For compliance/audit people: how do you actually build evidence timelines?

I work with a compliance team that’s constantly scrambling to reconstruct “what happened when” for audits.
Their process is basically:
∙ Get 48hr notice from auditor
∙ Panic-email everyone for logs/docs
∙ Manually build timeline in Excel
∙ Hope nothing’s missing
Is this… normal?
What I’m curious about:
∙ Is this your job? What’s your noscript?
∙ How often? Monthly? Quarterly? Only when audits happen?
∙ What takes longest? Finding stuff or organizing it?
∙ What would make this suck less?
Context: Trying to figure out if there’s a less painful way to do this, or if manual timeline hell is just the cost of doing business

https://redd.it/1psai1s
@r_systemadmin

SSSD access control vs AD GPOs for restricting logon to privileged AD groups – best practice ?

We use SSSD with Active Directory and need to restrict logon on sensitive Linux systems so that only members of a specific privileged AD group can authenticate.

We’re debating two SSSD-based approaches:
- Enforcing access locally in SSSD (e.g. adaccessfilter)

- Relying on AD GPOs evaluated by SSSD

From a security standpoint:

Which approach gives stronger and more predictable control?

How do they behave if AD is unavailable?
Which one is easier to audit and defend in a security review?

Looking for real-world experience. Thanks!

https://redd.it/1psdov8
@r_systemadmin

NIST reports atomic clock failure at Boulder CO

> Dear colleagues,

> In short, the atomic ensemble time scale at our Boulder campus has failed
> due to a prolonged utility power outage. One impact is that the Boulder
> Internet Time Services no longer have an accurate time reference. At time
> of writing the Boulder servers are still available due a standby power
> generator, but I will attempt to disable them to avoid disseminating
> incorrect time.

> The affected servers are:

> time-a-b.nist.gov

> time-b-b.nist.gov

> time-c-b.nist.gov

> time-d-b.nist.gov

> time-e-b.nist.gov

> ntp-b.nist.gov (authenticated NTP)

> No time to repair estimate is available until we regain staff access and
> power. Efforts are currently focused on obtaining an alternate source of
> power so the hydrogen maser clocks survive beyond their battery backups.

> More details follow.

> Due to prolonged high wind gusts there have been a combination of utility
> power line damage and preemptive utility shutdowns (in the interest of
> wildfire prevention) in the Boulder, CO area. NIST's campus lost utility
> power Wednesday (Dec. 17 2025) around 22:23 UTC. At time of writing utility
> power is still off to the campus. Facility operators anticipated needing to
> shutdown the heat-exchange infrastructure providing air cooling to many
> parts of the building, including some internal networking closets. As a
> result, many of these too were preemptively shutdown with the result that
> our group lacks much of the monitoring and control capabilities we
> ordinarily have. Also, the site has been closed to all but emergency
> personnel Thursday and Friday, and at time of writing remains closed.

> At initial power loss, there was no immediate impact to the NIST atomic
> time scale or distribution services because the projects are afforded
> standby power generators. However, we now have strong evidence one of the
> crucial generators has failed. In the downstream path is the primary signal
> distribution chain, including to the Boulder Internet Time Service. Another
> campus building houses additional clocks backed up by a different power
> generator; if these survive it will allow us to re-align the primary time
> scale when site stability returns without making use of external clocks or
> reference signals.

https://lists.nanog.org/archives/list/nanog@lists.nanog.org/message/ACADD3NKOG2QRWZ56OSNNG7UIEKKTZXL/

edit: CBS reports the drift is 4 microseconds

> "As a result of that lapse, NIST UTC drifted by about 4 microseconds"

https://redd.it/1psf780
@r_systemadmin

Is it realistic to land a remote AWS cloud/help desk role with my skills?

I’m trying to break into the cloud field and would really appreciate some honest advice.

I’m aiming for a remote AWS-related role such as cloud support or an AWS help desk position, and I’m wondering if I’m on the right track.

So far, I’ve learned AWS fundamentals including IAM, EC2, S3, VPC, subnets, route tables, IGW, NAT, security groups, and NACLs, along with basic AWS CLI usage. I’m comfortable working with Linux through the terminal, including users, permissions, services, cron jobs, basic troubleshooting, and setting up NGINX. I also use Bash noscripting and have Python basics for simple automation.

I’ve been working with Terraform to build infrastructure using providers, resources, variables, modules, and state, and I understand concepts like lifecycle behavior, taint, and count vs for_each.

On the networking side, I’ve studied cloud- and DevOps-focused networking fundamentals such as CIDR, subnetting, routing, DNS, NAT, and firewalls.

I also have hands-on exposure to
virtualization concepts and basic containerization with Docker, supported by practical lab-based learning.

At this point, I’m focusing on building projects and improving my infrastructure design skills.

Do you think this background is enough to start applying for remote AWS support or help desk roles, and what would you suggest I focus on next?

Thanks in advance for any advice

https://redd.it/1pshb75
@r_systemadmin

exchange on prem to exchange online migration tool

Hi, my company is looking to migrate exchange on prem mailboxes, around 1K mailboxes to exchange online. Any tool recommendations would be greatly appreciated. Thanks

https://redd.it/1psjcvr
@r_systemadmin

How we fixed battery-draining calendar loop in our legacy SIS without touching the mainframe

We've been fighting a battle with our Student Information System (SIS) for months. It exports a 4MB .ics file every hour, but users were reporting massive battery drain and "Flickering" events on their iPhones. We couldn't replace the SIS (Mainframe/COBOL legacy), so we analyzed the feed to see why it was choking Outlook and iOS. The Diagnosis: It wasn't just "old code". It was violating RFC 5545 in three specific ways that modern clients hate:

1. The "Time Paradox" Loop: The RRULE had an UNTIL date before the DTSTART date. iOS tries to calculate the recurrence, fails, and retries infinitely. Result: Hot phones, dead batteries.
2. UID Collisions: The system reused UID:1234 for 50 different classes. Google Calendar sees this and constantly overwrites "Math" with "History" then "English", causing the calendar to flicker on every sync.
3. Missing VTIMEZONE: It used TZID=Europe/Berlin but never defined the offsets. Windows guessed UTC, Macs guessed Local. Students were showing up 6 hours late.

The Fix (The "Proxy" Pattern): Since we couldn't patch the source, we put a tiny cleaning proxy in front of it.

* Input: The broken 4MB stream.
* Process: Clamps invalid dates, hashes UIDs to be unique, injects standard VTIMEZONEs.
* Output: 100% compliant stream.

We fixed \~1,100 validation errors instantly. No mainframe downtime required.
If you're fighting "Calendar Agent" battery drain tickets, check your RRULE dates. That was the biggest culprit for us.


https://redd.it/1psm2sx
@r_systemadmin

"In 6 months everything changes, the next wave of AI won’t just assist, it will execute" says ms executive in charge of copilot....

https://3dvf.com/en/in-6-months-everything-changes-a-microsoft-executive-describes-what-artificial-intelligence-will-really-look-like-in-6-years/#google\_vignette


Dude, please.... copilot can't even give me a correct answer IN power automate... ABOUT power automate. The chances that I loose my job before I retire in 15 years, is the same as me passing through an asteroid field.


"Never tell me the odds"

https://redd.it/1pso130
@r_systemadmin

ILO boot from iso shenanigans

Sorry, I need to rant a bit.

I'm trying to boot an OS on an old Proliant Gen9 server. I don't know why but every time I try to boot it with an ISO file from virtual media, it seemingly ignores the boot order and boots from UEFI anyways.

The only thing I managed to boot from is an ISO image attached to the HTML5 virtual console, but that's slow as hell.

Then the installer said, I can't install because there's no root disk. OK, so I reboot once again to Intelligent Provisioning.

Aaaaand the server sort of seemingly ignores that too and reboots to an UEFI target. So I reset the RBSU to factory defaults erasing all that, aaaaaand still doesn't do what I want.

I did use a little "noscript" that I used before that SSH-es to the ILO of the server and sets all the correct settings in ILO to boot from an ISO file, yet, no dice.

I'm literally over 2 hours in and I'm nowhere. This is not the first time I'm trying to get an OS on a Proliant server from an ISO, and somehow this happens to me almost every time.

Isn't this as simple as

1. Insert DVD
2. power on
3. boot from DVD

It seems like a literal fight to get those 3 simple steps done. I'm starting to think this is a skill issue 🤬

End of rant, thanks for listening.

https://redd.it/1psrc53
@r_systemadmin

Server Running Extremely High

I have a little python monitoring noscript that I have installed on all of my servers, and it detects whetber my server is down or not. I woke up to my server being down this morning and the CPU stats are extortionate.

Looking back I can see that my server has been running at 100% for about 2 weeks.

I have no clue why it is running at these %’s but the ram is at 80% too for the 2 weeks.

I cannot attach images, but I do not check this server.

When checking glances the highest usage was “xdg-bdus” with 196% cpu usage and 40% RAM usage

She’s a Debian sever and I’m pretty rubbish when it comes to server maintenance and monitoring.

What can I do to set up monitoring and watching my server and mitigating problems like this. I run a small web dev company and have been for a while, but I’ve always just moved my servers around every now and then. The clients on this server are small and static so it’s ok to play around here until I find something I like.

The sites are coded with NextJS if that’s any help

https://redd.it/1pssh3x
@r_systemadmin

Any enterprise OCR software that can handle complex documents?

Our company deals with a lot of complex documents and is considering enterprise OC⁤R softw⁤are. Can anyone recommend tools we could try?

https://redd.it/1psu9ea
@r_systemadmin

Struggled and burnout in my company

I feel completely stuck. My career and my mental state have reached a point where I genuinely don’t know what I can do anymore.
I’ve been working at the same company as a system administrator for about 4.5 years. It started as an internship, then they offered me a full-time position and I stayed. In the beginning, everything was great: a small team, lighter workload, fewer pressures.

Later on, the decision was made to expand the team and the office. I went from being the only technical person to working with around 8–9 people. In itself, that wasn’t necessarily a problem. But at the beginning, the way people treated me was very normal—there was no passive-aggressive behavior, no excessive workload, no constant pressure.

Before the team expansion, my girlfriend of four years broke up with me. After that, I started working in the evenings, taking responsibility for every task that needed to be done. That was a huge mistake.
The company kept changing constantly—new clients, people coming and going—but I stayed, observed everything, and continued where I was.
Lately, I’ve started experiencing the following: little by little, I was taken off customer-facing work and assigned almost exclusively to what we call “Cloud” work—dealing with the infrastructure where customers are hosted, or working on our own internal infrastructure. Being limited to just these tasks caused a deep emotional wound in me.

I started questioning my position, thinking that once these infrastructure tasks are finished, I’ll probably be let go. This has been the situation for the past 1–2 months. Going to work with this mindset—working alone on these tasks while others are doing different things, having to wait days just to ask the boss a question—has been extremely exhausting.
Everyone asks me for things: the administrative manager, the boss—people message me outside of working hours, assuming I’ll respond anyway, asking for things or requesting help. Yes, I allowed this situation to happen.

For example, because I don’t really have a life outside of work, I became the first person to be called in emergencies outside working hours. Even when I’m not called, others are more relaxed, they’re out living their lives, and since it’s known that I’m at home, the responsibility eventually falls on me.
And this isn’t limited to work. For example, we go to a venue and I’m told: “Pour drinks for X,” “Serve this to Y,” “Go buy a dürüm,” and so on.
On top of that, sometimes people make jokes about me—at least that’s how it’s framed—but it feels constant. For example, I once said I’d go somewhere but couldn’t make it. Later, we went there with a different plan, and people said things like, “Good thing you invited us,” “It turned out great,” or other remarks that feel unnecessary. I constantly feel like I’m being teased or mocked, even over things that don’t make sense.

At this point, I’ve started feeling like I’m not staying at this company because of the work I do, but because I’m somehow satisfying certain psychological needs of others.
Recently, a deep fear has settled in: I open the calendar and look at my payday, wondering if I’ll even make it there. I still have 1–2 months of debt left—will I be able to pay them? Sometimes I even deliberately slow down finishing tasks, just so there’s still work left. And that hurts me deeply.
Lately, because I’m constantly thinking about all of this, I have no energy in the evenings. I go to bed early, without clearing my head or resting properly, then wake up and go to work again—hopeless, drained, and exhausted.
I no longer feel sure about what I should do. Life no longer feels like something meant to be lived.
I don’t know what to do.

https://redd.it/1psup84
@r_systemadmin

frustrated with zero visibility on tasks and managers always in the dark

i need help… we have tried jira and kanban boards but updates still get lost. anyone using any smooth task management system that makes progress and blockers visible in real time? how do you keep your dev team on track?

https://redd.it/1psufp5
@r_systemadmin

Meraki SM is going EOL. Alternatives ?

Earlier this month, Cisco Meraki has announced that it's going to discontinue its Systems Manager (SM) platfrom for MDM. Link: [https://documentation.meraki.com/Platform\_Management/SM\_-\_Endpoint\_Management/Product\_Information/FAQ%3A\_Meraki\_Systems\_Manager\_(SM)\_End-of-Sale](https://documentation.meraki.com/Platform_Management/SM_-_Endpoint_Management/Product_Information/FAQ%3A_Meraki_Systems_Manager_(SM)_End-of-Sale)

* **June 3, 2026:** Last day to purchase new 1-year and 3-year Meraki SM licenses.
* **June 3, 2029:** End of support for Meraki SM.  

We've used this platform for managing phones and tablets (iOS and Android). We weren't completely happy with it, but it served us well. Are there any recommendations to replace it that allow to do the needful (policies for settings, app deployment/restriction, inventory/status) for company devices ?

https://redd.it/1psu98t
@r_systemadmin

SOC 2 Browser Extensions Monitoring Tools and Visibility for Audit Compliance

We are a mid sized SaaS shop about 80 users mostly remote devs and sales heading into our first SOC 2 Type 2 audit in a couple months. Auditors are hammering on controls for data exposure risks specifically third party apps SaaS logins risky browser extensions and general user behavior in the browser like pasting sensitive stuff into random sites.

Right now we are using Microsoft Intune Endpoint Manager for device stuff and a CASB like Netskope or Zscaler for some web filtering but neither actually sees inside the browser no extension inventory no real event logging for logins or tab activity. Last time we tried manual spot checks and screenshots for evidence but that is not scaling and auditors were not thrilled.

Anyone found a tool that is built for browser level monitoring without killing performance or requiring a full enterprise browser switch. Bonus if it integrates with our existing stack and gives audit ready reports.

Thanks

https://redd.it/1psxufw
@r_systemadmin

I feel like I missed out on the Golden Age of IT work

I’m a Network Engineer at a huge cloud provider and I do like my job. But I always get this feeling that scale, tooling, and automation has ruined the field. We’ll get alerts like ”we’ve lost half the capacity between X and Z sites” and then use an internal tool that queries all the interfaces at those sites and tells us which are down or taking errors. I almost never even have to login to any routers.

It’s like this is tangentially related to fixing tech, but it doesn’t directly scratch the itch I have. I grew up watching G4TV and fiddling with drivers trying to get Diablo to run on my Dad’s PC. I love troubleshooting and fixing, but I almost don’t even get to do it really.

I have this fantasy of being a lone sysadmin in like 2002 with one big office. And all the infrastructure was “my infrastructure”. And I run around all day actually troubleshooting computers, running cables, swapping hard drives, etc. I genuinely think I would thoroughly enjoy doing that all day.

Can any of you confirm: was my fantasy real? Did you actually live that? Was it as cool as I imagine?

https://redd.it/1psynnz
@r_systemadmin

Computer with X.X.X.255 IP cannot connect to Brother printer.

Okay, so I don't know if I am the stupid one here, or if my Brother printer is.

If have a (little bit unusual) network 192.168.200.0/22 so it includes IP adresses from 192.168.200.0 - 192.168.203.255 . Printing works as expected from all Windows machines except the following:

192.168.200.255
192.168.201.255
192.168.202.255

192.168.203.255 also does not work, but that has to be expected (broadcast address). These 3 addresses are not broadcast addresses and work fine including usage of a SHARP printer on the same network. But using a Brother Printer I cannot print, or access the web interface, but a ping works.

Has anyone experienced something similar with Brother printers? Am I the stupid one here for using a non-standard network? Or is the problem on Brothers side?

I tested with the following printers:

Brother HL-L5200DW (Firmware 1.77)
Brother HL-L5210DN (Firmware 1.27)
SHARP MX-C304W (this one works perfectly fine)

Of course the fix is rather simple I just tell my DHCP to skip these addresses. I'd just like to know if someone else has experienced this.

Update 1: As many of you have suggested, I will block .255 and .0 IPs from being used. I will also setup VLAN for that room and move the printer to a different subnet. I guess it is always best to do things properly the first time. I reached out to Brother support and will make another update here if they reply.

https://redd.it/1psy9oz
@r_systemadmin

Azure PIM Issues?

Is anyone experiencing any issues requesting roles in Azure this am? I have been trying to activate a few roles and it's been stuck and going back and saying that no roles are available.

EAST-US

https://redd.it/1psypuj
@r_systemadmin

Need to cut down Login Times. By a lot

I know people are going to suggest a Kiosk Mode or a Multi App Kiosk mode but none of those have session persistence. Not any way to make the computer "secure" from non authorised access.

It's for a high paced environment where staff will be going to and from the workstation with other people often logging in in between them.

Yes, if they're already logged in, they can just log back in but if the PC has been rebooted or if new staff have walked back in then it would pose a problem.

There are only 4 apps that would be used: Browser, Citrix and two other ones.

I've gotten rid of all the GPOs and deployed via Intune instead.

https://redd.it/1psz68e
@r_systemadmin

Time Source

With the NIST issues this weekend, where should I be pointing our NTP source? I currently have it set to time.windows.com, but I am not sure what is safe at this point. We also have a standalone NTP device for some equipment. Is any NIST servers safe?

https://redd.it/1pt2qnw
@r_systemadmin

What’s the best and easiest to use office management software?

I’ll be using it for office and desk management so not much to cover right now. Were not huge by any means but were hybrid and sometimes clashes happen for conference rooms and desks. Would like anything that can fix this
Also any other things I should also be aware of or am missing, do pls lmk

https://redd.it/1pt49x3
@r_systemadmin

Auditors asking for proof of processes which we’ve always done informally

We’ve always had sensible operational practices like access approvals/change reviews/incident handling etc etc . Now that we’re dealing with formal audits, suddenly everything needs to be written, tracked and evidenced.


The frustrating part is that the work itself hasn’t changed much but the overhead has. How do I move from informal but effective practices to something auditable?

https://redd.it/1pt5tay
@r_systemadmin