Company was bought out by national publicly traded company. Would you stick through merger?

This is my first rodeo of this kind. Private first used to own company I work for and now we were bought by much larger publicly traded entity.

I am in a position where I have started at entry position and grew into senior engineer role. I have stood up and configured services, made small and big configuration changes, and at this moment probably the one that knows most of things in environment that is not documented. To be fair, our documentation sucks because that is the last thing we can allocate time to.

I was told that these mergers most likely to go one of two ways.

1) Before merger significant effort is spend on documentation, audits, assessments, and then people are let go and very unlikely that any department staff is kept.

2) People with knowledge of systems and how things are configured stay through merger, assisting with the merger, and then most likely let go. Some are offered severance on promises to stay through the merger. Idk.

The leadership is clearly positioning themselves in a way that says “we are doing great on our own”, “we are not immediately going to be absorbed”, and essentially “nothing major will change for next 1-3 years”.

I can kind of smell bs. We are already doing internal audits, updating documentation, reviewing standards and adjusting them. Also there seems to be stop on couple IT positions.

I am updating my CV, getting few certifications and going to start feel the pains of job market probably. I am being hopeful that I will stay through merger and move into a different position at new company, but idk. Sketchy.

https://redd.it/1qqqfqw
@r_systemadmin

hardware prices going crazy

Quick rant / reality check.

Back in September we got a quote from our supplier for two new HPE VMware hosts to replace our aging servers from 2019. Including a 5-year support contract, the whole thing was around €75k. Seemed totally fine.

Now, we’re a medium-sized company and decisions take… time. Everything needs sign-off from the parent company. Fast forward to now: we finally get the OK to order, and my boss asks me to request an updated quote.

I already warned them back in October that RAM and SSD prices were likely going to explode. But still — getting a new quote yesterday for almost €250k for the exact same hardware was… wow.

So yeah, we’ll just keep running the old servers. They’re from 2019, but they still do their job. The used market is basically empty anyway, so that’s not really an option either.

Curious how others are dealing with this madness in their companies.

https://redd.it/1qqxlxp
@r_systemadmin

What most expensive "cheap decision" have you ever seen in your sysadmin career?

Title

https://redd.it/1qqx4kv
@r_systemadmin

Weekly 'I made a useful thing' Thread - January 30, 2026

There is a great deal of user-generated content out there, from noscripts and software to tutorials and videos, but we've generally tried to keep that off of the front page due to the volume and as a result of community feedback. There's also a great deal of content out there that violates our advertising/promotion rule, from noscripts and software to tutorials and videos.

We have received a number of requests for exemptions to the rule, and rather than allowing the front page to get consumed, we thought we'd try a weekly thread that allows for that kind of content. We don't have a catchy name for it yet, so please let us know if you have any ideas!

In this thread, feel free to show us your pet project, YouTube videos, blog posts, or whatever else you may have and share it with the community. Commercial advertisements, affiliate links, or links that appear to be monetization-grabs will still be removed.

https://redd.it/1qr1dsk
@r_systemadmin

Breach in to our 365 tenant

Someone was able to get in to our 365 suite and create a Global administrator account which then gave it self permissions to create rules to push emails to rss feeds. The result was hundreds of thousand of dollars rerouted to an account. I cant find logs and alerts were shut off by the breacher. Microsoft logs only go back 30 days and the account creation was 12/23 so we just missed seeing how the account was created. There are only two global adminstrators at our org and mfa is enabled for everyone. Legacy auth was turned off. How the hell did this happen?

https://redd.it/1qqzqu4
@r_systemadmin

LAPS UI for passwords on Windows 11 25h2?

I know. Old LAPS. And I found the powershell line. But is there any gui option for pulling passwords like the old LAPS UI? I guess I just liked it. I'm setting up a 25h2 machine. The old msi file doesn't install. I'm just interested in that little gui software. It was nice, quick, and simple.

https://redd.it/1qr1q9h
@r_systemadmin

Do you buy any extra equipment for your job that work won't supply, but it's worth it because it just makes it that much better?

I got an iPad for personal use but use it for work all the time. I also got a much better mouse than they'd provide.

https://redd.it/1qq8ppa
@r_systemadmin

Alternative to ssh tunnel

I’ve inherited a setup where a central Windows server has SSH tunnels to multiple client servers (all Windows).

Devs RDP into the central server, and Jenkins pipelines use SSH tunnels (key-based, non-standard port, IP restricted) to copy files and execute commands on client machines.

It works, but I’m not fully comfortable with the model: if the central box gets compromised, it feels like all clients are potentially exposed.

I’m considering redesigning this and would like some external opinions.

Options I’m thinking about:
• Site-to-site VPN (WireGuard f.e.) with proper segmentation
• Jenkins agents on each client (pull model instead of push)
• Some kind of bastion / hub separation

All servers are Windows but client is open to deploy linux
From a security + operational point of view, what would you consider a more sane / standard approach today?

https://redd.it/1qr4jm7
@r_systemadmin

The "Just connect the LLM" phase was bad enough. Now they want Agents.

I posted here a few weeks ago about an internal LLM that surfaced sensitive legal docs because our permissions were a mess.
The dust hasn't even settled yet, and now leadership is already pushing for AI Agents. They don’t just want the AI to summarize stuff, they want it to trigger workflows, send emails, and basically do what an employee is supposed to be doing.

I tried to explain that it's one thing when an AI shows someone content they shouldn't see, but when that same AI starts acting on that data, moving info between systems or triggering actions it's a whole different level of risk.

Before we kid ourselves again and create another round of chaos at the office, I truly want to know how to address the risk before anything happens. I’ve talked to some friends in the industry, and it seems everyone is stuck in one of four approaches:

1. Some are creating small silos of data and letting the AI work within them. I get the logic, but this won't stand for long. The data will grow, the use cases will expand, and the problem will eventually hit.

2. Then you have the companies that are connecting agents to broad data sources and relying on existing permissions. Basically saying "we'll fix the leaks if they pop up." IMO - they’ll pop up way before anyone even notices.

3. Others are inspecting everything "closely" and assigning people to act like a monitoring team and hoping the alerts catch problems in time. I don’t think I even need to explain why this is a disaster waiting to happen.

4. And then there's the "Safe" route - using agents in super-strict, tiny automated processes with "zero harm potential." Honestly, they're only using agents just to say they’re using them. Why even bother?

I’m really curious - how can we actually handle this properly before the shit hits the fan AGAIN? Is there a fifth option I’m missing, or are we all just choosing our favorite way to fail?

https://redd.it/1qr71jh
@r_systemadmin

Security vendors wanting their IPs to be white listed for pen testing. does anyone does this?

Am I the one who is wrong here? Every vendor who we have reached out for blackbox pentesting always asks for full whitelisting of their IPs and remove geoblocking for certian countries during the test. This isn't just one vendor either. We have seen this multiple times in the past few years.

https://redd.it/1qr84b7
@r_systemadmin

New employee can't receive laptop shipments - what would you do here?

We've got a new hire in a state that's getting blasted by snow and ice. He was meant to start monday, but literally can't get any shipments. We've sent two laptops already, and neither made it.

\- First laptop was shipped a week ago and made it to the state he's in, but is sitting in a FedEx warehouse, and they won't/can't tell us what's going on when we call their support.

\- Managers decided to try overnighting a second laptop yesterday, and today the tracking says it's 4 states PAST the state he's in. Not even close.

Now they're asking me if there's some way he can drive to a nearby BestBuy and just pick up whatever laptop they have himself, and have me "set it all up remotely". I doubt BestBuy supports enrolling in AutoPilot from a retail store.. I guess I could call him and walk him through the OOBE and downloading some kind of remote control tool, and take over from there?

Just such a stupid situation. What would you do in my position, what's the best way to go about this? Just tell them to wait for one of the two laptops to arrive - whichever comes first? Or should I start googling BestBuy's in his area and see what they have in stock?

Edit: Got a response from FedEx. 1st packaged delayed due to "severe weather", second delayed due to "mechanical issues". Neither one has an ETA yet.

Edit2: Thanks for the dozens of responses and ideas! I'm going to tell them a local electronics store won't have a business appropriate device that can fit into our fleet (win home vs pro, etc). I'm looking into W365 as some suggested, as well as setting up a laptop at the office and finding a way for them to remote into it from their personal pc.

https://redd.it/1qrbvym
@r_systemadmin

Microsoft to disable NTLM by default in future Windows releases

I hope that we are finally getting to the point where we can disable NTLM. We have been unable to disable NTLM due to the lack of an alternative to local authentication, but with the introduction of "Local KDC" we may be finally able to disable NTLM.



https://www.bleepingcomputer.com/news/microsoft/microsoft-to-disable-ntlm-by-default-in-future-windows-releases/


> Microsoft also outlined a three-phase transition plan designed to mitigate NTLM-related risks while minimizing disruption. In phase one, admins will be able to use enhanced auditing tools available in Windows 11 24H2 and Windows Server 2025 to identify where NTLM is still in use.

> Phase two, scheduled for the second half of 2026, will introduce new features, such as IAKerb and a Local Key Distribution Center, to address common scenarios that trigger NTLM fallback.

> Phase three will disable network NTLM by default in future releases, even though the protocol will remain present in the operating system and can be explicitly re-enabled through policy controls if needed.

> "The OS will prefer modern, more secure Kerberos-based alternatives. At the same time, common legacy scenarios will be addressed through new upcoming capabilities such as Local KDC and IAKerb (pre-release)."


Also: https://techcommunity.microsoft.com/blog/windows-itpro-blog/advancing-windows-security-disabling-ntlm-by-default/4489526



> Phase 2: Addressing the top NTLM pain points

> Here is how we can address some of the biggest blockers you may face when trying to eliminate NTLM:

> * **No line of sight to the domain controller**: Features such as IAKerb and local Key Distribution Center (KDC) (pre-release) allow Kerberos authentication to succeed in scenarios where domain controller (DC) connectivity previously forced NTLM fallback.
> * **Local accounts authentication**: Local KDC (pre-release) helps ensure that local account authentication no longer forces NTLM fallback on modern systems.
> * **Hardcoded NTLM usage**: Core Windows components will be upgraded to negotiate Kerberos first, reducing instances on NTLM usage.

> The solutions to these pain points will be available in the second half of 2026 for devices running Windows Server 2025 or Windows 11, version 24H2 and later.

https://redd.it/1qrec1q
@r_systemadmin

Fuck GoDaddy

Pretty much the noscript, fuck GoDaddy. Setting aside their horrific website which somehow doesn't have a sign in button, it does have the button but once you load the homepage the button gets hidden, their dark pattern bullshit is partially responsible for an email outage yesterday.

I work for an MSP. Some of our clients will come to us with pre-existing domains. Sometimes we take those over, other times we just manage the DNS. This particular client and domain is one of those types. We manage the DNS in our Cloudflare, but the domain itself lives in the clients GoDaddy account with name servers pointed to Cloudflare.

Well a couple days ago the marketing director of this client was looking in the GoDaddy portal for something, and upon logging in saw a message stating something like "GoDaddy isn't fully managing your example.com domain, click here to fix it." Upon clicking there, it reverted the name servers back to GoDaddy. Notable GoDaddy DNS isn't configured for Microsoft exchange email. So cut to about 24 hours later and they can't get email anymore. I come into the office to phone calls that external emails are not working, but internal are working fine. I log into the Microsoft tenant, and the MX records are missing. I check the name servers, moved back to GoDaddy.

So I added the proper MX records to GoDaddy to get them up and running ASAP, and so if this happens again it won't be an issue. Then I moved the NS back to Cloudflare and had a conversation with said marketing person about not pushing that button again. Made sure the client knew what happened, and that it wasn't our fault, everyone is happy.

Anyway, fuck GoDaddy.

https://redd.it/1qriz2y
@r_systemadmin

Calendar Items from terminated employees

I'm sure this one comes up for people quite often, especially at large orgs.

About once a month, we get a request from a user regarding a calendar item that no longer exists, from a user who was termed months ago.

I know we have the option to run some powershell cmdlets to remove it from all mailboxes, but that is PITA.

Usually we tell users that the meeting must be deleted by everyone and the event needs to be recreated by someone who is around.

Anyone have a better way to deal with this? I've been in IT for 25 years now and this same problem has been around for as long as I can recall.

https://redd.it/1qrh1vy
@r_systemadmin

Yeah I did it again (interview)

Simple t1 help desk question of connected but no internet.

I simply forgot to mention check ip. Instead I went with check the port, patch wall to switch to ensure its correctly set ( cant count the times network teams messed this up).

Yes reboot was part of the answer but I somehow skipped that in my head. Could've said if ip is 169.xxx then dhcp or if I ran ipconfig it'll show mac disconnected.

Oh well. My mind always freaks out no matter how much I prep and such.

https://redd.it/1qrrtsq
@r_systemadmin

Sysadmin-on-Sysadmin stuff that’s super annoying

Just venting a little and wondering what little things really grind your gears (and maybe why they irk you so bad) when they come from other IT professionals.

I’ll start - sending a screenshot of useful/needed text or tables. Making me retype something that was literally in your session is just so damn lazy and unprofessional. When an end user does it I can give them a little grace because at least they’re providing something and they might not know better.

Looking at you, vendor licensing backend support lady!

https://redd.it/1qsmuay
@r_systemadmin

Do you consider 'enshittification' a professional term?

We all know what it means and it's a term I'm seeing mentioned very casually in a lot of different articles, videos, conversations... Would you use it in a professional setting? Have you? Do you have another word for it?

The amount of products that have been 'enshittified' with the push for AI has gone up a lot. Microsoft is the easiest target with Copilot but a ton of vendors have worsened their products lately. Upper management is not ignorant to this and it has to be called out. It's been called out in my own org by several engineers.

https://redd.it/1qs6qt3
@r_systemadmin

Do you back up your password manager vault?

If your company uses a commercial, cloud-based password manager (like Keeper or Bitwarden), would you be fine if your vault was suddenly gone?

If you're backing up your password manager vault, what is your strategy?

I'm not talking about self-hosted solutions, like KeePass or Vaultwarden, though they should be backed up too (in which case it's even simpler than with a cloud-based, SaaS password manager).

"But why would my vault be gone suddenly?" Think of any hypothetical scenarios: "master" account was hacked and deleted, vendor decided you violated their terms and terminated your account with no chance of recovery, etc. The moral is: two is one, and one is none.

https://redd.it/1qsg1z7
@r_systemadmin

Service Desk Dashboard Display Suggestions

Looking for a platform that will allow me to create a combination dashboard/status display board for two separate service desk offices on 90 inch displays.

My thought is to carve the display so different quadrants have different content (almost all of it web based (i.e. one section kanban board app (focalboard), one section our help desk queue, one section a weather map, and other sections with other stuff.

It either needs to be cloud based or run on windows/windows server (our environment has a strict no open source/Linux on the network policy (don't ask...)

Any suggestions, or should I go the "digital signage" app route?

https://redd.it/1qsof04
@r_systemadmin

Windows Admin Center Virtualization Mode "Access denied"

We have Azure Local, migrated our "classic" AD environment from VMWare.

I install Windows Admin Center Virtualization Mode, then when I register the app with Entra ID the same way I did with a "normal" WAC creating a new app for it, log in with the same azure onmicrosoft account that worked with wac, allow, etc, i lose control / access, and only get "You are not authorized to access this site. Please contact your administrator."

Which account has to have what access to where exactly?

I may have misinterpreted the use case of Windows Admin Center Virtualization Mode.

https://redd.it/1qstsya
@r_systemadmin

How do I replace Office 2016 with Microsoft 365 Apps on an on-prem server?

Hi all,

I am very new in IT support, and we have an on-prem Windows Server used as a server for a business unit.

Office 2016 is currently installed on it.

About 8–10 users RDP into the server in a week

Management wants to replace Office 2016 with Microsoft 365 Apps

What is the correct and supported way to do this on an RDP server?

Specifically:

Do I need to fully uninstall Office 2016 first?

How I install office365, and it should work for everyone same as now.

Thank you

https://redd.it/1qsw0o8
@r_systemadmin