My sys admin sucks
Posted by RestOtherwise6574@reddit | sysadmin | View on Reddit | 422 comments
I'm not gonna claim to know a lot since I just entered the field as a helpdesk. My sysadmin is an idiot and I have no idea how this guy has been able to fool an organization for years. This is a rant so ill just list off some of the things he's said and done in the past couple months.
Oh also more than half of our employee laptops, this number is in the hundreds, are still on Windows 10 and will be for the foreseeable future.
We do not have Active Directory, he has been setting it up for years, allegedly.
I am required to install ccleaner and 2 different antiviruses ontop of our endpoint protection software we pay for. One of the antivirus software he has me install is from 2000 and has been known to bundle malware
Oh I'm also forced to make sure these softwares are on a specific part of the desktop so "IT can find their tools."
I offered a solution that a friend of mine came up to execute remote code using our endpoint protection software to do all the win10-11 updates en masse but I was told "we do things the right way here"
He claimed he was unable to use his computer for a whole day because it is literally impossible to convert MBR to GPT.
I was required to ask for every employees password so I could "log into their account" since it's "easier than resetting their password on the laptop" and how "we need to confirm their password meets our security requirements"
Runs campaigns against other IT staff who know more than he does (not very hard) talks shit about them for months and they eventually get fired.
Laughs/talks shit about employees who fall for phishing emails (we also have paid for a phishing simulator software but he wont use it).
That's all I can really say without giving away too much.
Det_23324@reddit
When you guys get ransomware this will change.
RestOtherwise6574@reddit (OP)
Guess what
Det_23324@reddit
oh no
Jonkinch@reddit
I mean… it’d just affect the one laptop since they all seem to be independent and standalone lol.
gadibo@reddit
Tdlr ransomware will only affect 1 machine if all the others in the same network are not "connected"
TheRealLazloFalconi@reddit
Unless the sysadmin blames OP and gets them fired.
RevLoveJoy@reddit
That's exactly what someone like OP describes will do. If that person has so far got away with trashing other employees to the point it results in a term, that person is likely in tight with upper management / ownership. That's typically the only reason you see people like this still holding jobs in the private sector. Directly cross them at your peril.
radiantblu@reddit
Document everything. Seriously. Start keeping a log of these decisions with dates the password collection alone is a massive compliance red flag that can sink the company. Focus on learning proper practices elsewhere while you're stuck there.
The lack of AD after "years" and manual Win10/11 updates tells me this place has zero infrastructure planning. When you eventually move up or out, look into platforms like cato networks that can handle device management and security policies from one console would solve half the chaos you're dealing with.
WorthSir5162@reddit
Go work at an MSP and you'll discover that this isn't the only place like that. That IT people like first responders, doctors, and the military, are on the pedestal an yet somehow not only surviving with incompetence, but thriving because of confidence. Keep learning and if you do end up at an MSP, do everything you can to be outta there in three years at a higher paying role somewhere else. For you've just begun to scrape the surface of how many layers of ductape, zip-ties, bubblegum and bandaids you'll find along your journey.
DesertDogggg@reddit
Honest question, what endpoint protection software are you using that can run remote code that would allow you to update Windows? Can I run just about any type of PowerShell script or something?
ElectricalLevel512@reddit
This is exactly the pain point most orgs overlook. Siloed security and network tools slow down updates and increase human error. Unified platforms like Cato Networks centralize policy management, push updates faster, and reduce configuration drift. It is not just convenience, it is a measurable risk reduction.
Friendly_Fudge_931@reddit
Yeah... that's bad. I am a network/systems engineer at a PreK-12 School District of 23,000 students (one of three). We are basically sysadmins. There is no sysadmin position and it is the highest level of IT. When I came last august, there environment was HORRIBLE. I came in, setup SCCM properly for them with OSD that the wim is actually updated every month instead of never. Before I set up sccm and when they had windows 10, It took 4 hours or more to image a machine b/c it had 4-5 years of windows updates to go through. Now we have a perfect environment with SCCM that works and Imaging that does not take 4 hours or more, and Windows 11 on almost all windows machines. There is still about 3000 windows 10 machines but we will get those upgraded by January (when students are on Winter Break). Now we have a perfect environment thanks to me! (other than VMware which is horrible b/c of Broadcom) but we may switch to Proxmox or Nutanix.
dopey_giraffe@reddit
I like posts like this because it reminds me that hey maybe I'm not so bad
Hier0phant@reddit
Yeah it's really sobering. Helps with the imposter syndrome
tk42967@reddit
I couldn't get past the Active Directory part before thinking shit, I could set that up from scratch and have MVP in about 2 hours.
Back in about 2015, I went in a place and was asked to audit their windows updates. They were using WSUS and the SQL express db that WSUS was using was full and it had not patched any machines in nearly a year.
My new boss was ready to shell out money for a SQL license, when I rebuilt their WSUS setup in an afternoon. Many stories like that from that shit hole. My jr admin refused to do server patching and I could not get my boss to put his foot down.
But the owner bought an AS/400 in the late 80's or early 90's. In 2015 it still ran their main customer db. The DR solution was he bought 3 more of the same model on ebay and had them in storage for parts.
parentskeepfindingme@reddit
I feel like I could teach myself how to build up AD in a few days, maybe not to the standards of how some of the people here could, but at least better than not doing it for 2 years. Dude clearly just has no will to learn.
ScriptThat@reddit
You're giving yourself too little credit.
It would take you less than an hour to learn the basics, and five minutes to set it up.
parentskeepfindingme@reddit
Damn, that easy? I was just talking out my ass, didn't look into shit
ScriptThat@reddit
Ok truth be told, last time I actually set up an AD from scratch it took 30 minutes. 5 minutes of setup, 5 minutes of verifying everything, and 20 minutes of waiting. (Always check twice, because if you misspell something it'll take 20 minutes to set up, 20 minutes to roll back, and 20 minutes to set it up correctly.)
parentskeepfindingme@reddit
Still, that's easy. I've considered just setting it up on my home server for practice, might be a fun little adventure
ScriptThat@reddit
you really should. It's easy and fun to mess around with at home.
parentskeepfindingme@reddit
I'll probably host it on one of my spare laptops. I've got one with an i7 1165G7 and 32gb of RAM collecting dust, and even that seems overkill. I'm make sure to take out the battery
iwaterboardheathens@reddit
I've set it up on a VM with 4gb ram at uni before, maybe you could use it as a VM server
bob_cramit@reddit
Yeah its been over 10 years, probably 15 since I did an AD from scratch, but it wouldnt be that hard to lookup a youtube video and at least get the basics right from the start, you'd have something working with a few clients connected in a day absolute tops, have a few basic group policies going etc. Sure you could then spend weeks/months hardening etc, but you also dont have any legacy bullshit to deal with, so could make a super clean AD.
tk42967@reddit
I could have it functional in 30 or less. Then I'd spend hours tweaking things, setting up QOL stuff, and doing GPO's.
tk42967@reddit
Get one of the trial windows server licenses that are good for like 90 days. Throw up a virtual box VM with a copy of server and go to town. You'd be amazed how easy it is.
Build your OS, open an elevated command prompt, run 'dcpromo' and follow the wizard.
parentskeepfindingme@reddit
True, I could just spin up a VM on my TrueNAS box, but honestly, electric is cheap and I'm feeling guilty about having 3 unused laptops in various states of disrepair. I figure once it's set up I'll remove the screen, then wall mount the base of the laptop and remote in if necessary.
Siphyre@reddit
My first real job out of college was to do just that. I had it set up in 2 hours ready to go and the org didn't have anything else for me to do because they expected it to take weeks.
farva_06@reddit
I though this post was about me until it started listing out reasons. Then I was like, yeah, I'm not that bad.
EffectiveAbroad2048@reddit
😅😅😅 as soon as I read, "we dont have Active Directory..." I was like oh nevermind, im clear.
LegnaArix@reddit
Literally same,
Honestly, going to more conferences and trainings really made me realize that we're actually pretty solid at my work place in terms of employees.
pegz@reddit
Fricken same bro but then I kept reading and was like oh Jesus ok I'm not that bad lol
h3lios@reddit
LOL.
I think this is everyone in this sub. I thought the same hahaha
secretraisinman@reddit
real imposters don't have imposter syndrome
xyzszso@reddit
It really does soothe the soul. I feel a lot better now, been down the last few weeks.
Dabnician@reddit
Its like if mediocrity is acceptable why am i bothering to care.. fuck it, if i screw up just "discover" the mistake you made and implement action plan. Managers love hearing that sort of shit.
EffectiveAbroad2048@reddit
😅😅😅😭😭 no for real! Like sheesh!
Tanker0921@reddit
Everytime i get impostor syndrome'd i read posts like this just to remind me that im not bad-bad.
Reminds me of this one org I know, thousands of employees, solid network infrastructure, clearly has the budget, but still no on-prem AD. No clue why, they just never bothered setting it up.
dopey_giraffe@reddit
How do you even manage that many users without AD or entra? How does that work? When I worked MSPs even the smallest clients at least had AD. The only ones who didn't were like the three person shop who didn't have an IT savvy relative or something.
BisonThunderclap@reddit
You let everyone run around with local admin accounts. Encourage them to click to their hearts desire on email links.
Affectionate-Oil-971@reddit
It's possible that they are using azure and that op isn't aware of it. Having said that, yeah. Sounds like a shit show at the fuck factory.
_Dreamer_Deceiver_@reddit
Then laugh when they do?
nimbusfool@reddit
Always makes me think of this talk https://youtu.be/vQTWe75GjVw?si=E0FNd7wfKmJ-1LJK
"The most fun part of using a computer is clicking on shit"
krazykat357@reddit
Exactly. This is a case of management not wanting to spend time, energy, and money into preparing for the inevitable disaster. Sometimes, the best motivation is letting things burn.
Inode1@reddit
I wonder if management is aware of this guy and he's just the fall guy for when something does go bad, might be cheaper in the long run then to actually spend the money to fix something...
FunIllustrious@reddit
One place I used to work (late 1990's to early 2000's) had a Data Security group who managed userids and passwords. Hundreds of people, hundreds of Sun and SGI servers, no AD or similar. Data Security would login and use "vipw" to create/delete users. On hundreds of machines. A small subset of machines eventually got some kind of magical user management app. I've no idea what that cost. Some of us used the "passmass" expect script to update our passwords every 30 days.
One day I got a "please help!!" call from Data Security telling me that one of their clowns had tried to add a new user, mistyped something, and wiped most of /etc/passwd. He compounded his error by trying to recover by copying /etc/opasswd to /etc/passwd. He got the filenames swapped over, so he overwrote the backup... This was in the days before rsh, rcp and rlogin were banned, so I was able to get in and install a copy of the file from another identical server. Data Security definitely did NOT want to know how I did that.
TheJesusGuy@reddit
My wife does marketing for a law firm of around 70 people. They have multiple very nice offices. Everyone is a local admin and they have no IT staff.
Tanker0921@reddit
I know right. Even their web hosted stuff isn't even layered through any middlebox, they have an exposed ssh port out there in the wild as they clearly didnt even bother with getting basic firewall in place.
I never worked for them just to be clear, I'd gag at whatever they have set up coming from a sysadmin / technical security background. It's just mindboggling to me that it exists. It's honestly amazing that they are "willing" to shoulder those risks.
Hebrewhammer8d8@reddit
Were they making profits as a company, whatever they were doing?
AuroraFireflash@reddit
Or that they work in an industry where the insurance company is willing to cover those risks. Or someone is lying to the insurance company and that will end in tears.
ProdigalB@reddit
There are minimum requirements if you even want to be covered by cybersecurity insurance. If OP’s company ever gets hit with any kind of ransomware, it’s game over. No Active Directory or IdP of any kind is already insane, how do you enforce user account control and computer settings en masse without GPOs or line of sight?
notHooptieJ@reddit
tbh, everyone has a (at least semi) functional computer at home.
these people when left to their own devices are generally 'OK'
then you have a handful of problem children, generally split into 3 classes, "knows enough to be dangerous, and loves to prove it"; 'knows so little they're dangerous, and loves to prove it', and 'i hate these things and refuse to learn enough to turn it on'
i wanna say 90-95% of users are competent enough to not burn it all down. those other 5-10% though, make it worth locking down the whooooooole bunch.
frac6969@reddit
I discovered recently that our parent company doesn’t have AD and they have far more computers than we have (we have close to 200). The single IT person just runs around to each computer to install and configure stuff.
Saritiel@reddit
From the post it sounds like the answer is pretty straightforward. He doesn't.
__ZOMBOY__@reddit
Attackers can’t get domain admin if there’s no domain in the first place!
spif_spaceman@reddit
Testify
BadSausageFactory@reddit
it can't be DNS, we run off WINS
MechanicalTurkish@reddit
cop1152@reddit
LOL
cdiaz1206@reddit
Yeah but I bet they have the built in admin account enabled which is a big no no.
notHooptieJ@reddit
we need one of those follow up posts thats all 'always hire the lazy sysadmin, they find the best solutions!'
then it will really make my day.
hidperf@reddit
I have one org in the same sector as me that I like to reference when I think I'm falling behind.
All the users have local admin rights. There is no standardization on OS or software across the org. And when (not if) a user account is compromised, they just reset the password. Nothing more.
I'm sure there's more that I'm not aware of, but that's all the inside scoop I've gotten so far.
flargh_blargh@reddit
And maybe my place with hundreds of Windows 10 devices (but with ESU licenses) also isn't so bad. Perfect? Nope. But not so bad.
dopey_giraffe@reddit
The company I currently work for still has Windows 10, not sure what the hold up is but yeah.
flargh_blargh@reddit
Honestly, as long as you have your extended support, who cares why they still have Windows 10? If they don't have support and no plan to move to Windows 11 then, yeah. That's a different issue.
dopey_giraffe@reddit
I have no idea (not my area) but we probably do. I don't personally mind if that's the case. When we do switch though I expect a lot of messages for simple things.
flargh_blargh@reddit
The good news is most people are fairly familiar with Win11 on their own if they have bought a computer in like the last 3-4 years. Yeah, you're going to get job-specific questions and "it used to be here" or "how does X work now", but that's just like... IT in general.
King_Tamino@reddit
changed job to a consulting company, away from regular on-site IT / Helpdesk for a single company. Now supporting a bunchload of smaller companies in a \~50km radius. Some, not all of them, got 1 maybe 2 on-site full time people and when working with some of those .. I started to realize that reddit sometimes is true...
The sheer ignorance on *both* sides, CEO & co. and on IT side is absurd.. the ones try throwing money at it or completly ignore it and don't think about it. The others act like spoiled childs if you critize them in any way... heck, we even convinced one company to get rid of their idiot, one of our folks is now 4 hours per week on-site and we do all other stuff remote and the man hours they get billed are absurdly low compared to a full payed 40ish hours person... A few weeks prior to having that guy being fired, the company (as we recommended) actually asked him for a daily protocoll of what he does all day and according to that stuff, he was spending 3-4 hours per day checking switches, firewalls & co. manually every single day
dopey_giraffe@reddit
That's nonsense he made up to cover up that he sat on the internet for most of the day. I mean we all have days like that but that's blatant bs.
King_Tamino@reddit
Oh absolutly, the straw that brokes the camels back though was when he made a female colleague down when she asked for some assistance or something. He seemingly exploded/ranted her down, how a woman dares to command him around (Islam/ME background, not some Alpha Male white supremacy bullshit. Living in europe btw, so that kind of background is not that uncommon but living it out … is a different thing)
dopey_giraffe@reddit
Holy crap, I hope he grows out of that attitude. Maybe he learned something.
Siphyre@reddit
Then you get sad because it is rough finding a job in this field while guys like that seem to somehow keep them despite all odds.
Fr33Paco@reddit
Same same...
notHooptieJ@reddit
that moment when you have to make sure that post in /r/ShittySysadmin isnt about you...
and then relief.
reni-chan@reddit
I heard from my colleague that the "network admin" they hired after I left my previous job tried to ping the fibre patch panel id thinking it's a switch, couldn't get his head around how access lists work, and bought new c9120axi access points and done nothing with them for 6 months because he didn't even know where to start. There is more but that's enough for tonight...
ReadyAimTranspire@reddit
Oh man, let me tell you. I have worked across several industries in numerous roles, and the number of people that I have met that are absolutely awful at their job and have no business being there is astounding.
cultvignette@reddit
Ya lol. Nothing will quell the imposter syndrome more than seeing the work of someone who blatantly does not belong at all 😆
Fratm@reddit
Are you the sysadmin OP is talking about? come on, you can admit it. /s
CornBredThuggin@reddit
Oh my god, me too! I'm not the best Sys Admin, but I'm not a complete dumbass.
banned-in-tha-usa@reddit
One thing you need to learn about working in IT.
Quit caring about what the people above you do.
You’ll make yourself a target.
If the companies fine with letting him do what he wants, just do your job and go home.
levelvetelvis@reddit
no Active Directory? what year is it? (is his still using NDS lol) how does your workplace actually function?
ThrowingPokeballs@reddit
Guy before me was setting up LDAP for a year and a half. Couldn’t figure out how the CTO made an OpenVPN server and spent 9 months figuring that one out… Jesus
Impressive-Head9622@reddit
🤣🤣🤣🤣🤫🤫🤫😛🤣🤣
SpotlessCheetah@reddit
I really hate seeing the word, "softwares." Make it stop. This has to fucking stop.
CRodgers5@reddit
Oh wow, I think I know who this guy is LOL! The giveaway is the literally impossible to convert MBR to GPT comment. I worked with a guy a while back who told one of our managers this as his excuse for his hard drive failure.
Lost-Droids@reddit
"we need to confirm their password meets our security requirements" - Surely one of the security requirements is not telling people their passwords
denmicent@reddit
Then how do they know if it meets the requirements? Duh.
twitchd8@reddit
Active Directory does a GREAT job at mandating password strength and reuse requirements... If only someone would get their head out their arse and implement AD!!! lol
Pallidum_Treponema@reddit
I'm just a Linux admin, but judging by our Windows admin, setting up AD is not as easy as you may think. It took him a year to do after I gave him the task. And he's a senior, so he knows what he's doing.
(This was for a side-project. Our production AD is working just fine, thankfully. We couldn't afford the multi-year project of setting up an AD from scratch for that environment.)
boibo@reddit
AD is litteraly pick a name, press next a couple times, make a password or two.
Wam, its set up.
then you create some structure in the AD but thats hardly necessary for it to work.
make some GPOs for printers and shares, edit some password policies (not needed, default is ok).
Takes no time at all and its just as easy with 1 computer as 2000, thats the thing with AD - it scales so easy.
Most tedious thing to do is AD join computers and migrate their existing profiles. But that can be done when enrolling new devices instead if you want to skip the conversion.
quadratspuentu@reddit
AD is easy and fast to setup for basic security requirements. And that would be a huge improvement against what is describben by OP.
But I agree, if you want to implement all the best practices that makes sense for your Org, that's not done in some days.
fcollini@reddit
Your admin taking a year for a side-project probably wasn't because the installation took that long; it was likely because the scope creep was huge. Setting up AD from scratch involves:
So, while the install is fast, the full migration and making it secure and manageable is indeed a massive project. Your Windows admin might not be an idiot, but they are right that it's not a weekend job for a production environment!
Pallidum_Treponema@reddit
No.
I'm the team lead. This was the most basic setup imaginable. Literally just user management for ten client machines.
I'm not allowed to fire the guy due to nepotism.
blissed_off@reddit
What? AD is idiot prior to set up. It can be set up in ten minutes.
Pallidum_Treponema@reddit
You see, that's what I thought too, but our Windows admin, who again is a SENIOR sysadmin, took a year to set it up. For a huge side-project of a massive TEN client machines!
Our other windows admin, who is only a senior, did also claim that it was a ten minute task, but obviously he was wrong. He's busy running our production environment, and I've never seen him set up AD from scratch so he obviously doesn't know how to.
Our SENIOR sysadmin is really smart. It took him only an hour to figure out how to work a patch panel, something that is obviously very tricky because it took him several failed attempts before he got it right.
grepzilla@reddit
Sounds like they may be Super Seniors....that's what we called the 13th year Seniors at my high school.
AdmMonkey@reddit
Damn, I think your SENIOR admin is the Brother of the OP Sysadmin.
That and I need to check if my AD is done correctly, I must have miss something, it's took me around ten minutes...
Pallidum_Treponema@reddit
The resemblance is uncanny. The SENIOR sysadmin got hired because he knows IT Security. He's configured FIREWALLS for client machines!
It's a good thing that I was on holiday when he was interviewing for the job, because I would've embarrassed myself by asking simple IT related questions.
denmicent@reddit
Who interviewed him lol
Pallidum_Treponema@reddit
One of the senior managers. Need I say more?
TheIntuneGoon@reddit
Dang. Do y'all have ANY juniors around that mf?
denmicent@reddit
I’m just glad the manager knew enough to know it takes over a year to set that up.
Forsythe36@reddit
Just did a new AD set up. Security groups, shares, users and GPOs took me all of 4 hours.
Tyr--07@reddit
What is he? The Senior admin of HP printers or something? AD is quick. It takes maybe an hour to deploy the system from scratch, deploying windows server, installing AD roles, creating basic OUs. Then it's the time it takes to join each device to AD, which isn't long but it's still 5 minute x number of devices roughly, but you can automate that with an RMM tool to join them all at once.
It takes take to setup the exact policies you want to enable and features after sure, but the initial AD join and what not, no time at all really.
twitchd8@reddit
And this is why I got fired. "Tell that senior they don't deserve the title." I don't respect anyone that claims to be senior, demands that title clout, and then fails to deliver. It's a merit based thing... Hell, I'm autistic, and they're saying I'm an asshole... No, as I told them from my interview, I tell it like it is.
denmicent@reddit
This bothers me too. Failing to deliver or just not knowing? Fine, it happens, we all don’t know stuff not a problem.
Claiming you’re the be all and end all, and failing to deliver and refusing to admit you don’t know? Rage bait
TheRealLazloFalconi@reddit
It depends on what your criteria are. Just getting AD set up greenfield is super easy, literally takes less than an hour. But as you may suspect, there's more to do if you want to do it right. If you're setting up new group policies, that can easily take a week if you don't have a template. Good admins will either have one, or have an idea of what they want implemented that can cut that time down drastically. Getting DNS set up, changing out all of your DHCP scopes, joining other AD servers, and then converting your local user accounts to AD accounts can take a good chunk of time, but still, it should all take less than a year for sites that have fewer than 500 employees. At least... Once you have the budget for servers (Now that could take decades!).
Pallidum_Treponema@reddit
Our SENIOR sysadmin had to set up AD for the purpose of being able to (and this is very technical, so bear with me) log in with the same username and password on any of the TEN machines in that side-project environment.
He also had to connect a Synology NAS to that AD, which is very difficult. That took another full month to do.
There may be a reason for why he's the sysadmin for that side project and not our production environment. Obviously that side project has much tougher requirements that only his SENIOR expertise is able to handle.
JoeLaRue420@reddit
the horror, he had to click "join" and supply credentials. i hope he took a nice long break after that!
denmicent@reddit
I don’t even smoke but I would have immediately taken lunch and started chain smoking I couldn’t imagine.
Maeldruin_@reddit
He should definitely ask the bosses for a raise after such a difficult task!
ReverendDS@reddit
Shit, I had to rebuild an entire AD forest and rebuild all GPOs, security groups, users... everything after someone accidentally deleted everything with no backups.
Whole thing only took me about five hours.
abstractraj@reddit
We set up AD for each of our projects and then run scripts against it to standardize the basic policies. Pretty straightforward
Ch4rl13_P3pp3r@reddit
A simple AD with a couple of GPs to lock things down shouldn’t take more than a couple of hours to get up and running. I’m not even a Windows tech, but I’ve had to create a new AD on numerous occasions.
Obviously the more complex the environment, the more time is going to take to design and implement. Factor in Azure, InTune and Email and multiple sites, and that’s going to drastically increase the time to design and deploy. But a simple AD to manage users passwords and permissions should be a couple of hours tops.
Hampsterhumper@reddit
Hey! In his defense it can sometimes take multiple hours to set up a basic AD. Like maybe 2. So think about that before you try to load this poor dumbass up with work.
denmicent@reddit
I think I’ve worked with the guy OP is describing lmao
Creative-Package6213@reddit
We've all worked with that guy at one point or another...😂
MorpH2k@reddit
Thankfully I've not worked with that guy. Even the most incompetent people I've had the dubious pleasure to work with sound like seasoned experts compared to this.
sengh71@reddit
I'm currently working with that guy. That guy is me with my homelab. He's very frustrating.
sheep1e@reddit
Try using an LLM to help you figure things out. That’s one of their stronger use cases.
MechanicalTurkish@reddit
Hello, me, meet the real me
And my misfit’s way of life
terminalzero@reddit
was gonna say - I think I WAS that guy when I was like, 17 and just cutting my teeth
MrYiff@reddit
You can even extend this functionality with various tools (MS have one but it requires Entra ID P1 licensing, or there are FOSS options too), so you can restrict specific common words or phrases from being used. This even further removes the need of ever needing to know a users password to assess how secure it is!
Dal90@reddit
Reminiscing of the good old days of https://en.wikipedia.org/wiki/L0pht and the brief time in the 1990s I could just dump our AD passwords from NT 4.0 to see who had weak ones :D
DomainFurry@reddit
Fail everyone for sharing passwords, easy!
Splask@reddit
If only he could finish setting up that domain so they could have password complexity requirements...
zezimeme@reddit
Still not as bad as having ti write your password on a peice of paper along with all the passwords of your collegues. Oh also, this paper is hung on a wall. I saw this at an assurance company btw.
georgiomoorlord@reddit
Nah it's on a post it on the monitor
Grrl_geek@reddit
I think you mean "under the keyboard" 🤣.
georgiomoorlord@reddit
Oh you sweet summer child
AuroraFireflash@reddit
Were you assured? At peace with the situation? :)
EastFalls@reddit
Password security requirements are not on paper, they should be enforced systematically.
ThatBlinkingRedLight@reddit
That’s not a requirement, more a policy and since the policy hasn’t been ratified by him he doesn’t follow it.
thereisonlyoneme@reddit
Now we know for sure passwords are not compliant.
lythamhigh@reddit
how are the backups?
generallycrunchy@reddit
Sounds like a huge asshole. What are you doing about it?
john-firewall@reddit
If you document this well enough, you could probably show this to someone he reports to and supersede him. Better to have someone who can grow into the position than someone who is willfully incompetent.
nightservice_@reddit
I stopped reading when I saw ccCleaner. Are yall also running lime wire on XP
Zomgsolame@reddit
HAH, not it. We dont have IT helpdesk.
h8tank88@reddit
nepotism or cronyism ... that's the only answer to this level of GROSS incompetence.
Whoever owns this org HAS to know what a slop shop this is.
I mean, DAMN SON... depending on the business sector, you could be talking about Millions in liability / insurance claims / fines. On the other hand, it's a potential career boost /saver for you.
Because of the possibilty/probability that someone is protecting this guy, I wouldn't just 'notify management' or send an email to anybody. But I WOULD document as much as possible, PARTICULARLY as they may try to pin any fallout from this mis-management on you.
If you're certain (and it sounds pretty certain, lol) you're emails aren't being audited, I'd forward any emails he sends you ordering you to do something you know is f'd to a pre-determined email address... Oh, and lol, try to arrange it so MOST if not ALL of this stuff is via email! Reason why is: there's really no way to dispute it. You've got the emails, headers, timestamps, etc. and it's on THEIR servers AND any others it's sent to/from, ready to be subpoenaed.
macgruff@reddit
Passwords should “never” be gathered and shared (even amongst the most competent admins). This is just a big non-starter no go.
End point software. This should be managed by an either a separate team (eg, CYS OPs or end point team). That needs to be addressed immediately. Especially due to the number of laptops.
AD, or some centralized network management needs to be addressed. As per other reply, probably best to have a third party come in and consult and implement.
Remove your personal animus. Point out the obvious serious technical challenges above. In email to your manager. Do it once. Say your peace without any blame, point out the issues only. Wash hands.
Decide for yourself whether to stay or go. You don’t state your position, in relation to the sysadmin. Sounds like you’re an end point L2-L3 guy. Hold your tongue while you search for a better position within, or move elsewhere to another company. Understand, there will always be people smarter than you, but also more stupid. You are at the point where you just need to figure out how to work with each type. L3 and above is more about interpersonal communication than it is technical ability. You can always find someone smarter; it’s about being able to explain “to the idiots” what is a correct approach in a way that they understand it. Those persons can often be in mgmt. above you.
watusa@reddit
Being the smartest in the room can be a low bar for many orgs. This is how sys admins like this survive.
henk717@reddit
Technically you could build a demo lab yourself and go to management with a trial.
If you have the skills to do the sysadmin stuff yourself which it sounds like you do why not show it to them how much better it can be? Maybe you can land his job that way.
RestOtherwise6574@reddit (OP)
Yeah, I have thought about doing this. The guy who had this position before me tried and had an AD almost set up for a part of our organization, he had permission from our manager to do this but when the sysadmin found out he deleted everything on the server and the manager just sided with the sysadmin.
raffey_goode@reddit
just leave and cite the shitty sysadmin as to why, explain why everything is done wrong and call it a day. not worth the time
henk717@reddit
Then it will have to be a different route. Still build the proof of concept as its not that hard and for a basic network not that time consuming. Just something with appealing features like being able to show you can centrally manage accounts. Maybe something fancy like a proper fileserver that has snapshots/backups to shield from ransomware so you can demonstrate data recovery. The ability to configure the machines properly with policies, that kinda thing. Whatever you think would benefit the org. On a small scale you can build it in a weekend in a VM lab on your device. The sysadmin won't have any idea you even did this and has no access to it especially since by his own design there is no access to your machine.
When you built that you now have a way to execute my plan, show your manager directly how much better your plan is compared to the current situation. Get approval to execute the plan directly from the manager and warn in advance the execution and therefore the company's IT success may be sabortaged. Because at this point it sounds like for whatever reason that sysadmin is malicious not just incompetent. Its always useful to force peoples hand and the previous guy did that, deleting the work is an abmission of guilt.
If they don't wanna let you turn this company into something proper don't stay there. Why have such a disaster on your resume? Any new employer who asks why you quit will probably laugh at the situation to and then when they find out you quit over having tried to make it a proper setup they will probably apprechiate your drive.
Leolucando@reddit
Well now you know why he left and you are in his position now. Just follow his way and quit aswell.
Nonaveragemonkey@reddit
Is this sys admin old as shit?
HoustonBOFH@reddit
Doesn't matter. I'm old as shit but I learn new things... And I know some younger guys that refuse to do that.
Nonaveragemonkey@reddit
I'm just saying this sounds like some kinda boomer bull shit.
HoustonBOFH@reddit
As Gen X, I can tell you that there is a lot of bull shit on both sides of my generation. Less actually in mine because we don't give as much of a shit...
Nonaveragemonkey@reddit
I dunno, we could argue that. Plenty of dumb shit out of Gen x, like insisting degrees actually prove competence. Plenty of dumb millennial shit too, but boomer dumbassery is orders of magnitude higher than z-x combined.
HoustonBOFH@reddit
I am the first to say that all degrees prove is a love of debt! :)
Grrl_geek@reddit
💯 this!!! I'm Gen X also but yeah, this is some incredible BS.
BituminousBitumin@reddit
I'm old as shit, and I know better than this.
The_Penguin22@reddit
I make shit look young, and yeah, I'm way better than that.
UsedPerformance2441@reddit
I’ve worked with a few numbskulls like this. At the end of the day, his job is about covering his ass and making others look bad. I had a guy like this one time. He lasted six months then got canned for not knowing his job. I actually retired AD from my network since we are in Google now. We have roughly 20 windows laptops and about 250 Chromebooks. Needless to say, no Microsoft headaches. My 20 windows laptops are the same model of Lenovo with just windows, chrome, office and our Sophos security solution.
Successful_Horse31@reddit
I feel like this is fake because it sounds unbelievable.
duranfan@reddit
Eject, eject, eject.
analbumcover@reddit
He's living life like it was 20 years ago or longer lmao. Making everything harder for himself and not confirming to typical standard practice.
know he's bad, but it won't matter unless the company can also see that it's a problem. If they won't, time to start looking at other jobs while you get some more experience there. If they do, maybe you could end up taking his position at some point, though there may be some drama or workplace politics to deal with.
p90rushb@reddit
Was gonna say, this sounds like IT from the early 2000s. Some neckbeard at the helm where no one questions his absolute authority on all IT matters, while all the staff work harder and not smarter, and if someone does want to work smarter by automating/scripting, a dude like this would shut it down because he doesn't know anything about it so he hides behind his position and the main defense mechanism is always berating those under him. But at the end of the day, if the c-suite vouches for the guy and there's no been major incidents, the situation goes on and on while captain neckbard rests on his laurels and leaves the org at risk.
UltraChip@reddit
Arguably worse than that - Active Directory was common practice 20 years ago.
deac714@reddit
Run.
Run fast, run far.
AmateurishExpertise@reddit
What you're describing is exactly what you say - your sysadmin or whoever is steering the technical decisions is completely incompetent.
Which is why you're installing ccleaner on systems that are several years behind on patches, right? LOL.
Whoever is in charge did not get there via technical skill. So that means they probably got there via some other means, quite possibly by playing real dirty office politics.
F1nd3r@reddit
Sounds fun - either learn to live with it (as there are clearly factors beyond his capability keeping him there), or move on.
anonpf@reddit
Nepotism. Most likely nepotism, or he has damning info on the big boss.
Atlasreturns@reddit
From my experience it‘s usually some boomer who‘s been with the company for decades. And what these culprits lack in technical expertise they more than make up with intellectual arson. Basically gatekeeping information and underselling the need for maintaining up to date technology and practices.
Add a stingy higher up that gladly gets told slacking off on certain IT investments is actually good and you have a company gladly runs on amateur systems that are two decades behind the standard. Like I have seen shoddy IT infrastructure in sizable companies that I wouldn‘t even accept within my house resulting from that combination.
PositiveBubbles@reddit
I've worked with boomers, millennials, and xers who gatekeep info. Some people are just narcissistic when it comes to control.
I've seen people who think it keeps them in the job but they've been turfed eventually.
HorseShedShingle@reddit
Exactly this - you get some boomer IT person who doesn't trust modern tech for "reasons" and fast forward a few years and you have an exchange 2010 server in 2025 because 'i don't trust the cloud - they can hack it'.
TheRealLazloFalconi@reddit
It could just be that nobody knows better and this guy keeps things running just well enough that nobody cares to fix it.
TheIntuneGoon@reddit
I was blessed to not know how true this can be until very recently.
ITAdministratorHB@reddit
Could easily be this
HorseShedShingle@reddit
It's probably just he's been there for a while and been fear mongering the the execs about everything and since no crazy outages have happened they keep in around not knowing any better.
Depending on the leadership you can show them something stupid simple like chatgpt and they think your an IT god - especially in SMB.
razzemmatazz@reddit
This sounds like the kind of guy that reads other people's emails.
TheRabidDeer@reddit
I'm not sure he'd know how to without asking for their password...
Grizzalbee@reddit
Continuing to be there seems like it would be a massive disservice to OP's growth, regardless of intended career goals.
nascentt@reddit
Also, when (and not if) the shit hits the fan, they'll be looking for a fall guy.
I'd be looking for another job myself.
node77@reddit
More like fraud!
llDemonll@reddit
Why do you work there still? You’re not going to learn much.
RestOtherwise6574@reddit (OP)
Unfortunately it's my best option at the moment, the pay is incredible compared to my last job.
occamsrzor@reddit
Make sure you consider it to be getting paid to go to school. Learn every last system your company uses, and learn to improve processes.
I had a job just like this once. Drove me nuts, but I was able to make the leap from support to engineering based on the 4 years there
eg_ducks@reddit
OP, this is the way. Set your goal now: in three (or two, or five) years I want to be [job title] and I will need to know [skills]. Then jump on whatever in your current job gives you experience with those skills, and document it so you don't forget about it when you're ready to apply.
llDemonll@reddit
You don't have to quit, just start looking.
ITAdministratorHB@reddit
Work is about making money, it's not schooltime...
gabbietor@reddit
g worse than being stuck under someone who blocks progress out of ego or laziness. its hard to fix a system when the sysadmin is main problem
Durende@reddit
Here I am struggling to understand App Registration api access, but hey, at least I know not to run more than one AV at a time
thortgot@reddit
That's weapons grade incompetence, impressive.
sssRealm@reddit
I agree. I empathize with getting older and struggling to learn new things, but this is willful and malicious incompetence.
MenBearsPigs@reddit
Feels like he lucked into the job early on without proper qualifications or experience -- and hey, that's fine, it happens.
But then he proceeded to learn literally nothing for (decades?).
Also sounds like he's somewhat good at office politics if he's this awful yet stays employed. Obviously he knows what he's doing by actively getting any new IT hires fired lmao.
Grrl_geek@reddit
If by "somewhat good at office politics" you mean, he's related to someone OR has some amazing dirt on a higher up, okay.
GenerateUsefulName@reddit
If you have everyone's password it's easy to collect the dirt right from the horses mouth. Or something like that.
sssRealm@reddit
20 years ago I worked in a small team for a crappy boss in a growing municipality. He was hired 10 previously as the only IT guy. He was incompetent, lazy and had no leadership skills. He lingered into the job, because his bosses where so tech illiterate. A year after I left, they created a position above him. He then became the helpdesk supervisor. I had a friend work under him after that. He told me he was still a crappy boss. That boss actually made it to retirement at the same place.
musiquededemain@reddit
"weapons-grade incompetence" I am going to use that from now on. Thanks.
Valdaraak@reddit
I'll give you another one that we run into from time to time: Militant ignorance.
That's when someone doesn't know something, doesn't want to know something, and will get angry/aggressive with you for trying to teach them it.
musiquededemain@reddit
Ooof. That's a good one too. I will be using these at my next team meeting, which is in T minus 1 hour 15 minutes.
GMginger@reddit
Depending on the audience, "chaos monkey" works for this one too. It's a the name of a tool (created by Netflix I think?) to go around and randomly shut stuff off to prove that the system is resilient and everything keeps chugging along. One slight difference when using to describe someone is that it can give the idea that they're breaking things on purpose, and it's not just incompetence.
Important_Ad2902@reddit
Sounds like the nuclear test at Chernobyl. We all know how that ended.
musiquededemain@reddit
Yes. I work for a financial institution. I can't imagine the utter carnage the Chaos Monkey script would unleash. Talk about serious losses in profit. Holy shit.
musiquededemain@reddit
IIRC the chaos monkey script is also open source and is available for download.
CCLF@reddit
There's an awful lot of that in society these days.
kuroimakina@reddit
Experts are too woke. Same with education.
aes_gcm@reddit
It's so tiresome.
roboticfoxdeer@reddit
You just described a large portion of the US voter base
occamsrzor@reddit
And yet still think they have an informed opinion
twitchd8@reddit
What's worse is when management are the ones telling you they don't want to know something, or do something... I got fired for trying to implement it, and they still don't have a decent documentation system or centralized management system for all of their tech. And it's a public sector (aka state government) organization... I was a Corporate Ladder bottom-level System Admin - that's right, IT is not near the top of that ladder - We were stuck right at the bottom of the hill that crap rolls right down...
TreborG2@reddit
Don't forget 'impressive'...
skittle-brau@reddit
That guy belongs in /r/shittysysadmin but for real.
uns3en@reddit
And I thought I was shit at my job...
Ambitious-Radish-911@reddit
Make your own custom MDM that works twice as fast as theirs.
Using coding skills with your own MDM, you will appear as 10x helpdesk with coding/scripting skills.
If fired take your MDM with you.
a. If not fired, quit anyway at slightest push back.
Next job interview tell interviewers that you made your own MDM software from scratch.
a. Flex your bicep when telling.
Unatommer@reddit
You won’t learn anything good working under this person, find a better place.
quadratspuentu@reddit
He will learn desaster recovery, if they can afford to do that ;)
CelestialFury@reddit
Oh, he'll be learning lots under this guy. He's getting lessons on what NOT to do as a sysadmin and he's clearly taking notes. I know it sucks, but having a shitty boss can show you all the things you should and shouldn't be doing, and it's quite the experience. I've had shitty bosses and when I started supervising people, I remembered those lessons.
Catsrules@reddit
You will learn what not to do that is something.
toastpaint@reddit
This is BOFH-tier.
sparcmo@reddit
Bookmarking this post for when the syndrome gets me.
njoYYYY@reddit
"we need to confirm their password meets our security requirements" is a genius move. The moment they tell you their password, you can tell them "your password does not meet our security requirements, since you gave it to someone else.".
On a more serious note, it is mindblowing how many clueless admins have been out there, especially in higher positions, that have next to 0 skills.
tachik0ma7@reddit
I read "no Active Directory" and immediately knew the story was going to go downhill fast...
svecccc@reddit
Pretty sure this is a bot post.
ShawtySayWhaaat@reddit
Thanks I've been dealing with impostor syndrome and doubted whether I could ever get back into being a sysadmin.
This has cured that issue.
What the actual fuck did I just read, this guy is not real.
ka-splam@reddit
I've skimmed the comments and nobody has said: ask him what low-level tasks he "is too busy to do" (read: tasks he considers beneath him) that he can pass down to you so he can "focus on more important things". He's not likely to hand over anything he likes to a new helpdesk but he might have something he dislikes, or doesn't want to learn about or deal with.
Take them on, improve/automate them, don't boast about it to him (he won't like it), or about how quickly you can do it now (he won't like that), or to your manager (they won't want to hear how you're better than someone they like) - except in the sense of "he gave me this extra work and I'm doing it, I love working here on a team, Team team Team Team TEAM, pay me more".
Either you'll have some improved systems to work with, or you'll get some experience deploying things in the messy real world and fighting all the other employees who won't like change or spending, or you'll gradually get a reputation for competence without annoying him too much.
I'm not sure I'd want to, but you said you need the job and don't want to leave, and that seems a better idea than just putting up with it or trying to go around him or over his head to tell people he's bad at his job.
RestOtherwise6574@reddit (OP)
It's hard to find things he's doesn't want to do since he lays claim over everything he can and is either unable or doesn't want to delegate any tasks. Right now, my sole job is Win10-11 upgrades and some occasional tech support. I have been working on some scripts to automate some of the stuff he has me due in regards to Windows updates, but besides that, I don't really get access to anything. It's a decently sized organization, and he is the sole system administrator. If someone wants a simple password change, I am simply unable to do that since I have no access to anything. It is set up in a way where he needs their user password in order to allow access to network drives, which, in my opinion, can not possibly be close to the right way to do it.
To kind of add onto things he does/says he doesn't believe in scripting and therefore I am not allowed to do it but he hasn't explicitly said anything yet to me about scripting.
spin81@reddit
Just in case this is something that you need to hear: you're right, it absolutely isn't.
I know some people might not enjoy scripting and might like to point and click. But those people who don't believe in scripting, I genuinely don't understand. What do these people do all day? How can anyone get anything done by themselves in an organization of more than a dozen people unless they start automating? Surely even point-and-click preferrers will concede that scripting is sometimes what you want?
Maybe it's because I don't understand how Windows admin works - which I genuinely pretty much don't - but I find it hard to fathom how someone like that can function. I guess the answer in many cases is, they probably don't.
Avi_Asharma@reddit
I have seen such companies in my past where they have team and money but lack of skills.
Mk3d81@reddit
It’s why I’m a single business man from 10y. Can’t work with people like this. Can’t change the rules. Can’t change the society. So i changed. Good luck with your shitty colleague. Don’t make yourself sick.
snowtax@reddit
Take a few months, no more than one year, to learn what you can and find a better job. Don't worry about trying to change that company, not your job.
nimbusfool@reddit
Hope the cyber insurance is good! Anyone have any funny passwords? Knowing they probably reuse those passwords or permutations of them is some interesting liability. Local admin the same password everyone in IT knows?
RipRapRob@reddit
Sounds like incompetent Management.
Big_Joke_9281@reddit
Been there, done that. Sucking admin was best friend with IT manager and both sucked. Both were in this place for over 20 years. So there is no chance to change anything.
Angelworks42@reddit
Fun thing about ccleaner - if you're using it without a contract/license its against the licensee. Its only free for home users.
Fwiw that's how I managed to get the dumber techs from not using it anymore for every issue. It used to have this thing where it would flush all the files out of the windows installer cache and kinda break the client.
axilidade@reddit
oh fuck this isn't /r/shittysysadmin oh no
Alafoss@reddit
My sysadmin sucks.
My sysadmin is me.
Icy-Agent6600@reddit
Is he the super anti spyware guy
CrudBert@reddit
In my IT he experience, more than likely he’ll get promoted to CIO. It’s how IT works, for whatever reason.
Peter_Duncan@reddit
Way back, 1970. Not computers. I came home from work. Complaining to my dad about the job. He told me it’s only 8 hours a day. That put a whole different light on the subject.
E__Rock@reddit
CCleaner is also bundled with malware. It is also not approved for enterprise literally anywhere. Then, you install anti virus after installing the software containing a virus. Then you installed another anti virus. My head is melting.
keeblin90210@reddit
CCleaner is the BOMB! It does all my work, so I don't have to! Bundle CCleaner with an Adobe Reader download chock full of McAfee. It's a win-win. If you really want to win, bundle the Wise RAM Optimizer. They're be talking about you for years. Make sure to deploy all .msi to a GPO. I prefer the Default Domain Policy. Give it to them!.
snottyz@reddit
Anyone else open this to make sure it wasn't about themselves?
RobinatorWpg@reddit
Here's an idea...
Get together with your co-workers, build a detailed report on where things are failing massively .
Approach him (with out his knowledge of the list) with suggestions, and when ignored (especially critical ones) bring it to leadership as a group
trumpfairy@reddit
Does he have the same surname as somebody in senior management by any chance?
iheartrms@reddit
I can't believe this isn't troll post. If this is real, you need to find a new place to work asap. This joker will absolutely throw you under the bus.
LaDev@reddit
Maybe he’s a genius.
With no AD/MDM there’s no lateral movement… foolproof.
LetzGetz@reddit
One dude? How much do you pay him?
ATL_we_ready@reddit
Straight up bofh style
l0st1nP4r4d1ce@reddit
BOFH would crush this sysadmins hopes and dreams if he saw this.
Asshole, yes.
Talented and Experienced, also yes.
Grrl_geek@reddit
Now, now, the BOFH actually knew stuff; he'd just had it with the doofuses all around him, and acted accordingly.
ATL_we_ready@reddit
True, he was clever
Tech_Mix_Guru111@reddit
BS no way 200 users in a company are putting up with this. It has to be a joke and just social media shit.
Assumeweknow@reddit
Mbr to gpt is easy.
Known_Experience_794@reddit
Well, if they are not on AD, I could see scenarios where IT might need to know the now local only user password.. but still. AD can be time consuming to setup and get it all working properly but come on. I do a simple AD without a whole bunch of policies in a weekend.. And I’m slow…
There are occasions where we must login as the user. When we do, we typically give them a choice.. They can give us their password and then we force them to reset it when we are done OR we reset it, do our work, give them the new password and force them to reset it. Either way, they are getting a new password. We are a small shop with 2 IT guys that everyone knows, so we allow the users to choose.
Streetthrasher88@reddit
Just curious but if you reset passwords anyways, why give them the option to give you their password? In terms of end-user training, I feel like it would be best practice for users to never give passwords (even to IT). Reduces social engineering ease
Known_Experience_794@reddit
I don’t disagree and you’re not wrong. But we are a small shop with 2 IT people. So it would be difficult to social engineer them as they know us very well and we are usually communicating face to face. As to why offer them a choice? In short it keeps them happy to feel they have some control even though the end result is that they still have to change passwords. For my part, I get to see which ones seem to understand what a good password is and is not. You know. Who tends to use Spring2025 vs Br0ken!Canary_FodderHounds
Witte-666@reddit
You don't have a sys admin.
intellectual_printer@reddit
I'll see you tomorrow Jermaine..
SlipBusy1011@reddit
I'll see you tomorrow Chris...
intellectual_printer@reddit
Jack from HR I'm guessing ?
Vodor1@reddit
No, it's Frances from building maintenance, Jack gave me his password.
TheAverageDark@reddit
His first mistake was giving his password to multiple environments of France
thereisonlyoneme@reddit
Via a phishing email.
itslevis@reddit
Holy shit this made me gag my coffee lol
sopwath@reddit
It’s hard out there, finding jobs and stuff, but this sounds like a terrible place to be. You will never learn anything at a place this backwards and it sounds pretty toxic as well.
Kindly_Revert@reddit
I've worked with folks like this, it's usually the folks who fell into a position with no formal education or training. The overzealous self-taught folks sometimes fall into this category, not realizing the differences between their at-home tinkering and enterprise setups.
One thing is for sure though, they are usually good talkers. They know what to say to management to get what they want. This is why I always tell people soft skills are important, because even someone who's clearly incompetent is employed in this role.
Either polish the resumé and start looking, or gather concrete evidence of what doesn't follow industry standards and get someone onboard with you to bring the risks to leadership. The second option may backfire depending how well-liked the guy is, so id recommend the former. Some businesses are just screwed until these types retire or leave.
Witte-666@reddit
I used to have colleagues like OP's "sysadmin" before I worked in IT.
They were exactly how you describe them. Incompetent but trusted, mostly long-time employees and whispering in the ears of the managers or bosses.
I've never seen a place where others could convince management of the incompetence of these employees, no matter how bad they were at their job, and when they inevitably fuck up they will throw anyone under the bus without hesitation.
ZedGama3@reddit
When I was a contractor I'd come across companies like this. I told them about my concerns and the response I usually got back was something along the lines of, the devil we know is better than the devil we don't.
Fear is the mind killer.
excitedsolutions@reddit
Little does everyone realize…he skipped AD and went straight AAD in 2015 and everything is AI managed.
Drakoolya@reddit
Yr IT Director/manager are Morons and are to blame for this mess.
person1234man@reddit
/r/shittysysadmin is leaking
LameBMX@reddit
I had to doubletake
AssEaterInc@reddit
I spent an embarrassing amount of time making sure this was the actual sysadmin sub
AistoB@reddit
Wow.. that gave us all a boost, what a tool. I hope he finds this thread and realises it’s him.
Voy74656@reddit
Sir, this is r/sysadmin, not r/ShittySysadmin
game120642@reddit
ccleaner 💀
westerschelle@reddit
That doesn't sound like a sysadmin. That sounds like someone's nephew who is "good with computers".
nukker96@reddit
As someone who broke into IT in the early 2000’s, this post really hits hard.
ofhgtl@reddit
That SysAdmin reading this putting 2 and 2 together
RabidTaquito@reddit
Such a guy is definitely not browsing this sub. There are too many complicated words here. No, he's over at r/ShittySysadmin laughing at all of the idiots. The irony is completely lost on him.
Ron-Swanson-Mustache@reddit
He thinks /r/ProgrammerHumor, /r/cablegore, /r/hardwaregore, and /r/iiiiiiitttttttttttt are "how to" subs
D0nM3ga@reddit
....shit...
ofhgtl@reddit
LMFAO. This was great.
Several-Customer7048@reddit
I'm genuinely impressed if they are a regular on here and not aware that they're this bad at their job. This falls entirely on upper management for not having an established and trusted route for employees to raise concerns like this. What a shitshow. We briefly had a guy exactly like this almost where they faked their entire resume, and I fired him and got the guy who caught the dumbass promoted, but this was only possible due to having and established a trusted method of reporting such issues.
ITaggie@reddit
Wasn't too long ago when people in this very sub were defending the password-sharing practices. There clearly are a ton of incompetent sysadmins in this sub, even if they don't post often.
yummers511@reddit
The only kind of password sharing anyone can come remotely close to making a good case for is test accounts or specific use service accounts. And that is ONLY if the passwords are rotated regularly and they are kept in some sort of password vault or password manager, rather than slapping them in a spreadsheet.
housewright30@reddit
I work for an enterprise storage company. I can't tell you the number of times I have been on a zoom call with customers that are sharing there screen that go to a spreadsheet with all there passwords. What makes it worse is that most of the time these spreadsheets normally are shared between everyone. This means everyone is using the same passwords for VMware, san storage, vsphere, and any other non-critical systems. Lol.
Several-Customer7048@reddit
The only way to really get rid of password sharing is to have up-to-date procedures that allow MFA in a secure and usable fashion. That's what our guys say anyway and it seems correct. Im primarily in software engineering so I’m not sure of specifics but we’ve implemented a system where we use company-issued FIDO keys, company-issued biometric cameras on the laptops, and company-issued phone device mics/mics on the laptops for multiple authentication without a password, and password as a last resort or fall back set by the user.
Tasty_Switch_4920@reddit
torbar203@reddit
Not this post, but once in a while I will read a post on here and be like "wait is this talking about me?"
Once it was so accurate that i dug through the person's profile to determine for sure they weren't in my area!
Reasonable-Proof2299@reddit
This type thinks they know everything
Electrical_Space7100@reddit
fortunately i think we can assume the person in question can't read
ciabattabing16@reddit
I didn't see where OP mentioned he was management
derscholl@reddit
congrats you've found a board members nephew in the wild
Zlav_@reddit
Maybe he’s setting up ADDS and maybe it has 16 domain controllers!
Hacky_5ack@reddit
Sysadmin stuck in the past, does not keep up with tech, claims to know everything, narcissistic behavior, claims you are the idiot and they can do everything and you know nothing.
Classic sysadmin shit mentality. Someone you never want to work for or work with.
You can teach tech, but you can't teach a personality.
Aloha_Tamborinist@reddit
Read through the post, relieved it's not me.
_510Dan@reddit
Is there no manager or head of IT? Who does IT report to? While the sysadmin is largely to blame, management certainly has some fault as well for letting it get to this point.
How do you guys even manage to purchase cyber insurance?
RestOtherwise6574@reddit (OP)
I'm gonna be honest I don't know if we have cyber insurance, I haven't asked since that's "not my job"
_510Dan@reddit
All good. It just sounds like a smaller organization so I figured there was a higher likelihood of all of the team being involved in disaster recovery planning.
RestOtherwise6574@reddit (OP)
I think by google AI standards, we are on the brink of being a large organization. We have a small IT department. I don't want to say how many, but there is only one helpdesk (me) and one sysadmin. Technically, there are other IT techs, but they are basically separate from me
0o0o0o0o0o0z@reddit
How do you have 100s of laptops w/o AD? Like it's all just a MS workgroup with server membership?
RestOtherwise6574@reddit (OP)
Yeah, it's just workgroups. I'm not exactly sure what you mean by server membership
r0ndr4s@reddit
Do you work with me? I swear this sounds exactly like the 2 sysadmins I work with(its a team of like 20-30 of them, but only 2 are on-site with us).
Sometimes I read people's experiences here working the job, both as a helpdesk and sysadmin and man some guys here sound alien to me because of how many stuff they do and how clearly good they are at their jobs. And then we have to deal with guys that dont realize DHCP hasnt been working for 4 days.
jdkc4d@reddit
Find a different job. That sucks, but do it before you get blamed for his BS.
DoqtorKirby@reddit
remote in
change setting
repeat for hundreds of computers
steal dollars per hour from enterprise for work that could be done in seconds
sysadmin might be secretly genius
whtbrd@reddit
Do you have a security team? Risk management? CIO? COO? CISO?
What sort of data do you process? Do a bit of research. PII? PHI? PCI-DSS? Any other data that is sensitive or subject to laws, rules, or regulations?
What about other companies your company interacts with? Are you in a supply chain for anyone? Have business partners? What about any internal IT policies?
Do you have HR?
The size of your company and the type of data you handle is going to make a difference in your options here.
If you have policies and the practice is in violation, you get the instructions in writing and get a meeting with HR or the CISO, CIO, or COO. And you talk about how the instructions and practices are not consistent with the policies and how you're concerned about even bringing this up because of the way you've seen this guy get people fired in the past that makes you not trust his direct supervisor to have an unbiased perspective.
If you have no policies, it may be that you can find the documentation about the way that data is supposed to be handled. E.g. PII (like for your employees), data retention standards, etc. Then you could reasonably ask for a meeting with the CISO, CIO, COO, or if you have none of those, the CEO. And you say: look, I don't want anyone to be in trouble. But I want to have a job this time next year and I'm concerned that this might not even be a company if we don't change our practices. We should at least have written policies.
Before you do any of this, have a sit down with an employment lawyer. Follow their advice. And get your ducks in a row. You're likely going to be protected by whistleblower protections here, but that has to be done correctly.
This_guy_works@reddit
I would make a detailed list of five or six of these items, the concern, and the potential risk, and then forward it onto the manager. I would also see if you signed any kind of agreement or something upon hire, and make sure you're not being asked to do anything in violation of that agreement.
And to be honest, I've been through security incidents before. It's not fun You don't want to be contributing to the environment that leads to a hack or ransomware attack. You also don't want to have to clean up after someone's inability to prevent a disaster like that. If you can't fix it now when you notice an issue, you're going to spend an insate amount of time and money fixing it later when it blows up.
energy980@reddit
IT asking for passwords is a personal gripe of mine. It's one of those standards, that when broken, just makes me disappointed. I have a coworker who will occasionally ask a user "What do you want your password to be?". I asked him one time why he does that, and he said "Their password expires in 90 days anyway, so it doesn't really matter." If someone tries to tell me their password or show me their password, I tell them "I don't need to know your password, and I don't want to know your password." I always look away when someone tries to show me their password.
Ironfox2151@reddit
I once had someone tell me their password was their SSN...
LaserKittenz@reddit
Some professional advice. Be careful about sharing these stories.
Yes its fun to share stories and vent frustrations but its really easy to cross a line (especially if your new to the field). An IT professional lives and dies on their ability to be reliable and trustworthy, being seen as a person who is unable to keep things private is a career killer.
vogelke@reddit
I don't see where protecting someone from their own incompetence equates to legit privacy concerns.
Name and shame this asshole so hopefully they get blacklisted until they up their game or start asking kids if they want fries with their meal.
spin81@reddit
TBH I don't understand this one. Isn't it literally impossible to convert MBR to GPT? Or what am I missing here
RestOtherwise6574@reddit (OP)
Microsoft has a tool called mbr2gpt. There are also other programs where you can do this without dataloss
meatwad75892@reddit
I love that MBR2GPT worked on technically unsupported OSs (down to Server 2012 / Win8) if you ran it offline. I used it to get all of our Gen1 Hyper-V VMs converted over to Gen2.
junon@reddit
Yeah, I had to do this in a critical work situation some years back and it was a scenario mbr2gpt would not work in. I ended up using the Gparted Live boot disk and it worked a treat. Really saved my bacon.
spin81@reddit
I had no idea, thanks for enlightening me and not jumping down my throat!
philixx93@reddit
This made me feel so much better. Thanks for sharing 😁
Maxplode@reddit
This brings back memories of my MSP days. When I first joined, certain customers were working in a certain way and it became clear which 'Engineer' fronted which projects 😆
ireallyf_edup@reddit
That person is not qualified to be called a sysadmin on any level.
Jeff-IT@reddit
Read the title and thought it was about me for a second
junon@reddit
This is hilarious to me because I honestly expected this post to be one of those classic posts about some know-it-all small business owner or help desk guy that was a bit too big for his britches, second guessing some likely very excusable "making the best of a bad situation" sysadmin... but it completely flipped the script.
Good luck my dude, you've got your work cut out for you there. This guy is gonna make it extremely challenging for you to make any real progress with the environment as he'll see you as a threat to his position.
Dry_Inspection_4583@reddit
Ahhh, the land of the uneducated egotistical neckbeard. I'd destroy that env so hard with offensive sec he'd be crying after a few days.
All it would likely take from the reading is one vuln to be let loose on the network, likely missing key components like a WAF, VLAN segregation, and I'd imagine that list just grows from there.
Duck and run.
jantari@reddit
Are they related to the/an owner?
RestOtherwise6574@reddit (OP)
No they are not
No-Butterscotch-8510@reddit
This has to be fake. Please tell me it’s fake. It’s really April 1st right? RIGHT?!?!?
mrlinkwii@reddit
this will get you fired in most companies end of ,
billyjack669@reddit
Inn0centSinner@reddit
What gets me is that your organization has hundreds of users but no Active Directory. So everybody is logging into their PC and laptop with local accounts? lol. I guess there's also no file and print servers.
LastTechStanding@reddit
Omg…. Pay me $100,000 I’ll fix this shit heap fast.
TheKuMan717@reddit
An org with no Active Directory? That is some chaos.
Grrl_geek@reddit
Lol, right? Y'all have fun with that!
NteworkAdnim@reddit
A friend of mine worked at a local power company (big for the region) and their single IT administrator was this level incompetent and has yet to be fired. The people enabling her are also vastly incompetent so it's clearly a team effort to hide the collective incompetence. The amount of money they waste is in the multi-millions. They also apparently had been bringing everything back from the cloud as an effort to go back to more fully on prem. oh my God there are so many horror stories from this place...
tepitokura@reddit
Clueless
pepe74@reddit
Another post in which I click on it an think "Well today's the day my company finally found out I am a piece of shit Sys Admin".
Nope, not today.
yanksman88@reddit
Good lord... you know what would help with password complexity requirements? Active Directory lmao. I'd start updating my resume personally and then go ask your boss why these things are the way they are. How many employees are in your company?
BerkeleyFarmGirl@reddit
Yeah it sounds like most of the active work he's doing is trash talking other people so he can keep his job. Every organization has one of those people, unfortunately.
zz9plural@reddit
Run.
Seriously. If there's any other qualified position available in your area, take it.
hosalabad@reddit
ccleaner? lol.
1z1z2x2x3c3c4v4v@reddit
You only work to get skills and experience. Once you get enough new and in-demand skills, you move up or out.
If you are not learning new skills, you need to move on ASAP.
AdolfKoopaTroopa@reddit
I don't claim to be a master of anything or even great at this job. I know what I know and what I don't know, I figure out and learn.
I guess it's nice to know that despite my own shortcomings, I'm not some bullshitter and am willing to admit that I don't know everything. Not sure if that's the best way to approach the work but I know that the way your sysadmin is going about his day isn't it.
djgizmo@reddit
when you work for an eastern european employer with ‘no budget’, you get shitty admins, shitty solutions, and clueless help desk
VexingRaven@reddit
I'd suspect you work at the place I started my career at except that they at least had AD. Otherwise this is my first job to a T.
probablymakingshitup@reddit
Maybe just quit and go somewhere else?
drunksandshrew@reddit
In this economy? Hell no.
traydee09@reddit
Yup, try and find something else first, and then dip. Ive been unemployed for 8 months, and nothing is happening. Its a horrible market.
jdptechnc@reddit
He will eventually be gaslit and fired anyway because I am pretty sure he will get to a point where he will not be able to just follow orders from someone who is willfully ignorant/negligent. He needs to be looking elsewhere.
drunksandshrew@reddit
Agreed but at least get fired for some severance while you look elsewhere. The US market is awful right now. Especially when it comes to pay from what I’ve seen recently. It’s the only reason why I haven’t left my job.
mister_wizard@reddit
Insert IASIP jobland gif.
orten_rotte@reddit
Do you work for comic book guy?
InnSanctum@reddit
Note: 2 different antiviruses on the same machine will fight each other enough to allow the machine to get infected. Ive seen it first hand.
TinyWabbit01@reddit
Study, get ready to bounce. Or... Raise a lot of noise and see how it goes. Watch it burn..
Tovervlag@reddit
Tell the boss of your sysadmin that you can install AD within a day and have a few devices log on to it. Tell him what you need exactly. Make sure it's backed up from the beginning. Plan this shit at home. Maybe even show him you can do it on virtualbox or whatever.
Be prepared to be fired over this. Leave traces around the system that sysadmin is incompetent without showing who you are. Set up an easter egg hunt. Find the 99 flaws of 'sysadmin'! Hang A3 format paper where people can fill in said flaws and the location where they found it.
gordonv@reddit
Just started the book "Adventures of an IT Leader."
He's a business side BS talker. It's crazy how un knowledgeable leadership is about IT.
zhinkler@reddit
What the hell kind of cowboy organisation do you work at? Surely this is /s and you’ve posted in the wrong sub.
night_filter@reddit
A lot of IT people are incompetent. A lot of people in any field are.
AGsec@reddit
Sounds like my first tech job. I did in house IT support and I installed our company's software at customer sites. Lots of click ops. I started scripting some of it and when the director of IT found out, he advised me to stop. Automation was too risky, he said. We still used tape backups in 2015 because "you can't trust the cloud" and "external drives aren't enterprise equipment, they're for laptops and video game consoles". Another time, a user had an ongoing problem with their laptop. Tried lots of things to fix it, but there was a combination of problems (it was 10 years old, never refreshed, and had 10+ user profiles on it) so I said I was going to just reimage it.
Director again said that we can't just automate our problems away and we should continue to dig into this issue until we find a root cause analysis.
When I left two years later, the same users had the same computer and was employing the same workaround of restarting it twice a day to "clear out the cobwebs".
Long story short, I feel your pain.
SandeeBelarus@reddit
Weak leadership and/or nepotism. Also likely a small employer with a poor labor market and in person reqs. Been there for a lot of gigs in the past.
tuvar_hiede@reddit
Float the idea of a external audit. Also if they have cyber insurance they ate throwing their money away. No way this setup is covered.
always_salty@reddit
Have you tried to tell him something like "No, I won't install your decades old malware or ask our users for their credentials"?
ZoteTheMitey@reddit
wot.
sanitaryworkaccount@reddit
Eh, you've found someone who the organization trusts. While pretty much all of these are bad practice, if the organization is happy with the service, and their needs are being met, fuck em. Take this opportunity to learn what you can learn and how not to do things, pad your resume, and bounce.
You're only viable option to stay is to win the organizations trust (this won't happen easily if at all) and then you can be the guy making the decisions other people bitch about :)
Walbabyesser@reddit
Interesting view, but no one could work with someone with that level of ignorance
sanitaryworkaccount@reddit
Sure you can, you control the things you can and write off the things you can't. You have to learn to let go of "the right way" when you can't control it. Document risks, send it to the person making the decision in some sort of recordable, timestamped format and move on with your life.
Learn from the terrible things that happen because of stupid decisions you have no control over and implement the things you can control.
The really hard part is......not letting the terrible things that happen because of stupid decisions become your problem (as much as possible, shit does indeed roll downhill).
Classic-Shake6517@reddit
This is where documenting your concerns the right way helps a lot. Using tact is pretty important because it can get people into trouble or fired if they just go and say, "Jeff is an idiot because he is using this terrible and old AV software." instead of "Hey here's some posts/articles I found dissecting this thing and it looks suspicious, I don't think we should keep using it for these reasons." It's important to lay out the concerns and not focus on blaming, much better received that way and then when something happens you have some ammo to say, "I brought that up and was dismissed."
rubs_tshirts@reddit
Who else expected this to end with "It's me. The sysadmin who sucks is me."
Sirlowcruz@reddit
holy shit, it sounds like your deployment needs a complete overhaul. when you get hacked, reach out to me per dm, we can rebuild your infrastructure better :)
cap_xy@reddit
I just don't believe this is real.
MSXzigerzh0@reddit
Small company hopefully. The person is personal friends with the owner.
Yes.
Difficultopin@reddit
Easy, use any LLM to convert your rant to a professional report and send it to the leadership.
punkwalrus@reddit
I worked for a company where the head of IT was impressively incompetent. Our division relied on working technology to keep all our, er "appliances," flying and recording in the sky, so to speak. There were backups of backups, redundancies, encryption, and high level secured stuff. Because we required "advanced" technological comprehension, we had our own shadow IT just to keep the lights on. But for things like the office network, getting your laptop, and the office network, this guy "Biff" was in charge. He was a real piece of work. I was told by other managers that he kept his job because they couldn't find anyone else that would "just do" with such a low salary requirement, which while I have no idea if that was true, it seemed plausible. When I started there, he had already been with the company for 10 years.
First, he was a Microsoft fanboy, and I am not saying "Windowz suxx" or anything like that, but he was a fanboy of Microsoft like "the Star wars kid" was a fanboy of George Lucas. Anything not MS "sucked." He refused to support it or learn anything about any other technology in a useful way; for example, our Cisco infrastructure or the VMware server fleet with all the Windows servers for the internal part of the company. His list of "not MS things that sucked" were sometimes surprising, Like SSL certificates.
Second, he was intimidated by anyone who knew more than him, so he had two "assistants" who were lukewarm bodies who had basic literacy and comprehension problems. Biff never did any job that he couldn't send one of these guys to do for him, because out of the four floors of our office, he stayed pretty much in his bunker, a darkened room with a cubicle and old CRT monitors. Biff loved speaking about them in the third person in their presence, using "joking and joshing" comments about how dumb they were. How they stood this, I have no idea. They weren't allowed to do ANY work while he was gone, and he was gone "on Microsoft training" several weeks a year, company paid, in addition to his vacation and sick leave.
While I was there, he had some extra special events happen, not the least of which, the office had 3 ransomware events in 2 years. Because my division was segmented and largely Linux-based, we weren't affected just by using the minimum of safety protocols. We had firewalled ourselves from the office and it saved our skin more than once.
We had to have our own file server because twice he'd been known to wipe out file shares without warning. He also "didn't believe in backups" because "they are unreliable and outdated, anyway." Okay...
Was paranoid about being filmed to the point he was able to skirt the fact video on conference calls was company mandatory. "A man in my security profession can't afford to be photographed." Sure thing, buddy.
I discovered too late to be useful, but all the Cisco equipment was default passwords of cisco/sanfran. I discovered this when a legacy employee told me how to check for whether an interface was up to diagnose my network patch panel issue (it was administratively turned off, I turned it back on and fixed it myself). We had to have our own wireless network because the office wireless was so oversaturated, it was next to useless.
Thankfully, because we managed our own segment, we rarely had to work with the guy. But the few times a year we had to work with him, he was shockingly overconfident and patronizing for the skills he actually had.
Skinny_que@reddit
You guys are training your users to hand over their passwords to social engineering 😭
dolsey01@reddit
If his name is Dean, I've worked with him before.
verdamain@reddit
This org needs a Pentest / security audit done, the results will paint him as a useless moron
Ch4rl13_P3pp3r@reddit
Are all the machines standalone with no network access? Sounds like 1989 all over again. Either that or your sysadmin is hiding from the Cylons.
slayermcb@reddit
"Im brand new but the senior guy sucks" set me up for a "you just dont understand" response but holy shit this guy sucks, and it sounds like hes human savvy enough to have the higher up trust him. Bad combo. Get enough experience to update that resume and bail because he sounds embedded.
StunningChef3117@reddit
I do not know where you live but if its in the eu and you believe personal data is actually at risk (sounds like it) i would unironically recommend finding out where in your country to tip off to force or push for an audit. I know this might sound like it would suck and would probably put both your job and company at risk but honestly. One of the reasons there are so many data leaks are employees too afraid to report their company for large infractions
Generico300@reddit
Uh...so how are you managing user accounts?
RestOtherwise6574@reddit (OP)
Lol, as far as I have learned currently the only way we manage user accounts is physically having the laptop with us or using an RDP software as we use local admin accounts
Generico300@reddit
And let me guess. Same local admin credentials on every machine.
RestOtherwise6574@reddit (OP)
You know it
_mnz@reddit
Powershell?
zekrysis@reddit
Hell of alot harder without using active directory
PoEIntruder@reddit
He this is Jared from HR, give me a call when you get a chance.
occamsrzor@reddit
Yeah, cuz HR would totally contact them via Reddit rather email, messaging or just calling them...
PoEIntruder@reddit
It's sarcasm......I bet you're real fun at parties.
occamsrzor@reddit
I don't know; I'm never invited
PoEIntruder@reddit
Well now i'm sad. Hope you get to go one day.
CantankerousBusBoy@reddit
I am making a party tonight. u/occamsrzor would you like to come? Just don't be sarcastic.
occamsrzor@reddit
Maybe...
yepperoniP@reddit
This reminds me way too much of my former boss. I also made a rant about it here on r/sysadmin a few years ago. He was stuck in his ways of doing many things manually, was afraid of very basic Powershell commands, and would often do the complete opposite of what are best practices. And yes, CCleaner even made an appearance on occasion. Instead of MDM, he wanted iPads on Apple Family Sharing, which was totally unsuitable for managing devices in a work environment just because he used it with his kids, even though we had Intune licenses available to use. At least we had AD, even though that was also a mess.
Unfortunately the only way you might solve this is to change jobs. My former boss knew all the key people to suck up to so he’d look good, all while constantly talking shit about other users instead of trying to help. He’d also would be super passive-aggressive towards me at times, and after a while I found he would start to say intentionally wrong stuff to mislead me.
I’m in a much better place now, although I still have to deal with quite a few people that seem stuck in like 2007.
I’d say stick it out for a bit and learn some stuff if you can, but be ready to get out of there and move to something better. I think I took way too long to realize that job was a dead end and that I should have been somewhere better.
TopherBlake@reddit
Ah shit, my helpdesk person discovered reddit.
baconjerky@reddit
Ask him to block Reddit on his machine - I hear you can use something called a hosts file to do this
Fallingdamage@reddit
your sysadmin sucks.
doyouvoodoo@reddit
I've been in multiple situations like these throughout my career.
If you want to improve things, here are a few things to help:
Don't bring problems, offer solutions: Ask to do a pilot as a proof of concept. Getting management to allot you 10 users/machines is not as threatening to operations, and in a situation like yours, can build trust quickly.
Don't make your arguments against the way the other sysadmin does things: Instead, make your pitch "They always seem to have so much work, I'd like to do what I can to help take some of the load off of them." (good luck to the other sysadmin on making you out to be the bad guy).
ROI will almost never lose an argument: Employees are almost always the most expensive cost to running a business. So know how much an hour of your time really costs the business, and build arguments around time to ROI. If a solution costs $3,000 a year that would save you and your other sysadmin each 15 hours a month @ $30/hr (30hr x $30 x 12m = $10,800yr), you can confidently show that that $3,000 investment results in an operational savings of $7,800 annually.
Never badmouth the person who has been there longer. If you play the game right, your work and team player attitude will make them out themselves to the employer or in rare cases leave on their own.
timbotheny26@reddit
God damn, I don't even have the A+ or work in helpdesk yet, but I'm pretty sure that even a greenhorn like me could do a better job than this guy.
Two AVs on top of EDR and CCleaner, and one of the AVs has been known to bundle malware? The fuck?
This level of incompetence has to be intentional. I just....how? Why?
BoltActionRifleman@reddit
Are they near retirement? Sounds like they’re coasting. Or maybe they just enjoy being on a permeable boat in a sewage lagoon.
Sab159@reddit
Tell his management on your way out.
thisbenzenering@reddit
lol that is comically embarrassing. I bet the issue is that he and his leadership are allowing "perfect be the enemy of good"
probably started a kerberos node and decided to fuck all that
or decided to put DNS on a different server than a Domain Controller and fucked everything up when it didn't work right
or didn't have two domain controllers and tinkering with the single one kept bring down the whole domain
the list of how bad it could be is huge and yet creating a simple Active Directory domain is super easy and just needs to be planned out correctly
Dangerous-Mobile-587@reddit
You def need to find employment somewhere else. Best time is when you got a job.
BisonThunderclap@reddit
OP could always shoot their shot and dethroning their boss.
Donald-Pump@reddit
As shitty of a sysadmin I think I am, sometimes I'm reminded I could be worse.
BisonThunderclap@reddit
If someone less experienced could do it with a video tutorial faster, that guy is worthless.
Friendly_Fudge_931@reddit
That is bad... I work for a K12 school district as a network/systems engineer (which is their title for sysadmin) and I really like it but some people are so dumb. Someone didn't even know how to log out or shut down their PC on friday. Keep in mind this was a teacher.
chuckycastle@reddit
Sounds like you’re following in their footsteps. Congrats on your journey to become the next sysadmin that sucks.
occamsrzor@reddit
Honestly, as a Senior Retail Systems Engineer (I enable the automated deployment of things like POSs), I don't have a problem with this. Win10 is just a better OS. Win11 is a change for the sake of change because, "give us money!"
The rest of it is...jesus. If T1 Help Desk was your sys admin...
sexbox360@reddit
Wait a few months, get a "top 5 issues" list going, then go to his boss. Be super polite "I really like the guy, but I think we're doing this wrong"
If they don't listen, then look for a new job.
The_Wkwied@reddit
Tread carefully.
You're a newb. If you immediately say you can see a whole lot of things which need improving, you're going to get shitfaced as a know-it-all and everyone on your team is going to hate you.
Quietly document and whenever there's an appropriate time, bring up how you threw the antiviruses through virus total and they say it's malware. Wait until you see a popup from windows defender saying there's a malicious app, then ask your sysadmin and their boss what they want you to do
If you board and then try to rock the boat right away, you're not going to like the result. You need to play the office politics.
This guy has been playing them for a lot longer than you. Chose your battles. You're an employee, who needs their job, first and foremost.
Creative-Type9411@reddit
converting mbr to gpt (even forced, having to manually re-create the Boot partition) is super easy
achristian103@reddit
r/shittysysadmin
TxTechnician@reddit
Well, look for a different job.
If you want to do a solid to the people still working there:
Before you leave, document all the incompetence and unprofessional behavior.
Create it as an anonymous person. And submit it to each manager and middle manager. Post it to reddit as well. Use a hastags or tile so ppl can find it. Don't name the company. But leave enough detail so that employees can figure it out.
This is someone who uses abusive and unethical behaviour to get ahead. Organizations who have these kind of ppl in charge suffer, but don't realize it because they simply don't know what they don't know.
Anyways, that's how you handle a person who has a small amount of power when the people in charge won't listen or don't care.
Same reason posting videos of cops being bad cops works, while keeping it quiet and "reporting through the proper channels" just gets that cop reassigned or a slap on the hand.
Rorasaurus_Prime@reddit
I love posts like this. It makes me realise my shit doesn't stink and is actually pretty ok.
ContributionSea8300@reddit
My guess he's part of the good ole boys club and just gets away with shit because of it. Unfortunately happens way more than it should.
Humble-Plankton2217@reddit
Your title will also be "Scapegoat", in case you don't know this already.
FnGGnF@reddit
Some people are just "grandfathered" in their job/role. There is nothing you can do here. Look elsewhere.
Unseen_Cereal@reddit
Uh....look for another job while working.
paleannie@reddit
i hope it's in the form of solitaire
Guidance-Still@reddit
Remarkable-Toast@reddit
Some people could use a little imposter syndrome ngl
dollhousemassacre@reddit
Dude has mastered the art of "failing up". I'm actually somewhat impressed.
zalfenior@reddit
I'd get out of there before he manages to blow up your career too honestly
mike_dowler@reddit
Do you have a manager? You should be raising these concerns with them - not in a “OMG the sysadmin is so incompetent” way, but more in the “can you explain why we are installing this outdated antivirus?” and “should we consider getting in some outside help to set up AD (or better still, Entra)?”
If the manager isn’t willing to do anything about it, then they are the problem, not (primarily) the sysadmin
RestOtherwise6574@reddit (OP)
It's definitely a manager issue as well, I have gone to the person who supervises most of the department I am a part of and I am no longer required to know user passwords but that was only a small part of the issue.
Timberwolf_88@reddit
Yeah, that's a no from me. Find something else asap.
Shot-Document-2904@reddit
What is he, the business owners kid or something?
Get out now.
discgman@reddit
I would have left like yesterday. Find a new job asap!
Buddy_Kryyst@reddit
Yep that all really sucks. Good luck with the shit show.