Is this my life now?

I've been in IT for 10+ years now. I've mostly been a jack of all trades, but always wanted to be a sysadmin, and since about 3 years, here I am. I thought I would also be the cool Sysadmin guy, teaching the new guys from Servicedesk, having nerdy fun with my Sysadmin coworkers, collaborating with the cool application, security and network guys, solving complex issues. So what did I find you ask?
Lazy snotnosed Servicedesk employees. No affinity with IT, no experience, no effort, no nothing. All they can do is click the 'Escalate' button and moan when I ask them to troubleshoot before escalating. If the should do any troubleshooting or solving, they want knowledge items on where to click for which problem, not the logic behind the solution.
Every fkn "IT" department within my company feels like the sysadmins should build, maintain, know, document, fix, upgrade their shit. What their own responsibility is? No one knows. My own sysadmin colleagues, one 20 something, same attitude as the service desk guys. One late fifties, in constant panic, no clue what he's doing, breaks what he touches. One guy my age, rather not speaks with me anymore because I hurt his feelings once I guess (called him awesome but too accommodating).
Project managers not knowing anything about It but meddling with anything and everything except managing the project. 2nd and third line colleagues, internal and external, completely clueless. Rather shit talk everyone else and pretend being busy with stuff rather than learning a skill and actually doing the job they're required to do.
The biggest letdown of all.. Security. I've always seen them from a distance and thought it would be pretty cool to work there. Now I work alongside them. The guys fake everything. They try to make me build shit you wouldn't do in a sandbox because of the risks. The senior of the department has no clue about least privilege. Tries to make me nest 8 or 9 Entra roles because he needs to activate them all manually each day. Want me to create service accounts that multiple people will use, so give us the credentials. Want to have personal MS Graph access. When asking them to react to something they state they just make policy. When asking them to make policy, they state they are just advisory. When telling me they want full owner or contributor access or whatever god mode, they are suddenly the messiah's of the company because what if they are required to fix everything when I mess up.

Now.. I'm just constantly tired and angry..

What happened? We're my eyes closed the last years or did something change? Is it my company or is this my life now?

https://redd.it/1pgq68v
@r_systemadmin

Freedom of information Act (FOIA) management software

Have a small private org but due the nature of what they do, fall under FOIA. Recently they have been hit with a lot of request and are looking for a system to manage the process.


They have like 5 employees so hoping for something not massive, and looking for cloud based as they have no local infra to run it on.


I know that is a pretty small target, was just seeing if anyone had suggestions or recommendations.

https://redd.it/1pgmq54
@r_systemadmin

Does anyone else feel like Microsoft logs are written by someone who wasn’t there when the issue happened?

Spent part of today trying to figure out why something failed in M365.

Checked the logs.

They all said the same thing:

“Something happened.”

“Status: Unknown.”

“Result: Failed.”

“Reason: None.”

It’s like the logs are telling me, “Yes, it broke. No, we will not explain ourselves.”

Maybe I’m just tired, but does Microsoft ever give you a log entry that actually helps you understand what went wrong??

https://redd.it/1pgsxif
@r_systemadmin

Solution to allow end users to self-service install applications that are then patched regularly without local admin rights.

Hello reditors,

Alright, so I'm looking for a solution that allows end users to install software without local admin rights, and once the software is installed, it's regularly patched.

Ideally, I want this to be automated, where the end user simply goes to an ITSM and initiates the request.

I am aware that licensing for deployed applications will also be an issue.

I'm in a Greenfield environment, so I can roll out whatever I want, and the cost is actually not a concern.

I use SolarWinds as my help desk, and I'm unsure about the available integration options. However, we can also consider alternatives and displace SolarWinds.

I was thinking something along the lines of Intune, combined with BeyondTrust or CyberArk, as well as PatchMyPC. That's just an initial concept.

Our end-user assets are all Windows 11.

I'm open to all Enterprise Grade solutions.

TIA

https://redd.it/1pguauy
@r_systemadmin

Microsoft support and AI

Has anyone else found that when getting Microsoft support recently, they just email you the result from what they type into Copilot? In my most recent interactions when submitting a support request, I go back and forth with them just sending me the AI response to my question (which is never helpful).

https://redd.it/1pgv8dm
@r_systemadmin

"Umm, I'm Gen Z. I know how to use computers."

I was onboarding a new employee in my office the other day and going through the usual setup process. After configuring their 2FA, I had them sign into their assigned laptop. While the profile loads, usually about 60 seconds on first login, I typically use that time to go over a few policies, domain links, where to submit a ticket, and explain our phishing campaign. I do all of this from my computer to save time.

As soon as he signed in, I said, "Let's give your profile a moment to load and I'll show you a few things in our environment."
Before I could continue, he cut me off in a somewhat arrogant tone with, "Umm, I'm Gen Z. I know how to use computers."

I replied, "Of course. I just need to show you a few things specific to our environment. Do you know what a phishing email is?"

He looked at me like a deer in headlights.
"A what?"
"A phishing email."
"I don't know what that is."

No problem. I gave him a quick rundown on what phishing looks like, how our simulator works, and how to report suspicious emails. He wasn't rude, but he definitely looked at me like I was some out-of-touch boomer trying to mansplain the internet while he sipped his Starbucks Frappuccino. (To be honest though, I do have a grey beard but I'm no where near a boomer's age. I'm Gen X)

The funny part is, I could have just handed him the laptop with no explanation. But without that introduction, he almost certainly would have clicked one of the simulated emails in the first few days, which automatically enrolls users in mandatory extended training. Or even worse, a real threat. And guess who that reflects on? Us, for "not informing the user." I have all users sign an inventory sheet that also states we went over a brief phishing explanation so they can't ever say we didn't inform them.

I’m just venting a bit about how people can sometimes come across as assuming or defensive when IT is simply trying to do its job. Kind of like we're speaking down to them. And to be fair, that attitude isn't tied to any one generation, I’ve seen it across the board.

https://redd.it/1ph0gmo
@r_systemadmin

ISO 27001 certification cost

Hello,

We are starting our GRC program, looking up for toolings, resources.etc

As we budget we would love to have an idea of the average cost of ISO27001 certification for a 40 employees, non tech, professional services company. We would do audit virtually. We have a single HQ but almost everyone works from home (they can go tomorrow if they want to).

What are the certification bodies average cost? And what is the average internal auditor consultant costs?

Thank you.

https://redd.it/1pgux0e
@r_systemadmin

My husband works in IT and he knows way more than you do

DesertDogggg's post, "Umm, I'm Gen Z. I know how to use computers" reminded me of a user I briefly knew, way back in the day.

This was about 15 years ago, when our hotel's internet pipe was a bonded T1, IIRC. 4.5Mb total. We also used a corporate Exchange server, so all 110 hotels in North America went back to those servers.

Anyway, we had this brand new sales admin who was kind of a smarmy know-it-all. When I onboarded her, she gave me this attitude that she already knew it all and didn't need me telling her the basics. Okay, fair enough. Less work for me, so I just gave her her logon, told her the basics about our environment and left her alone.

About four hours later, I get a call from the corporate Exchange admin, telling me that this lady had sent an email with a 25Mb file attachment. On top of that, she had sent it to everyone in the sales department. Back then, this was enough to take down email for every one of those 110 hotels. Thousands of users. He killed the email and service was restored, but suggested I talk to her. Yep, agreed.

So I stop by her desk and let her know that we don't have enough bandwidth to support sending that kind of attachment and, btw, we do have a file server and you really should save that file in the sales department's folder. I had told her about the file server during onboarding, but she obviously didn't listen. She kinda blow me off but seemed to at least understand me, so I left it alone, although I did tell the sales & marketing director why their email was down for an hour. Nothing malicious; she had asked because she was understandably concerned.

Next day, I get another call from the Exchange admin. Same situation, but with a 37Mb attachment this time. So I go up there and reiterate my point, and she tells me, "my husband works in IT and he's way smarter than you! He makes double what you'd making." Ohhh kay... I don't know how/why that's relevant, but I don't rise to the bait and I don't reply. I do, however, tell the sales & marketing director why their email has been down twice in two days and who's responsible.

Third day, I get a call from the sales & marketing director. The entire sales & marketing departmental folder is completely gone. Luckily, I had shadow copy enabled, so it was a pretty quick fix, but the director asks me how this happened? Well, looking at the logs, it's my favorite sales admin. I let the director know.

Fourth day, I get another call from the sales & marketing director. The entire sales & marketing folder is completely gone yet again. Restored again, told her who was responsible.

Fast forward about 15 minutes or so and I get a call from my boss to disable the admin's account as she's been fired.

Kinda had to laugh at that.

https://redd.it/1ph43m9
@r_systemadmin

Any issues? - UK

Anyone else seeing issues with slowness this morning? Slow to load websites or not load at all, Awaiting to hear back from ISP but quite a few reports on downdetector for various sites/services, anyone else seeing anything similar??

https://redd.it/1ph8fnc
@r_systemadmin

Any good "long weights" "blinker fluid" pranks you guys use?

Anyone have any good pranks to pull on the new kids? Nothing too bad just simple jokes. The reason I ask is i don't know of this is the same elsewhere but some schools over here arrange for their students to do a week or two work placement to get "real world experience"

I work for an MSP but we also have a "store" that sells hardware. While this time around we haven't taken on any work experience kids we know it's that time of the year.

I just took a call for the "shop", from a kid that clearly just was doing as he's told. He asked for a price quote for 40 metres of WLAN cable... I double checked and he said said it definitely needed to be WLAN, not LAN. Obviously at that point I need to check if he wanted shielded or unshielded. He didn't know so checked... definitely shielded. Alas we had none in stock and advised he to call one of the other shops nearby...

Thought this was a pretty decent one and curious if you had any others?

https://redd.it/1ph8hgb
@r_systemadmin

So apparently two DNS providers control ~33% of root domains

Analysis of DNS NS records in more than 300M domains show the level of centralisation [https://reconwave.com/blog/post/dns-centralisation](https://reconwave.com/blog/post/dns-centralisation)

* **GoDaddy:** 65,517,208 domains (\~20.5%)
* **Cloudflare:** 40,976,839 domains (\~12.8%)
* **Google (Cloud / Domains):** 9,707,346 domains (\~3.0%)
* **dns-parking.com:** 9,049,140 domains (\~2.8%)
* **Wix:** 8,140,139 domains (\~2.5%)

https://redd.it/1phe2y5
@r_systemadmin

THeads-up: Microsoft retiring Basic SMTP Auth for Exchange Online - Impact on Scan-to-Email & PaperCut printer Devices

Microsoft is enforcing the retirement of Basic SMTP Authentication for Exchange Online (Office 365) by February 2026, moving everyone to OAuth 2.0 (Modern Authentication).

If you manage MFDs (Multi-Function Devices) or PaperCut print management systems, this change will break scan-to-email workflows that rely on username/password SMTP auth.

Key points:

Basic Auth for SMTP will stop working -OAuth 2.0 required.

Older devices that cannot support OAuth will lose scan-to-email functionality.

Vendors like Toshiba, Sharp, and PaperCut have published guides for OAuth configuration.

For PaperCut, you'll need to:

1. Register an app in Azure AD.

2. Configure SMTP.Send permissions.

3. Generate Client ID/Secret.

4. Update PaperCut SMTP settings to use OAuth 2.0.



This is a Microsoft-enforced change, so plan ahead. If you have legacy devices, talk to your vendor about firmware updates or alternative workflows.

Anyone else already migrated? Any gotchas or tips for smooth implementation?

https://redd.it/1phf3zn
@r_systemadmin

These extra hidden fees need to stop, making a mistake is far too expensive

Moved a small, low-traffic dataset to object storage and expected a straightforward bill: pay for GB stored, end of story. Instead I get a breakdown with egress, request charges, “management” operations and a few other line items that quietly push the number up.

A simple helper noscript being too chatty with metadata was enough to nudge costs in a noticeable way, and a file we assumed lifecycle had removed was actually sitting in a different tier still generating charges. Add minimum retention on top and you end up paying for data that is either idle or already gone.

I understand why the pricing model exists, but it makes cost control far harder than it needs to be.

https://redd.it/1phf1rr
@r_systemadmin

Intern here… is every helpdesk tool this confusing or is it just me? 😭

So I’m doing an IT internship for my university and they have me doing basic helpdesk triage (password resets, printer drama, the usual).

But omg the tool we’re using feels like it was built in 2005 and never updated.
Half the buttons don’t make sense, things are buried under 3 menus, and I swear I need a map just to find the comment history.

Is it normal for ticketing systems to be this… ancient? Or am I just spoiled by modern apps?

Not asking for recommendations or anything (I don’t think they’ll change it lol), I’m just curious how different tools are in the real world.

https://redd.it/1phi036
@r_systemadmin

Company purchased Thin Clients without also purchasing licenses

The company I work for ordered several HP Elite t755 Thin Clients that run on IGEL OS. They did not realize at the time that this OS needs licenses to have the ability to RDP, which essentially makes them useless to us once the trial license expires.

We want to avoid using subnoscription based licenses, which seem to be the only option with the current OS. So the decision I have to make now is between 1. Just getting the subnoscription for IGEL OS 2. Install a new OS on these Thin Clients 3. Order new thin clients the use an OS that does not require a subnoscription based OS. Ordering new Thin Clients would not be a total waste of the old ones since we may be able to sell them back or repurpose them for a future project. I also figure we will not be doing option 2 since there are too many things that could go wrong with hardware compatibility or possibly voiding warranty/support from HP.

I looked into HP ThinPro and HP Smart Zero Core Operating Systems, they both seem more promising but I could not find any licensing information on HP Smart Zero Core. Does the license for either of these come build in to the Thin Clients, and are there any other HP SKUs that would make more sense if we were to buy other Thin Clients.

Note: This is being set up for a client and we usually try to avoid forcing them into subnoscriptions if it is avoidable even if it means a little more money in the long run.

https://redd.it/1phk4o2
@r_systemadmin

This is going to sound insane but... Is there a reason not to: Windows 11 IoT Enterprise LTSC over regular Windows 11 Enterprise/Enterprise LTSC?

Context is that management learned about Windows 11 IoT Enterprise. They heard that it is meant to be locked down and locked into place and has 10 years support with the release schedule that doesn't seem to care as much about features as it does security/stability.

We are in manufacturing so security/stability is the prime objective.

I cannot find a definitive list of "here is what is NOT in IoT that you get with regular" list and instead just says that licensing isn't as straight forward (like anything with Microsoft is licensing-wise?) I can't find a reason to say what I want to say which is "That is the dumbest idea ever!"

Any help guidance anything here?

The best I can find is that IoT is meant to be locked down which is what mgmt is looking to do. Each person has a small handful of applications they are to run and that is it. Extremely locked down GPOs as-is anyway.

Any reason to not do this? Has anyone actually seen/done this?

Unless there is something in licensing then can someone say why you would not do this? The best I've seen is that the end-user may notice some differences when using the device when compared to standard W11 LTSC which is already different than W11 anyway.

https://redd.it/1phgwuv
@r_systemadmin

Python or PowerShell?

I'm like 10 years into IT/security at a small but successful org (Windows shop with a few Linux appliances). I've gotten a lot of experience doing almost every (common) thing you can do in IT from basic help desk, user and endpoint management, switches, servers, firewalls, backup and restoration, etc.

The one thing I haven't done a lot of is noscripting. Of course I've used PowerShell plenty of times in the past and made a few of my own very basic noscripts, but I am so far from using it on the daily that I have virtually no experience. I've taken a Python course in the past too and have done basic bat noscripting but I feel like I haven't done enough noscripting at all to list it on a resume.

I guess what I wanted to ask here is if you were me, would you focus hard on PowerShell or Python? I feel like the obvious answer is probably PowerShell since we're a Windows shop, but still wanted to get input.

My past and present noscripts at the same org was/is: Network Administrator & Cybersecurity Engineer. I still do an equal amount of both and I'm not 100% sure what area I
want to grow in but yeah... I just think it's time to get wild and deep with noscripting so I'm more ready for what comes next.


EIDT: I should have added that I know I should probably learn both, but which one first I guess

https://redd.it/1phngbv
@r_systemadmin

Has anyone else dealt with an Adobe License audit?

Our organization got an email from EMEALicenseReview@adobe.com basically asking us to fill out a license verification form (Lizenzprüfungsformular) which has some questions about whether users share email addresses / adobe accounts. As far as I could see online, this is a legit request from Adobe.

Are they trying to crack down on shared accounts or what? Has anyone else gone through this? The timing seems random because we've been using Adobe for at least 10 years.

This is pretty frustrating after so many headaches with billing errors from Adobe where we sometimes can't even purchase new licenses if we wanted. If they're really just trying to milk us for a few more overpriced licenses, I'm going to lose even more respect for this company.

https://redd.it/1phhhka
@r_systemadmin

What is your horror story?

So everyone I know in IT has some kind of horror story when they screwed up in some way it another.

For me it was just as email virus/malware became a thing and the Love virus came out. I clicked on it on took out half the company in one day, over 1000 people.

Thankfully was not fired but I have never clicked on a link that I was not sure of since then.

What is your horror story?

https://redd.it/1phugc3
@r_systemadmin

Patch Tuesday Megathread (2025-12-09)

Hello r/sysadmin, I'm u/AutoModerator, and welcome to this month's Patch Megathread!

This is the (mostly) safe location to talk about the latest patches, updates, and releases. We put this thread into place to help gather all the information about this month's updates: What is fixed, what broke, what got released and should have been caught in QA, etc. We do this both to keep clutter out of the subreddit, and provide you, the dear reader, a singular resource to read.

For those of you who wish to review prior Megathreads, you can do so here.

While this thread is timed to coincide with Microsoft's Patch Tuesday, feel free to discuss any patches, updates, and releases, regardless of the company or product. NOTE: This thread is usually posted before the release of Microsoft's updates, which are scheduled to come out at 5:00PM UTC.

Remember the rules of safe patching:

Deploy to a test/dev environment before prod.
Deploy to a pilot/test group before the whole org.
Have a plan to roll back if something doesn't work.
Test, test, and test!

https://redd.it/1phyxbt
@r_systemadmin

Microsoft Support, and the ridiculous way I hacked my way into my own tenant

Soooo... Last Friday, I was feeling lucky, I thought I'd push to prod what I've been testing for two months. What can go wrong ? After all, these Conditional Access Policies were in audit mode for what, two months ? And there were basically almost no failures.

I enabled them and lo and behold, everything went sideway. First, the one reducing the session duration for guest and unregistered devices started impacting users on their corporate devices (?!) and was quickly reversed. Nothing too bad.

But then, I started having difficulties logging to my tenant, and as it happened, I enforced PR MFA instead of 2FA (we're not ready for PR MFA yet) and... since I don't have PR MFA on my global admin account, I ended up locked out of my tenant, like my two other colleagues.

The good news was that users had only a minor inconvenient. The bad news was that I was stuck out of my admin access and no one would be able to help me but Microsoft.

So I did it, for the first time ever : I called Microsoft support.

After a 5 minutes wait, I ended up speaking with what seemed like a human, who understood I was locked out of my tenant, but apparently the phone number I dialed was for premium support only, so I was redirected to a second queue.

As it happens, the technician couldn't do anything because she wasn't in charge of business support, so she transfered me again to another queue.

30 minutes in and I ended up talking to someone who actually could help me. We opened a case, gave an e-mail address, a phone number to call back, and so on. I shall be called back within 8 hours.



In the meantime, I had my whole Friday night to figure out a way to solve my problem myself, and what I managed to do was beyond ridiculous : I logged to Power Automate with my global admin account, created a new flow that would add my own global admin account to an existing excluded group from the CA that was blocking me, ran the flow and... it worked. I regained access to my tenant by running a Power Automate flow.


Anyways, it's been 4 days since I supposedly opened a ticket to Microsoft. No mail, no call, nothing.

https://redd.it/1pi2ki1
@r_systemadmin