Reassign Global Admins to lower privileged roles?

There are too many global admins in the organization that use it as a catch all role when they don’t know what permissions or role meets the minimum permissions to perform their daily job tasks. They are active as a global admin all day everyday when they may only do global admin-specific tasks for a few hours per month.

We could use PIM for global admins, but it won’t help much if they just activate the global admin role all day everyday because they don’t have another role assignment available that provides the access they need for the majority of their work.

Is there any kind of Azure activity analyzer that audits what tasks certain admins have actually been doing with their current roles and can point you to new roles to assign to replace their global admin role assignment?

https://redd.it/1pg2ocn
@r_systemadmin

How much power does Cloudflare actually have?

The recent hiccups have caused me to look a bit deeper into cloudflares services (very much a beginner) and why everything dies when they do totally scheduled and planned for server maintenance.
I came across a lot of "What to do if I am blocked from a site by them" comments. The answer is invariably "contact that sites admin and tell them u are a good noodle."
How do I contact the admin of a page I am blocked from?
Maybe the cloudflare blocking page thing is supposed to give you an address, but the sites I encountered where badly set up?

What promted the question above was running into a complaint by a (admittedly questionable) website, that cloudflare was placing restrictions on their domain.
What does this mean for a website?
The CF FAQ and Forum don't seem to give a lot of info about their ban-hammer.
Is that only an issue if I was previously their customer, or does this mess with everything?

Thanks in advance!

https://redd.it/1pg3iyx
@r_systemadmin

How to make your SQL injection attacks obvious

I have a very old website, in ASP, running on old Windows IIS, with old SQL Server. The server itself is isolated, and the database is read only, so I'm not worried. Get regular attempted attacks, but fail2ban slows them down.

Today, I've had almost 164,000 (oops 344,000, forgot the other server) SQL injection attempt requests so far.

The user agent string starts: "Mozilla/5.0 (SymbianOS 9.4; Series60/5.0 NokiaN97-1/10.0.012"

I think I might be able to blanket block that with no worries.

Edit: since the first two comments were critical of my skills and decisions:

it's read only, and there's a proxy in front of it
it's for reference only
it was for a customer that went out of business well over a decade ago
but it's the archives of a magazine that I'm keeping online in case it's useful to some member of the public

It's not "security by obscurity" as one suggested - nothing obscure about it - it's read only - that's the security.

Edit 2: This web site has been running like this for close to a decade, on an isolated VM. Which could be restored from a snapshot if it was ever needed. Never needed it. I only noticed because - for reasons I don't know - fail2ban on the load balancer decided to stop banning anything early today. So fail2ban on the proxy started complaining.

https://redd.it/1pg495f
@r_systemadmin

Hired but worried about underperforming.

So I went through a number of interviews and was hired on for a sysadmin position and I start soon.

I was in the military as a sys admin, but not for long, and never was in one position long to gain a lot of proficiency.

I know a bit of linux, and I know a bit of windows, I've done password resets and everything, but just not a ton.

The interviews were pretty straightforward and asked pretty open ended questions that weren't very technical in nature, but I answered with the experience I do have and was hired, and I'm just worried about not being up to speed.

Thoughts? Advice?


https://redd.it/1pg67l1
@r_systemadmin

How did you find your sysadmin mentor?

As the noscript says: how did you find your mentor? I’m new to this role and I’m looking for a mentor to help navigate me to be successful in this role.

https://redd.it/1pg3r2y
@r_systemadmin

AV recommendations

I run a one-man IT services business on the side and can’t yet call myself a Managed Service Provider (MSP). My focus is currently on helping small businesses. Now I need to deploy antivirus software on all users’ desktops. I’m currently using Action1 but might switch to NinjaOne or something similar. I don’t mind patch management.

So, back to the main question: what antivirus or endpoint detection and response (EDR) software should I use? I’m leaning towards BitDefender but I’d appreciate any suggestions.

The software should be easy to use on a cloud level and manageable remotely. It should be low on system resources or at least not hog the entire computer. Additionally, it should allow remote uninstallation and the ability to send users a URL to download and run the software.

If they already have my Action1 agent installed, I’ll use Action1 to deploy it.

Finally, the price must be reasonable. My clients are small businesses, single individuals or traders who can’t afford expensive services.



https://redd.it/1pg5enr
@r_systemadmin

Higher Ed: The IT environment I will never work in again

Yesterday, I put in my 2 weeks at a large university that I've been at for less than a year. I feared I'd feel like a failure, but honestly, all I feel is relief.

Relocated my family across the country last March when my wife got an offer for a dream job, (legal). My former job was not keen to let me work remotely, so I quit after 14 years the last 8 of which was basically being "the guy" around anything server or data center. Thought I'd stay in that job until retirement, but it wasn't it the cards. Worked a contract job for about a month, and then landed what appeared to be a fantastic job at a large public university supporting their data center infrastructure.

In hindsight, there were some red flags I overlooked when I interviewed, but at the end of the day the reality of working in higher ed has been nothing short of a complete dumpster fire. Dysfunctional doesn't do justice to how awful things have been.

Senior leaders who have been at the university for 4 decades refusing to act on anything that isn't a rubber stamp. Directors and middle managers who have their heads so far up their own asses that they prefer to ask CoPilot for decisions on proprietary software and policy rather than listen to recommendations from myself or any of my colleagues who literally run the goddamned core infrastructure of the university. Conflicting edicts that both openly violate established policy and the industry norms. Making policy decisions, then leaving the explanation and justification to junior staff members, and refusing to communicate changes to the larger university until "things are going smoothly".

Some faculty members thinking they walk on fucking water because they have an advanced degree, which in their mind somehow makes them exempt from any sort of security standard (especially muti-factor auth). The situation had me so disgruntled that I came to the conclusion that I will never understand how the actual fuck competent people are supposed to work in higher ed.

My interview process required me to have a 1 on 1 interview with the CTO. I have not seen or heard directly from him since, despite him being the project sponsor of 4 of the projects I'm currently serving as lead on. My boss's boss's boss (there are 6 levels of management between me and the CTO) refuses to talk to more than half of my colleagues because of some bullshit argument they had over a decade ago. Pettiness everywhere, and more effort from management to clamp down on dissent than to actually accomplish anything.

Everything came to a head the first week of October. I was asked to present a plan to upgrade some of the oldest hardware in our datacenter, which involves porting an in-house built application that hasn't had a full time employee supporting it since about 2014. The director of my department decided to use the presentation time to try to grill me (with an audience of \~100 university employees on why a bunch of projects I have no part of were off schedule, and spent an entire hour telling me that he didn't believe I had "it". He said that higher ed was likely not a great place for me. When I asked for examples of what I had done wrong, he blabbered for an hour about ITIL and how critical it is to success - aka, he didn't bother answering. All of this in a public forum.

To my fellow higher ed IT folks, I sincerely hope you never have to deal with this level of dysfunction, and I hope my story is an anomaly. Or, at the very least I hope you have a chance to escape any toxic environment.


EDIT - Spelling

https://redd.it/1pge29t
@r_systemadmin

What's your organization's employees-per-sysadmin ratio?

Disclaimer: I am not a sysadmin. I work in an organization with 65 people and 1.5 sysadmin, an employees-per-sysadmin ratio of 43.

Most employees have no particular computer skills, but work exclusively with email and documents. But users need to be serviced, passwords reset, servers upgraded, printers repaired, etc.

It's my impression that this ratio of 43 is way too high - our sysadmins have little time to do anything besides the most urgent. But we are a few who frequently have more demanding requests, and we find ourselves competing for our sysadmins' time.

What's the ratio at your workplace, and what would you say is a good ratio?

https://redd.it/1pgf8qv
@r_systemadmin

NinjaOne - delaying updates till reboot?

When using NinjaOne for patch management of Windows clients (especially Windows updates) we often face stability issues because NinjaOne insists on applying patches to live systems, and only applying a delayed reboot. There's roughly at least one update every two months that was completely unsafe to apply by NinjaOne.

While that works somewhat fine for browser and office applications, we have now repeatedly experienced issues with more specialized applications, and even severe issues like file system corruptions on systems running Docker as several updates (especially Windows updates) were definitely not fine to install while applications or services were still running.

Most common victims are the explorer.exe as well as GPU divers which when installed like that often end up in a state where still running instances are barely surviving, but hot-reloading them then consistently fails until the reboot is applied.

Taking a closer look at how patch management systems for Windows are supposed to operate, is that there's a shutdown hook in which it's usually safe to run any installers, including manually applying Windows updates. But NinjaOne doesn't appear to be using that hook at all, or even support triggering patch management from within that hook?

I would be fine if NinjaOne did force a reboot onto the user and then deferred patching until the system had entered the shutdown hook - but the current state of risking system instability by blindly applying patches to live systems is simply unacceptable to me.

Maybe I'm missing something obvious, but is NinjaOne really not even capable of installing updates correctly in a way that doesn't expose an inconsistent state to the user?

https://redd.it/1pgh1y2
@r_systemadmin

How difficult was it for you to become a System Administrator and reach a peaceful work life?

Hey guys,
I’m trying to understand something real and honest from the sysadmin community.

How many of you started from nothing — poor education, no proper guidance, zero background — but still managed to become a System Administrator because of your own curiosity, questions, observation skills, and unique thought process?

I want to know:

What were the hardest struggles you faced from scratch?

How did you learn complex sysadmin concepts when everything felt like a mystery?

What moments made you feel like, “Okay, maybe my brain actually works differently — maybe I can solve anything if I just observe and ask the right questions”?

How long did it take to finally reach a stable and peaceful work environment?


I’m searching for stories of people who built their entire career only with their brain, problem-solving attitude, and nonstop questioning nature — real geniuses who didn’t come from privileged backgrounds but still cracked this field.

If you are one of those, please share your journey.
Your story might help someone like me who is trying to climb the same mountain.

Thanks in advance! 🙏

https://redd.it/1pge3ev
@r_systemadmin

Can a next months MS cumulative update correct a prior months fail to install?

We’re having an issue with Nov cumulative update installing and are hopeful that this months cumulative will correct the issue. On the end points failing to install, deleting the softdist folder contents had corrected the issue. Clearly something broke, but we’re wondering if this month’s will correct it all. Have you guys ever had a ms CU update correct a prior months update fail to install issue?

https://redd.it/1pgif3d
@r_systemadmin

Our help desk is drowning. What’s working best for fast-growing orgs?


We went from 150→600 employees in 2 years.
Our Jira setup was okay when we were small, but now everything takes 5 clicks and half the team refuses to update tickets because it’s too slow.

Looking for something that:
• can handle internal operations, not just IT
• automates obvious stuff
• doesn’t require onboarding 20HR/admin people for basics

Curious what other mid-size orgs have adopted while scaling.

https://redd.it/1pgg436
@r_systemadmin

Anyone monitoring what employees paste into AI browsers?

Seeing more users installing these "AI-first" browsers and I'm wondering if anyone has visibility into what's actually getting pasted into ChatGPT, Claude, or whatever LLM integration they're running. Sure, productivity gains are nice, but feels like we just opened a massive data exfiltration vector.

Traditional DLP doesn't catch this stuff since it's all HTTPS to legitimate domains. Anyone found decent ways to monitor or control what goes into these AI chats? Looking for actual config approaches, not just policy docs.

https://redd.it/1pgl5lj
@r_systemadmin

Entra PIM Authentication Context Session Controls trivially bypassed by using "unsupported" browsers.

I noticed that if I use Microsoft Edge in Windows, or Safari on iOS, the authentication contexts Conditional Access policy to require sign-in every time (so the user is prompted to reauthenticate to activate PIM even if they are already signed in with MFA), it works as expected, but if a third party browser like Brave or Firefox Focus is used, the rule is ignored and PIM happens without new authentication.

I noticed someone posted a question to Microsoft about a similar issue last year, but then they claimed in the comments that it magically fixed itself.

PIM MFA Requirement different for Edge & Chrome - Microsoft Q&A

This does not appear to be true, because I can still recreate the issue.

Is this a bug? Otherwise, this is an extremely weak security feature if it is fully relying on any browser the AITM is using choosing to follow the policy or not.

https://redd.it/1pgm3ud
@r_systemadmin

Is this my life now?

I've been in IT for 10+ years now. I've mostly been a jack of all trades, but always wanted to be a sysadmin, and since about 3 years, here I am. I thought I would also be the cool Sysadmin guy, teaching the new guys from Servicedesk, having nerdy fun with my Sysadmin coworkers, collaborating with the cool application, security and network guys, solving complex issues. So what did I find you ask?
Lazy snotnosed Servicedesk employees. No affinity with IT, no experience, no effort, no nothing. All they can do is click the 'Escalate' button and moan when I ask them to troubleshoot before escalating. If the should do any troubleshooting or solving, they want knowledge items on where to click for which problem, not the logic behind the solution.
Every fkn "IT" department within my company feels like the sysadmins should build, maintain, know, document, fix, upgrade their shit. What their own responsibility is? No one knows. My own sysadmin colleagues, one 20 something, same attitude as the service desk guys. One late fifties, in constant panic, no clue what he's doing, breaks what he touches. One guy my age, rather not speaks with me anymore because I hurt his feelings once I guess (called him awesome but too accommodating).
Project managers not knowing anything about It but meddling with anything and everything except managing the project. 2nd and third line colleagues, internal and external, completely clueless. Rather shit talk everyone else and pretend being busy with stuff rather than learning a skill and actually doing the job they're required to do.
The biggest letdown of all.. Security. I've always seen them from a distance and thought it would be pretty cool to work there. Now I work alongside them. The guys fake everything. They try to make me build shit you wouldn't do in a sandbox because of the risks. The senior of the department has no clue about least privilege. Tries to make me nest 8 or 9 Entra roles because he needs to activate them all manually each day. Want me to create service accounts that multiple people will use, so give us the credentials. Want to have personal MS Graph access. When asking them to react to something they state they just make policy. When asking them to make policy, they state they are just advisory. When telling me they want full owner or contributor access or whatever god mode, they are suddenly the messiah's of the company because what if they are required to fix everything when I mess up.

Now.. I'm just constantly tired and angry..

What happened? We're my eyes closed the last years or did something change? Is it my company or is this my life now?

https://redd.it/1pgq68v
@r_systemadmin

Freedom of information Act (FOIA) management software

Have a small private org but due the nature of what they do, fall under FOIA. Recently they have been hit with a lot of request and are looking for a system to manage the process.


They have like 5 employees so hoping for something not massive, and looking for cloud based as they have no local infra to run it on.


I know that is a pretty small target, was just seeing if anyone had suggestions or recommendations.

https://redd.it/1pgmq54
@r_systemadmin

Does anyone else feel like Microsoft logs are written by someone who wasn’t there when the issue happened?

Spent part of today trying to figure out why something failed in M365.

Checked the logs.

They all said the same thing:

“Something happened.”

“Status: Unknown.”

“Result: Failed.”

“Reason: None.”

It’s like the logs are telling me, “Yes, it broke. No, we will not explain ourselves.”

Maybe I’m just tired, but does Microsoft ever give you a log entry that actually helps you understand what went wrong??

https://redd.it/1pgsxif
@r_systemadmin

Solution to allow end users to self-service install applications that are then patched regularly without local admin rights.

Hello reditors,

Alright, so I'm looking for a solution that allows end users to install software without local admin rights, and once the software is installed, it's regularly patched.

Ideally, I want this to be automated, where the end user simply goes to an ITSM and initiates the request.

I am aware that licensing for deployed applications will also be an issue.

I'm in a Greenfield environment, so I can roll out whatever I want, and the cost is actually not a concern.

I use SolarWinds as my help desk, and I'm unsure about the available integration options. However, we can also consider alternatives and displace SolarWinds.

I was thinking something along the lines of Intune, combined with BeyondTrust or CyberArk, as well as PatchMyPC. That's just an initial concept.

Our end-user assets are all Windows 11.

I'm open to all Enterprise Grade solutions.

TIA

https://redd.it/1pguauy
@r_systemadmin

Microsoft support and AI

Has anyone else found that when getting Microsoft support recently, they just email you the result from what they type into Copilot? In my most recent interactions when submitting a support request, I go back and forth with them just sending me the AI response to my question (which is never helpful).

https://redd.it/1pgv8dm
@r_systemadmin

"Umm, I'm Gen Z. I know how to use computers."

I was onboarding a new employee in my office the other day and going through the usual setup process. After configuring their 2FA, I had them sign into their assigned laptop. While the profile loads, usually about 60 seconds on first login, I typically use that time to go over a few policies, domain links, where to submit a ticket, and explain our phishing campaign. I do all of this from my computer to save time.

As soon as he signed in, I said, "Let's give your profile a moment to load and I'll show you a few things in our environment."
Before I could continue, he cut me off in a somewhat arrogant tone with, "Umm, I'm Gen Z. I know how to use computers."

I replied, "Of course. I just need to show you a few things specific to our environment. Do you know what a phishing email is?"

He looked at me like a deer in headlights.
"A what?"
"A phishing email."
"I don't know what that is."

No problem. I gave him a quick rundown on what phishing looks like, how our simulator works, and how to report suspicious emails. He wasn't rude, but he definitely looked at me like I was some out-of-touch boomer trying to mansplain the internet while he sipped his Starbucks Frappuccino. (To be honest though, I do have a grey beard but I'm no where near a boomer's age. I'm Gen X)

The funny part is, I could have just handed him the laptop with no explanation. But without that introduction, he almost certainly would have clicked one of the simulated emails in the first few days, which automatically enrolls users in mandatory extended training. Or even worse, a real threat. And guess who that reflects on? Us, for "not informing the user." I have all users sign an inventory sheet that also states we went over a brief phishing explanation so they can't ever say we didn't inform them.

I’m just venting a bit about how people can sometimes come across as assuming or defensive when IT is simply trying to do its job. Kind of like we're speaking down to them. And to be fair, that attitude isn't tied to any one generation, I’ve seen it across the board.

https://redd.it/1ph0gmo
@r_systemadmin

ISO 27001 certification cost

Hello,

We are starting our GRC program, looking up for toolings, resources.etc

As we budget we would love to have an idea of the average cost of ISO27001 certification for a 40 employees, non tech, professional services company. We would do audit virtually. We have a single HQ but almost everyone works from home (they can go tomorrow if they want to).

What are the certification bodies average cost? And what is the average internal auditor consultant costs?

Thank you.

https://redd.it/1pgux0e
@r_systemadmin