Unable-Entrance3110

To all my 'jack of all trades' sysadmins - give me a list of everything you are responsible for you in your environment

Posted by ChesterM54@reddit | sysadmin | View on Reddit | 143 comments

Unable-Entrance3110@reddit

Yeah, I was out volunteering at a food distribution facility recently, one of the people mistook me for staff and asked what was wrong with their equipment. A normal person would have flagged down an actual staff member for help. It didn't even occur to me in the moment. I just got right to work diagnosing and fixing their problem. It wasn't until I was walking away that I realized I had maybe overstepped my authority in that context...

To all my 'jack of all trades' sysadmins - give me a list of everything you are responsible for you in your environment

Posted by ChesterM54@reddit | sysadmin | View on Reddit | 143 comments

what tool are you running that management doesn't know about

Posted by Evening-Result5868@reddit | sysadmin | View on Reddit | 187 comments

Scan for all user's calendar items that are "Out of Office" for public PTO dashboard?

Posted by billygreen23@reddit | sysadmin | View on Reddit | 20 comments

Unable-Entrance3110@reddit

We used to use a service called Simple In/Out (https://www.simpleinout.com/) and it worked pretty well. You have several options for automatically signing people in/out like geo-fencing, wifi networks, and bluetooth beacons.

Just audited our environment and the scariest stuff is the IT scripts that have been running for years without being touched

Posted by kmonie360@reddit | sysadmin | View on Reddit | 104 comments

Unable-Entrance3110@reddit

My question is, what is the difference between a regular user and a service account user? Just set up a "real" user account and never issue a badge correlated to that ID and/or don't set up any permissions other than what is needed for the API? IDK, just spitballing here. We have a "real" (actually virtual) user in our IT team that shows up in all of our documentation and is used to test things as a user.

Daily reminder to not be complacent and to not be stupid - laptop stolen from truck

Posted by Nexzus_@reddit | sysadmin | View on Reddit | 55 comments

Unable-Entrance3110@reddit

Yeah, I am sort of religious about it. I am a paranoid person, so if I absolutely have to leave something in the car, I make sure it's not visible from any external vantage point and all the doors are locked.

2 IPS address on 1 DC

Posted by nricko@reddit | sysadmin | View on Reddit | 48 comments

Unable-Entrance3110@reddit

My DCs are multi-homed. It's not a problem for the most part. I disable DNS registration at the NIC level and ensure that the network that the secondary interface attaches to doesn't allow ICMP or SMB (this keeps NLA from detecting anything). With that configuration, the only issue is that on every reboot, I have to manually unselect the secondary interface from being bound to the DNS server and restart the DNS service. If I don't do that, the secondary interface IP gets registered in DNS.

2 IPS address on 1 DC

Posted by nricko@reddit | sysadmin | View on Reddit | 48 comments

2 IPS address on 1 DC

Posted by nricko@reddit | sysadmin | View on Reddit | 48 comments

Unable-Entrance3110@reddit

I have multiple IPs on my DCs. One IP has no gateway and is the management network. I set a port-level ACL on the management VLAN so that NLA can't detect anything on it (it reliably comes up as unknown/public). This just leaves the process of re-binding the DNS server on the DC after reboot since it always binds to all available IPs. Oddly enough, my virtualized DCs don't have this problem even though they are also multi-homed.

My older coworkers have accepted AI as the source of truth

Posted by randomname945@reddit | sysadmin | View on Reddit | 595 comments

Unable-Entrance3110@reddit

One thing that I have found is AI makes crap up all the damned time. It is absolutely not a source of truth. It's definitely handy to get pointed in the right direction, but, in my experience, if you aren't in a position to validate the AI's output, then you shouldn't trust it. My most recent example with this is getting a Mac integrated into our environment. I don't know much about Macs so I have been leaning on AI answers to questions. I have several miles worth of chat history now for everything from how to get the Mac Intune enrolled to distributing SCEP certificates for the purpose of 802.1x auth. It has been wrong on every single thing in some critical way. That's not to say it hasn't been helpful, but once you get into the weeds, it's often better to just go read the documentation yourself because the AI just can't know every detail about your environment. It is just regurgitating an average.

Github allegedly Breached

Posted by ITSecurityAdam@reddit | sysadmin | View on Reddit | 238 comments

Github allegedly Breached

Posted by ITSecurityAdam@reddit | sysadmin | View on Reddit | 238 comments

Unable-Entrance3110@reddit

Yeah, it's crazy to me that some sysadmins still allow unrestricted extensibility installs in software. The first thing I do when bringing in a new software is to look at what kind of extensibility features it has and lock it down to approved only (or none at all). I will then create a plan for keeping approved extensions up-to-date, sign myself up for update notifications and monitor update rollouts.

Github allegedly Breached

Posted by ITSecurityAdam@reddit | sysadmin | View on Reddit | 238 comments

Unable-Entrance3110@reddit

I would argue that the motivation for cutting is the same whether or not the software exists on premises or in the cloud. If the operators of the application want to increase shareholder "value" by cutting operating costs, security is going to be on the table along with every other option. They are highly motivated to provide the minimal amount of whatever is needed to keep the application working and no more.

"Just move a few shared drives to the new server, shouldn't take long"

Posted by Gardanris@reddit | sysadmin | View on Reddit | 199 comments

Unable-Entrance3110@reddit

Yes. This was 3 years ago now so things might have changed, but I definitely ensured that every server in the DFS process was set to encrypt. Here's the thread that I was posting in about it: [https://community.spiceworks.com/t/unc-hardening-not-working-for-file-shares-in-dfs-namespace/944721/3](https://community.spiceworks.com/t/unc-hardening-not-working-for-file-shares-in-dfs-namespace/944721/3)

"Just move a few shared drives to the new server, shouldn't take long"

Posted by Gardanris@reddit | sysadmin | View on Reddit | 199 comments

Unable-Entrance3110@reddit

Only issues that I have run into with DFS (which are also why I am no longer using it) are: 1) Autodesk support is intollerant of DFS when it comes to low level troubleshooting of shared models that reside on DFS network shares (YMMV). 2) At least in my testing, it doesn't appear to with with SMB encryption. I spent a ton of time trying to figure out why my SMB connections were not encrypted. I ended up moving to windows cluster services which solved the issue for me. But, yeah, every Wireshark capture, with SMB encryption turned on would continue to show clear-text SMB packets.

FAX ATA providers

Posted by Important-County314@reddit | sysadmin | View on Reddit | 32 comments

Unable-Entrance3110@reddit

When I was shopping around for Fax providers, I found that it's a very consolidated industry. Almost every fax service that I ran across was owned by some multi-national. I always try to buy as local as possible. In this case, I wasn't able to find something in my (US) state, but I did find a Colorado-based company that provides Fax services. [https://www.faxage.com/](https://www.faxage.com/) We have been using them for a few years and it just works.

When do I stop feeling like a failure?

Posted by InfamousStrategy9539@reddit | sysadmin | View on Reddit | 185 comments

Unable-Entrance3110@reddit

There are definitely many different shades of "winging it" too. Winging it could mean that you always take shortcuts, it could mean that you don't care, it could mean that you don't have perfect knowledge before implementing something, or it could mean that you are trying things that haven't been tried before. Much of our collective knowledge is derived from people "winging it" in order to further expand the frontier.

When do I stop feeling like a failure?

Posted by InfamousStrategy9539@reddit | sysadmin | View on Reddit | 185 comments

Unable-Entrance3110@reddit

I think you just need some wins to build confidence. Everyone fails, it's part of being a human. Sounds corny, but keep a journal. Write down your successes and your failures. Learn from your failures and celebrate your successes. Over time, you will see that your successes outnumber your failures and that will help you feel more confident.

"Just move a few shared drives to the new server, shouldn't take long"

Posted by Gardanris@reddit | sysadmin | View on Reddit | 199 comments

Unable-Entrance3110@reddit

There are not many projects more dreaded than moving file shares. This is why a lot of people use DFS or clustered file services. I would say that you probably should have spent more time doing the documentation work, rather than just jumping into it. You could have also used CNAME records in the worst case. Better yet, do a parallel installation and migration path. Put a notch on your sysadmin belt and remember the lessons learned for next time.

Yellowkey - a Bitlocker bypass method

Posted by DaveTheAllrighty@reddit | sysadmin | View on Reddit | 398 comments

Unable-Entrance3110@reddit

That just doesn't make sense though, does it? If they built this in for anyone, why would they not build in some kind of authentication like a certificate or PSK or something? In other words, why allow for the possibility of it being utilized by anyone other than its intended audience? I like a good conspiracy as much as the next guy, but this just sounds like a stupid bug. You know, Occam's Razor and all that.

Yellowkey - a Bitlocker bypass method

Posted by DaveTheAllrighty@reddit | sysadmin | View on Reddit | 398 comments

people pleaser sysadmins

Posted by crankysysadmin@reddit | sysadmin | View on Reddit | 71 comments

Unable-Entrance3110@reddit

As with all things in life, you find a balance. There is nothing wrong with being a "people pleaser" as long as you can set boundaries and say "no" when it's appropriate. (I consider myself a "people pleaser" and I don't think it's a problem. I also don't believe that you would find this department to be in a shambles or poorly operated)

What’s Your Most Controversial IT Opinion?

Posted by OrdinaryJust9594@reddit | sysadmin | View on Reddit | 986 comments

Rebuilding a department's reputation

Posted by BemusedBengal@reddit | sysadmin | View on Reddit | 101 comments

How many old timers in here?

Posted by aliesterrand@reddit | sysadmin | View on Reddit | 2412 comments

Unable-Entrance3110@reddit

I remember trying to run video games on the family 286 in the early '90s, but the computer didn't have a sound card. There was a game called Dungeon Master that came with a parallel port adapter with an 1/8th" headphone jack in the center of it. The game would set various voltage levels on some of the printer port pins in order to create tones through a speaker. It sort of worked, except that there was some kind of IRQ conflict or other issue where when the sound would play, all control of the game would freeze, making it unplayable. For the life of me I could never figure it out, but the pursuit of a fix led to a lifetime love for computers.

How many old timers in here?

Posted by aliesterrand@reddit | sysadmin | View on Reddit | 2412 comments

Why I can never be a sysadmin; or, Why is software like this?

Posted by OnTheEdgeOfFreedom@reddit | sysadmin | View on Reddit | 95 comments

Unable-Entrance3110@reddit

I am starting to realize that having a natural language interface can be a different kind of problem. When I talk in to an AI, at least at first, I was phrasing things in a particular way that left a lot of room for interpretation. I was relying on contextual indicators that an AI might not pick up on or leaving out critical details about the environment. Once I realized that and went with more pedantic and descriptive language, I started getting better results. I still get hallucinations from the AI, but it doesn't happen at nearly the rate it used to. It could also be that the AI models have just become that much better too.

Why I can never be a sysadmin; or, Why is software like this?

Posted by OnTheEdgeOfFreedom@reddit | sysadmin | View on Reddit | 95 comments

Unable-Entrance3110@reddit

Yeah, AI is my new Google. It's like having an expert to bounce ideas off of. I always find that "rubber ducking" leads to better outcomes by focusing my thoughts, but now the duck comes back with actual answers. It's amazing.

What is the best knowbe4 alternative for a 2,000+ person org?

Posted by Flat-Description-484@reddit | sysadmin | View on Reddit | 80 comments

Unable-Entrance3110@reddit

We switched from KB4 to this in Q1 this year and we are seeing much higher engagement and the reporting is much better. It's does seem like it might be a little to "turn-key" for OP's needs though. (and the pricing is not really going to be any better).

How do you remotely support on-prem deployments?

Posted by Durovilla@reddit | sysadmin | View on Reddit | 56 comments

Unable-Entrance3110@reddit

For servers I ensure that critical servers have an enterprise (for remote console) iDRAC. For non-critical servers, basic iDRAC is fine (for power on/off). For desktops, I use [FixMe.IT](http://FixMe.IT) for workstation GUI console access or Enter-PSSession for remote SSH-like command line console access. I also have some remote PDUs that can turn off/on power outlets which critical equipment remote access equipment and firewalls are plugged in to. I have a "back door" VPN that only IT can access that gives us pretty broad access, but it requires that it be set up and tested on a registered, domain-joined computer prior to needing it. Otherwise, I just use the same remote desktop solution (SonicWALL's Cloud Secure Edge) that everyone else in the org uses for remote access.

Dont tie your Password Manager to SSO

Posted by sysacc@reddit | sysadmin | View on Reddit | 119 comments

How do you actually stay on top of cyber threats week-to-week?

Posted by According-Run-4428@reddit | sysadmin | View on Reddit | 41 comments

W11 deployment - Anyway to skip the "checking for update"?

Posted by nodiaque@reddit | sysadmin | View on Reddit | 34 comments

Microsoft365 Secure Score

Posted by Ok_Employment_5340@reddit | sysadmin | View on Reddit | 31 comments

Unable-Entrance3110@reddit

I chased it for a while. The suggestions are a good starting point for review, but at the end of the day it's a sales tool for Microsoft just as much as it is an indicator of sub-par configurations. It's worth looking at, but the score is just a number that doesn't necessarily reflect reality.

Sysadmins: user leaves company but mailbox stays active with no OOO. What’s your standard approach?

Posted by MarchGeneral4309@reddit | sysadmin | View on Reddit | 30 comments

Need to print from XP machine

Posted by CarolinaKernel@reddit | sysadmin | View on Reddit | 104 comments

Unable-Entrance3110@reddit

Good ol LaserJet4 PS driver used to be the way to go. I think it eventually became the Windows TS universal print driver, actually. I usually still use it when printing to laser printers if a bunch of finishing or collating stuff isn't required.

Can only laugh

Posted by MR-IT-@reddit | sysadmin | View on Reddit | 61 comments

Can only laugh

Posted by MR-IT-@reddit | sysadmin | View on Reddit | 61 comments

Recommend a texting service?

Posted by Vivid_Mongoose_8964@reddit | sysadmin | View on Reddit | 8 comments

Unable-Entrance3110@reddit

I have been using Clickatell for years. They have a tone of different APIs and methods for sending texts via campaigns or one-offs. I use it with Nagios so we get alerts via SMS. Never had a problem with it.

iPhone etching

Posted by Elensea@reddit | sysadmin | View on Reddit | 27 comments

How many IT support needed for 200 user org?

Posted by imjustacuteguyuwu@reddit | sysadmin | View on Reddit | 412 comments

Anyone read this 49 day SSL expiration thing and think they would rather just retire?

Posted by HJForsythe@reddit | sysadmin | View on Reddit | 1069 comments

Unable-Entrance3110@reddit

Yeah. I get it, automation is the way to go. I certainly automate it in my environment whenever possible. What really irritates me is the clear motivation by big players to use security as a bludgeon to force people into subscriptions. I see this as the primary motivation behind these certificate lifetime changes. It's the embrace, extend, extinguish play. First you ratchet down the lifetime (in the name of security! Nevermind that the problem of revocation has already [been solved](https://hacks.mozilla.org/2025/08/crlite-fast-private-and-comprehensive-certificate-revocation-checking-in-firefox/)). Second, once everyone is dependent on automation, you extend the paid services with features that the free tiers can't. Finally, you undermine or eliminate the free services (LE is primarily funded by the big tech companies) I know, I am a paranoid old person. But I see the pattern by now. Don't get me started on the whole "you don't trust me to keep my private keys safe" bull crap.

Ivanti users be warned

Posted by AdeptnessTasty1785@reddit | sysadmin | View on Reddit | 123 comments

Unable-Entrance3110@reddit

Increasingly, it seems that the way to handle all new products is to immediately signal your intent to not renew, right after inking the contract. That way you always have that out well in advance.

Remote access: Wireguard or ssh

Posted by Ftth_finland@reddit | sysadmin | View on Reddit | 16 comments

Is anyone even staying onsite for the whole work day anymore?

Posted by sys_admin321@reddit | sysadmin | View on Reddit | 413 comments

Is anyone even staying onsite for the whole work day anymore?

Posted by sys_admin321@reddit | sysadmin | View on Reddit | 413 comments

Is anyone even staying onsite for the whole work day anymore?

Posted by sys_admin321@reddit | sysadmin | View on Reddit | 413 comments

MFA push fatigue - are users just approving everything now?

Posted by saymepony@reddit | sysadmin | View on Reddit | 137 comments

Unable-Entrance3110@reddit

Geo-location based on IP is notoriously inaccurate. For a few weeks not that long ago, Microsoft was claiming that our office was in Texas (we are in Minnesota). The reported IP was correct in the sign-in logs. I opened a support incident with Microsoft where they shrugged and said the geo-ip system is not perfect, it should resolve itself. It did after a few more days.

MFA push fatigue - are users just approving everything now?

Posted by saymepony@reddit | sysadmin | View on Reddit | 137 comments

Microphone noise issue is driving our team insane

Posted by Pristine_Finding_745@reddit | sysadmin | View on Reddit | 20 comments

Unable-Entrance3110@reddit

So, the thing about drivers in Windows is you can't really remove a driver unless you manually delete the .inf files for the hardware in C:\\Windows\\inf We had these issues as well, but we resolved them through driver updates. We run Dells which come with a utility called Dell Command Update. That software has a feature called Advanced Driver Restore. It's not enabled by default. If you enable it and download an entirely new driver layout, it should resolve the problem (if you are running Dells anyway).