Do you expect your frontline manager to be a Subject Matter Expert?

Is your boss the SME for the assortment of tech that your team administers? Do you expect them to be? Do you expect them to know how to at least do your job?

I imagine that the answer depends on the size of the organization and consequently the department and maybe even by industry.

https://redd.it/1q4qe4m
@r_systemadmin

Thickheaded Thursday - January 08, 2026

Howdy, /r/sysadmin!

It's that time of the week, Thickheaded Thursday! This is a safe (mostly) judgement-free environment for all of your questions and stories, no matter how silly you think they are. Anybody can answer questions! My name is AutoModerator and I've taken over responsibility for posting these weekly threads so you don't have to worry about anything except your comments!

https://redd.it/1q77x5g
@r_systemadmin

Who's still working from home in 2026?

Out of curiosity, who is still WFH in 2026? Did your org make you come back into the office?

WFH here, usually 3 days a week give or take. Sometimes 4 depending on the week. Our office is pretty much empty; you might be lucky to run into a couple of people sometimes.

https://redd.it/1q7cbpb
@r_systemadmin

Dell price increases confirmed - schewwwww

I got a quote for (10) Dell Pro Plus 16-inch laptops on Dec. 14. The per-unit price was $1300.

Today, the exact same quote for the exact same specs is $1700 per-unit.

We all knew there were going to be price increases, but boy, it really slaps you in the face when it directly impacts you. This will definitely slow our computer and laptop purchasing. Our total equipment budget increased by about 1.5%, and these price increases are closer to 30%. There is no way we can eat our way out of this one.

I would go so far to say that this will force us to stretch from a 6-year replacement cycle to an 8-year cycle.

https://redd.it/1q7ikgd
@r_systemadmin

Windows Secure Boot UEFI Certificates Expiring June 2026

I've read a ton of KB articles and I'm still not 100% clear if I actually need to do anything.

Most environments are either machines are domain joined and updated via WSUS and controlled by GPO or they're Intune managed using Microsoft update.

But between reg keys, GPOs, firmware updates, Windows Updates, I'm not clear if I should be doing something specific or just keep installing the monthly cumulative/security updates and they'll take care of it?

On most machines setting AvailableUpdates to 0x5944 and then triggering the secure-boot-update scheduled job a couple of times seems to work but the documentation isn't great on whether this is what I have to do or if I'm just ensuring machines are updated now rather than, say, in a February or March Windows Update.

I've got these options available via GPO.

https://support.microsoft.com/en-gb/topic/group-policy-objects-gpo-method-of-secure-boot-for-windows-devices-with-it-managed-updates-65f716aa-2109-4c78-8b1f-036198dd5ce7

What are you doing about this please?

Jas

https://redd.it/1q7gsr6
@r_systemadmin

Who runs cables and does the terminations in your organization?

In addition to help desk, sys admin, engineer, project manager, cyber security officer, crib vending machine mechanic, facilities security admin, ERP support, SolidWorks expert, EDI support, audit and compliance enforcer, SQL DBA, web designer, and the many other hats that you have to wear, are you also running and terminating cables?

https://redd.it/1q7g2oi
@r_systemadmin

eFax charged me $115 to port out 1 number!

Wow, just got scewed porting number out of eFax. Highest port out fees of any organization by far. I will NEVER use or recommend thieves like these guys. Avoid eFax (aka Consensus Cloud Solutions, C2, jFax) or you will pay the price!

https://redd.it/1q7qj57
@r_systemadmin

All emails we send to Gmail are rejected as spam despite full compliance

This one is an ongoing issue for the past month. Essentially all emails sent to Gmail from our domain which is hosted on Microsoft 365 are being rejected with the error "550 5.7.350 Remote server returned message detected as spam -> 550 5.7.1 \[2a01:111:f403:c40e::1 19\] Gmail has detected that this message;is likely suspicious due to the very low reputation of the sending;domain." despite our domain's reputation showing as "High" in the old Postmaster Tools.

In the new Postmaster Tools the reason for rejection is shown as either "Email content is possibly spammy" or "Suspected spam", though test emails with simple text in their subject and body are also rejected.

The new Postmaster tools show full compliance in the "Compliance status" section and our DMARC reporting shows that Google's server accepts our email with full passes.

Logging a delivery report through the new Postmaster Tools gets the report closed within an hour with the reason given as "More traffic needed".

Does anyone have a suggestion on how we can get this resolved?

https://redd.it/1q7ztch
@r_systemadmin

SMB over QUIC

I do not see this topic come up much here.

Is anyone using SMB over QUIC, or use this to replace tradtional SMB file servers?

If so,
\-Any noticeable speed increases?
\-Stability

Any downsides?

https://redd.it/1q7x0iw
@r_systemadmin

Weekly 'I made a useful thing' Thread - January 09, 2026

There is a great deal of user-generated content out there, from noscripts and software to tutorials and videos, but we've generally tried to keep that off of the front page due to the volume and as a result of community feedback. There's also a great deal of content out there that violates our advertising/promotion rule, from noscripts and software to tutorials and videos.

We have received a number of requests for exemptions to the rule, and rather than allowing the front page to get consumed, we thought we'd try a weekly thread that allows for that kind of content. We don't have a catchy name for it yet, so please let us know if you have any ideas!

In this thread, feel free to show us your pet project, YouTube videos, blog posts, or whatever else you may have and share it with the community. Commercial advertisements, affiliate links, or links that appear to be monetization-grabs will still be removed.

https://redd.it/1q84dzf
@r_systemadmin

PowerDMARC or Suped Pros/cons?

Trying to dig into DMARC tools in 2026, rn im mainly looking at PowerDMARC and Suped (mostly for DMARC aggregation + SPF flattening)

Bonus points if either of them fit these:

\- Has good API integration

\- Makes report analysis somewhat bearable

\- Won't require thousands in a fiscal year just to afford it

While PDMARC has a lot of features and is price friendly, a colleague told me that it’s pretty ‘heavy’ to use day to day. Suped does look more streamlined and simplified which works out for me. Would love to hear some insights or if you have an alternative suggestion thanks

https://redd.it/1q85fd7
@r_systemadmin

Looking for a relatively inexpensive alternative to Word Mail Merge

I've recently joined a company who are sending out quarterly shareholder reports/updates by method of Word Mail Merge via email (Outlook). This might have been a good choice 10 or more years ago, but it's far too complex and antiquated to be using these days, imo.

Clearly an email marketing platform the likes of MailChimp or Brevo look promising, but I'd be interested to hear if anyone else recommends something different.

Just to clarify, we're a Microsoft shop.

https://redd.it/1q87eaf
@r_systemadmin

Sysprep on Server 2025

I just built a new VM template (VMWare) for Server 2025 Datacenter. Once I was done, I ran sysprep, chose OOBE from the drop down, checked generalize, and chose shutdown.

Today I went to deploy the template to a VM and discovered that there was a local admin password in place. I ran sysprep again and used the reboot option this time. Upon coming up, the local admin password is still present.

Did Microsoft change the way sysprep works in 2025?

I've reviewed the setupact.log file from c:\\windows\\system32\\sysprep\\panther and can't find anything obvious that said it failed. I do wonder what the return codes under the shsetup setup mean. Is a 2 a failure? Is a 0 a success?

Under SYSPRP ActionPlatform I am see that WINRE_Generalize was successful. Does that mean anything? I see several other generalize actions under that section were successful too.

I'm seeing 4 error lines in the setuperr.log file.
2026-01-09 07:47:23, Error SYSPRP BCD: BiUpdateEfiEntry failed c000000d

2026-01-09 07:47:23, Error SYSPRP BCD: BiExportBcdObjects failed c000000d

2026-01-09 07:47:23, Error SYSPRP BCD: BiExportStoreAlterationsToEfi failed c000000d

2026-01-09 07:47:23, Error SYSPRP BCD: Failed to export alterations to firmware. Status: c000000d



https://redd.it/1q882wl
@r_systemadmin

Exclaimer on Spamhaus List

Anyone else seeing NDRs due to Exclaimer IP on Spamhaus?

https://redd.it/1q8a3y0
@r_systemadmin

eDiscovery request for emails to be provided as PDFs

We are a small shop (15 employees) and have been fortunate enough to not have much dealings with subpoena's. However, we are dealing with one now.

The request seemed simple -- provide all emails between company X and your company between these two dates. Microsoft Purview makes this pretty straightforward, so I download the data as PST files and sent them to our attorney. It's around 1,000 emails.

Our attorney has requested to receive these emails as PDF files instead of PST files. I thought this was odd, but perhaps this is common?

I was able to use Purview to download the emails as individual MSG files, and cobbled together a python noscript to covert each MSG file into a PDF. Job done.

Is PDF the normal format that requests like this are fulfilled? Is there a tool available to make this process easier? I think we might have some similar request in the future.


EDIT -- Thank you everyone for all the replies! As usual this is a great sub to be a part of and I learn something from it everyday.

https://redd.it/1q8b6u9
@r_systemadmin

931AM East Coast Internet Issues

I'm having a few sites in Long Island NY all go offline at the same time in addition to a partner vpn tunnel out in Las Vegas. All at the same time. Other vpn's are just fine around the country. Anyone else seeing this?

https://redd.it/1q89she
@r_systemadmin

What are your thoughts on the AI Bubble timeline?

We’re obviously still in the growth stage (data centers yet to be built out) but at some point all the AI-optimizable industries will be saturated, and we’ll be left with some very high multiple of excess AI businesses and idle compute.

There’ll be a latent period where the major players BS their earnings and usage through (more) circular business deals, consolidation, and outright misrepresentations of user data to kick the can down the road.


And then we of course will be left with the collapse, and the bag being held by pension funds (via SPVs) and the general populous (via destroyed aquifers and sky high electricity prices).


My guess is 3-4 years.




https://redd.it/1q8dst4
@r_systemadmin

Am I Getting Fucked Friday, January 9th 2026.

Brought to you by r/sysadmin 'Trusted VAR': u/SquizzOC with Trusted Telecom Broker u/Each1Teach1x27 for Telecom and u/Necessary_Time in Canada

PMs are welcome to answer your questions any time, not just on Fridays.

This weekly thread is here for you to discuss vendor and carrier expectations, software questions, pricing, and quotes for network services, licensing, support, deployment, and hardware.  

Required Info for accurate answers:

* Part Number
* Manufacturer/vendor
* Service Type and Service Location
* Quantity (as applicable)

All questions are welcome regarding:

* Cloud Services - Security, configurations, deployment, management, consulting services, and migrations
* Server configs and quote answers
* Storage Vendor options, alternatives, details, and selection
* Software Licensing - This includes Microsoft CSPs
* Network infrastructure - overlay software, segmentation, routers, switches, load balancing, APs…
* Security - Access Management, firewalls, MFA, cloud DNS, layer 7 services, antivirus, email, DLP….
* User gear - Usually, you should buy the quote you have unless the quantity is +50 units
* POTS replacement lines
* Single site and multi-location connectivity – Dedicated internet access, Broadband, 5G LTE, Satellite, dark fiber, Ethernet services
* Voice services- SIP, UCaaS,

https://redd.it/1q8e4dx
@r_systemadmin

Google's Primary DNS is down

Google's Primary DNS is down right now. Don't know if this is a regional or worldwide outage, but has anyone ever run into this before? I know it is happening across a variety of ISPs right now.

Google Public DNS down? Current problems and outages | Downdetector

https://redd.it/1q8i02v
@r_systemadmin

GMail blocking weblinks embedded in images starting today

We use gmail and have users with icons for x, youtube, insta and fb containing links to social media in their signatures.

Starting today internal to internal flags gray with the message not sent to spam because of your organization settings.

Internal to external Gmail goes directly to spam with the red this might be dangerous

Internal to external other than gmail goes through normally with no problems.

I don't think it's just us, because I added a weblink in an icon to my personal gmail and sent to another personal gmail and it went to spam with the red danger message too.

Anyone else seeing this?



https://redd.it/1q8j0kg
@r_systemadmin

Boss wants us to implement Google credential manager instead of a PW manager (Vaultwarden)

Hello,
We are using Entra ID, and majority of users use chrome for browsing. I brought up the idea of hosting a PW manager and was quickly denied because someone said it was cheaper and easier and just as safe to use google credential manager.

I'd create a google cloud identity tenant and give our users gmail accounts to have their PW managers..

From a security standpoint, what is my best argument to say why a dedicated PW manager is more secure for both comliance and security ? Or is it not a big deal ?

https://redd.it/1q8jaem
@r_systemadmin