We started stripping old PC’s

In the past when a laptop was decommissioned they got sent to recycling, but now with the increase in price of RAM and SSD’s we started stripping the RAM and SSD as spare parts.

We had a lot of 7th gen laptops and workstations, they can’t run windows 11, but they still have DDR4 and NVME SSD’s.

Did current price hikes change the way how you’re handling old hardware?

https://redd.it/1qz2mzp
@r_systemadmin

Secure Boot Certificate Update: 2011 vs 2023 Certificate Priority

Hello,

I have a question about the Secure Boot certificate update. When I run (Get-UEFISecureBootCerts db).Signature, I can see both the 2011 and 2023 certificates present.

Will the 2023 certificate automatically become the active one after June, or are both the old and new certificates considered active at the same time with no priority between them? Thank you!

1 upvote

https://redd.it/1qyhh30
@r_systemadmin

Any way to encrypt HPE Proliant DL360 Gen 11 without the Smart Array?

Long story short i've inherited a project from a departing team and I'm configuring our Proliant DL360 Gen 11s. We have several of them with only 1 being a Dl360 Gen 10. I noticed while configuring them that only the Gen 10 has the smart array option which allows me to do the RAID and encryption. The Gen 11s don't have that option so and while I'm able to set up the RAID in system configuration I can't find any way to encrypt it without the smart array. I then learn that while the smart array was included by default on the Gen 10s that is not the case with the Gen 11s. I check with the previous team that ordered these and was informed that they selected the default options when ordering everything. Which means no smart array for the Gen 11s we have. Per our Orgs policies we have to encrypt these things before they can get approved for use. I haven't configured one of these in 5 years so I'm doing a lot of catching up so my main question is, can i encrypt the gen 11s without the smart arrays or are we going to have to order those and install them to proceed?

https://redd.it/1qyo0zl
@r_systemadmin

Brother MFC-L8690CDW toner level via SNMP?

Has anyone managed to get toner levels via SNMP on a Brother MFC-L8690CDW?
The default printer OIDs respond, but toner values are useless (-3, max capacity -2).
Did you find working OIDs or another way to retrieve toner levels?

Cheers!

https://redd.it/1qz7je7
@r_systemadmin

Unlabelled SMR hard drives are a cancer

I've been intermittently troubleshooting a RAID array for the last month. It's one of a pair of physically identical lab servers that was donated to us. The other server performs flawlessly, and is as fast as one can realistically expect from a set of 12 spinning disks.

But the troublesome one has had really inconsistent disk throughput - I ran full write/read tests on each disk individually before provisioning, and initially everything was the same. When I assembled the array, it seemed a little slower at first, but not by much.

Then it started just grinding to a halt for minutes at a time, for no discernible reason, then it would recover for a while, then do it again. Absolutely nothing in dmesg or the system logs until eventually, one time, two drives appeared to freeze up completely, for so long that the controller gave up talking to them, and mdadm kicked them out of the array.

Weirdly, smartctl showed the drives as completely healthy, except that "end to end error" had incremented from 0 to 3 (probably from the controller giving up on it rather forcefully).

And that's when I noticed, in the identity section: " (SMR)" after the device model name.

I tracked down the data sheet for the exact model, and sure enough, it's one of the "secretly SMR" drives - it doesn't advertise that it's SMR (smartctl only knows because some nice person has curated this info in its drive database); it even lies on its VPD pages and claims not to support any block provisioning or trim, but if you forcibly enable it, then you can blkdiscard/fstrim it and get its write speed back up to spec.

I am so annoyed with Seagate today. At least the few garbage WD drives like this I've run across have admitted to their inferiority by advertising it in VPD.

I guess this was one reason those servers were donated; the previous university department probably thought they were haunted, not realising that they'd accidentally ordered some SMR drives as spares at some point.

https://redd.it/1qz7tl7
@r_systemadmin

Printix garbled output

I'm currently in the process of switching everything to Printix at our company. I have a printer model with a specific driver that only prints cryptic characters when the print job originates from a Mac. The driver is the correct one, the same driver that we used without Printix before. Has anyone else experienced this? It seems as if the printer and the operating system aren't speaking the same language.

https://redd.it/1qzbutk
@r_systemadmin

Do you have a 12th gen Proliant? Willing to show me the factory iLO certificate?

I'd like to see an example of the certificate (certificate chain?) that ships with a 12th generation Proliant's iLO interface.

If you've got one that's still sporting its OEM (or self-generated? I'm not sure if these are factory applied vs. generated at first boot), you can pull it from a shell prompt with:

openssl s_client -connect google.com:443 -showcerts </dev/null \
| awk '
/BEGIN CERTIFICATE/ {cert=""}
{cert = cert $0 ORS}
/END CERTIFICATE/ {
print cert | "openssl x509 -noout -text"
close("openssl x509 -noout -text")
print ""
}'

...Just change "google.com" to the name or IP of your iLO interface.

Feel free to obfuscate any MAC address, serial number or key modulus as you see fit, but please don't break the format: I'd like to know whether MAC addresses are encoded as abcd.abcd.abcd vs. AB:CD:AB:CD:AB:CD and so forth.

Thanks!

https://redd.it/1qze8pu
@r_systemadmin

Need help setting up a reverse proxy for my nodejs backend on IIS

Hi everyone as the noscript clearly states, i assistances with setting up a reverse proxy for my nodejs backend on IIS . for context i've developed a react web app, reliant on a nodejs backend





https://redd.it/1qzf9z5
@r_systemadmin

Changed email address for resource calendar, can't see free/busy now

I changed the email address for a resource/room calendar and now I can't see free/busy if I add the shared calendar to my calendar list in Outlook. It will still accept/deny meeting invites.

I waited 24 hours and no change. I've changed the email address back and it still doesn't work. Next step is to delete and add, but I might upset lots of users.

Any ideas?

https://redd.it/1qzfqzh
@r_systemadmin

SSH Port forwarding

My question to all sysadmins, do you all allow tcp port forwarding on the ssh server? Like if someone has access to only the ssh server but the ssh server is also in whole internal network? I just realized on most server distros , tcp port forwarding is enabled by default

https://redd.it/1qzj9dt
@r_systemadmin

Action1/Powershell Scripts for Secure Boot kickoff and check

Just in case anyone needs these, I posted a couple of noscripts to "kickoff" the secure boot certificate updates (with BIOS already updated to include 2023 cert) and another one to check the flag that the update is completed.

I posted them in the Action1 sub but sysadmin doesn't allow cross posting. So they are over here - Use at your own risk with testing.


Kickoff - https://www.reddit.com/r/Action1/comments/1qz6rsd/secure\_boot\_2023\_cert\_kickoff\_noscript/

Verification Check - https://www.reddit.com/r/Action1/comments/1qz74re/secure\_boot\_2023\_cert\_updated\_verification\_noscript/

https://redd.it/1qzljal
@r_systemadmin

Experiences with Unix‑like systems on older hardware (32‑bit limits)?

Many mainstream OSes are dropping 32‑bit support. Has anyone kept a 32‑bit Unix‑like system alive? What worked best?
What challenges did you face and how did you solve them?

https://redd.it/1qzlswc
@r_systemadmin

Disk mounted as write-protected, protected by Bitlocker, and I've tried everything I'm aware of to mount it writeable.

I'm able to unlock the volume without issue. Status is protected and unlocked. Disk and Volume attributes are both NOY readonly, but I've cleared those attributes just in case.

NTFS permissions look fine, but even if I try to adjust them, I get an "disk is mounted read only"

I am aware of the GPO that can dictate making non-prtected volumes write protected, and I've even gone so far as to make that a "disabled" policy.. I've also checked the SAN policy, and ensured it's OnlineAll.....still, I can't get this disk mounted writeable.

Any bitlocker gurus out there understand what is happening? What am I missing? I'm inputting a password after the VM boots, it's mounted readonly, and I've unlocked with the AD-stored password key also, and that results in the volume mounted readonly as well.

Eternally grateful for any insights. Thanks, All.

https://redd.it/1qzobcn
@r_systemadmin

Carnival Cruise Line Outage?

Any comrades have info on the ongoing Carnival Cruise line outage? Boarded (after terribly long delays) on the Panorama in Long Beach, but unable to sail out due to "IT Issues." Sounds like it's fleet wide.

https://redd.it/1qztp4z
@r_systemadmin

Does anyone have a back up/alternate location for the Dell devices Secure Boot update firmware versions list?

We're working on getting the Secure Boot certificates updates done and I've been referencing this list from Dell for the past week: dell.com/support/kbdoc/nl-nl/000347876
It seems to have disappeared since Friday though, even though it's still referenced by Dell and Microsoft in other documentation. Thanks in advance!

https://redd.it/1qzxofq
@r_systemadmin

From Today: Microsoft 365 Admin Center Demands MFA


Starting today, access to the Microsoft 365 admin center will be blocked for any account that does not have Multi-factor Authentication enabled.

Stay ahead: If you haven’t enabled MFA yet, set it up right away to avoid any sign-in issues once mandatory MFA enforcement is rolled out in your organization.



https://redd.it/1r016ba
@r_systemadmin

Datacenter costs through the roof

Hi all,

We, a Belgian based company uses the data centre of one of the biggest ISP's in Belgium.

We recently were pressured in to change our model from reserved to pay as you use.

We were in the reserved model with 30 VM's, when checking the pay as you use model and seeing that we were going to eliminate half of our VM's this looked like a no brainer as the ISP¨stated that costs would be reduced by almost half.

Half a year later our bill is exactly as much but with half the resources.

Is this also fallout from the broadcom acquisition or have we been bamboozled?

(if this is in violation with guidelines, please tell me, as this keeps getting removed without a reason)

https://redd.it/1r06bx9
@r_systemadmin

Exchange Online has broken almost every single month

One of those things that keeps surprising me is the general impression moving email to Microsoft's cloud isn't a massive business risk. I hear all the time that people have "never experienced an outage".

If you look at Bleeping Computer's posts tagged with Exchange Online, it's pretty much monthly that Microsoft fails to correctly let people send blurbs of text to other people across the Internet: https://www.bleepingcomputer.com/tag/exchange-online/

https://redd.it/1r0cinv
@r_systemadmin

Our dev team is the weak point in our cyber security and they don't want to change

Tl;dr: dev team is pushing back hard to give up their privileges, which create a weak spot in​ our cyber security. ​Wonder how others handle this.

Our company does both manufacturing and software. About 150 desks of which 45 ​developers. We grew very​ quickly in the past few ​years, roughly 10x in size. This meant IT only became a thing when the dev team already got their own Linux devices with superuser, single shared password for the file shares, etc.

Last year I got the responsibility to streamline IT. I don't have a degree in it but just became the 'sysadmin' because I was the only one taking on ​responsibility and ​answering questions about IT.

I worked diligently with an MSP to get everything in order from backups, redundancy, password policy, password manager, asset management, Intune, CA, standardizing ​on- and off boarding etc.

This year we came to the point we wanted a clear view on the road ahead so I made a Cyber Roadmap. We identified one major cyber security risk, and that was that ​our​ Linux endpoints are (basically) unmanaged. No endpoint protection, no encryption, full permissions, shared passwords, no patches or updates. And almost no options for managing it, except maybe when using 5+ tools.

Looking​ at alternatives, a Unix OS seem to be a must​ for some AI/ML tools. And we have on prem software​ that only runs on Windows, which some of the developers need in their workflow. So that left me with:

\- Mac + Azure Virtual Desktop

\- Windows + WSL

I've been leaving hints about the change that needs to happen and that seemed to have rubbed the wrong way. ​Some of the team members appear to have exagerrated​ this, claiming we want to force them on Windows only.

I got approval for a​ one desk pilot, but even ​setting that up got me some snarky comments​. ​I feel like i'm ​walking on a thin line. Management understands the need for security but also don't want to scare away our valuable dev team (and ​me neither). I still have the green light but feel like it's turning to orange.

What would you guys do?

https://redd.it/1r0eadi
@r_systemadmin

Weekly 'I made a useful thing' Thread - February 13, 2026

There is a great deal of user-generated content out there, from noscripts and software to tutorials and videos, but we've generally tried to keep that off of the front page due to the volume and as a result of community feedback. There's also a great deal of content out there that violates our advertising/promotion rule, from noscripts and software to tutorials and videos.

We have received a number of requests for exemptions to the rule, and rather than allowing the front page to get consumed, we thought we'd try a weekly thread that allows for that kind of content. We don't have a catchy name for it yet, so please let us know if you have any ideas!

In this thread, feel free to show us your pet project, YouTube videos, blog posts, or whatever else you may have and share it with the community. Commercial advertisements, affiliate links, or links that appear to be monetization-grabs will still be removed.

https://redd.it/1r3laua
@r_systemadmin

Patch Tuesday Megathread (2026-02-10)

Apologies, y'all - We didn't get the 2026 Patch Tuesday threads scheduled. Here's this month's thread temporarily while we get squared away for the year.

Hello r/sysadmin, I'm ~~u/automoderator~~ err. u/kumorigoe , and welcome to this month's Patch Megathread!

This is the (mostly) safe location to talk about the latest patches, updates, and releases. We put this thread into place to help gather all the information about this month's updates: What is fixed, what broke, what got released and should have been caught in QA, etc. We do this both to keep clutter out of the subreddit, and provide you, the dear reader, a singular resource to read.

For those of you who wish to review prior Megathreads, you can do so here.

While this thread is timed to coincide with Microsoft's Patch Tuesday, feel free to discuss any patches, updates, and releases, regardless of the company or product. NOTE: This thread is usually posted before the release of Microsoft's updates, which are scheduled to come out at 5:00PM UTC. Except today, because... 2026.

Remember the rules of safe patching:

Deploy to a test/dev environment before prod.
Deploy to a pilot/test group before the whole org.
Have a plan to roll back if something doesn't work.
Test, test, and test!

https://redd.it/1r1hz0s
@r_systemadmin