Weekly 'I made a useful thing' Thread - January 02, 2026

There is a great deal of user-generated content out there, from noscripts and software to tutorials and videos, but we've generally tried to keep that off of the front page due to the volume and as a result of community feedback. There's also a great deal of content out there that violates our advertising/promotion rule, from noscripts and software to tutorials and videos.

We have received a number of requests for exemptions to the rule, and rather than allowing the front page to get consumed, we thought we'd try a weekly thread that allows for that kind of content. We don't have a catchy name for it yet, so please let us know if you have any ideas!

In this thread, feel free to show us your pet project, YouTube videos, blog posts, or whatever else you may have and share it with the community. Commercial advertisements, affiliate links, or links that appear to be monetization-grabs will still be removed.

https://redd.it/1q1utbi
@r_systemadmin

Patch Tuesday Megathread (2025-12-09)

Hello r/sysadmin, I'm u/AutoModerator, and welcome to this month's Patch Megathread!

This is the (mostly) safe location to talk about the latest patches, updates, and releases. We put this thread into place to help gather all the information about this month's updates: What is fixed, what broke, what got released and should have been caught in QA, etc. We do this both to keep clutter out of the subreddit, and provide you, the dear reader, a singular resource to read.

For those of you who wish to review prior Megathreads, you can do so here.

While this thread is timed to coincide with Microsoft's Patch Tuesday, feel free to discuss any patches, updates, and releases, regardless of the company or product. NOTE: This thread is usually posted before the release of Microsoft's updates, which are scheduled to come out at 5:00PM UTC.

Remember the rules of safe patching:

Deploy to a test/dev environment before prod.
Deploy to a pilot/test group before the whole org.
Have a plan to roll back if something doesn't work.
Test, test, and test!

https://redd.it/1phyxbt
@r_systemadmin

What is your org’s "Users per Sysadmin" ratio? Currently drowning at 1:200

Hey everyone,

I’m curious to see where everyone else is at with their staffing levels. Lately, it feels like our department is playing a permanent game of whack-a-mole. We are currently sitting at a ratio of 1 IT admin for every 200 employees.

https://redd.it/1q2wo09
@r_systemadmin

Sysadmin/Sysengineer --> Devops Engineer

As noscript says is this the current best future proofing for this role? Get some cloud / K8s certs while maintaining Systems engineering level stuff? I actually quite like K8s and did get the KCNA certification and am studying off and on for CKA while also knowing I should work on gaining something like AZ-104 just in case I ever need to find a new role. Times are odd and its kind of hard to read the future right now.

Most of my formal education / certs are based on cyber security, Networking, Linux and vmware. I have Comptia cloud+ but acknowledge thats a pretty high level overview certificate of the theory of cloud systems.

https://redd.it/1q2szp5
@r_systemadmin

What’s going on with Fortinet lately? It feels like every week there’s another critical CVE..

Anyone else concerned about the recent Fortinet CVEs?

https://redd.it/1q2bl3r
@r_systemadmin

Filtering Connection Audit Log filling up too fast

We have auditing enabled on Windows Domain Controllers and the Security log is getting absolutely flooded with Event IDs 5156 / 5157 / 5158

It’s logging around 50 events per second, so the Security log fills up fast.

Our SOC is complaining that this volume is blowing up SIEM storage and EPS limits and honestly I get their point.

Before we start turning knobs blindly, I wanted to ask people who’ve actually dealt with this in real environments:

Is it generally safe or reasonable to disable these audit events on Domain Controllers?

If we do turn them off are we creating a real detection blind spot, or is this mostly noisy data that’s better covered by EDR.

Appreciate any advice.

https://redd.it/1q3434z
@r_systemadmin

If you're asking for help, you need to make it easy to help you

If you're asking me for help, do the leg work to make completing your request easy. It's common decency and it's professional.

I can't imagine ever going to anyone for help and just dumping every aspect on that person. It's completely unprofessional. If I go to someone for help - I've gathered the information and done all pre-work so all the person I'm going to needs to do is their piece. They don't need to reach out to Johnny for information x, they don't need to coordinate y. I've already done those things.

An exec submitted a request on Christmas Eve just before I was logging off on two contractors' behalf and she needed it ready by the start of business on 1/1. I completed the request because the holiday shrunk everyone's availability and I wanted to pad time in case of anything unexpected.

I send this exec something they can literally copy and paste in an email to the contractors. It's two steps - Go here, then do y.

This exec responded today asking if I can meet with the contractors to go through the steps on Monday. Which annoyed me because it means she hadn't even emailed them yet and it's two steps. Send them the instructions I gave you, if they have questions or an issue, have them reach out... It's that easy. There's no need to schedule a meeting.

The kicker is - I agreed to meet with them on Monday and she immediately says, "Great, go ahead and schedule a meeting with them and coordinate all of the details."

These are your people and you're asking for my time... You coordinate the meeting, look at my calendar and put a time on there. Don't ask me to do every little aspect of this. Own your end...

And it's disrespectful to my time. Why did I make it a point to get it done on Christmas Eve if you weren't going to send out the information

In the end, I just emailed the contractors the instructions and told them to reach out with questions or issues and more information would come Monday on the remaining two pieces I cannot complete.

https://redd.it/1q26dkw
@r_systemadmin

How come many job applications still ask for MCSA, MCSE Certifications?

Rarely ever do I see Azure Hybrid Administrator in a job advert.

Its such a red flag that so many companies dont realize these have been expired. If anything it makes me think that they're discriminating and looking for seniors with expired certs for entry/mid roles.

https://redd.it/1q380kk
@r_systemadmin

LSI Megaraid Card Failing, Foreign Configuration not working on new card

I have a LSI Megaraid SAS 9260-8i card that I'm assuming is failing. It started dropping offline which has become more and more prevalent with a fatal,3 firmware error. I've tried updating the firmware (same, latest one) and throwing more cooling at it but same issue.


Replacing the card with LSI MegaRAID SAS 9270CV-8i shows the foreign configuration with all 8 drives from the RAID 6 as (Foreign) Unconfigured Good, but it errors on trying to import the configuration.


I've been back to the 9260-8i and have had it stay online and performed a successful consistency check and then saved the configuration, but that also will not load on the 9270CV-8i, and importing the foreign configuration also fails.


Is there something I am missing here? the 9270CV-8i has RAID 6 unlimited. The only thing I'm currently unsure about is the BBU on the 9270CV-8i isnt registering but I've yet to troubleshoot that. I'm not sure if that would prevent loading the config of the old raid array. Also I've been using MegaRAID Storage Manager and tried once in the WebBIOS (within an UEFI Bios Menu), not sure if it's worth trying LSI StorCLI.

https://redd.it/1q38aqu
@r_systemadmin

"Private Health Data" of 120,000 New Zealanders breached and extracted.

https://www.stuff.co.nz/nz-news/360920441/private-health-records-surface-dark-web-after-manage-my-health-hack

TL;DR ManageMyHealth, an NZ medical portal used by some doctors, suffered a cyber breach. Samples online show personal health information like names, test results, letters, and scans. ManageMyHealth confirmed it happened but says it is limited to the “Health Documents” part of the system (which is HUGE).

As a former user of ManageMyHealth (my local doctor moved to a different but similar local system years ago) simply saying it was only “Health Documents” is downplaying the scale of what the attacker had access to. When I used it “Health Documents” included every single prenoscription I got, scans of appointment summaries with other doctors, all of my x-rays/CTs/MRIs, and 71 pages of my entire health and phycological history going back to when I was 4 which was imported when I moved to this local clinic 10 years ago.

Even though I have been moved off this system I am still not sure if my data was included. ManageMyHealth has not contacted anyone specifically and only publically admitted the breach days after it was reported.

Write up by New Zealand based software dev /u/utf9k

https://utf9k.net/blog/managemyhealth-data-breach-recap/





https://redd.it/1q39w3v
@r_systemadmin

Loftware NiceLabel now requires active maintenance just to reactivate a perpetual license after PC re-image

Posting this as a heads-up for anyone using NiceLabel (Loftware), especially small shops.

I purchased a NiceLabel Designer Express perpetual license in 2023. Recently I had to re-image the same PC due to software conflicts causing system crashing that I couldn't repair.

After reinstalling, NiceLabel informed me that:

Deactivating / reactivating the license now requires an active Service Maintenance Agreement (SMA)
Without SMA, they will not release or reset the license, even for a same-machine reinstall

Support’s position is that license rehosting is considered a “support action,” so maintenance agreement is required, even though the license itself is perpetual. They directed me to another site to get a quote.

I’m pushing back and requesting a one-time courtesy reset, but wanted to share this so others aren’t surprised:

Always deactivate before re-imaging or moving install. (File > About and click Deactivate License)
Expect license recovery to be gated behind paid maintenance

We also had an issue in 2024 with a motherboard that needed to be replaced due to a defective PCIe slot and that instance also required support assisted license reactivation but it was at the time serviced by Loftware support without issue nor any mention of SMA.

Zebra Designer Pro appears to be a reskinned version that might be a better alternative as I didn't see any info regarding paid SMA required just to manage a license install.

https://redd.it/1q39qdo
@r_systemadmin

WFH SysAdmin/Service Manager to Google Datacenter Technician?

I currently work in an extremely high stress sys admin/service manager position at a small MSP with a lot of clients, making 115k a year including bonus.

I've come across a role at Google paying roughly between roughly what I'm making up to 150k as a Datacenter Technician for Global Operations. I understand this job noscript is a step down, but it does require 6 years of experience with servers and because of this I don't view it as your typical entry level datacenter tech role.

They are offering salary, equity, bonus, and benefits -- I presently only have salary and bonus. I also see strong appeal in them being military friendly, as I've been seriously considering scratching an itch that never went away before it's too late -- they offer differential pay for guardsmen on deployment or training and are generally supportive of the idea.

Aside from the stress level with this current position, I foresee AI taking my job away from a large bulk of people and would like to hopefully plan for this future by finding a new avenue on the side of things that is actively supporting the taking of those jobs rather than disappearing -- datacenters.

It sounds like the safe way to go, less stressful job, as well as a bump in salary if I could get the 150k + benefits, bigger bonus, and equity, but I fear my bet on the future of sysadmin work may be wrong, and then I'll be left in a position with less upward growth.

Is this a step down with everything considered, am I being ridiculous, or is this a reasonable direction to take?

https://redd.it/1q3bvbd
@r_systemadmin

Farewell VMware and thanks for the fish

We are migrated off of VMware. Current contract expires at the end of February but we used the holiday extra downtime to push this through. Very weird feeling for me.

I was hired as an intern while still in school by a small company. Company had a lot of technical debt in both software and hardware. It was my boss as a one-man IT shop and myself as an intern to try and handle the phone and initial triage. While my boss tried to tackle the software issues he told me "I've heard of this new thing called VMware." and tasked me with trying to figure out if it would help us deal with consolidating old hardware. So while I wasn't answering a call or doing basic helpdesk items I read about VMware. At the time we had four full height racks with shelves in them and they were all full of old desktops that had been turned into 'servers'. After reading things and going to him with what I found he got a used IBM X345 and VMware GSX Server 3 (still have the box: https://imgur.com/a/9n0MMND ). I consolidated a bunch of old systems so we could throw all the old random hardware and have been a VMware shop ever since.

I am still with the same company which has grown a lot. We have 12 physical hosts and we are officially off of VMware. Broadcom, you suck and I hate you.

https://redd.it/1q3eshf
@r_systemadmin

Made a tool to visualize and monitor traffic on self-hosted services (Traefik/Pangolin compatible)

Hi redditors,

I wanted to share a project I built to try to solve a problem I've had since I started my self-hosting hobby.

Like many, i think, i expose some services to the internet for personal use, and I started with reverse proxies like Traefik or NPM. However, I never felt like I had good visibility into who was connecting or trying to access my domains and services.

I recently switched to Pangolin (which uses Traefik as reverse proxy), but I still felt something was missing: a dedicated log parser with a dashboard (i’ve also exposed some api’s endpoint). Since I couldn't find exactly what I needed, I decided to build it myself.

It's a log parser that, at the moment, can be used with:
\- Pangolin (really easy to configure with docker compose)
\- Traefik installations

I am always looking for people who want to contribute or propose ideas for improvement. Please feel free to open an issue if you have any feedback.

If anyone wants to use it or just check out the repository, here is the link: https://github.com/k0lin/loglynx(https://www.reddit.com/submit/?sourceid=t31q3l4cy)

https://redd.it/1q3ldln
@r_systemadmin

Endpoint Manager for Windows Recommendation??

So our company has about 300+ windows 11 home endpoints, not my decision, so obviously we can't join them to a domain to monitor workstation health etc. Any of you ever implemented a system to manage windows home endpoints that's worked without significant drawbacks? The environment right now is one giant mess. There is absolutely no consistency in configuration. There are people with expired AV's. Over 100 systems have not recieved updates in the last 3 years. I have even come across staff running unactivated versions of windows (that was probably the previous IT's work). We've caught people running unsolicited applications on their PC's. Our network is extremely secure but the internal is an attacker's wet dream. Am i overthinkign this or what? I do intend to clean it up though.

https://redd.it/1q3lt30
@r_systemadmin

Solo Teacher seeking help: Win11 Clients cannot find Win2016 DC (VirtualBox Bridged)

I'm a Computer Science teacher attempting to revive an underfunded, languishing computer lab with 29 student PCs. I’m working solo (school doesn't have a dedicated IT dept) to set up a Windows Server 2016 VM (VirtualBox) to act as a Domain Controller so I can finally manage these machines via Group Policy (blocking USBs, managing updates, etc.).

The Problem is that despite having connectivity (Ping works), the Windows 11 Pro student PCs cannot join the domain. They return the error: "An Active Directory Domain Controller for the domain lab.local could not be contacted." Additionally, nslookup fails on the clients, and they lose internet access when pointed to the Server’s DNS.

The Setup

Host Physical PC: Lenovo (Windows 11). IP: 10.1.3.58 | Gateway: 10.1.3.254
Server VM (Windows Server 2016):
Static IP: 10.1.3.200 | Gateway: 10.1.3.254 | DNS: 127.0.0.1
Domain: lab.local
Network: VirtualBox Bridged Adapter, Promiscuous Mode: "Allow All."
DNS: Forwarders set to 202.201.x.x (ISP DNS.)
Student PCs (Windows 11 Pro):
IP: DHCP (on the 10.1.3.x subnet).
DNS: Manually set to `10.1.3.200`.

What has been verified so far:

1. Connectivity: Student PCs can ping the Server IP (`10.1.3.200`).
2. DNS Records: The `_msdcs`, `_tcp`, and `_ldap` SRV records do exist in the Server's Forward Lookup Zones.
3. Services: Netlogon has been restarted; `ipconfig /registerdns` has been run.
4. Firewalls: Server Firewall is temporarily OFF for testing; Student PC set to "Private" network profile.
5. Clocks: Time and Date are synced within seconds across all machines.
6. IPv6: Disabled on both Server and Client to prevent resolution conflicts.

The Block:

nslookup lab.local on the student PC times out.
`nltest /dsgetdc:lab.local` returns `Status = 1355 (0x54B)` (DC not found).
Even though the server is "there" (Ping), the DNS traffic seems to be dropping into a black hole between the Physical Student PC and the Virtualized Server.

I just need that first "Welcome to the Domain" message so I can start securing this lab for my students. If anyone has experience with VirtualBox Bridged networking quirks or Win11-to-2016 DNS handshake issues, I would be incredibly grateful for your input.

https://redd.it/1q3mydn
@r_systemadmin

When does a ticket stop being a bug?

Most of us have tickets that refuse to die.
Cleared cache. Restarted services. Escalated. De-escalated.
It flips back to In Progress or Pending Customer, even though the customer already replied. It’s like it has a reason.

Eventually, it stops feeling like a bug. It starts feeling like part of the system.
When do you stop trying to fix it and start documenting it… as infrastructure?



https://redd.it/1q3kqv0
@r_systemadmin

Dockingstations from Lenovo and HP horrible

I work at a big Telecom Provider and our B2B customers all use dockingstations, as it is usual in every company.

The 1st and 2nd lvl support team always complain about the tickets about "docking station" troubleshooting. They have to do 45 seconds laptop hardware reset + docking station reset, when they suddenly have no connections to their multiple monitors, or LAN connection

Reseting the docking station by either pushing the button which is light up with and small LED for 15 seconds or even fully disconnect the power plug to the docking station. Every freaking time. Why are docks so problematic? Is this normal?

https://redd.it/1q3ow7o
@r_systemadmin

Drowning in SaaS status alerts (RSS). How do you handle incident monitoring without the noise?

I’m looking for a sanity check on how other IT teams are tracking incidents for all the SaaS vendors we rely on (Google Workspace, Slack, Zoom, Salesforce, etc.).

Right now, we are pulling RSS feeds from various status pages into a dedicated channel/dashboard. The problem is that we are absolutely drowning in alerts.

The signal to noise ratio is terrible we get pinged for every minor degradation or scheduled maintenance window, which means the team has developed serious alert fatigue and started ignoring the channel entirely.

https://redd.it/1q3rb2g
@r_systemadmin

Virtualization && Serial Console Issues (Rant first, question is at the bottom)

Hi folks, i am a self-taught everything & currently expanding my Brain into the world of QEMU/libvirt/virsh …

What's troubling me is the bare minimum for interaction itself – a properly functioning serial console. Both from Local to Guest & Host to Guest. Both from my Terminal using virsh console & using virt-manager.

.

My goal is simple:

Being able to properly interact with my VM(s).

.

For starters, i created a VM using virt-manager (VMM) on my local Machine to the baremetal Host-Server. AKA there are 3 OSes – Local, Host, Guest.

On Local i connected VMM to the Host with qemu+ssh://me@host/system.

The Host and Guest got the same OS — Debian1207.

By default, VMM creates a Video Device, which i remove after the installation finished – to edit the GRUB_CMDLINE_LINUX="console=tty0 console=ttyS0,115200n8" first, as well as GRUB_TERMINAL=console.

Once this is configured, the Backspace-Key will not get send to the Guest, what ever i do.

To be clear, nothing i can do in the Guest will make CTRL+V then "←"-Key & showkey -a then "←"-Key output anything, ever.

I tried many edits to the XML, inside VMM & fully without VMM with virsh edit & virsh define. But it gets always changed back immediately. But only what i change inside <devices/>.

The XML0

.

Well, let's skip the GUI all together.

.

Using virsh to create a new VM in consolemode. There the problems start even sooner & get even worse … (both from Local & Host)

The Debian installer does not come with a Serial Mode afaik. Thus, i can either do it blind or edit the bootoption to force it …

Now into the console of the Debian installer, the window is tiny & there's no scrolling, therefore when there are too many options to fit on the screen it's impossible to see them all …

Okay, let's say i finished through it after some tries and the installation was completed. BUT after the initial boot into Debian … … … the Terminal stays empty. Because GRUB wasn't told to boot in console mode, as i did before (as far as i can tell, that's the reason).

The XML1

.

.

Is it too much to ask for at least one of them, Virt-Manager or Virsh Console to work? Please

^(Any help would be nice as well, to all the comedians who simply want to answer “yes” xD.)

https://redd.it/1q3tbrj
@r_systemadmin

OPNsense + multi-ISP + VLAN-heavy small office design — am I overengineering or missing something?

Hey everyone,

I’m designing a small office / home-office network and would really appreciate a technical sanity check. I might be overengineering, but I want to be sure there are no fundamental flaws before I commit to the hardware and wiring.
Goals

Use multiple ISPs with strict policy-based routing

Keep two work PCs consistently exiting via different ISPs

Separate office Wi-Fi, servers, CCTV, and IoT devices

Ensure CCTV cameras have zero internet access
Allow remote access via VPN (Tailscale) without exposing services

This is for reliability, predictability, and clean separation — not anonymity or bypassing rules.
Hardware

"Firewall / Router: OPNsense (bare metal)"

Core Switch: TP-Link JetStream (L2 managed, VLAN-aware)

Wi-Fi APs: TP-Link Omada EAP230 / EAP235 (AP mode only)
Servers:

Proxmox host (multiple VMs/containers)
Mini PC for WordPress sites
CCTV: Mini PC NVR (custom OS, 2 NICs)

"VPN: Tailscale (device-to-device only)"

ISPs:
ISP 1 (Fiber)
ISP 2 (Fiber)
ISP 3 (Fiber)
High-level topology

ISP 1 ─┐
ISP 2 ─┼──> OPNsense (ONLY routing device)
ISP 3 ─┘
|
| 802.1Q trunk
v
Managed L2 Switch
|
APs / PCs / Servers
Switches and APs are L2 only

All routing and WAN selection happens only in OPNsense
VLAN design
VLAN

"Purpose"
Internet

Work PC / Account 1
ISP 1 only

Work PC / Account 2
ISP 2 only

Office Wi-Fi / phones / thin clients
ISP 3

Servers (Proxmox, WordPress, mgmt)

ISP 3 (optional failover)

CCTV cameras ❌ No internet

IoT / Home Assistant

ISP 3 (restricted)

No inter-VLAN routing except explicit rules

No load balancing or failover for VLAN 10 / 20

Policy routing (OPNsense)

VLAN 10 → Gateway WAN1 only

VLAN 20 → Gateway WAN2 only

VLAN 30 / 40 / 60 → WAN3

VLAN 50 → blocked (no default gateway)

CCTV approach

Cameras live in VLAN 50

No gateway, no NAT, no internet

NVR Mini PC has 2 NICs:
NIC 1 → VLAN 50 (cameras only)
NIC 2 → VLAN 40 (management)

IP forwarding, NAT, and bridging disabled on the NVR OS

Remote viewing via Tailscale, not port forwarding
Wi-Fi

Omada APs in AP-only mode

Wired backhaul

SSIDs mapped to VLANs (Office Wi-Fi → VLAN 30)

No routing or NAT on APs

What I’m unsure about
Is this a reasonable use of OPNsense, or am I pushing complexity too far for a small office?

Any common pitfalls with multi-WAN + strict policy routing in OPNsense?

Is the 2-NIC NVR design safe long-term if routing is disabled?

Would you simplify anything without sacrificing isolation?

At what point would you say “drop OPNsense and use an SMB router instead”?

I’m comfortable managing OPNsense, but I don’t want a fragile setup that breaks silently.
Appreciate any feedback — especially from people running multi-WAN OPNsense or similar homelab/SMB environments.

Thanks!

https://redd.it/1q3sjn6
@r_systemadmin