cyberdeck_operator

Cloudflare down... again?

Posted by moonski@reddit | sysadmin | View on Reddit | 2207 comments

Cloudflare down... again?

Posted by moonski@reddit | sysadmin | View on Reddit | 2207 comments

Teams meeting AI note taker virus

Posted by cyberdeck_operator@reddit | sysadmin | View on Reddit | 138 comments

cyberdeck_operator@reddit (OP)

Neither of the users who let this in have a browser extension installed for fireflies.ai. It seems to be that the link they clicked granted permissions to the user's calendar.

Teams meeting AI note taker virus

Posted by cyberdeck_operator@reddit | sysadmin | View on Reddit | 138 comments

cyberdeck_operator@reddit (OP)

I'm not 100% sure, but I vaguely recall the previous setting. I think it's possible Microsoft "updated" us to the "recommended" setting when the options changed. Might be a good time to check the setting if you haven't looked at it recently.

Teams meeting AI note taker virus

Posted by cyberdeck_operator@reddit | sysadmin | View on Reddit | 138 comments

SaaS sprawl is out of control. At what point do you just give up and accept the chaos?

Posted by Affectionate_Wing_15@reddit | sysadmin | View on Reddit | 37 comments

cyberdeck_operator@reddit

Unpopular answer: Be faster. Have management accounts at the places people want, and proactively offer to set them up, that way you'll at least have visibility. Always follow up a request for a new SaaS product promptly and make Yes the default answer. Look for ways to implement what they want securely. At the same time, try to make it harder to go rogue. Look at it like a dam. You can't control what comes downstream. If you try to block it all, the flow will go around you in dangerously unpredictable ways. Build in floodgates so you can at least prevent catastrophic failure of the structure.

SaaS sprawl is out of control. At what point do you just give up and accept the chaos?

Posted by Affectionate_Wing_15@reddit | sysadmin | View on Reddit | 37 comments

cyberdeck_operator@reddit

They'll use their corporate card to buy 5g hotspots that they then loose and not tell anyone. Several months later you'll find out that the line has been racking up $500 in data fees every month because the employees kid stole it and is using to run a torrent site. Then you'll get the letters about the RIAA and MPAA lawsuits.

Teams meeting AI note taker virus

Posted by cyberdeck_operator@reddit | sysadmin | View on Reddit | 138 comments

Teams meeting AI note taker virus

Posted by cyberdeck_operator@reddit | sysadmin | View on Reddit | 138 comments

Teams meeting AI note taker virus

Posted by cyberdeck_operator@reddit | sysadmin | View on Reddit | 138 comments

Teams meeting AI note taker virus

Posted by cyberdeck_operator@reddit | sysadmin | View on Reddit | 138 comments

Teams meeting AI note taker virus

Posted by cyberdeck_operator@reddit | sysadmin | View on Reddit | 138 comments

cyberdeck_operator@reddit (OP)

Hey, thanks for volunteering! We've only got a couple of daily meetings that have 50ish attendees. Shouldn't take more than an hour of your day to sit there and manage it. Look for the invites.

Teams meeting AI note taker virus

Posted by cyberdeck_operator@reddit | sysadmin | View on Reddit | 138 comments

Teams meeting AI note taker virus

Posted by cyberdeck_operator@reddit | sysadmin | View on Reddit | 138 comments

cyberdeck_operator@reddit (OP)

Are we talking about consent and permissions under enterprise apps in the Azure portal? https://portal.azure.com/#view/Microsoft_AAD_IAM/ConsentPoliciesMenuBlade/~/UserSettings I'm looking at that now and these are the options I see Do not allow user consent An administrator will be required for all apps. Allow user consent for apps from verified publishers, for selected permissions All users can consent for permissions classified as "low impact", for apps from verified publishers or apps registered in this organization. Let Microsoft manage your consent settings (Recommended) Automatically update your organization to Microsoft's current user consent guidelines.

Teams meeting AI note taker virus

Posted by cyberdeck_operator@reddit | sysadmin | View on Reddit | 138 comments

Mangers how do you deal with sloppy work sysadmins?

Posted by Mysterious_Teach8279@reddit | sysadmin | View on Reddit | 159 comments

cyberdeck_operator@reddit

Do you have one of those, "everything is redundant at a higher level", kind of networks? One node out of a 6 node cluster should be nearly irrelevant. That's why you have a six node cluster.

I hate SDWAN

Posted by cyberdeck_operator@reddit | sysadmin | View on Reddit | 124 comments

cyberdeck_operator@reddit (OP)

We're not doing SD-WAN "right". The "right" way is to get rid of expensive ISP service with a good SLA and go for two cheap unreliable services, because "what are the odds of both of them going down at once". I'm not getting rid of my tried-and-true L2 multi-site fiber network with a 4 hour SLA to try and save a couple hundred bucks a month. We lose thousand of dollars every hour one of those sites is offline. Several remote sites have really slow 5G backup links. These are just there so that we can maintain our control plane access to equipment out at that site so we can continue production. They're not meant for general internet traffic. As soon as SD-WAN is enabled it ignores all other routing. Doesn't matter what the cost is, doesn't matter that OSPF is screaming "default path this way," SD-WAN knows better and forces traffic out the 5G. SD-WAN is great for selecting the best path out to the internet, but why it has to rewrite the whole routing table, ignoring all other protocols is beyond. me.

I hate SDWAN

Posted by cyberdeck_operator@reddit | sysadmin | View on Reddit | 124 comments

Moronic Monday - February 17, 2025

Posted by AutoModerator@reddit | sysadmin | View on Reddit | 17 comments

Thickheaded Thursday - January 23, 2025

Posted by AutoModerator@reddit | sysadmin | View on Reddit | 8 comments

Thickheaded Thursday - January 23, 2025

Posted by AutoModerator@reddit | sysadmin | View on Reddit | 8 comments

RDP Lasagna

Posted by brandonclone1@reddit | sysadmin | View on Reddit | 99 comments

Thickheaded Thursday - November 07, 2024

Posted by AutoModerator@reddit | sysadmin | View on Reddit | 24 comments

cyberdeck_operator@reddit

We're short handed so I'm helping out with deploying a new PC. We're a Dell shop, but we're doing a trial with some Lenovo micro desktops. I go to set one up but instead of OOBE launching so I can join it to AAD and Intune, It boots to a login screen. Weird. I reboot. It takes me to that "Repair your PC" screen. So I'm like, "I guess this one is DOA." I grab the next one. Same thing. I really just want to get this one deployed so I can get back to my real job, so I go to reinstall W11 from a USB. Can't get the thing to show me BIOS. Can't get any of them to work. I'm about to call our VAR and trash Lenovo, when I notice that the left shift on the keyboard is stuck down. I hadn't bothered to swap keyboards, I just kept swapping in new boxes. Sure enough, swapping out the keyboard fixes everything. There's 30 minutes I'm never getting back.

I F*cking love my job.

Posted by UrBobbyIsAWonderland@reddit | sysadmin | View on Reddit | 505 comments

cyberdeck_operator@reddit

I was getting anxious yesterday because there's a cool thing going on at work and I couldn't stop getting excited thinking about it. I couldn't wait for the weekend to end because Monday would be so much fun. In my 8 years I've not once felt dread at having to go to work. I've never arrived and seen my boss' truck in the parking lot, and thought about just going home. At previous jobs I had both of those things. I'm proud of the work I do and I enjoy it. I like the people I work with and work for. Everyone should live like this. If your job doesn't feel like this, you need to sit down with your boss and tell them exactly how you feel and why. If you get fired, fuck'em, you hated that job anyway. If every one of us lived like this, the whole world would have to change or starve to death when all their PCs die.

Why is it so hard to get an interview for a jr. sys admin role?

Posted by Hooded-HoundCS@reddit | sysadmin | View on Reddit | 85 comments

Why is it so hard to get an interview for a jr. sys admin role?

Posted by Hooded-HoundCS@reddit | sysadmin | View on Reddit | 85 comments

cyberdeck_operator@reddit

I interviewed a candidate recently via video call. Everything went well I thought. I reached out to schedule an in-person interview and the candidate totally ghosted me. No clue as to why. I had a few other people on my short-list so I just moved on. It's possible that person just had a really busy week or something, I sent several emails and called once. I like to give folks the benefit of the doubt, but I'm a busy person and there's only so far I'm willing to go to chase a candidate down.

Aggressive salesperson targeting employees' next of kin

Posted by make_beer_not_war@reddit | sysadmin | View on Reddit | 219 comments

cyberdeck_operator@reddit

I think we all need to have a policy of not doing business with unsolicited vendors, and making sure that everyone up and down the chain gets the message. When my phone rings, and it's an unsolicited vendor sales call, I simply tell them we don't do business with unsolicited vendors. Don't call us, we'll call you. I had a call yesterday from someone who wanted to sell me pentest services. Who, in their right mind, would hire pentest of all things from an unsolicited call?

Security best practice link needed

Posted by cyberdeck_operator@reddit | sysadmin | View on Reddit | 8 comments

cyberdeck_operator@reddit (OP)

> should RDWEB apps be open to the internet Tried that. Also searched: cisa rdweb, Never leave RDP or RDWeb exposed to the internet, put rdweb behind vpn, how to secure rdweb, cisa remote desktop services, cisa guidance "rdweb", rdweb cve, and about a dozen other terms. This ain't my first rodeo. I found a few pages, but they're all from people selling zero trust or insurance. I'm looking for something irrefutable.

Security best practice link needed

Posted by cyberdeck_operator@reddit | sysadmin | View on Reddit | 8 comments

cyberdeck_operator@reddit (OP)

There seems to be two camps on this. One says, "[First security rule of RDP—it is absolutely unacceptable to leave RDP exposed on the Internet for access—no matter how much endpoint and systems hardening is performed. The risks of such exposure are far too high. RDP is meant to be used only across a local area network \(LAN\).](https://www.beyondtrust.com/blog/entry/what-is-rdp-how-do-you-secure-or-replace-it#:~:text=First%20security%20rule%20of%20RDP,local%20area%20network%20\(LAN\).)" The other camp seems to think it's fine. It's worth noting that just about every cyber-insurance provider is squarely in the first camp.

Failover Cluster and certificates

Posted by OdinPhenix92@reddit | sysadmin | View on Reddit | 2 comments

cyberdeck_operator@reddit

I'm going to need a better understanding of the problem in order to help. 1.)Are you trying to add a certificate to a web server for HTTPS? 2.)What kind of role is it?

What's the most baffling waste of money you've seen?

Posted by Dandyman1994@reddit | sysadmin | View on Reddit | 820 comments

cyberdeck_operator@reddit

We have a system that is supposed to use machine learning to suggest the best timing for certain processes, in order to deliver our product in the most efficient way. Every time I was in our ops center I looked at a dashboard that showed that our operators followed the advice of the machine about 50% of the time. When I asked why the number was so low, they said, "the machine doesn't know everything we know, so it makes bad choices." Not long after, I received an invoice by mistake. It was for that software. It was for $10k. After my initial shock that we had blown $10k for software that we didn't use, I realized that it was a one month invoice. They've had this software for a decade now, so I think they've spent well over $1m on it. When I asked if we should get rid of it, they said, "no, we used to be late all the time because we'd forget about an order, this system makes the orders turn red and blink when we don't start them."

File Server Replacement for Small Business

Posted by ----Questions----@reddit | sysadmin | View on Reddit | 59 comments

cyberdeck_operator@reddit

That's where failover clustering comes in. You need at least two hosts, some kind of shared storage, and a hypervisor that supports clustering. https://learn.microsoft.com/en-us/windows-server/failover-clustering/failover-clustering-overview https://kb.vmware.com/s/article/2147661

File Server Replacement for Small Business

Posted by ----Questions----@reddit | sysadmin | View on Reddit | 59 comments

cyberdeck_operator@reddit

There's a workaround for the PIN thing, you can install a NDES server and certificates to make the PIN work for local AD. https://learn.microsoft.com/en-us/windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso https://learn.microsoft.com/en-us/windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso-cert

File Server Replacement for Small Business

Posted by ----Questions----@reddit | sysadmin | View on Reddit | 59 comments

cyberdeck_operator@reddit

The R250 only has 4 slots for drives. Could you fit an R350 into the budget? It has 8 slots for drives. This way you have room to grow if necessary. With 8 slots you could go RAID 10 for the data which would give you a performance boost, but still get the redundancy, and you could put the OS on a RAID 1 so you've got redundancy there.

You never know what you’re going to get with Dell support.

Posted by Gsxing@reddit | sysadmin | View on Reddit | 32 comments

cyberdeck_operator@reddit

You have to perfect the technician voice. It's like the presidential voice. You demeanor should say, "I'm supremely competent, understanding, friendly, on-top of it all, and about 2 seconds away from snapping and fucking up your whole day if you don't do what I'm telling you."

Solo shows - I salute you

Posted by Stewinator90@reddit | sysadmin | View on Reddit | 86 comments

Is there an alternative to landlines that will work in a power/internet/loss of cell signal outage?

Posted by IfYouSeeMeSendNoodz@reddit | sysadmin | View on Reddit | 33 comments

cyberdeck_operator@reddit

>3 trunks and landlines from ATT What do you mean by this? 3 SIP trunks? What kind of landlines? are we talking copper POTS lines? AT&T doesn't want to service POTS any more, they've been raising prices on them. If you're talking about copper, get AT&T to run fiber to you and go to SIP.

Business case for hardware upgrades

Posted by _Tock_@reddit | sysadmin | View on Reddit | 17 comments

cyberdeck_operator@reddit

Instead of asking, "how can I force the business into best practices?" Instead you should be asking, "how can I make best practices fit the business, ?" Old windows machines are only problematic if they can get to the internet.

What is your real daily routine as a system administrator?

Posted by Yerev1o@reddit | sysadmin | View on Reddit | 139 comments

DAE work nonstop when trying to fix an issue but procrastinate on other kinds of tasks?

Posted by hnnsSI@reddit | sysadmin | View on Reddit | 226 comments

Can you use a mail contact to redirect mail or does it have to be a mail user

Posted by Any-Equipment-3192@reddit | sysadmin | View on Reddit | 6 comments

cyberdeck_operator@reddit

I just looked at this a bit more and an idea struck me. I have our Exchange online domain set to authoritative, so it will reject email to any address that doesn't have a valid mailbox. If you want to use mail flow rules to redirect people, you'll need to change your domain to internal relay. https://learn.microsoft.com/en-us/exchange/mail-flow-best-practices/manage-accepted-domains/manage-accepted-domains I would think that you're already set that way though, as you still have on prem?

Newbie at setting up a hosted domain controller

Posted by Ancient_Bother2436@reddit | sysadmin | View on Reddit | 11 comments

cyberdeck_operator@reddit

Was it at least on some weird port? Or is it 3389? There's got to be some kind of explanation. I see from their site that they take crypto payments. It may be that their normal customers aren't people who need to worry about getting hacked...if you catch my drift.

Newbie at setting up a hosted domain controller

Posted by Ancient_Bother2436@reddit | sysadmin | View on Reddit | 11 comments

cyberdeck_operator@reddit

>They provided me with an IP address and I just RDP into it. Like from anywhere? Did you have to provide your IP address? Is this just a Windows server, with RemoteDesktop enabled, directly connected to an open real world IP?

Newbie at setting up a hosted domain controller

Posted by Ancient_Bother2436@reddit | sysadmin | View on Reddit | 11 comments

Newbie at setting up a hosted domain controller

Posted by Ancient_Bother2436@reddit | sysadmin | View on Reddit | 11 comments

Can you use a mail contact to redirect mail or does it have to be a mail user

Posted by Any-Equipment-3192@reddit | sysadmin | View on Reddit | 6 comments

cyberdeck_operator@reddit

I just tested it, and a mail contact doesn't work. The inbound email is rejected. Unless somebody else knows how to get around this, I think a mailbox has to exist In order for Exchange online to accept the inbound email. You either need a licensed user or a shared mailbox to accept the inbound mail. You do need to create a contact for the external mailbox that you want to forward to. On the plus side, you can do all this with Powershell, so you can script everything and then just feed it a list of addresses.

How do you handle concerns from HR & Accounting about Domain Admin rights?

Posted by dan-theman@reddit | sysadmin | View on Reddit | 308 comments

cyberdeck_operator@reddit

Our HR uses a SaaS platform for sensitive HR data. The vendor and HR do the support for that platform. For everything else, they trust my professional integrity. This is why we should have some kind of society like ASME to provide this kind of thing. You should be able to say, I'm a member of the Technologist Society of America, in good standing, which means that I am bound by a strict code of conduct, you can trust me with your most sensitive data.

Can you use a mail contact to redirect mail or does it have to be a mail user

Posted by Any-Equipment-3192@reddit | sysadmin | View on Reddit | 6 comments

cyberdeck_operator@reddit

The "correct" way to do this is with a shared mailbox, you can apply forwarding to the mailbox. That keeps you from having a user account, but then you have a cluttered shared mailbox folder. Is it really about clutter, or are you trying to ask how to do this without having to pay for a license?

Anyone else feeling this way?

Posted by PM_ME_UR_MOODS@reddit | sysadmin | View on Reddit | 28 comments

cyberdeck_operator@reddit

I'm not sure if it's the market or just luck or what, but the most recent job I posted got a lot of responses from well qualified women. I have never had more than one woman make it to my short list, but this time around it's like 50/50. There were still lots more guys who applied, but more of them were either not qualified, or were obviously not looking for the position I have open.

What is the deal with cybersecurity?

Posted by cyberdeck_operator@reddit | sysadmin | View on Reddit | 1146 comments