How difficult was it for you to become a System Administrator and reach a peaceful work life?

Hey guys,
I’m trying to understand something real and honest from the sysadmin community.

How many of you started from nothing — poor education, no proper guidance, zero background — but still managed to become a System Administrator because of your own curiosity, questions, observation skills, and unique thought process?

I want to know:

What were the hardest struggles you faced from scratch?

How did you learn complex sysadmin concepts when everything felt like a mystery?

What moments made you feel like, “Okay, maybe my brain actually works differently — maybe I can solve anything if I just observe and ask the right questions”?

How long did it take to finally reach a stable and peaceful work environment?


I’m searching for stories of people who built their entire career only with their brain, problem-solving attitude, and nonstop questioning nature — real geniuses who didn’t come from privileged backgrounds but still cracked this field.

If you are one of those, please share your journey.
Your story might help someone like me who is trying to climb the same mountain.

Thanks in advance! 🙏

https://redd.it/1pge3ev
@r_systemadmin

Can a next months MS cumulative update correct a prior months fail to install?

We’re having an issue with Nov cumulative update installing and are hopeful that this months cumulative will correct the issue. On the end points failing to install, deleting the softdist folder contents had corrected the issue. Clearly something broke, but we’re wondering if this month’s will correct it all. Have you guys ever had a ms CU update correct a prior months update fail to install issue?

https://redd.it/1pgif3d
@r_systemadmin

Our help desk is drowning. What’s working best for fast-growing orgs?


We went from 150→600 employees in 2 years.
Our Jira setup was okay when we were small, but now everything takes 5 clicks and half the team refuses to update tickets because it’s too slow.

Looking for something that:
• can handle internal operations, not just IT
• automates obvious stuff
• doesn’t require onboarding 20HR/admin people for basics

Curious what other mid-size orgs have adopted while scaling.

https://redd.it/1pgg436
@r_systemadmin

Anyone monitoring what employees paste into AI browsers?

Seeing more users installing these "AI-first" browsers and I'm wondering if anyone has visibility into what's actually getting pasted into ChatGPT, Claude, or whatever LLM integration they're running. Sure, productivity gains are nice, but feels like we just opened a massive data exfiltration vector.

Traditional DLP doesn't catch this stuff since it's all HTTPS to legitimate domains. Anyone found decent ways to monitor or control what goes into these AI chats? Looking for actual config approaches, not just policy docs.

https://redd.it/1pgl5lj
@r_systemadmin

Entra PIM Authentication Context Session Controls trivially bypassed by using "unsupported" browsers.

I noticed that if I use Microsoft Edge in Windows, or Safari on iOS, the authentication contexts Conditional Access policy to require sign-in every time (so the user is prompted to reauthenticate to activate PIM even if they are already signed in with MFA), it works as expected, but if a third party browser like Brave or Firefox Focus is used, the rule is ignored and PIM happens without new authentication.

I noticed someone posted a question to Microsoft about a similar issue last year, but then they claimed in the comments that it magically fixed itself.

PIM MFA Requirement different for Edge & Chrome - Microsoft Q&A

This does not appear to be true, because I can still recreate the issue.

Is this a bug? Otherwise, this is an extremely weak security feature if it is fully relying on any browser the AITM is using choosing to follow the policy or not.

https://redd.it/1pgm3ud
@r_systemadmin

Is this my life now?

I've been in IT for 10+ years now. I've mostly been a jack of all trades, but always wanted to be a sysadmin, and since about 3 years, here I am. I thought I would also be the cool Sysadmin guy, teaching the new guys from Servicedesk, having nerdy fun with my Sysadmin coworkers, collaborating with the cool application, security and network guys, solving complex issues. So what did I find you ask?
Lazy snotnosed Servicedesk employees. No affinity with IT, no experience, no effort, no nothing. All they can do is click the 'Escalate' button and moan when I ask them to troubleshoot before escalating. If the should do any troubleshooting or solving, they want knowledge items on where to click for which problem, not the logic behind the solution.
Every fkn "IT" department within my company feels like the sysadmins should build, maintain, know, document, fix, upgrade their shit. What their own responsibility is? No one knows. My own sysadmin colleagues, one 20 something, same attitude as the service desk guys. One late fifties, in constant panic, no clue what he's doing, breaks what he touches. One guy my age, rather not speaks with me anymore because I hurt his feelings once I guess (called him awesome but too accommodating).
Project managers not knowing anything about It but meddling with anything and everything except managing the project. 2nd and third line colleagues, internal and external, completely clueless. Rather shit talk everyone else and pretend being busy with stuff rather than learning a skill and actually doing the job they're required to do.
The biggest letdown of all.. Security. I've always seen them from a distance and thought it would be pretty cool to work there. Now I work alongside them. The guys fake everything. They try to make me build shit you wouldn't do in a sandbox because of the risks. The senior of the department has no clue about least privilege. Tries to make me nest 8 or 9 Entra roles because he needs to activate them all manually each day. Want me to create service accounts that multiple people will use, so give us the credentials. Want to have personal MS Graph access. When asking them to react to something they state they just make policy. When asking them to make policy, they state they are just advisory. When telling me they want full owner or contributor access or whatever god mode, they are suddenly the messiah's of the company because what if they are required to fix everything when I mess up.

Now.. I'm just constantly tired and angry..

What happened? We're my eyes closed the last years or did something change? Is it my company or is this my life now?

https://redd.it/1pgq68v
@r_systemadmin

Freedom of information Act (FOIA) management software

Have a small private org but due the nature of what they do, fall under FOIA. Recently they have been hit with a lot of request and are looking for a system to manage the process.


They have like 5 employees so hoping for something not massive, and looking for cloud based as they have no local infra to run it on.


I know that is a pretty small target, was just seeing if anyone had suggestions or recommendations.

https://redd.it/1pgmq54
@r_systemadmin

Does anyone else feel like Microsoft logs are written by someone who wasn’t there when the issue happened?

Spent part of today trying to figure out why something failed in M365.

Checked the logs.

They all said the same thing:

“Something happened.”

“Status: Unknown.”

“Result: Failed.”

“Reason: None.”

It’s like the logs are telling me, “Yes, it broke. No, we will not explain ourselves.”

Maybe I’m just tired, but does Microsoft ever give you a log entry that actually helps you understand what went wrong??

https://redd.it/1pgsxif
@r_systemadmin

Solution to allow end users to self-service install applications that are then patched regularly without local admin rights.

Hello reditors,

Alright, so I'm looking for a solution that allows end users to install software without local admin rights, and once the software is installed, it's regularly patched.

Ideally, I want this to be automated, where the end user simply goes to an ITSM and initiates the request.

I am aware that licensing for deployed applications will also be an issue.

I'm in a Greenfield environment, so I can roll out whatever I want, and the cost is actually not a concern.

I use SolarWinds as my help desk, and I'm unsure about the available integration options. However, we can also consider alternatives and displace SolarWinds.

I was thinking something along the lines of Intune, combined with BeyondTrust or CyberArk, as well as PatchMyPC. That's just an initial concept.

Our end-user assets are all Windows 11.

I'm open to all Enterprise Grade solutions.

TIA

https://redd.it/1pguauy
@r_systemadmin

Microsoft support and AI

Has anyone else found that when getting Microsoft support recently, they just email you the result from what they type into Copilot? In my most recent interactions when submitting a support request, I go back and forth with them just sending me the AI response to my question (which is never helpful).

https://redd.it/1pgv8dm
@r_systemadmin

"Umm, I'm Gen Z. I know how to use computers."

I was onboarding a new employee in my office the other day and going through the usual setup process. After configuring their 2FA, I had them sign into their assigned laptop. While the profile loads, usually about 60 seconds on first login, I typically use that time to go over a few policies, domain links, where to submit a ticket, and explain our phishing campaign. I do all of this from my computer to save time.

As soon as he signed in, I said, "Let's give your profile a moment to load and I'll show you a few things in our environment."
Before I could continue, he cut me off in a somewhat arrogant tone with, "Umm, I'm Gen Z. I know how to use computers."

I replied, "Of course. I just need to show you a few things specific to our environment. Do you know what a phishing email is?"

He looked at me like a deer in headlights.
"A what?"
"A phishing email."
"I don't know what that is."

No problem. I gave him a quick rundown on what phishing looks like, how our simulator works, and how to report suspicious emails. He wasn't rude, but he definitely looked at me like I was some out-of-touch boomer trying to mansplain the internet while he sipped his Starbucks Frappuccino. (To be honest though, I do have a grey beard but I'm no where near a boomer's age. I'm Gen X)

The funny part is, I could have just handed him the laptop with no explanation. But without that introduction, he almost certainly would have clicked one of the simulated emails in the first few days, which automatically enrolls users in mandatory extended training. Or even worse, a real threat. And guess who that reflects on? Us, for "not informing the user." I have all users sign an inventory sheet that also states we went over a brief phishing explanation so they can't ever say we didn't inform them.

I’m just venting a bit about how people can sometimes come across as assuming or defensive when IT is simply trying to do its job. Kind of like we're speaking down to them. And to be fair, that attitude isn't tied to any one generation, I’ve seen it across the board.

https://redd.it/1ph0gmo
@r_systemadmin

ISO 27001 certification cost

Hello,

We are starting our GRC program, looking up for toolings, resources.etc

As we budget we would love to have an idea of the average cost of ISO27001 certification for a 40 employees, non tech, professional services company. We would do audit virtually. We have a single HQ but almost everyone works from home (they can go tomorrow if they want to).

What are the certification bodies average cost? And what is the average internal auditor consultant costs?

Thank you.

https://redd.it/1pgux0e
@r_systemadmin

My husband works in IT and he knows way more than you do

DesertDogggg's post, "Umm, I'm Gen Z. I know how to use computers" reminded me of a user I briefly knew, way back in the day.

This was about 15 years ago, when our hotel's internet pipe was a bonded T1, IIRC. 4.5Mb total. We also used a corporate Exchange server, so all 110 hotels in North America went back to those servers.

Anyway, we had this brand new sales admin who was kind of a smarmy know-it-all. When I onboarded her, she gave me this attitude that she already knew it all and didn't need me telling her the basics. Okay, fair enough. Less work for me, so I just gave her her logon, told her the basics about our environment and left her alone.

About four hours later, I get a call from the corporate Exchange admin, telling me that this lady had sent an email with a 25Mb file attachment. On top of that, she had sent it to everyone in the sales department. Back then, this was enough to take down email for every one of those 110 hotels. Thousands of users. He killed the email and service was restored, but suggested I talk to her. Yep, agreed.

So I stop by her desk and let her know that we don't have enough bandwidth to support sending that kind of attachment and, btw, we do have a file server and you really should save that file in the sales department's folder. I had told her about the file server during onboarding, but she obviously didn't listen. She kinda blow me off but seemed to at least understand me, so I left it alone, although I did tell the sales & marketing director why their email was down for an hour. Nothing malicious; she had asked because she was understandably concerned.

Next day, I get another call from the Exchange admin. Same situation, but with a 37Mb attachment this time. So I go up there and reiterate my point, and she tells me, "my husband works in IT and he's way smarter than you! He makes double what you'd making." Ohhh kay... I don't know how/why that's relevant, but I don't rise to the bait and I don't reply. I do, however, tell the sales & marketing director why their email has been down twice in two days and who's responsible.

Third day, I get a call from the sales & marketing director. The entire sales & marketing departmental folder is completely gone. Luckily, I had shadow copy enabled, so it was a pretty quick fix, but the director asks me how this happened? Well, looking at the logs, it's my favorite sales admin. I let the director know.

Fourth day, I get another call from the sales & marketing director. The entire sales & marketing folder is completely gone yet again. Restored again, told her who was responsible.

Fast forward about 15 minutes or so and I get a call from my boss to disable the admin's account as she's been fired.

Kinda had to laugh at that.

https://redd.it/1ph43m9
@r_systemadmin

Any issues? - UK

Anyone else seeing issues with slowness this morning? Slow to load websites or not load at all, Awaiting to hear back from ISP but quite a few reports on downdetector for various sites/services, anyone else seeing anything similar??

https://redd.it/1ph8fnc
@r_systemadmin

Any good "long weights" "blinker fluid" pranks you guys use?

Anyone have any good pranks to pull on the new kids? Nothing too bad just simple jokes. The reason I ask is i don't know of this is the same elsewhere but some schools over here arrange for their students to do a week or two work placement to get "real world experience"

I work for an MSP but we also have a "store" that sells hardware. While this time around we haven't taken on any work experience kids we know it's that time of the year.

I just took a call for the "shop", from a kid that clearly just was doing as he's told. He asked for a price quote for 40 metres of WLAN cable... I double checked and he said said it definitely needed to be WLAN, not LAN. Obviously at that point I need to check if he wanted shielded or unshielded. He didn't know so checked... definitely shielded. Alas we had none in stock and advised he to call one of the other shops nearby...

Thought this was a pretty decent one and curious if you had any others?

https://redd.it/1ph8hgb
@r_systemadmin

So apparently two DNS providers control ~33% of root domains

Analysis of DNS NS records in more than 300M domains show the level of centralisation [https://reconwave.com/blog/post/dns-centralisation](https://reconwave.com/blog/post/dns-centralisation)

* **GoDaddy:** 65,517,208 domains (\~20.5%)
* **Cloudflare:** 40,976,839 domains (\~12.8%)
* **Google (Cloud / Domains):** 9,707,346 domains (\~3.0%)
* **dns-parking.com:** 9,049,140 domains (\~2.8%)
* **Wix:** 8,140,139 domains (\~2.5%)

https://redd.it/1phe2y5
@r_systemadmin

THeads-up: Microsoft retiring Basic SMTP Auth for Exchange Online - Impact on Scan-to-Email & PaperCut printer Devices

Microsoft is enforcing the retirement of Basic SMTP Authentication for Exchange Online (Office 365) by February 2026, moving everyone to OAuth 2.0 (Modern Authentication).

If you manage MFDs (Multi-Function Devices) or PaperCut print management systems, this change will break scan-to-email workflows that rely on username/password SMTP auth.

Key points:

Basic Auth for SMTP will stop working -OAuth 2.0 required.

Older devices that cannot support OAuth will lose scan-to-email functionality.

Vendors like Toshiba, Sharp, and PaperCut have published guides for OAuth configuration.

For PaperCut, you'll need to:

1. Register an app in Azure AD.

2. Configure SMTP.Send permissions.

3. Generate Client ID/Secret.

4. Update PaperCut SMTP settings to use OAuth 2.0.



This is a Microsoft-enforced change, so plan ahead. If you have legacy devices, talk to your vendor about firmware updates or alternative workflows.

Anyone else already migrated? Any gotchas or tips for smooth implementation?

https://redd.it/1phf3zn
@r_systemadmin

These extra hidden fees need to stop, making a mistake is far too expensive

Moved a small, low-traffic dataset to object storage and expected a straightforward bill: pay for GB stored, end of story. Instead I get a breakdown with egress, request charges, “management” operations and a few other line items that quietly push the number up.

A simple helper noscript being too chatty with metadata was enough to nudge costs in a noticeable way, and a file we assumed lifecycle had removed was actually sitting in a different tier still generating charges. Add minimum retention on top and you end up paying for data that is either idle or already gone.

I understand why the pricing model exists, but it makes cost control far harder than it needs to be.

https://redd.it/1phf1rr
@r_systemadmin

Intern here… is every helpdesk tool this confusing or is it just me? 😭

So I’m doing an IT internship for my university and they have me doing basic helpdesk triage (password resets, printer drama, the usual).

But omg the tool we’re using feels like it was built in 2005 and never updated.
Half the buttons don’t make sense, things are buried under 3 menus, and I swear I need a map just to find the comment history.

Is it normal for ticketing systems to be this… ancient? Or am I just spoiled by modern apps?

Not asking for recommendations or anything (I don’t think they’ll change it lol), I’m just curious how different tools are in the real world.

https://redd.it/1phi036
@r_systemadmin

Company purchased Thin Clients without also purchasing licenses

The company I work for ordered several HP Elite t755 Thin Clients that run on IGEL OS. They did not realize at the time that this OS needs licenses to have the ability to RDP, which essentially makes them useless to us once the trial license expires.

We want to avoid using subnoscription based licenses, which seem to be the only option with the current OS. So the decision I have to make now is between 1. Just getting the subnoscription for IGEL OS 2. Install a new OS on these Thin Clients 3. Order new thin clients the use an OS that does not require a subnoscription based OS. Ordering new Thin Clients would not be a total waste of the old ones since we may be able to sell them back or repurpose them for a future project. I also figure we will not be doing option 2 since there are too many things that could go wrong with hardware compatibility or possibly voiding warranty/support from HP.

I looked into HP ThinPro and HP Smart Zero Core Operating Systems, they both seem more promising but I could not find any licensing information on HP Smart Zero Core. Does the license for either of these come build in to the Thin Clients, and are there any other HP SKUs that would make more sense if we were to buy other Thin Clients.

Note: This is being set up for a client and we usually try to avoid forcing them into subnoscriptions if it is avoidable even if it means a little more money in the long run.

https://redd.it/1phk4o2
@r_systemadmin

This is going to sound insane but... Is there a reason not to: Windows 11 IoT Enterprise LTSC over regular Windows 11 Enterprise/Enterprise LTSC?

Context is that management learned about Windows 11 IoT Enterprise. They heard that it is meant to be locked down and locked into place and has 10 years support with the release schedule that doesn't seem to care as much about features as it does security/stability.

We are in manufacturing so security/stability is the prime objective.

I cannot find a definitive list of "here is what is NOT in IoT that you get with regular" list and instead just says that licensing isn't as straight forward (like anything with Microsoft is licensing-wise?) I can't find a reason to say what I want to say which is "That is the dumbest idea ever!"

Any help guidance anything here?

The best I can find is that IoT is meant to be locked down which is what mgmt is looking to do. Each person has a small handful of applications they are to run and that is it. Extremely locked down GPOs as-is anyway.

Any reason to not do this? Has anyone actually seen/done this?

Unless there is something in licensing then can someone say why you would not do this? The best I've seen is that the end-user may notice some differences when using the device when compared to standard W11 LTSC which is already different than W11 anyway.

https://redd.it/1phgwuv
@r_systemadmin