Entegy

Didn't know what ROM was in front of family

Posted by throw-away-2025rev2@reddit | sysadmin | View on Reddit | 396 comments

Am I overreacting? MSP using shared global admin, no pim, admin account = standard account

Posted by DaCozPuddingPop@reddit | sysadmin | View on Reddit | 112 comments

Entegy@reddit

There's a lot wrong here of course. GDAP doesn't cover everything, so shared MSP GA login can be normal. For us, the MSP has such a shared account but the credentials are stored in a password manager with an audit log. We occasionally ask for an export of the log so we can see who used the credentials. For yourself, GA on your normal account is fine if it was backed by PIM, phish-resistant MFA, and email notifications when activated. You have some changes to fight for! And don't forget to CYA.

Running an old program (MS Digital Image) on Windows 10/11

Posted by Technical-Society-95@reddit | sysadmin | View on Reddit | 13 comments

Entegy@reddit

The Trident engine is still in Windows, so these kinds of apps \_should\_ still work if they're using integrated IE calls correctly. But asking Windows devs to use features and APIs correctly is a big ask.

Offboarding a deceased user

Posted by flattitty@reddit | sysadmin | View on Reddit | 36 comments

Entegy@reddit

When we export a list of terminated users for the year, it doesn't feel like the right terminology for someone taken off of payroll because they died...

After a year of using Windows Server 2025, I'm finally throwing in the towel

Posted by sarosan@reddit | sysadmin | View on Reddit | 434 comments

Entegy@reddit

I'm a Live Tile enjoyer who's sad they're gone in Windows 11, so I'm not the best person to say that to. But it was 2012 and 2012 R2 that has the fullscreen only Live Tiles of Windows 8. Server 2016-2022 match Windows 10 in being able to choose between menu and full screen tiles.

After a year of using Windows Server 2025, I'm finally throwing in the towel

Posted by sarosan@reddit | sysadmin | View on Reddit | 434 comments

Entegy@reddit

Server 2016 is based on an old edition of Windows 10. One that was still finding its footing regarding the single cumulative patch. Literally the next edition, Windows 10 v1703, was such an improvement in these core functions like the update engine and new tooling like mbr2gpt.exe. They should have held off another 6 months and made a Server 2017.

How do you handle access user access to shared mailboxes?

Posted by chromespy200@reddit | sysadmin | View on Reddit | 43 comments

Entegy@reddit

And deal with complaints about Outlook freezing every time they access the mailbox or they can't reference it when offline? Nooooo thank you.

How do you handle access user access to shared mailboxes?

Posted by chromespy200@reddit | sysadmin | View on Reddit | 43 comments

Entegy@reddit

Our shared mailboxes aren't really complex. If you have access to it, you likely need send rights as well. The only time I can think of where we grant access to a mailbox but not send rights is when a terminated employee's mailbox is converted to a shared one. People generally only complain when changing computers because they forget how to add a shared mailbox. I send them our internal KB and that's it.

How do you handle access user access to shared mailboxes?

Posted by chromespy200@reddit | sysadmin | View on Reddit | 43 comments

Entegy@reddit

Mail enabled security groups. Don't need a bunch of auto mapped mailboxes sharing a single OST and hitting the 47.5GB limit every day. Less of an issue with new Outlook I guess but I still have a large amount of people on Classic. I've also never had any issues with send as permissions and I hide all my MESGs that just grant permissions.

Apple ID 2FA calls not coming through on Splicecom PBX on Gamma SIP

Posted by anonymouse589@reddit | sysadmin | View on Reddit | 3 comments

general availability of VMware Workstation 26H1 and VMware Fusion 26H1

Posted by lost_signal@reddit | sysadmin | View on Reddit | 11 comments

Entegy@reddit

I've verified my personal account 3 times now. All 3 times I had to get support to do it because I couldn't load the form.

Windows Updates in Europe

Posted by Alzzary@reddit | sysadmin | View on Reddit | 13 comments

Windows Updates in Europe

Posted by Alzzary@reddit | sysadmin | View on Reddit | 13 comments

Entegy@reddit

Yes, there is no "2025-05 Europe Edition" it's the same bits released at 13:00 Pacific on the second Tuesday of the month. Every edition of Windows (in the same feature build) is served by the same patch.

Free Room booking system recommendations

Posted by Funker_rikke@reddit | sysadmin | View on Reddit | 9 comments

Missing registry when installing application with silent-switch

Posted by Sad_Mastodon_1815@reddit | sysadmin | View on Reddit | 16 comments

Entegy@reddit

Yeah, the silent install directly manipulating file association registry keys is perceived as a hijack by Windows. Hopefully their support can get their devs to fix the issue and use the file association APIs so it's presented to the users properly.

Missing registry when installing application with silent-switch

Posted by Sad_Mastodon_1815@reddit | sysadmin | View on Reddit | 16 comments

Entegy@reddit

Is this a vibe coded app or just poorly coded? How does a commercial app not know how to properly set file associations so Windows knows it can accept file associations/protocols? Shit dev. You shouldn't have to do this via script to fix their shit installer.

Missing registry when installing application with silent-switch

Posted by Sad_Mastodon_1815@reddit | sysadmin | View on Reddit | 16 comments

Entegy@reddit

And that hasn't been allowed by Windows since Windows 10. There are proper APIs apps must use to register themselves for file types and protocols. An app installer hijacking a default protocol association is literally why those blockers were developed. A mail app that lives in the user context? Is this some homegrown app? If so, fix it to use the proper methods. Use the right API to register the app's supported protocols/file types, then since this is r/sysadmin, use a policy to push a default file associations XML.

Missing registry when installing application with silent-switch

Posted by Sad_Mastodon_1815@reddit | sysadmin | View on Reddit | 16 comments

Entegy@reddit

Registry keys for what? It's also worth noting the default install environment is 32-bit PowerShell so keys might end up in WOW6432Node if written directly.

Intune devices new UI

Posted by The-Dude-01@reddit | sysadmin | View on Reddit | 21 comments

Entegy@reddit

The Microsoft Naming Department briefly reared it's head to try and make a description a name again, or because someone thought the phrase "MEM does MDM and MAM" was in no way confusing. Thankfully they were banished to be distracted on coming up with the next weird Xbox name and Intune was restored.

HP Blatantly Lying about Secure Boot 2023 CA Support

Posted by Amomynou5@reddit | sysadmin | View on Reddit | 71 comments

Entegy@reddit

The tool isn't preprogrammed with every single HP machine's firmware options. It reads all possible options from the machine it's running on. I used HPBCU to export the list of options to a TXT file and just did a Ctrl+F for 2023. I then used the setvalue flag of HPBCU to enable them. After two more reboots, Windows reported using the new Secure Boot cert.

HP Blatantly Lying about Secure Boot 2023 CA Support

Posted by Amomynou5@reddit | sysadmin | View on Reddit | 71 comments

Entegy@reddit

Yup, this was my issue on HP machines. The Windows enablement would fail because the firmware added a new option to enable them. I used the HP BIOS Configuration Utility and found _three_ new options related to the 2023 cert Jesus Christ HP.

TIFU by ignoring the 2% battery warning during a presentation

Posted by Ornery_Hat_3662@reddit | sysadmin | View on Reddit | 13 comments

Entegy@reddit

It depends on the battery health of the Mac. 2% could mean 20 minutes, it could also die right away. I wouldn't play around at that low.

Everyone is telling me to change my field (IT) and learn a trade.

Posted by ybicurious@reddit | sysadmin | View on Reddit | 376 comments

Entegy@reddit

I can understand that feeling, but keep looking for something and build your skills. I'm not telling you to quit, a job is better than no job. Just keep in mind you're being massively underpaid.

The installation failed in the Safe_OS phase with an error during boot operation.

Posted by AmmadIrshad@reddit | sysadmin | View on Reddit | 29 comments

Entegy@reddit

There's a tool from Microsoft called [setupdiag](https://learn.microsoft.com/en-us/windows/deployment/upgrade/setupdiag). It's usually pretty good at reading the logs failed upgrades and installs leave behind to diagnose the issue.

Everyone is telling me to change my field (IT) and learn a trade.

Posted by ybicurious@reddit | sysadmin | View on Reddit | 376 comments

Everyone is telling me to change my field (IT) and learn a trade.

Posted by ybicurious@reddit | sysadmin | View on Reddit | 376 comments

Entegy@reddit

What province do you live in? I had $45k in Quebec over 10 years ago on help desk. What you are being paid is barely above minimum wage, and in fact below Nunavut's minimum wage (not that I think you live in Nunavut) You don't need to change your career path, you need to find another job. Keep looking while working this one, you're being megascrewed.

We need a new term for fighting GenAI hallucinations

Posted by xXShadowsteelXx@reddit | sysadmin | View on Reddit | 49 comments

Entegy@reddit

That is a fantastic idea. Reminds me of [this post](https://www.reddit.com/r/WhitePeopleTwitter/s/LSaPM8RTTd) and I should keep its spirit in mind when approaching questions about expertise.

chrome jamf plist or json template

Posted by NoDistrict1529@reddit | sysadmin | View on Reddit | 1 comments

Entegy@reddit

For macOS, I just make a custom .mobileconfig with iMazing Profile Editor and upload it. For configuring iOS, I dunno how Jamf does it, but for Intune I just enter the values in an App configuration policy > Managed Devices > select app as Chrome.

We need a new term for fighting GenAI hallucinations

Posted by xXShadowsteelXx@reddit | sysadmin | View on Reddit | 49 comments

Google Workspace as IdP for Microsoft Entra

Posted by verde90@reddit | sysadmin | View on Reddit | 20 comments

My manager went crazy today when he saw a ticket a user submitted😭

Posted by aomine1234@reddit | sysadmin | View on Reddit | 403 comments

Windows 11 Security Fix KB5083769 breaks causing backup failures - VSS fails

Posted by Bob_Spud@reddit | sysadmin | View on Reddit | 19 comments

Any of you know how to change the boot logos on HP ZBooks (Fury 17 G8) ?

Posted by Brilliant_War9548@reddit | sysadmin | View on Reddit | 19 comments

Disabling inter-machine Windows authentication

Posted by devbydemi@reddit | sysadmin | View on Reddit | 44 comments

Entegy@reddit

Yes hello I hate my life and create abominations of installs, but I will blame it on Microsoft to make myself feel better.

winget - is this awesome as it seems

Posted by SnooMachines9133@reddit | sysadmin | View on Reddit | 135 comments

Entegy@reddit

WinGet just plain refuses to touch PowerShell 7 and I have no idea why. I've tried so many times to have it updated via WinGet even if WinGet installed it and it just doesn't. I've also never seen PS7 be updated by Windows Update. I finally saw a random GitHub comment from an MS developer saying that publishing updates to Microsoft Update lags by weeks from a new version's actual release. So for PS7 I'm still installing the MSI manually every update and it sucks. WinGet won't touch it and they take too long to push it to MU in the meantime you get an outdated version warning every time you launch PS7 and security tools flag an outdated software. Sucks.

Windows 11 Security Fix KB5083769 breaks causing backup failures - VSS fails

Posted by Bob_Spud@reddit | sysadmin | View on Reddit | 19 comments

Entegy@reddit

Reading more, it seems there's a driver, psmounterex.sys, whose older versions have been added to the Code Integrity blocklist that's related. This appears to come from Macrium Reflect, and the older version. This is bad because Macrium stopped offering free versions and a lot of people are stopped on the last free version which has this newly blocked driver.

I Pushed Out Ublock Origin Across The Org & Stopped (some) Phishing

Posted by Krelik@reddit | sysadmin | View on Reddit | 176 comments

Entegy@reddit

lolwut? The developer of uBlock Origin is a fellow QuĂ©bĂ©cois? This is the first I’ve ever heard of this and I can’t find anything about that.

I Pushed Out Ublock Origin Across The Org & Stopped (some) Phishing

Posted by Krelik@reddit | sysadmin | View on Reddit | 176 comments

I Pushed Out Ublock Origin Across The Org & Stopped (some) Phishing

Posted by Krelik@reddit | sysadmin | View on Reddit | 176 comments

Bluehost allows me to send emails without a password - normal?

Posted by CarnalDevices@reddit | sysadmin | View on Reddit | 14 comments

Azure AD Connect AutoUpgrade – When exactly does it upgrade? Will it cause downtime during business hours?

Posted by maxcoder88@reddit | sysadmin | View on Reddit | 5 comments

Entegy@reddit

The sync is not realtime anyway so if it picks to do an auto upgrade in the middle of the day, you won't even notice. I actually forgot about our AD Connect for at least a year until I saw this post. Just checked and it's on the latest version, no issues. Unless you have a crazy advanced configuration, I would just turn on auto upgrade and forget about it.

Fuck you microsoft and your new “prove you aren’t a robot” challenges for outlook.

Posted by mag_man85@reddit | sysadmin | View on Reddit | 26 comments

Entegy@reddit

I'm guessing you don't have an Apple device because you can't be granted remote control permission during a FaceTime call.

Any way around Teams auto-update?

Posted by 0oWow@reddit | sysadmin | View on Reddit | 17 comments

Entegy@reddit

I've never had Teams decide to autoupdate in a way I noticed. It's autoupdating though, because the version number is increasing when I check. Maybe uninstall and reinstall its package?

What are your users using as a backup to Microsoft MFA?

Posted by khabel212@reddit | sysadmin | View on Reddit | 41 comments

Entegy@reddit

Authenticator moving to a new phone can still be pretty tricky if the backup process for your phone's primary cloud provider isn't configured correctly. Users getting new phones is definitely the #1 Authenticator related ticket we get.

Migration IMAP to M365

Posted by Efficient_Finance935@reddit | sysadmin | View on Reddit | 12 comments

Entegy@reddit

That depends on your migration tool. Most do have an option to do an initial sync ahead of time, then keep the source and M365 in sync with periodic updates until you cut over.

What are your users using as a backup to Microsoft MFA?

Posted by khabel212@reddit | sysadmin | View on Reddit | 41 comments

Entegy@reddit

Theoretically the TOTP option from within the app but I've never had the notification not arrive unless it was completely broken and requires reregistration in the first place. Not saying it's impossible, just not a scenario I need a backup for. My scenarios are broken or new phone. That's it.

What equipment do you give to your creative professionals?

Posted by M4niac81@reddit | sysadmin | View on Reddit | 40 comments

Entegy@reddit

Man, I packaged Adobe CC for way less employees. Windows I don't even care because it's in the Microsoft Store and I just deploy that.

What equipment do you give to your creative professionals?

Posted by M4niac81@reddit | sysadmin | View on Reddit | 40 comments

Entegy@reddit

Intune can deploy Adobe CC to Macs which was my biggest blocker in getting rid of Munki, which is Disney's open source Mac app deployment tool. Everything else I deploy with either an Installomator script or, if I can, VPP from the Mac App Store. Intune is good enough for a Windows shop supporting a small number of Macs. You're already a good chunk of the way there with having Apple Business connected to Intune.

GoDaddy gave a domain to a stranger without any documentation xpost from HN

Posted by cop1152@reddit | sysadmin | View on Reddit | 69 comments

USB-C to Ethernet Adaptor

Posted by joners02@reddit | sysadmin | View on Reddit | 32 comments

Entegy@reddit

I do the same, but we also add language packs since we are multilingual. It significantly cuts down on Windows Update runtime post-install.