fatalicus

The Norwegian royal family's cars have simple license plates, A and a number. I'm not sure the crown prince is aware of the highly ironic registration of his BMW...and, yes, the king uses a stretched Audi.

Posted by SjalabaisWoWS@reddit | WeirdWheels | View on Reddit | 101 comments

fatalicus@reddit

That is their Lincoln Continental from 1966. They also have a [Buick Roadster from 1939](https://upload.wikimedia.org/wikipedia/commons/4/40/Dronning_Sonjas_KunstStall_%28Queen_Sonja_Art_Stable_gallery_museum_exhibition_Oslo_Norway%29_A-1_Kongelig_bil_Royal_car_GM_Buick_Roadmaster_Serie_81C_1939_%28Haakon_7_1945%2C_Olav_5_1958%2C_Harald_5_1991%29_Covertible_Side_view_Wheel_%28photo_2024%29.jpg) (A-1) and a [Packard One Eighty from 1945](https://upload.wikimedia.org/wikipedia/commons/9/9c/Kongens_bil2.jpg) (A-4)

A hacker pulled a succesfull phishing attack on an employee, what can he really do after?

Posted by WhateverHowever1337@reddit | sysadmin | View on Reddit | 122 comments

How do you deal with the gutwrenching offboarding requests?

Posted by DesignerGoose5903@reddit | sysadmin | View on Reddit | 367 comments

fatalicus@reddit

I've been involved in a few cases in the past, when I was doing device management, since we then would have to allow the next of kin access to the work laptop and homefolder and such of the person who has died, in case they have something personal there. I was with them then, together with someone from HR, to just help them navigate and make sure that it wasn't something sensitive on the laptop and such. But the hardest of them was when my own co-worker died. We were a two man team (+ a group lead and a temporary external consultant at the time). To not only get that shock but to later sit with his parents, people i knew very well, as they checked his laptop and such. My coworker also had a tendency to work on work projects at home, so i also went with another coworker to his home to bring back any work equipment that was there.

Worst thing I ever witnessed in IT in 20+ years

Posted by JohnWellPacked@reddit | sysadmin | View on Reddit | 313 comments

fatalicus@reddit

Someone leaks access to PII for who knows how many people, and you would just shrug it off? The reason you come across so much of it is because assholes like you aren't helping to make things better in our field. Report shit like this to your local data protection agency.

Worst thing I ever witnessed in IT in 20+ years

Posted by JohnWellPacked@reddit | sysadmin | View on Reddit | 313 comments

fatalicus@reddit

One of the few good things Microsoft is doing in relation to AI: In June they are rolling out a change in Teams, where external AI notetakers are sorted as "Suspected threats" in the lobby.

Why brute force like this?

Posted by jimmyags@reddit | sysadmin | View on Reddit | 40 comments

fatalicus@reddit

> Or the attacker accidentally inverted their variables and put the password in the username field. Or the attacker doesn’t know what they are doing. I like it when they do it easy for us. Like the phishers who try a tool, and so we get emails in quarantine that has the title "[phishing trial] XX has tried to share an important document"

ASUS shut down their support portal in Germany and Austria

Posted by JoeyFromMoonway@reddit | sysadmin | View on Reddit | 136 comments

fatalicus@reddit

Disappeared? Nokia has never gone anywhere. Their mobile phone division took a hit and was sold of around 2010, but the company itself is still very much alive.

Speed.cloudflare.com is one of the coolest

Posted by zer0moto@reddit | sysadmin | View on Reddit | 198 comments

fatalicus@reddit

Looks like that cloudflare site has issues with testing upload speeds. All other speed tests i try, even the less known, shows a fairly close speed to what i have (1Gbps), but the cloud flare never get anything better than 250 Mbps. Likely because they for some reason stop the upload test at a 50 Mb data pack.

Speed.cloudflare.com is one of the coolest

Posted by zer0moto@reddit | sysadmin | View on Reddit | 198 comments

Sysadmin-on-Sysadmin stuff that’s super annoying

Posted by i_click_next_for_you@reddit | sysadmin | View on Reddit | 256 comments

How do you automate certificates?

Posted by gahd95@reddit | sysadmin | View on Reddit | 213 comments

fatalicus@reddit

Since we have some special requirements in regards to the validation of the domains, the availability of the certificates and some such, we (read: one of my coworkers) are currently building a custom solution for certificate renewal based around ACME. Will allow us to automaticaly set the txt records needed on a domain we have in a nameserver with API access, for domains that we have on a nameserver without API access, and will then take the certificates we request and place in keyvaults for access from the resources that need to use them.

M365 Direct Send

Posted by whitephnx1@reddit | sysadmin | View on Reddit | 25 comments

fatalicus@reddit

Not realy got anything to help here, but i'm wondering why on earth you would use a google share link instead of just linking the Microsoft tehc community link directly? https://techcommunity.microsoft.com/blog/exchange/introducing-more-control-over-direct-send-in-exchange-online/4408790

Microsoft Deployment Toolkit (MDT) - immediate retirement notice

Posted by Terrible-Category218@reddit | sysadmin | View on Reddit | 382 comments

fatalicus@reddit

What does Intune have to to with AD? Two completely different things, where one can never take over for the other. Are you confusing group policies with AD? Group Policy is just one of the functions of AD.

Who's still working from home in 2026?

Posted by idrinkpastawater@reddit | sysadmin | View on Reddit | 1179 comments

fatalicus@reddit

They tried to get us 100% back, but then we were moved to offices where we didn't have enough places for everyone to be there at the same time. So they changed it to everyone being in the office 3 days a week. I negotiated that down to 2 days a week, and so now i go in to the office 1 day a week mostly.

Get Ready for Microsoft 365 Ticking Timebomb in 2026!

Posted by Impressive-Use-2818@reddit | sysadmin | View on Reddit | 172 comments

fatalicus@reddit

We allready use the desktop app for quite a few users. The main issue we are having is in regards to collaboration on Projects, and that is mostly reliant on Project Online to work.

Get Ready for Microsoft 365 Ticking Timebomb in 2026!

Posted by Impressive-Use-2818@reddit | sysadmin | View on Reddit | 172 comments

fatalicus@reddit

Most of these don't realy affect us, or we have them in hand. But the fucking Planner/Project bullshit Microsoft is doing can go to hell. "Hey, we're going to retire Project Online, and move the functionality to Planner instead. Not all the functionality though, and we are also removing functionality that is allready in Planner, just to make sure it isn't realy a tool that can be used for project management at all". Now we are looking at getting Project Server, which means we will also have to be getting a Sharepoint Server, because ofcourse you can't use Project Server with Sharepoint Online. So we are looking at an additional 10k USD or so in just server subscriptions for a bare minimum install, and will probably need more than that. Just fuck off Microsoft...

Anyone able to recommend any FIDO2 Level 2 Authenticator CARDS?

Posted by LordLoss01@reddit | sysadmin | View on Reddit | 37 comments

fatalicus@reddit

> Strange that both the branded and non branded cost the same. I would have thought non branded would be more expensive Must be related to your location. Here the branded shows as €13 and non-branded as €15.

Remote Sysadmins, what's your go to headset for meetings?

Posted by WorthPlease@reddit | sysadmin | View on Reddit | 479 comments

fatalicus@reddit

Currently we use Jabra Evolve 85 at my workplace, and i'm quite happy with that. It was a bit of a change from our old Plantronics Voyager 8200 UC. I especially had issues with the noice reduction on the Jabra realy making it feel like i had a lot of pressure in my ears, but that went away after a few days of use, and i've been happy with it since.

25+ plus years working in tech and never been on a real job interview.

Posted by Illnasty2@reddit | sysadmin | View on Reddit | 126 comments

fatalicus@reddit

Same. Started with an apprenticeship that i was offered with no interview, and when that neared completion, i was offered a position in the company. A few years later i was "loaned" to a head office to cover a position for someone that would be gone for a while, and when they decided to not come back, i was offered to stay on in that position. And there i have sorta stayed through a merger and some such since.

Microsoft to block Exchange Online Access for outdated mobile devices

Posted by SparkStormrider@reddit | sysadmin | View on Reddit | 31 comments

fatalicus@reddit

Who fucking cares. I'm so sick of hearing about Linux admins whining about Microsoft when it doesn't affect them. So glad I can just block them.

Managing multiple M365 tenants without losing your sanity – how do you do it?

Posted by Jepper333@reddit | sysadmin | View on Reddit | 55 comments

fatalicus@reddit

[Microsoft 365 DSC](https://microsoft365dsc.com/) for setting up new tenants to a default state. [CIPP](https://cyberdrain.com/products/cipp/) for genereal managing of things after. [Firefox Multi-Account Containers](https://addons.mozilla.org/en-US/firefox/addon/multi-account-containers/) for when you need to do some manual work in the tenants, to not have to lose your mind dealing with browser profiles and multiple windows (if you don't use PAWs for each tenant, which I guess you don't). If you also deal with azure resourses: [OpenTofu](https://opentofu.org/) (drop in replacement for TerraForm that was made after Hashicorp changed their license from open-source) These are mostly the tools we use to manage 5 tenants with a total of about 80k users. But as you mention, and as long as it isn't an issue for the users you manage, moving those users you have to a single tenant is probably better for you. But make sure that it is actually ok to have the users in the same tenant. Do any of them work with data that is sensitive enough that keeping them fully seperate from the others is necessary?

Managing multiple M365 tenants without losing your sanity – how do you do it?

Posted by Jepper333@reddit | sysadmin | View on Reddit | 55 comments

Sooo, what brand memory to buy now?

Posted by nefarious_bumpps@reddit | sysadmin | View on Reddit | 176 comments

Microsoft

Posted by MagicHair2@reddit | sysadmin | View on Reddit | 28 comments

fatalicus@reddit

Microsoft has a PowerBI report available that you can connect to your tenant, that shows the environmental impact of operations in your tenant, and how using it affects the environment compared to running everything on your own servers on-prem (less optimal usage of recourses and such). Last i checked (and it is a while ago now), that report was still not updated to take into account any sort of "AI" in M365...

Ahhh Hell Nah - Copilot Authoring PowerShell Core

Posted by anonhostpi@reddit | sysadmin | View on Reddit | 74 comments

fatalicus@reddit

Gotta love this sequence: > Copilot AI requested a review from TravisEz13 last week > @TravisEz13 TravisEz13 requested a review from Copilot last week Good work there Travis!

But why, Microsoft? Why?!

Posted by NotSafeForAdults64@reddit | sysadmin | View on Reddit | 126 comments

finally slowly starting to rollout Win11 2025/11/01

Posted by MajStealth@reddit | sysadmin | View on Reddit | 44 comments

m365.cloud.microsoft reported as unsafe website in Microsoft Edge

Posted by starvit35@reddit | sysadmin | View on Reddit | 63 comments

fatalicus@reddit

It seems the whole roll out of cloud.microsoft URLs have been badly communicated internaly at Microsoft. We still are getting the reaction summary emails and teams summary emails filtered as high confidence phish in EOP after they moved to cloud.microsoft domains for the email notifications. Not a lot to do about other than report them all as false positives either, since we can apperantly not be trusted, so domains and email adresses added to tenant allow list still aren't let through when detected as high confidence phish...

Teams is apparently going to soon start offering location tracking, not just in buildings but also to identify people working outside of the office

Posted by Kodiak01@reddit | sysadmin | View on Reddit | 226 comments

fatalicus@reddit

>By default, users are opted out of work location detection. Users are prompted to provide consent for automatic location detection in the Teams desktop client on Windows or macOS. **It is not possible for admins to consent on users' behalf.** https://learn.microsoft.com/en-us/microsoft-365/places/configure-auto-detect-work-location I honestly do not see the problem with this. For admins, this is informatino we allready have (through whatever wifi management tool we use, or sign in logs etc.), and as the info above here indicate, it is up to the individual user on wether this will reflect in teams itself, so if they don't want teams to update location it won't.

I just solved the strangest tech problem I've ever come across.

Posted by hakluke@reddit | sysadmin | View on Reddit | 338 comments

I just solved the strangest tech problem I've ever come across.

Posted by hakluke@reddit | sysadmin | View on Reddit | 338 comments

fatalicus@reddit

> your wireless mouse and keyboard can stop working. As can your zigbee controller if you plug it directly in a HP mini PC, making you think you have lost your mind trying to figure out why it doesn't work in that PC, but it works just fine when plugged in to the front USB ports on your Fractal Define 7 XL case., where the USB 3.0 controller will be quite a bit further away...

Production manager says MFA is causing production personnel to get distracted on their phones—he wants alternatives or MFA disabled

Posted by disgruntled-sysadmin@reddit | sysadmin | View on Reddit | 378 comments

fatalicus@reddit

We've been happy with Token2 so far. Functionality that are very similar to yubikey, in regards to what they support as authentication. An advantage to yubikey is the molded and a bit thinner design, since the regular keys token2 has are made of two parts and a bit thicker than yubikey. However Token2 can be bought in card format in addition to the regular and nano key format, which you can print as employee cards if you want. Token2 also support up to 300 FIDO2 resident keys compared to yubikeys 25, and Token2 has requirements for pin strength as part of their firmware.

Production manager says MFA is causing production personnel to get distracted on their phones—he wants alternatives or MFA disabled

Posted by disgruntled-sysadmin@reddit | sysadmin | View on Reddit | 378 comments

fatalicus@reddit

> Yubikey makes a stripped-down basic USB Type A model for $25 Token2 has their "basic" USB-A version at $20.5 ($21 if you want unbranded).

Production manager says MFA is causing production personnel to get distracted on their phones—he wants alternatives or MFA disabled

Posted by disgruntled-sysadmin@reddit | sysadmin | View on Reddit | 378 comments

fatalicus@reddit

Other than TAP, you can now also pre-provision a FIDO2 key (like token2 or yubikey) for a user. So you can just have the key ready for use when a users starts. https://janbakker.tech/register-yubikeys-on-behalf-of-your-users-with-microsoft-entra-id-fido2-provisioning-apis/

Microsoft Simplifies File Transfers of Departing Employees

Posted by First-Position-3868@reddit | sysadmin | View on Reddit | 63 comments

fatalicus@reddit

> Right to privacy? You have none. Yes you have, because the law says that. And i fully agree that a OneDrive or mailbox you have with the company you work for is not the right place to have personal things. But if you do, here your data is protected from the company accessing it.

Microsoft Simplifies File Transfers of Departing Employees

Posted by First-Position-3868@reddit | sysadmin | View on Reddit | 63 comments

fatalicus@reddit

That is all depentendt on the laws that govern such things, and here those law says that the OneDrive (and other such storage areas) are personal to the user, and as such the persons right to privacy outweigh the companies right to just access the content. If there is data or content that is vital to the company, then a users onedrive or mailbox is not the place it should be.

Microsoft Simplifies File Transfers of Departing Employees

Posted by First-Position-3868@reddit | sysadmin | View on Reddit | 63 comments

fatalicus@reddit

Yeah, if this is just based around the same settings, then i don't think this will be an issue (for us at least, as currently this is not the default here). But the message center post reads as if they will turn it on as default for all, which would be an issue.

Microsoft Simplifies File Transfers of Departing Employees

Posted by First-Position-3868@reddit | sysadmin | View on Reddit | 63 comments

fatalicus@reddit

Norway, and the law "[Forskrift om arbeidsgivers innsyn i e-postkasse og annet elektronisk lagret materiale](https://lovdata.no/dokument/SF/forskrift/2018-07-02-1108)", which states that access to an emplyees files can be had if there is suspicion about a serious offence or the data is vitaly important for the running of the company and can't be retreived any other way.

Microsoft Simplifies File Transfers of Departing Employees

Posted by First-Position-3868@reddit | sysadmin | View on Reddit | 63 comments

fatalicus@reddit

Sure as fuck hope not, since that function is illegal here, and i'm guessing in quite a few other countries here in Europe. The OneDrive (and email) of employees is considered private, and managers are not allowed access to them except in some very specific cases, and the user leaving is not one of them by itself.

Hey all, reminder that Apple Business Manager terms updated today. Make sure to accept them before trying to add new devices or apps.

Posted by PaidByMicrosoft@reddit | sysadmin | View on Reddit | 30 comments

M365 email threat policies are a mess, help me figure this out please!

Posted by masterofrants@reddit | sysadmin | View on Reddit | 10 comments

fatalicus@reddit

What are you talking about? EOP is so good it is now even blocking all the teams and outlook update mails as high confidence phish after Microsoft changed to teams.mail.microsoft and outlook.mail.microsoft for them. And since they are detected as high confidence phish, there is no use adding the domains to tenant whitelist, since that doesn't have any effect on that detection in Microsofts infinite wisdom.

GoDaddy deleted paid M365 accounts because users switched email to Google Workspace?

Posted by jfoust2@reddit | sysadmin | View on Reddit | 78 comments

fatalicus@reddit

They answer to the question "Why did GoDaddy do this thing?" is always "Because they are incompentent, and often malicious, assholes".

Norway’s $1.9 Trillion Wealth Fund Sells Off Israeli Assets

Posted by soalone34@reddit | anime_titties | View on Reddit | 103 comments

fatalicus@reddit

There is a difference between stocks and bonds. Our fund has currently no bonds in Israel (as of 2 months ago), but they do have stocks in 61 Israeli companies, at a value of about 2.2 billion USD (again, as of 2 months ago). All of their investments are available here: https://www.nbim.no/en/investments/all-investments/#/ you can filter on country at the top.

MFA coming to my organisation.

Posted by PlumOriginal2724@reddit | sysadmin | View on Reddit | 257 comments

fatalicus@reddit

>I think we’ll struggle as most staff do not want to install the MS Auth app on personal devices and will be demanding work phones to do it. Then give them a FIDO2 hardware token, like Token2 or Yubikey.

Entra 365 Emergency break glass Access account blocked during a test due to unfamiliar login, how to prevent in actual emergency

Posted by Tuivian@reddit | sysadmin | View on Reddit | 51 comments

fatalicus@reddit

And when you have an emergency and you need to use it, should it not be a plus that the authentication you do with what is the most important account on your tenant can't be phished because someone didn't pay attention duriong a high stress situation? But other than that, all phishing resistant MFA methods are strong forms of authentication, so just going for that ensures the account is protected.

IT needs a union

Posted by Powerful-Excuse-4817@reddit | sysadmin | View on Reddit | 926 comments

fatalicus@reddit

Same in here in Norway, and probably in sweden and many other european countries as well. Though it should be noted that here in Norway at least, there seems to be some reluctance to join a union in IT fields. It seem that the American way of thinking has infected the field, and many of the anti-union sentiments have spread ("union workers are lazy", "I can get paid better if i'm not in a union because i can ask for raise by myself" etc.)

Windows XP remembers

Posted by Guerillasmurf@reddit | sysadmin | View on Reddit | 61 comments

fatalicus@reddit

Doesn't realy matter though does it. The issue with stuxnet was that it targeted a specific type of equipment that it was known was in use at Iranian nuclear facilities, and it jumped to the air gapped systems that controlled those devices by infecting non-air gapped systems and infecting USB storage connected to it. Since it targeted anyone devices that were in common use, others who used the same equipement was also affected. So someone might not be targeting you specifically, but if you use something that is targeted at someone elses facilities, you can also be affected by it. this is also why "air gapped" isn't enough by itself to keep things secure. You still need to keep the systems up to date and secured.

Windows XP remembers

Posted by Guerillasmurf@reddit | sysadmin | View on Reddit | 61 comments

fatalicus@reddit

> Since the machines themselves and the computers that connect to them are air gapped, security is not a problem How quickly we forget the likes of stuxnet.

Is it possible to not require phones for staff? Weird problem I guess..

Posted by O365-Zende@reddit | sysadmin | View on Reddit | 209 comments

fatalicus@reddit

Hopefully not in any country where that is something you can't require as a company (like where I am), because then you might end up with a legal issue on your hands.

Is it possible to not require phones for staff? Weird problem I guess..

Posted by O365-Zende@reddit | sysadmin | View on Reddit | 209 comments

fatalicus@reddit

Depending on where they are and what kind of employees they have, they might get the "But i don't want to use my personal device" and then have to find another method anyways. In which case hardware FIDO2 token is the way to go.