Boss wants us to implement Google credential manager instead of a PW manager (Vaultwarden)

Hello,
We are using Entra ID, and majority of users use chrome for browsing. I brought up the idea of hosting a PW manager and was quickly denied because someone said it was cheaper and easier and just as safe to use google credential manager.

I'd create a google cloud identity tenant and give our users gmail accounts to have their PW managers..

From a security standpoint, what is my best argument to say why a dedicated PW manager is more secure for both comliance and security ? Or is it not a big deal ?

https://redd.it/1q8jaem
@r_systemadmin

I just need to vent

I share a wall between offices with a new senior ops manager that is “revolutionizing” our manufacturing processes with technology.

Excel.

He’s trying to make an ERP out of Excel.

I suggested from the start that no matter how sure he is he can do it, that he is building himself into a World of Hurt™ and his vision may be possible if he’s the only one to use it ever. I offered him other methods, SQL database, Dataverse, even Access.

Nope.

> “Excel was build for this.”

It’s now 3+ months into this abomination, and they’re trying to implement it and it’s failing in all the ways I said it would. Dates entered “wrong.” Painful performance. Never ending spinners. Collaborative usage conflicts that can’t be auto fixed. On and on.

He’s scrambling. Getting defensive. Blaming lack of “real” database, etc.

I’m just collecting emails, chat logs, and even surveillance video of a convo caught in the hallway between us, about this very thing.

Fuck off, bus. I ain’t getting thrown under you by anyone.

https://redd.it/1q8mofv
@r_systemadmin

When That New Job Offer Comes Through...

No details, no specifics, nothing.

But I finally got a job offer that will be my last job (THEY OFFER A PENSION?! IN AMERICA?!)

My sisters and brothers, this is a top five day in my life where I will no longer be on call as I have been FOR THE LAST FIFTEEN YEARS.

I took today off because I thought the offer might come through. So I went to my local dive bar to watch the FA cup match with Nottingham and Wrexham, got a little sauced, and then the recruiter called. I am floating on air. Eyes heavy, nose light.

To be able to potentially go in next week and tell them to eat my entire fucking ass... I cannot describe that feeling. I work for a company that has 600 office employees and maybe 300 manufacturing employees and we produce a product that probably 75% of you know. I've been there for a very long time and when I leave the production of that product... Anything else and I risk giving myself away and until all that paperwork is signed....

To quote the Red Hot chili peppers... My dick got hard and I dropped my jaw

https://redd.it/1q8n24w
@r_systemadmin

Remote User IP Conflict Issue

Started a new position and we are having an issue where a few remote users are unable to access network resources due to the fact that the IP schema here is 192.168.1.X (lol). Our VPN is azure split-tunnel and doesn’t really support any special NAT rules that we could use as a workaround. Obviously, endgame is re-IPing, but we have a ton of legacy software that most likely has hardcoded IPs in configs that I haven’t even discovered yet, so that is gonna take a while to get going. The other cherry on top is that we are going for CMMC 2, so we can’t switch to a VPN through our SonicWall which would support more advanced configs to use as a workaround, since evidently enabling FIPS-compliance on the firewall is a nightmare.

It might be the case that there really aren’t any other workarounds except RDS, which I’d rather not do.

Any ideas?

https://redd.it/1q8nor5
@r_systemadmin

What makes a Data Room actually "secure"?

I hope this isn't a terrible question, but I've been wondering what makes virtual data rooms secure? In comparison to any other file sharing like Google Drive or Sharepoint for example, what makes them better in terms of security?

What is important in terms of security when selecting a data room over other file sharing options like a Notion, Drive, etc?

https://redd.it/1q8id3l
@r_systemadmin

Has TeamViewer actually successfully sued anyone?

We forgot to cancel a sub and they tried to renew it on a cancelled credit card.

we got random collection emails from an agency but after not responding they gave up and another one started messaging us.

they said they’re intending on suing us in Germany and asked us to fly out and attend (lmfao) we said we would pay the time between the renewal and when it was cancelled and to pound sand if they want anything else.

https://redd.it/1q8ua66
@r_systemadmin

Colocation Quote - Is it as good as I think it is?

3U

360 Watts 208V

3 Outlets

/29 IPv4

350TB Bandwidth on 10Gbps Port

Overages @ $0.0025/GB

Free rack and stack

12 Month Commitment

Location LA

FREE Setup

Price: $100/m

Just need a quick sanity check as this will be my first Colocation for off-site backups and running a handful of hosted services. Usage patterns are around 100TB/month so I’m not worried about metered usage, I specifically wanted metered instead of p95 so I wasn’t charged for bursts at 10Gbps on a 1Gbps commit. I’ll be colocating a 1U firewall and a 2U server.

Any gotchas I should be keep an eye out for?

https://redd.it/1q8q1er
@r_systemadmin

AI Slop IT books on Amazon?

So I thought I’d try and buy some decent, well rounded, consolidated learning material in book form.

Specifically around NTP and PTP. I’m already somewhat familiar with the protocols but didn’t see any harm in trying to fill in some knowledge gaps.

Went on Amazon and searched for books about this subject and came across a book called “Time-Based Networking: NTP, Chrony and Precision Time Protocol” by an author named James Relington.

Grabbed a sample and had a flick through and it seemed at first glance like it would do the job. Thought it was a bit weird that “Chrony” was stuffed in the middle of NTP and PTP but what the hell. The book was only £3.45 or something and was only 200 odd pages long.

Got about half way through it, wasn’t really learning anything new about it, nothing had really been explained in any great detail. no diagrams, no worked examples.
Started flicking through the rest of the book and it was just endless repetition.

The book was published in June 2025, so went back and looked through the authors other books.

They’re all published in 2025 and there’s tons of books on every subject. QoS, DWDM, MPLS, PowerShell and even stuff about American Tax systems and Project Management.

Looks like this author has been shitting out a couple of books every month or so.

Downloaded a couple of samples and they’re all the same. Just a long monotonous over-wordy denoscription without any real detail, no diagrams, no worked examples.

I have a very strong hunch that this is all AI generated slop. And that online book stores are being inundated with garbage generated for a quick buck. But would have thought that any publisher would have checks in place to prevent thus.

If “James Relington” really is an industry genius who’s furiously smashing out books, then I apologise. But something isn’t right here.

Can anyone else confirm if this is a thing?

UPDATE: Well, shit. I’ve been had. Thankfully Amazon let me return for a full refund.



https://redd.it/1q8zlru
@r_systemadmin

Full Inbox for Microsoft Team, Unable to Delete

We have a Microsoft Team for a department that has a full inbox. When you delete messages, they reappear within seconds. I contact support and they said there is a retention policy attached to the inbox. They asked me to run these two commands, that fail:

Set-Mailbox "username" -RemoveDelayHoldApplied
Set-Mailbox "username" -RemoveDelayReleaseHoldApplied


After relaying that they failed, this was the response:

However, further review confirmed that (the email) is a Microsoft 365 Group (Teams) mailbox, not a standard mailbox type. For Group/Teams mailboxes, delay holds are enforced at the compliance layer and are automatically managed by Microsoft. As a result, these delay holds cannot be manually removed using Exchange PowerShell, and the above commands do not take effect for this mailbox type.

 Although the mailbox has been excluded from the applicable retention policy, Microsoft applies a mandatory delay hold period (up to approximately 30 days) after removal or exclusion.


This is ridiculous. Is it true that you have to wait up to 30 days? Is there a better alternative solution here?

https://redd.it/1q929ip
@r_systemadmin

IT positions in northern europe

I’m a sysadmin with 12 years of experience (banking, hospital environments, and mid-to-large companies). Recently, I decided to leave the corporate path and start my own small IT services business, focused on quality, accountability, and long-term value rather than scale. Also I combine it with sound engineer and musician jobs so everything packs up a salary.

It’s working, but sometimes I dream about combining it to a more stable and guided job.

In Spain, I keep running into the same limitation: senior technical work is rarely structured around projects, full remote or part-time collaboration. The default expectation is full-time availability or near-onsite presence, which makes it hard to combine with running a small company.

Because of this, I’m exploring the possibility of working part-time or on a project basis with companies in Northern Europe, where remote and outcome-driven work seems more common.

Is this real or just a perception?

https://redd.it/1q984zb
@r_systemadmin

best help desk software 2026 for a non-technical small team?

alright, i need to admit defeat. i run a small design studio (12 of us), and i'm the one who deals with all the "my monitor's broken" and "i need adobe access" stuff. it's all in a shared gmail label called "tech stuff," and it's an absolute nightmare. tickets from q3 are probably still buried in there. i'm not an IT person. i just want something stupidly simple to set up where my team can submit a request without emailing me directly, and i can actually see what's open and what's done. if it can send automatic "we got your request" emails, that would be a miracle. i tried setting up something a year ago and got lost in a 200-step configuration menu.

i keep seeing names like groovy, freshdesk, and help scout. for a total non-techie who just wants to stop the chaos, which one should i actually try in 2026? i don't need 90% of the features. i just need the simplest path from "shared inbox hell" to "oh look, a list of problems." anyone else been in this exact boat? what did you pick and are you still using it, or did you rage-quit and go back to email?

https://redd.it/1q9ai9n
@r_systemadmin

SSH Certificates and user principal logging/auditing?

Hi all,

I've been looking at SSH Certs for authentication. One of the things I'm having trouble wrapping my mind around is this idea of user to principal mapping. From my perspective it just makes auditing/logging more difficult to track.

For example:

Let's just say I have users[1-5\] all issued SSH certificates with principal 'www' for all prod servers (or some other generic user).

If everyone logs in to the system with their 'www' principal (ssh -i \~/.ssh/my_signed_cert.pub www@server), there's no way to distinguish who did what on the local system. I get that there are paid and open source agent solutions that do per session auditing and tracking, but why complicate it with an extra layer?

I'd rather have a system log show up like this

'user x made xyz change'
'user y made abc change'

Rather than

'www made xyz change'
'www made abc change'

In the system log there's only a record of authentication with the serial number, so you know who logged into the system as 'www' at what time, but after that it's all a blur.

The way I see it, it's better to have a 1:1 user to principal mapping. I guess I understand that some systems only have generic user names like 'postgresql' or 'oracle', but this is not clicking for me.

How does this many to 1 user to principal mapping improve security?

https://redd.it/1q9cnc2
@r_systemadmin

Has anyone else not had any kind of mentorship and not have to scale the different "tiers" their entire career?

I started on a help desk for a major Pharma company contracted through a fortune 500. I learned a lot from that job. I was only there a year, but I still leverage things I learned. It was a sink or swim environment. I figured out how to get a baseline to know which way to go, what OOO works best for things, psychology and how to talk to users. I had risen to the top of the desk by the end of my time, and they had me on special assignments taking the more difficult tickets / users.

My job after that had the noscript, "System Administrator II". But there were only three of us and our boss. I was brought in too kind of be the overlap of the other two so they could hand some things off to me. But in that job, the three of us did everything IT. We were basically tiers I-IV. We did absolutely everything from systems, desktop, networking.

I didn't have anyone above me other than my boss and the environment wasn't one where he had time to really show me anything. I'd bounce ideas and approaches off of him before I did things, but it was up to me to see how it was being done in the industry in general and keep up with those things. Dev dept was the same way and a couple devs left because they felt the manager wasn't mentoring them, but he simply didn't have time in such a small org because his role was so encompassing.

Everything I knew I had taught myself or I was able to get up to speed quickly. My boss had done most of the DBA stuff and I ended up taking a lot of that off of him. Through supporting our web app I had learned pages were powered by Views, data was tables, and processes were SPs. This allowed me to write SPs that took processes from 30-40 minutes down to 2-5 minutes. Which pushed me deeper into DBA territory over time. And eventually all web app support would bubble up to me. I was the final stop before it could be escalated to Dev.

M365 was really new then. You couldn't do a lot of stuff in the GUI. One of my first projects was moving the company into Exchange online and online archiving. I didn't have anyone above me to say do this this this. I had to research and learn PowerShell since some things just were not in the GUI. Especially if an import hung and I needed to cancel it.

Then when we moved into AWS, we were all new to AWS, but I was pivotal in moving our databases into RDS and other things.

Then we got bought and after helping transition a lot of our Infra, especially 365, I was moved to the Engineering dept on the Infra team. I was immediately promoted to Principal Sys Engineer because we had a lot of historic "ghost" systems and I was good at figuring out how to fix things with no real info. In this org there was more of a formal structure and segregated roles and teams because it was 3500 users. But I started at the top pretty much right away.

Now where I am, the only person above me is my boss. And a big part of my job is just handling things so he never has to deal with them and can focus on his stuff. He never has to tell me anything or how to do anything.

I've just never been in like a junior role with people above me to kind of mentor me, then had to work my way up to the next level, and so on. I've never had the whole tier structure. It's always been - keep swimming and figure it out. I just get tossed out there and end up toward the top.

Has anyone else had a career like this?

https://redd.it/1q9k2ut
@r_systemadmin

I don't want to advance?

I've been working in IT/Security for a couple years now and I'm being pressured to move into a leadership role that, frankly, I don't want. But the business is putting me in the position where they expect me to be a manager when that sounds lame and if I don't accept, my job may be at risk. Does anyone have advice on not advancing I'm cool with what I do at the compensation I get paid. Do I need to do more to keep a job?

https://redd.it/1q9ooqw
@r_systemadmin

NVIDIA to "rerelease" 3060 in Q1 2026, Samsung to ramp up DDR4 production Q1 2026, ASUS & Gigabyte to increase DDR4 motherboard (B550 A520) production 2026, AMD seriously considering return to Zen 3 processor production

What a time to be alive.

Some random articles: Samsung, ASUS, Gigabyte, AMD, NVIDIA

Going to be an interesting 2026-2027 if you didn't replace most of your workstations in 2025 (we did roughly 25% end of 2024 and 75% in 2025). Most "office use" workstations will be fine with DD4 motherboards, it's not like 2019 is that long ago. Intel also introduced the "new" Z790 DDR4 motherboard in late December, so we'll probably see some iteration of that in Dell/Lenovo/HP products too so we'll probably see a lot more Alder/Raptor and fewer Core Ultra offerings.

I give us 5-6 years until AI decides to just eradicate us peasant humans. . .

https://redd.it/1q9rvez
@r_systemadmin

WSUS replacement

Been wanting to replace WSUS for server updates with something more "modern". We've been testing NinjaOne, but not sure it's the one for us. With WSUS, we approved the updates, servers download them and then we'd manually install them/reboot.

Anyone else managing updates with N1? How's it going for you?

Other option, just stick with WSUS for another 5 years or so.

https://redd.it/1q9ozol
@r_systemadmin

Microsoft Deployment Toolkit (MDT) - immediate retirement notice

From MS:

Microsoft is announcing the immediate retirement of Microsoft Deployment Toolkit (MDT). MDT will no longer receive updates, fixes, or support. Existing installations will continue to function as is. However, we encourage customers to transition to modern deployment solutions.
Impact:

MDT is no longer supported, and won't receive future enhancements or security updates.

MDT download packages might be removed or deprecated from official distribution channels.

No future compatibility updates for new Windows releases will be provided.

https://learn.microsoft.com/en-us/troubleshoot/mem/configmgr/mdt/mdt-retirement

https://redd.it/1qa2f7s
@r_systemadmin

Why do system administrator get paid less than software developers ?

I see in my company system administrators seem to me as adults in the room. Without IT most companies cannot function/survive one week, yet companies keep skeleton crew of IT staff and underpay them. On the other hand companies have no problems hiring a new developer each month. Even in meetings developers only seem to know only a small area that too team has 5 developers and a team lead supporting one application, where an IT team of 5-6 people could easily be supporting company of size 200 to 300. In terms of knowledge breadth system administrator easily has level of knowledge as of architect or principal engineer but get paid a fraction of their salary. It seems rather unfair to me how much burden IT carries. System Admin retains more Computer Science Knowledge 10 years into the job than most software developers, who specialize in a narrow domain.

PS: I am not in IT but see IT staff in my company single handedly troubleshooting issues, answering questions from plothera of teams, also dealing with bunch of other problems.

https://redd.it/1q9weds
@r_systemadmin

HP Laptop had no thermal paste from the factory

TLDR: If you work Service Desk or Desktop support at your company and use HP computers, double check the factory actually applied thermal paste.

For some background, I work on the Service Desk at my company. I've been using an HP ZBook Firefly G11 14-inch laptop for almost a year, with the Intel Core Ultra 7 165H CPU, 32GB RAM, RTX A500 graphics. I started having some strange issues with it: it would sometimes feel really sluggish, the screen would have some strange artifacting and "glitching out", the fan would run extremely loud. Just stuff that didn't happen when I first got the laptop, but started progressively getting worse as time went on.

So last week, I decide to grab a new-in-box ZBook Firefly G11 from our shelf, image it, and copy my data over to it so I can move over to that machine, with the idea that I would wipe and reimage my old one, see if the issues I had previously were still occurring, and then escalate to HP warranty support if they were.

I again started having strange slowness issues with this new laptop, and the fan would ramp up really loud. Over the weekend, I decided to run Cinebench R23 just to verify I was getting the level of performance one would expect from this laptop. The multi-core score I got was only 8689. Looking around online beforehand, from sites like Notebookcheck, I was expecting more like 14000. And I was running these tests with the factory charger, with the laptop on a stand so it wouldn't be smothered.

At first I thought maybe our security software was hogging resources in the background and causing these super low scores. I went as far as swapping out the SSD, doing a clean install of Windows without any software or anything on it, and the Cinebench scores were around the same.

I then decided to use HWiNFO to look at sensors while Cinebench ran, and saw that the laptop was thermal throttling. Not only that, it was thermal throttling at idle! I knew the fans worked, because they ran loud, so at this point I thought maybe it was poor thermal paste application, or the heatsink wasn't screwed down as tight as it should be. So I opened the laptop up, unscrewed the heatsink (it seemed tight enough), and was kind of amazed to see what I saw.

There was absolutely no thermal paste on the CPU! The factory that built this laptop managed to apply it on the GPU, but totally missed the bigger, more obvious die right next to it.

Of course, applying some Arctic MX-6 immediately fixed my issue and I started getting scores even higher than what Notebookcheck got for this laptop.

This laptop was brand new, sealed. This was definitely a big oversight at the factory. It makes me wonder if my old ZBook has this issue. Now that I think about it, we had a few tickets submitted at our company where people with this model said they had slowness or sporadic freezing issues. I'm back in the office tomorrow, so I'll be able to at least open up my old laptop and take a look. And I'll try to follow up on those old tickets I remember to see if this could be what's going on.

I'll be definitely letting my team know about this, but I figure this info is also good for anyone else who works an IT role and has these laptops deployed to users.

I can't upload pictures, but here's some showing my Cinebench score before and after, as well as what I saw immediately after taking the heatsink off: https://imgur.com/a/ScPbrqR

https://redd.it/1qadt2a
@r_systemadmin

Return to the Office They Said, It Will Improve Collaboration They Said

I type this as my colleagues in adjacent cubicles engage with me via Teams chat and my boss schedules a videoconference because my team is spread out across four offices.

Then I have a Teams meeting with another colleague in an office 2,000 miles away.

This just seems like WFH with a 1 hour commute.

https://redd.it/1qb4ky3
@r_systemadmin

My work is struggling

Hello everyone,

I’ve shared posts from time to time on Reddit before about what I’ve been going through at work; you can find the details on my profile.

Lately, I don’t even know whether to call this mobbing or something else, but the situation has become so unbearable that I can’t put it into words anymore.

It’s currently 4:30 AM and I still haven’t been able to sleep, and in about four hours I’ll have to go to work. I’m completely out of strength, and I’ve honestly started thinking about suicide as a last resort.

While I’m at this dead end, I wanted to share this with you again as a final attempt to reach out.

\---

I feel completely stuck. My career and my mental state have reached a point where I genuinely don’t know what I can do anymore. I’ve been working at the same company as a system administrator for about 4.5 years. It started as an internship, then they offered me a full-time position and I stayed. In the beginning, everything was great: a small team, lighter workload, fewer pressures.

Before the team expansion, my girlfriend of four years broke up with me. After that, I started working in the evenings, taking responsibility for every task that needed to be done. That was a huge mistake. The company kept changing constantly—new clients, people coming and going—but I stayed, observed everything, and continued where I was. Lately, I’ve started experiencing the following: little by little, I was taken off customer-facing work and assigned almost exclusively to what we call “Cloud” work—dealing with the infrastructure where customers are hosted, or working on our own internal infrastructure. Being limited to just these tasks caused a deep emotional wound in me.

I started questioning my position, thinking that once these infrastructure tasks are finished, I’ll probably be let go. This has been the situation for the past 1–2 months. Going to work with this mindset—working alone on these tasks while others are doing different things, having to wait days just to ask the boss a question—has been extremely exhausting. Everyone asks me for things: the administrative manager, the boss—people message me outside of working hours, assuming I’ll respond anyway, asking for things or requesting help. Yes, I allowed this situation to happen.

For example, because I don’t really have a life outside of work, I became the first person to be called in emergencies outside working hours. Even when I’m not called, others are more relaxed, they’re out living their lives, and since it’s known that I’m at home, the responsibility eventually falls on me. And this isn’t limited to work. For example, we go to a venue and I’m told: “Pour drinks for X,” “Serve this to Y,” “Go buy a dürüm,” and so on. On top of that, sometimes people make jokes about me—at least that’s how it’s framed—but it feels constant. For example, I once said I’d go somewhere but couldn’t make it. Later, we went there with a different plan, and people said things like, “Good thing you invited us,” “It turned out great,” or other remarks that feel unnecessary. I constantly feel like I’m being teased or mocked, even over things that don’t make sense.

At this point, I’ve started feeling like I’m not staying at this company because of the work I do, but because I’m somehow satisfying certain psychological needs of others. Recently, a deep fear has settled in: I open the calendar and look at my payday, wondering if I’ll even make it there. I still have 1–2 months of debt left—will I be able to pay them? Sometimes I even deliberately slow down finishing tasks, just so there’s still work left. And that hurts me deeply. Lately, because I’m constantly thinking about all of this, I have no energy in the evenings. I go to bed early, without clearing my head or resting properly, then wake up and go to work again—hopeless, drained, and exhausted. I no longer feel sure about what I should do. Life no longer feels like something meant to be lived. I don’t know what to do.

\---

More recently, what I keep noticing is that while other people have far fewer