hihcadore

Am I overreacting? MSP using shared global admin, no pim, admin account = standard account

Posted by DaCozPuddingPop@reddit | sysadmin | View on Reddit | 111 comments

hihcadore@reddit

Meh sounds fun. You have a GA account now so you’re good. Id create a .adm account for yourself and breakglass account for your company’s owner and enable PIM for the MSP and you’re getting there. I’d probably also scope down their azure RBAC privileges. If you have a ticketing system I’d force them to reference a ticket when they activate their privileged role.

Only just learned ITIL v5 is a thing...

Posted by Jerkface0079@reddit | sysadmin | View on Reddit | 137 comments

hihcadore@reddit

Totally agree and it’s unrealistic. Just like every other project management cert I’ve taken, it’s a bunch of business mumbo jumbo that describes a perfect organization and in reality, is way overly complicated.

Only just learned ITIL v5 is a thing...

Posted by Jerkface0079@reddit | sysadmin | View on Reddit | 137 comments

Running out of patience for this field.

Posted by an_anonymous-person3@reddit | sysadmin | View on Reddit | 327 comments

Anyone shutting down all IT equipment down on July 13th 11:59pm?

Posted by Ooops-I-hid-it-again@reddit | sysadmin | View on Reddit | 627 comments

Describe MSP life using only one sentence

Posted by Last-Salary-6012@reddit | sysadmin | View on Reddit | 226 comments

MSP pushing UniFi hard over SonicWall..am I overthinking this or does this smell off?

Posted by Ambitious_Active8539@reddit | sysadmin | View on Reddit | 262 comments

hihcadore@reddit

If I were your MSP, the tech stack requirement would have been contractual. I’ve not used UniFi but I’m sure it has dashboard and they can probably see all of their customers across one login. You also hire them to manage whatever, what does it matter what vendor it comes from as long as it serves the purpose? It’s way easier for them to be an expert on one product for multiple clients vs a novice across multiple. In the end you’re safer going with their suggestion.

Best way to decommission OneDrive for desktop?

Posted by nico8576@reddit | sysadmin | View on Reddit | 50 comments

hihcadore@reddit

You’re right! Not just technical but you don’t even need any coding or devops experience. You can just point it to your repo and API keys and give Claude a two liner and it can pump out a premier business webapp for you. Technically I don’t even think you need an OS anymore.

Best way to decommission OneDrive for desktop?

Posted by nico8576@reddit | sysadmin | View on Reddit | 50 comments

hihcadore@reddit

Yes, force non-technical users to learn Linux, just to prevent having to restart the OneDrive app once in awhile sounds like an amazing solution. /s

After a year of using Windows Server 2025, I'm finally throwing in the towel

Posted by sarosan@reddit | sysadmin | View on Reddit | 434 comments

hihcadore@reddit

I don’t blame them either. So many people pirated Microsoft software it was nuts. Plus they have to give you no security setting by default out the box so any nug can spin up a DC and have it working. With cloud and a subscription base model a lot of that is solved. I started with SCCM the first 2 yrs of my career then when I made the transition to Intune I was sooooooooo happy. I, being a new person to IT then, could see how they fixed a lot of the issues their old dated on-prem solutions couldn’t. I never want to go back to scrubbing 5 different log files to figure out why my PXE deployments broke.

Looking for a new Ticketing system

Posted by jrohrer@reddit | sysadmin | View on Reddit | 111 comments

After a year of using Windows Server 2025, I'm finally throwing in the towel

Posted by sarosan@reddit | sysadmin | View on Reddit | 434 comments

hihcadore@reddit

Prob not on purpose. But you’ve gotta think they aren’t putting much RND money into on-prem. It’s like you can either go buy a new electric hybrid self driving car or you can pick the car that was manufactured in 2002 and has had 10 different mechanics working on it keep it up to standard.

Newer IT Admin Trying to Turn On BitLocker for 300+ computers

Posted by drewwhose@reddit | sysadmin | View on Reddit | 152 comments

Why are developers some of the most IT inept users?

Posted by sccm_sometimes@reddit | sysadmin | View on Reddit | 782 comments

Weird issue with my notebook of my boss

Posted by Interesting_Breath_1@reddit | sysadmin | View on Reddit | 27 comments

People that have gotten into a break/fix side hustle, where did you get your clients?

Posted by F12forBIOS@reddit | sysadmin | View on Reddit | 64 comments

hihcadore@reddit

Hey thick skull. This is the original post you replied too. And what I’ve been referring to. Then they complain about windows. Same with clients. “Windows is so bloated” yea maybe but your 8 yr old laptop with 16gb of ram isn’t helping. As to your “monitoring agents,” you have no idea how computers work or how monitoring agents work. You can try and drag me down into whatever state man you’d like but I’ll say again… when you have multiple agents on a PC 8GB of ram on an old machine isn’t enough. And to school you further. You’re cherry picking what these agents do. Monitoring, sure the Ram usage is low but again I listed many agents, ninjarmm, defender, immybot where a few I mentioned you’re just skimming over. They’ll crush an old laptop. So please go back to helpdesk 1

People that have gotten into a break/fix side hustle, where did you get your clients?

Posted by F12forBIOS@reddit | sysadmin | View on Reddit | 64 comments

People that have gotten into a break/fix side hustle, where did you get your clients?

Posted by F12forBIOS@reddit | sysadmin | View on Reddit | 64 comments

People that have gotten into a break/fix side hustle, where did you get your clients?

Posted by F12forBIOS@reddit | sysadmin | View on Reddit | 64 comments

hihcadore@reddit

16 “is a lot” is what you said. Now you’re saying 8 isn’t enough lololol thank you for proving me right. It’s sad it took me educating you, for you to get there. “Monitoring” agents. Sureeeeee I guess all you think they do is “monitor” lol. Again. Go educate yourself and jump off the sysadmin subreddit. Tech support is there you should be.

Weird issue with my notebook of my boss

Posted by Interesting_Breath_1@reddit | sysadmin | View on Reddit | 27 comments

People that have gotten into a break/fix side hustle, where did you get your clients?

Posted by F12forBIOS@reddit | sysadmin | View on Reddit | 64 comments

hihcadore@reddit

Go ahead and look at ninjas documentation. Up to 2GB of ram. Try again bro. Also fold in office products and 16gb is the bare minimum. But keep trying to no look dumb.

People that have gotten into a break/fix side hustle, where did you get your clients?

Posted by F12forBIOS@reddit | sysadmin | View on Reddit | 64 comments

People that have gotten into a break/fix side hustle, where did you get your clients?

Posted by F12forBIOS@reddit | sysadmin | View on Reddit | 64 comments

People that have gotten into a break/fix side hustle, where did you get your clients?

Posted by F12forBIOS@reddit | sysadmin | View on Reddit | 64 comments

hihcadore@reddit

Then they complain about windows. Same with clients. “Windows is so bloated” yea maybe but your 8 yr old laptop with 16gb of ram isn’t helping.

IT people: what can companies actually detect?

Posted by Fit_Balance_2221@reddit | sysadmin | View on Reddit | 43 comments

Failover cluster?

Posted by dukeofurl01@reddit | sysadmin | View on Reddit | 99 comments

hihcadore@reddit

A server doesn’t fail often. And a cluster isn’t needed if something isn’t critical and can be down for a day. But what if it can’t be down for a day? The price of a second server is negligible for something that’s critical.

Microsoft 365 Business Licensing … How does it work?

Posted by HotChiTea@reddit | sysadmin | View on Reddit | 46 comments

How do you deal with the gutwrenching offboarding requests?

Posted by DesignerGoose5903@reddit | sysadmin | View on Reddit | 367 comments

What do you listen to in the datacenter?

Posted by BemusedBengal@reddit | sysadmin | View on Reddit | 142 comments

anyone actually running AI automation autonomously in prod?

Posted by Major_Layer_5664@reddit | sysadmin | View on Reddit | 27 comments

anyone actually running AI automation autonomously in prod?

Posted by Major_Layer_5664@reddit | sysadmin | View on Reddit | 27 comments

anyone actually running AI automation autonomously in prod?

Posted by Major_Layer_5664@reddit | sysadmin | View on Reddit | 27 comments

hihcadore@reddit

Running autonomously in prod is scary, there are some Claude horror stories out there. I think for reporting you’d be fine. No way it couldn’t crunch some logs or generated Md files. I have a local llm that gauges function edit risk, maps the code base, checks for orphaned code, tests, and can answer a prompt and prepare a report to cut and paste into Claude the next morning

Microsoft's own field rep is poaching my CSP customer with $500K in incentives... anyone fought back and won?

Posted by garfunko@reddit | sysadmin | View on Reddit | 128 comments

hihcadore@reddit

500k is an insane amount if saving. They could get with your hometown msp for a fraction of that saving and have you do local deskside support I’m sure.

GPO Won't Update on my AD Home Lab's Workstation

Posted by FyreBird321@reddit | sysadmin | View on Reddit | 34 comments

How do you track IT events that are not support tickets?

Posted by Aim_Fire_Ready@reddit | sysadmin | View on Reddit | 96 comments

hihcadore@reddit

Exactly. And in meetings I have to make sure I don’t go to the wrong tab and expose an API key or other secret to the teams meeting recording

How do you track IT events that are not support tickets?

Posted by Aim_Fire_Ready@reddit | sysadmin | View on Reddit | 96 comments

Microsoft 365 Business Licensing … How does it work?

Posted by HotChiTea@reddit | sysadmin | View on Reddit | 46 comments

hihcadore@reddit

Open cmd prompt and type: Whoami This will tell you who the logged in user is Whoami /groups This will tell you what local groups this user is in, helpful to see if they’re a local admin. Ipconfig /all This will tell you if they’re connected to a local domain dsregcmd /status Will tell you if the device is Entra joined and if it’s in Intune. This will give you a snapshot of the cloud management status. From those you’ll have a pretty good idea what you’re dealing with

Microsoft 365 Business Licensing … How does it work?

Posted by HotChiTea@reddit | sysadmin | View on Reddit | 46 comments

hihcadore@reddit

Yea it doesn’t look right. But it doesn’t matter if it’s right or not, if the user thinks it’ works fine it’s gonna be hard to convince them to change. I go the hipaa angle. Look at how to be hipaa compliant in m365 and it’ll help sell why it’s setup wrong and needs a change. The IT person can’t restrict the domain owner from their m365 tenant, that’s illegal. So there hands aren’t tied here. Worst case Microsoft has to get involved.

Microsoft 365 Business Licensing … How does it work?

Posted by HotChiTea@reddit | sysadmin | View on Reddit | 46 comments

hihcadore@reddit

Looks like they have one license and it’s used between multiple people. Think this is a no no for hipaa and could get them in trouble. They should contact an MSP and have a proper onboarding. Business standard should be applied per user and it comes with the m365 apps they’re using. You can also manage the device and tie the configurations to it by either the organization, a group the user is in, a group the device is in, or the specific user. In this shop it’d prob be one config for everyone but just explaining for clarity. When properly setup it makes management super easy. Onboarding and offboarding are cake and they don’t have to do weird work arounds like you see in places like this that are mismanaged. I think you said this is an oral surgeons setup? They can def afford some business premium accounts and hire a top tier MSP to make it easy for them.

Help desk vs Sysadmin

Posted by b3b0p831@reddit | sysadmin | View on Reddit | 75 comments

hihcadore@reddit

Hahaha I’ve had to figure out how to tell someone nicely either a) their monitor wasn’t on or b) they can’t connect to the wifi while their laptop is on airplane mode and ethernet cable is unplugged so many times.

Help desk vs Sysadmin

Posted by b3b0p831@reddit | sysadmin | View on Reddit | 75 comments

hihcadore@reddit

Def not true. A jr sysadmin isn’t taking initial response / triage calls like T1 They’re more like a T2+ Just mature enough to be trusted with things that can affect 100s of users (like altering a GPO or config profile) but not at the point they can design or be trusted to head their own project. So they float between taking tier 2 type tickets and doing project work.

How to Learn Microsoft Active Directory from Basics?

Posted by Prestigious-Owl1391@reddit | sysadmin | View on Reddit | 33 comments

Intune device configuration profiles— what is best practice?

Posted by Axelpeach@reddit | sysadmin | View on Reddit | 21 comments

hihcadore@reddit

Exactly. Sounds like they mean “baseline policy” but don’t know enough to ask for it. Or know enough to comb through 20 profiles to find the settings. I’d say, hey security dudes, I’ll create an extra special policy just for you, you can audit your baseline and see exactly what configs are applied and what devices are excluded. Leave the rest of the endpoint management to my team. I don’t want edge case settings lumped into one. Besides I have idea how this would even work. You’d have no way to have granular settings per department.

Push to Verify Using the Microsoft Authenticator App

Posted by cheesehead1996@reddit | sysadmin | View on Reddit | 46 comments

hihcadore@reddit

Hahahaha feel this one! And more funding. Miraculously accounting and the c suite see value in EDR subscriptions and server hardware upgrades too.

Push to Verify Using the Microsoft Authenticator App

Posted by cheesehead1996@reddit | sysadmin | View on Reddit | 46 comments

hihcadore@reddit

Hahahaha exactly. I have a presentation due to the ceo in an hour. Do you wanna tell him why I can’t complete it? ….. no but your manager can

Push to Verify Using the Microsoft Authenticator App

Posted by cheesehead1996@reddit | sysadmin | View on Reddit | 46 comments

Coworkers writing impossible-to-follow documentation, how to cope?

Posted by Relative_Hippo2549@reddit | sysadmin | View on Reddit | 145 comments

Sole 365 Admin - best way to protect Global Admin

Posted by Wide_Local_1896@reddit | sysadmin | View on Reddit | 33 comments

hihcadore@reddit

Approach admin creds like an onion. Your regular daily use account has no admin roles. A desktop admin account that handles endpoint administration requirements. A server admin account that handles admin requirements on servers or non-endpoints. And a global admin account. A breakglass global admin account with a yubikey for MFA. Give it to the owner in an envelope with login instructions and with the brief only use if I die in a firey car crash or you fire me and please keep this in the safe.

Can I legally and technically fuck my company over?

Posted by MeasurementLoud906@reddit | sysadmin | View on Reddit | 52 comments

hihcadore@reddit

I don’t this is a good idea. Nothing good ever comes from something like this. 1) you developed this for your company, how do you prove it’s really “your software” 2) if you get into a heated dispute nothing stops them from claiming it’s their intellectual property and taking you to court forcing you to prove otherwise when sales take off 3) Reddit isn’t a place to ask these types of questions. You need to talk to a lawyer in your state that handles these types of cases.

Sysadmins who use password managers: what’s your actual password generation strategy these days?

Posted by 4AVcnE@reddit | sysadmin | View on Reddit | 105 comments

hihcadore@reddit

I used to write them down as a backup and stick them in a “PowerShell in action” book. Pretty safe there, no one ever took up my offer to use it to get better at PowerShell.