https://redd.it/1p8xyif
@r_systemadmin
Need some help,
Dell PowerEdge Raid Controllers - if you put a non dell certified drive in the server the hdd activity light will work in reverse. this has been a thing since the beginning of time, there is a command you can run to correct this issue / ignore the non-certified drive and then it will behave normally. i have boxes still where this has been done and is true.
I've done it many times on past machines, but now i cant find any info on the internet of it at all. it seems every day more and more tribal knowledge is gone and impossible to find.
If you have this in your notes anywhere, please share.
Thanks.
https://redd.it/1p8xyif
@r_systemadmin
Reddit
From the sysadmin community on Reddit
Explore this post and more from the sysadmin community
Hotel software integration issues are absolutely killing me, tell me I'm not alone
Im managing tech for a small hotel group, 8 properties total around 50-70 rooms each, and I'm genuinely at my breaking point with integration nightmares. We've got a PMS that's supposed to integrate with our booking engine, channel manager, payment processor, and guest messaging system. Except nothing actually works together the way it's supposed to.
Last week we had a guest's payment process through Stripe but it didn't sync to the PMS, so front desk tried charging them again at checkout. Guest was understandably pissed off and left us a 2 star review. This happens at least once a week across our properties. Our channel manager randomly stops syncing inventory and we end up with double bookings, then we're scrambling to relocate guests or comp rooms. Guest messaging doesn't pull reservation details automatically so staff has to manually look up everything.
I spent 3 hours on a vendor support call yesterday and basically got told to refresh the connection and clear the cache like I'm some kind of idiot who doesn't know how computers work. I have a CS degree, I understand how APIs are supposed to function, these systems are just poorly built.
Everything claims seamless integration but really it's a bunch of manual workarounds and constant firefighting. I seriously started considering consolidating to fewer vendors even if we lose some functionality, just to stop dealing with integration headaches every single day.
Do larger hotel groups deal with this constantly or is it just mid-size operations like ours that get screwed? Anyone successfully consolidated their tech stack and actually seen improvement?
https://redd.it/1p8swgg
@r_systemadmin
Im managing tech for a small hotel group, 8 properties total around 50-70 rooms each, and I'm genuinely at my breaking point with integration nightmares. We've got a PMS that's supposed to integrate with our booking engine, channel manager, payment processor, and guest messaging system. Except nothing actually works together the way it's supposed to.
Last week we had a guest's payment process through Stripe but it didn't sync to the PMS, so front desk tried charging them again at checkout. Guest was understandably pissed off and left us a 2 star review. This happens at least once a week across our properties. Our channel manager randomly stops syncing inventory and we end up with double bookings, then we're scrambling to relocate guests or comp rooms. Guest messaging doesn't pull reservation details automatically so staff has to manually look up everything.
I spent 3 hours on a vendor support call yesterday and basically got told to refresh the connection and clear the cache like I'm some kind of idiot who doesn't know how computers work. I have a CS degree, I understand how APIs are supposed to function, these systems are just poorly built.
Everything claims seamless integration but really it's a bunch of manual workarounds and constant firefighting. I seriously started considering consolidating to fewer vendors even if we lose some functionality, just to stop dealing with integration headaches every single day.
Do larger hotel groups deal with this constantly or is it just mid-size operations like ours that get screwed? Anyone successfully consolidated their tech stack and actually seen improvement?
https://redd.it/1p8swgg
@r_systemadmin
Reddit
From the sysadmin community on Reddit
Explore this post and more from the sysadmin community
Distributed wan monitoring system.
Our network is currently a star configuration of a core network and a load of remote branch offices connected over fixed vpns. We occasionally have speed or connectivity issues and it would help if we had a non-user machine on site that we could connect to and do testing, and diagnostics etc. as well as something to record historical statistics for various local metrics.
My proposed "solution" at the moment would be getting something like a raspberry pi or similar micro pc running linux to effectively sit as a client on these branch offices. We could then run docker with containers for things like "SmokePing", "MySpeed", "OpenSpeedTest" and similar tools to give us some live and historical statistics on the connections, as well as tailscale so we can still get on to it if/when the WAN vpn drops to aid management and diagnostics of the local devices to avoid sending someone out to the sites.
This is technically a workable solution, but feels a bit klunky. Is there an off the shelf appliance that could give us this functionality? Or possibly a one click install rather than having to setup and maintain multiple monitoring products?
We are predominately a MS/Azure/Windows house, so any linux based options are frowned upon, but not completely ruled out. So anything that simplifies the setup is a benefit.
I have had a look around and couldnt find anything that seems to meet the bill. There are a lot of tools that do middle-out monitoring like solarwinds, cacti, zabbix etc. but I've not seen anything that seems to do edge-in monitoring, and certainly nothing that combines that with remote control to allow ssh/https onto edge-local devices.
We also need something that can be easily secured and maintained to comply with the UK Cyber Essentials+ certification.
Any suggestions?
https://redd.it/1p907o1
@r_systemadmin
Our network is currently a star configuration of a core network and a load of remote branch offices connected over fixed vpns. We occasionally have speed or connectivity issues and it would help if we had a non-user machine on site that we could connect to and do testing, and diagnostics etc. as well as something to record historical statistics for various local metrics.
My proposed "solution" at the moment would be getting something like a raspberry pi or similar micro pc running linux to effectively sit as a client on these branch offices. We could then run docker with containers for things like "SmokePing", "MySpeed", "OpenSpeedTest" and similar tools to give us some live and historical statistics on the connections, as well as tailscale so we can still get on to it if/when the WAN vpn drops to aid management and diagnostics of the local devices to avoid sending someone out to the sites.
This is technically a workable solution, but feels a bit klunky. Is there an off the shelf appliance that could give us this functionality? Or possibly a one click install rather than having to setup and maintain multiple monitoring products?
We are predominately a MS/Azure/Windows house, so any linux based options are frowned upon, but not completely ruled out. So anything that simplifies the setup is a benefit.
I have had a look around and couldnt find anything that seems to meet the bill. There are a lot of tools that do middle-out monitoring like solarwinds, cacti, zabbix etc. but I've not seen anything that seems to do edge-in monitoring, and certainly nothing that combines that with remote control to allow ssh/https onto edge-local devices.
We also need something that can be easily secured and maintained to comply with the UK Cyber Essentials+ certification.
Any suggestions?
https://redd.it/1p907o1
@r_systemadmin
Reddit
From the sysadmin community on Reddit
Explore this post and more from the sysadmin community
Does anybody else have issues magically resolve just by looking at them?
I know it sounds cliche but "magic touch" seems to be true for me. A lot of problems get solved as soon as I watch the user show me what’s happening. That's all i wanted to say.
https://redd.it/1p94d2p
@r_systemadmin
I know it sounds cliche but "magic touch" seems to be true for me. A lot of problems get solved as soon as I watch the user show me what’s happening. That's all i wanted to say.
https://redd.it/1p94d2p
@r_systemadmin
Reddit
From the sysadmin community on Reddit
Explore this post and more from the sysadmin community
Active Directory remote logoff
Hey sysadmins!
I needed a way to terminate Active Directory sessions on remote PCs, so I decided to create a small GUI program for it. After a bit of research, I built this handy tool that's simple and user-friendly (at least, I hope you’ll find it so).
If you want to check it out, you can find it here <--- here you can access the source code, its a wrapper for quser command and Microsoft AD Object Picker
You have to get the exe or compile it from source, run it and then you can select the AD Computer, serach for sessions using quser in the backend and the you can select the session or logoff all sessions
Feel free to try it and let me know what you think!
https://redd.it/1p9bggc
@r_systemadmin
Hey sysadmins!
I needed a way to terminate Active Directory sessions on remote PCs, so I decided to create a small GUI program for it. After a bit of research, I built this handy tool that's simple and user-friendly (at least, I hope you’ll find it so).
If you want to check it out, you can find it here <--- here you can access the source code, its a wrapper for quser command and Microsoft AD Object Picker
You have to get the exe or compile it from source, run it and then you can select the AD Computer, serach for sessions using quser in the backend and the you can select the session or logoff all sessions
Feel free to try it and let me know what you think!
https://redd.it/1p9bggc
@r_systemadmin
Gitea: Git with a cup of tea
remote-logoff
Project focused on creating a tool for administrators to terminate AD sessions
Help with Blocking External Shares in Google Workspace
Hi, we are planning to disable external sharing in Google Workspace due to recent security concerns, as some users have been accessing publicly shared files outside our domain that may be unsafe.
Our understanding is that disabling external sharing will prevent any new external shares. However, we would like to confirm whether this change will also affect existing externally shared or publicly accessible files that currently appear in users’ “Shared with me” sections in Google Drive.
For reference, we are navigating to: Apps > Google Workspace > Settings for Drive and Docs > Sharing Settings > Sharing Options, and setting external sharing to “OFF,” as well as unchecking “Allow users in our domain to receive files from users or shared drives outside of our domain.”
Our goal is to block both future and past external access. Any confirmation or guidance before we make these changes would be greatly appreciated. Thanks! This was posted before and was for some reason removed.
TLDR; Does anyone know if a user has previously accessed a publicly shared document from outside our domain in the past, will that file automatically disappear from their Drive once we disable external sharing?
EDIT: Using a test OU to check... Simply turning off external sharing for the OU seems to stop future shares as it should. But, it seems that when we uncheck “Allow users in our domain to receive files from users or shared drives outside of our domain” this seems to stop the previous/pre-existing shares with external domains for our test user. I checked Google vault and the files do not appear anymore in the test users drive. I hope someone here can also confirm!!
https://redd.it/1p9gc7z
@r_systemadmin
Hi, we are planning to disable external sharing in Google Workspace due to recent security concerns, as some users have been accessing publicly shared files outside our domain that may be unsafe.
Our understanding is that disabling external sharing will prevent any new external shares. However, we would like to confirm whether this change will also affect existing externally shared or publicly accessible files that currently appear in users’ “Shared with me” sections in Google Drive.
For reference, we are navigating to: Apps > Google Workspace > Settings for Drive and Docs > Sharing Settings > Sharing Options, and setting external sharing to “OFF,” as well as unchecking “Allow users in our domain to receive files from users or shared drives outside of our domain.”
Our goal is to block both future and past external access. Any confirmation or guidance before we make these changes would be greatly appreciated. Thanks! This was posted before and was for some reason removed.
TLDR; Does anyone know if a user has previously accessed a publicly shared document from outside our domain in the past, will that file automatically disappear from their Drive once we disable external sharing?
EDIT: Using a test OU to check... Simply turning off external sharing for the OU seems to stop future shares as it should. But, it seems that when we uncheck “Allow users in our domain to receive files from users or shared drives outside of our domain” this seems to stop the previous/pre-existing shares with external domains for our test user. I checked Google vault and the files do not appear anymore in the test users drive. I hope someone here can also confirm!!
https://redd.it/1p9gc7z
@r_systemadmin
Reddit
From the sysadmin community on Reddit
Explore this post and more from the sysadmin community
ADFS token signing and decrypting cert question.
I renewed our token signing and token decrypting certs in ADFS and am going to start distributing the certs sine we have apps that can’t update from metadata. Do relying party trusts ever use the token decrypting certificate, or just the token signing certificate? It’s my understanding that the token decrypting cert would only be used if ADFS is receiving tokens from an upstream IdP. Any “gotchas” that I should be aware of? My assumption is that the new token signing cert that is secondary just needs to be given to any applications that use ADFS a then once all apps are updated we can roll over the certificate.
https://redd.it/1p9fmwa
@r_systemadmin
I renewed our token signing and token decrypting certs in ADFS and am going to start distributing the certs sine we have apps that can’t update from metadata. Do relying party trusts ever use the token decrypting certificate, or just the token signing certificate? It’s my understanding that the token decrypting cert would only be used if ADFS is receiving tokens from an upstream IdP. Any “gotchas” that I should be aware of? My assumption is that the new token signing cert that is secondary just needs to be given to any applications that use ADFS a then once all apps are updated we can roll over the certificate.
https://redd.it/1p9fmwa
@r_systemadmin
Reddit
From the sysadmin community on Reddit
Explore this post and more from the sysadmin community
Recruiting
I'm not currently looking to leave my role, but I've been caught in a few waves in the past 10 years of horrible work environment that I had been looking to leave. I applied for a few jobs but they never really went too far, despite me (I think) being a pretty solid candidate. I've only ever had a helpdesk job at my college and then got an internship in college which led to a FTE where I've been in different internal roles ever since (so I've never really had to seriously go through the process). My company ended up hiring a few good people through a recruiting agency, but how does that work as a job seeker (I'd ask those people who are now my peers but I don't want them to think I'm looking to leave)? All I know is by looking on Indeed or just knowing what the big companies in my area are. I'm honestly just curious how it would work in case I do need to seriously look for a job again.
https://redd.it/1p9mo7i
@r_systemadmin
I'm not currently looking to leave my role, but I've been caught in a few waves in the past 10 years of horrible work environment that I had been looking to leave. I applied for a few jobs but they never really went too far, despite me (I think) being a pretty solid candidate. I've only ever had a helpdesk job at my college and then got an internship in college which led to a FTE where I've been in different internal roles ever since (so I've never really had to seriously go through the process). My company ended up hiring a few good people through a recruiting agency, but how does that work as a job seeker (I'd ask those people who are now my peers but I don't want them to think I'm looking to leave)? All I know is by looking on Indeed or just knowing what the big companies in my area are. I'm honestly just curious how it would work in case I do need to seriously look for a job again.
https://redd.it/1p9mo7i
@r_systemadmin
Reddit
From the sysadmin community on Reddit
Explore this post and more from the sysadmin community
Okay, but how do you SSH into 1,000 devices??
My company has a few thousand devices in the field (vending machines). And recently my team got report that many machines is having a problem. We figured that those devices are using ‘develop’ branch of our kiosk application, instead of ‘production’ branch.
Th fix is to change git branch to production. But the problem is there's about 700 devices (that we know) that went out with ‘develop’ branch.
For this problem, my team already manual remote SSH into each devices and solve them all. Took us one whole day.
This isn't first time we need to do this. But mostly it wasn't as many devices as this.
I wonder if I can do something like sending same cli command to multiple SSH addresses at once of if there's any tool that let me do that. We use reverse tunnel for SSH endpoint.
Or if your company deals with similar fleet size. How are you dealing with such case?
https://redd.it/1p926bi
@r_systemadmin
My company has a few thousand devices in the field (vending machines). And recently my team got report that many machines is having a problem. We figured that those devices are using ‘develop’ branch of our kiosk application, instead of ‘production’ branch.
Th fix is to change git branch to production. But the problem is there's about 700 devices (that we know) that went out with ‘develop’ branch.
For this problem, my team already manual remote SSH into each devices and solve them all. Took us one whole day.
This isn't first time we need to do this. But mostly it wasn't as many devices as this.
I wonder if I can do something like sending same cli command to multiple SSH addresses at once of if there's any tool that let me do that. We use reverse tunnel for SSH endpoint.
Or if your company deals with similar fleet size. How are you dealing with such case?
https://redd.it/1p926bi
@r_systemadmin
Reddit
From the sysadmin community on Reddit
Explore this post and more from the sysadmin community
Network segment is receiving DHCP address info but not communicating on LAN or internet
Hi all, this problem started late on Thurs and my normal networking consultant is bedridden with the flu and can't help. This one is stumping me.... I'm seeing symptoms that could be something like a network loop and I'm seeing symptoms that might be DNS/DHCP(?)
We have multiple managed switches in the building but this problem is only happening to devices connected to one of them.
SOME of the devices connected to this switch are fine but others can't communicate on the LAN or internet even though they are receiving valid DHCP address info.... no pings, traceroutes die right away.
I rebooted the switch and the devices, it didn't make any difference.
We have an access point plugged into the switch and I can see that access point on the network, it's accepting clients but the clients can't connect anything.
If I plug my laptop into any of the ports connected to that switch it will work normally.
I'm stumped and over my head - if anyone has any recommendations please let me know!
EDIT: Additional Info:
* the DHCP servers (a pair of Windows 2019 servers) are still giving out addresses within the last 24 hours and I have lease expirations of 12/7 (8 days from now)
* I have a DHCP range of (10.0.20.1 - 10.0.21.254) and all devices have addresses witihn that range so I don't think there is a rouge DHCP server on the network.
* Some of the "problem" devices seem to be able to ping the gateway but others cannot.
https://redd.it/1p9tkwa
@r_systemadmin
Hi all, this problem started late on Thurs and my normal networking consultant is bedridden with the flu and can't help. This one is stumping me.... I'm seeing symptoms that could be something like a network loop and I'm seeing symptoms that might be DNS/DHCP(?)
We have multiple managed switches in the building but this problem is only happening to devices connected to one of them.
SOME of the devices connected to this switch are fine but others can't communicate on the LAN or internet even though they are receiving valid DHCP address info.... no pings, traceroutes die right away.
I rebooted the switch and the devices, it didn't make any difference.
We have an access point plugged into the switch and I can see that access point on the network, it's accepting clients but the clients can't connect anything.
If I plug my laptop into any of the ports connected to that switch it will work normally.
I'm stumped and over my head - if anyone has any recommendations please let me know!
EDIT: Additional Info:
* the DHCP servers (a pair of Windows 2019 servers) are still giving out addresses within the last 24 hours and I have lease expirations of 12/7 (8 days from now)
* I have a DHCP range of (10.0.20.1 - 10.0.21.254) and all devices have addresses witihn that range so I don't think there is a rouge DHCP server on the network.
* Some of the "problem" devices seem to be able to ping the gateway but others cannot.
https://redd.it/1p9tkwa
@r_systemadmin
Reddit
From the sysadmin community on Reddit
Explore this post and more from the sysadmin community
Intune Shared Device Configuration
Hi everyone
I’m setting up Android Enterprise Fully Managed devices as shared devices for first-line workers. Dedicated (COSU) isn’t an option because we need Microsoft Tunnel, which only works on Fully Managed.
What’s the best practice to make Fully Managed devices behave like shared/dedicated devices?
• Only specific apps
• No system settings
• No personal Play Store
• Clean sign-in/out between users
Do I need to create a separate “technician/staging account” for the enrollment, or is there another recommended way to handle the initial AAD login?
Thanks for any advice
https://redd.it/1p9tsfy
@r_systemadmin
Hi everyone
I’m setting up Android Enterprise Fully Managed devices as shared devices for first-line workers. Dedicated (COSU) isn’t an option because we need Microsoft Tunnel, which only works on Fully Managed.
What’s the best practice to make Fully Managed devices behave like shared/dedicated devices?
• Only specific apps
• No system settings
• No personal Play Store
• Clean sign-in/out between users
Do I need to create a separate “technician/staging account” for the enrollment, or is there another recommended way to handle the initial AAD login?
Thanks for any advice
https://redd.it/1p9tsfy
@r_systemadmin
Reddit
From the sysadmin community on Reddit
Explore this post and more from the sysadmin community
LPIC-2 Preparation on 4linux
Hello everyone, I'm currently looking for preparation in Portuguese for the LPIC-2 certification and I came across the 4linux website, is their preparation really good for preparing for the exams?
https://redd.it/1p9tj62
@r_systemadmin
Hello everyone, I'm currently looking for preparation in Portuguese for the LPIC-2 certification and I came across the 4linux website, is their preparation really good for preparing for the exams?
https://redd.it/1p9tj62
@r_systemadmin
Reddit
From the sysadmin community on Reddit
Explore this post and more from the sysadmin community
Microsoft
I feel like some years ago, there was a lot of messaging from Microsoft about how clean and green their datacenters were, they we trialing underwater DCs, Microsoft would be carbon negative by 2030 you we basically saving the planet by using Azure.
However lately, I don't hear the same narrative.
Has the need to save the planet gone away?
Did something happen in the last couple of years to move away from this messaging? /s
https://redd.it/1p9y58p
@r_systemadmin
I feel like some years ago, there was a lot of messaging from Microsoft about how clean and green their datacenters were, they we trialing underwater DCs, Microsoft would be carbon negative by 2030 you we basically saving the planet by using Azure.
However lately, I don't hear the same narrative.
Has the need to save the planet gone away?
Did something happen in the last couple of years to move away from this messaging? /s
https://redd.it/1p9y58p
@r_systemadmin
Microsoft
Microsoft finds underwater datacenters are reliable, practical and use energy sustainably
Microsoft retrieved the Northern Isles underwater datacenter from the seafloor off Scotland's Orkney Islands. Project Natick is proving the concept of underwater datacenters is feasible as well as logistically, environmentally and economically practical.
Invoice / Monthly Payment tracker
Taking over the role of IT Manager in a couple of weeks - currently the Network Admin. Looking for a good tool to input and track all invoices and bills. A good way to track all monthly / yearly renewals. Current Manager has an Access database to input all invoices and Excel sheet to track monthly payments and yearly. Most of the bills arrive in email or hard copy so those are inputting into the firms invoicing database. I want my own IT db to track everything coming in. Any suggestions?
https://redd.it/1p9zi8w
@r_systemadmin
Taking over the role of IT Manager in a couple of weeks - currently the Network Admin. Looking for a good tool to input and track all invoices and bills. A good way to track all monthly / yearly renewals. Current Manager has an Access database to input all invoices and Excel sheet to track monthly payments and yearly. Most of the bills arrive in email or hard copy so those are inputting into the firms invoicing database. I want my own IT db to track everything coming in. Any suggestions?
https://redd.it/1p9zi8w
@r_systemadmin
Reddit
From the sysadmin community on Reddit
Explore this post and more from the sysadmin community
Which DLP is the better choice for a 10k-endpoint environment?
We’re evaluating three options right now: 1. Forcepoint 2. Trellix 3. Symantec
We have around 10,000 Windows endpoints, and Forcepoint is noticeably more expensive, especially when you include premium support.
If anyone has real-world experience with these tools—stability, policy management, support quality—would love to hear what you recommend.
We’re looking strictly for an on-prem deployment.
https://redd.it/1pa25ij
@r_systemadmin
We’re evaluating three options right now: 1. Forcepoint 2. Trellix 3. Symantec
We have around 10,000 Windows endpoints, and Forcepoint is noticeably more expensive, especially when you include premium support.
If anyone has real-world experience with these tools—stability, policy management, support quality—would love to hear what you recommend.
We’re looking strictly for an on-prem deployment.
https://redd.it/1pa25ij
@r_systemadmin
Reddit
From the sysadmin community on Reddit
Explore this post and more from the sysadmin community
Are you allowing any AI tools to touch production data at work?
I’m not a sysadmin myself, but I’m an engineer, and I’m trying to understand how this actually works in the real world.
In my previous role, I could use pretty much any AI tool I wanted, but I was working for a startup. I recently moved to a new company where I have a bit more responsibility and influence, and the situation is the complete opposite. We are not allowed to use any AI tool other than Copilot.
When I first raised this with our IT department, the response was basically “everything is a data breach.” But at the same time, I already see people using GPT or Claude anyway and just not talking about it. So there’s this weird gap between policy and reality.
Since I can now at least help influence some of these decisions, I’m trying to understand what’s actually normal out there right now. Are most organisations still in full lockdown mode? Are there environments where AI is formally allowed under strict controls? And do any of those setups actually feel secure in practice?
https://redd.it/1pa5jeg
@r_systemadmin
I’m not a sysadmin myself, but I’m an engineer, and I’m trying to understand how this actually works in the real world.
In my previous role, I could use pretty much any AI tool I wanted, but I was working for a startup. I recently moved to a new company where I have a bit more responsibility and influence, and the situation is the complete opposite. We are not allowed to use any AI tool other than Copilot.
When I first raised this with our IT department, the response was basically “everything is a data breach.” But at the same time, I already see people using GPT or Claude anyway and just not talking about it. So there’s this weird gap between policy and reality.
Since I can now at least help influence some of these decisions, I’m trying to understand what’s actually normal out there right now. Are most organisations still in full lockdown mode? Are there environments where AI is formally allowed under strict controls? And do any of those setups actually feel secure in practice?
https://redd.it/1pa5jeg
@r_systemadmin
Reddit
From the sysadmin community on Reddit
Explore this post and more from the sysadmin community
Do I have the right idea going into a DNS migration?
Hello, never done this before. Currently our domain is hosted on godaddy but the nameservers point to a third party provider. I just got access to a txt file with all the records. So from what I've gathered:
Move the name servers over to godaddy nsXX.domaincontrol.com
nsYY.domaincontrol.com and manually add the records 1 by 1?
Then wait for propogation?
Any help is appreciated, thank you.
https://redd.it/1pa81li
@r_systemadmin
Hello, never done this before. Currently our domain is hosted on godaddy but the nameservers point to a third party provider. I just got access to a txt file with all the records. So from what I've gathered:
Move the name servers over to godaddy nsXX.domaincontrol.com
nsYY.domaincontrol.com and manually add the records 1 by 1?
Then wait for propogation?
Any help is appreciated, thank you.
https://redd.it/1pa81li
@r_systemadmin
Reddit
From the sysadmin community on Reddit
Explore this post and more from the sysadmin community
NBNS HELP
Hi,
I am junior system engineer, and need guidance on a task. I have to disable NBNS. I ran Wireshark on one subnet and saw a lot of NBNS from laptops ( DC is broadcasting for laptops
My questions are:
If DNS records exist and work, why is there still NBNS/LLMNR traffic?
How can I tell if anything in the environment actually relies on these protocols before I disable them?
What is the safe way to test this in a production environment?
Are there any common things that usually break (apps, printers, shares) when people turn these off?
Please guide.
Thank you
https://redd.it/1paayg7
@r_systemadmin
Hi,
I am junior system engineer, and need guidance on a task. I have to disable NBNS. I ran Wireshark on one subnet and saw a lot of NBNS from laptops ( DC is broadcasting for laptops
My questions are:
If DNS records exist and work, why is there still NBNS/LLMNR traffic?
How can I tell if anything in the environment actually relies on these protocols before I disable them?
What is the safe way to test this in a production environment?
Are there any common things that usually break (apps, printers, shares) when people turn these off?
Please guide.
Thank you
https://redd.it/1paayg7
@r_systemadmin
Reddit
From the sysadmin community on Reddit
Explore this post and more from the sysadmin community
Hypervisor Crawling to a stop
Hi everyone,
I just came across one of our hypervisors acting very strange.
We run backups on all the VM's (which have been running fine) via Acronis and these have started failing.
So I tried and connect via our RMM tool but nothing, RDP directly and it takes forever to connect and get a black screen.
So I connect via iLO and I can reach the desktop but its very very slow, windows take forever to open and respond.
I managed to get task manager open but nothing out of the ordinary and event logs shows some potential issues with WMI but not sure.
A reboot has been done but exactly the same issue, VM's are fine but the host seems to be fighting for its life.
Has anyone come across this or would have ideas on what to troubleshoot?
https://redd.it/1pa38u4
@r_systemadmin
Hi everyone,
I just came across one of our hypervisors acting very strange.
We run backups on all the VM's (which have been running fine) via Acronis and these have started failing.
So I tried and connect via our RMM tool but nothing, RDP directly and it takes forever to connect and get a black screen.
So I connect via iLO and I can reach the desktop but its very very slow, windows take forever to open and respond.
I managed to get task manager open but nothing out of the ordinary and event logs shows some potential issues with WMI but not sure.
A reboot has been done but exactly the same issue, VM's are fine but the host seems to be fighting for its life.
Has anyone come across this or would have ideas on what to troubleshoot?
https://redd.it/1pa38u4
@r_systemadmin
Reddit
From the sysadmin community on Reddit
Explore this post and more from the sysadmin community