systonia_

Outbound Firewall Exclusions for Windows Update & Defender Definitions

Posted by crypsis1@reddit | sysadmin | View on Reddit | 2 comments

systonia_@reddit

Hi you need to allow the ISDB Object and also an additional rule that allows [update.microsoft.com](http://update.microsoft.com) reason is that the ISDB object contains a static list of IPs, but Microsoft constantly adds and removes IPs due to CDN usage, but these IPs do not get published anywhere from MS. Both together works fine for me

vMware Vsphere alternatives (moving away)

Posted by buturi1@reddit | sysadmin | View on Reddit | 58 comments

systonia_@reddit

In this size I'd heavily look into proxmox. It would fit you very well. If you insist on "enterprise" stuff, either hyperv without scvmm or nutanix. There is also Citrix, if you already use their licenses

What would you say to users

Posted by OkLifeguard9851@reddit | sysadmin | View on Reddit | 172 comments

systonia_@reddit

"Yeah stupid MS. Office is a PITA. Slow since forever, but hey, they keep adding AI crap to it instead of fixing it" You deflect the blame and side with them.

Be honest - how do you handle documentation when you're the only IT person?

Posted by sandb0x79@reddit | sysadmin | View on Reddit | 266 comments

systonia_@reddit

I early on in my career started following documentation first principle. Whenever I do something, before I set it, I document it. fE when I create a new VM, I first find a free IP, write that Servername to it, then set that IP in the VM. When I setup something new where I don't know what I am doing, I do work my way to the final config, write down the things that I had to look up etc(so a lightweight docu) then I delete it, redo it with my new knowledge and docu, and while I do that, I properly document. Every docu I have is having all the steps someone needs to redo what I did, without the manual research. This way you also always update your docs. You just have to stay with it. Once you're doing it like this, it feels unnatural to not document everything

Recommendations for rock solid 2.4Ghz AP?

Posted by Mindestiny@reddit | sysadmin | View on Reddit | 55 comments

Microsoft: Perform in-place upgrades to Windows Server 2025 with one reg key.

Posted by techvet83@reddit | sysadmin | View on Reddit | 75 comments

Windows Server MFA with Admin Approval (instead of user-based 2FA) — Is this possible?

Posted by Thebanday1@reddit | sysadmin | View on Reddit | 40 comments

What essential tools do you use in your daily work as a sysadmin

Posted by petshell@reddit | sysadmin | View on Reddit | 128 comments

Updating Servers

Posted by thesterv@reddit | sysadmin | View on Reddit | 55 comments

Hey /r/Sysadmin! What do you use for your home router? 2026 Edition

Posted by ScannerBrightly@reddit | sysadmin | View on Reddit | 980 comments

Best practise for staff requesting a second laptop for WFH

Posted by psgda@reddit | sysadmin | View on Reddit | 625 comments

systonia_@reddit

We had this also. People leave their laptop in the office when they want to do HO the next day. Can't make this up. Unbelievable. So people wanted one for home. We pushed back and of course there were a bunch of very special ones that insisted. So we made it a tripple jump. Their department must pay for it. The head of must provide a business case why it is needed. If one of the 2 devices is offline for over 2 months, it gets returned.

DC offline 3 days

Posted by Ok_SysAdmin@reddit | sysadmin | View on Reddit | 8 comments

DC offline 3 days

Posted by Ok_SysAdmin@reddit | sysadmin | View on Reddit | 8 comments

We don’t need MFA on VPN, our devices are secure

Posted by Due-Awareness9392@reddit | sysadmin | View on Reddit | 10 comments

systonia_@reddit

There is no way an attacker can dialup your VPN with credentials only, if you require device certs for dialup. Something is missing here. Certificates are a perfectly valid second factor, btw. Also, saml saml with windows hello is also MFA, and doesn't require the user to do anything at all do dial up, as the device is already authenticated

How to force +500 Clients to renew their IP address on the network ?

Posted by Head-Web-404@reddit | sysadmin | View on Reddit | 285 comments

systonia_@reddit

set low dhcp lease time remote powershell to ipconfig /renew GPO with a runonce scheduled task to ipconfig /renew turn switchports off/on reboot clients reboot switches Powercycle entire building

Have the opportunity to get about three months pay in exchange for voluntary resignation

Posted by UKCeMTMj36o8h8@reddit | sysadmin | View on Reddit | 87 comments

systonia_@reddit

oof youre getting lowballed. we had a little layoff round end of 2024 and the people got way more than that. Depending on how long they worked at the company, 6 to 12 months of payments.

If Defender for Office would stop flagging legit services...

Posted by oldgeektech@reddit | sysadmin | View on Reddit | 30 comments

Finding 270 GB used by c:\windows\installer; most packages tagged as 'PatchSourceList' - need ideas for safely reducing the size

Posted by Ruthlessrabbd@reddit | sysadmin | View on Reddit | 49 comments

systonia_@reddit

I had that recently with Adobe filling the installer folder with map files. Hundreds of files around 600mb. Uninstalled reader and then ran disk cleanup. All that crap got removed.

Fingerprint attendance systems sound good… until you use them every day

Posted by ClockInFace@reddit | sysadmin | View on Reddit | 46 comments

systonia_@reddit

what the ....? Fingerprint for clocking in is already insane from a data security POV. Fuck no you dont get my fingerprint data. but even worse is the hygiene. All these disgusting pigs that do not wash their hands after they poop , these digusting nosepickers out there. No fucking way I put my finger on that.

What is your biggest time waster in IT???

Posted by GoldTap9957@reddit | sysadmin | View on Reddit | 267 comments

What is your biggest time waster in IT???

Posted by GoldTap9957@reddit | sysadmin | View on Reddit | 267 comments

systonia_@reddit

Unnecessary meetings with unnecessary people that only like to hear themselves talk. And then there are "please investigate network. It is slow" tickets. And never even once it actually has been a network problem.

I feel as though AI is already taking IT jobs indirectly

Posted by Life_Show8246@reddit | sysadmin | View on Reddit | 59 comments

How do you deal with users who refuse to lock their laptop when walking away?

Posted by heartgoldt20@reddit | sysadmin | View on Reddit | 950 comments

Possibly Scammed on Facebook Marketplace

Posted by AttackOnTrails@reddit | sysadmin | View on Reddit | 25 comments

Critical ERP system can't do OAuth and Microsoft is killing basic auth next month

Posted by Severe_Part_5120@reddit | sysadmin | View on Reddit | 551 comments

If one Intune-level admin account gets compromised, what actually saves you?

Posted by Potential-Glove-5278@reddit | sysadmin | View on Reddit | 21 comments

How do you guys actually handle drive wipe documentation when decommissioning hardware?

Posted by Right_Tangelo_2760@reddit | sysadmin | View on Reddit | 86 comments

systonia_@reddit

We have a metal box where we throw drives into. When fully a company collects that box and then destroys the drives. You get a list of the drive SNs and certificate of destruction. They basically throw it all into a big metal shredder

Patching challenges when users turn their computers off every night

Posted by Frequent_Rate9918@reddit | sysadmin | View on Reddit | 172 comments

systonia_@reddit

Updates get downloaded and auto install during shutdown/start. If the user doesn't shutdown his PC, we give a warning that updates need to be installed and that in the evening he needs to shutdown properly. After 3 warnings, the user gets a warning of a forced reboot at 12:00, which is lunch time. It does so until patches are all installed.

Considerations When Keeping Non-WORM Tapes LTO in the Library

Posted by Ashamed-Wedding4436@reddit | sysadmin | View on Reddit | 7 comments

Reattach data disk after Windows re-install???

Posted by vaginasaladwastaken@reddit | sysadmin | View on Reddit | 21 comments

systonia_@reddit

Which OS and what filesystem did the host have? Classic windows with 2 NTFS disks should do this without an issue. Linux with anything other than a Ext4 may look very different. Post some Details

Not sure if I'm facing corporate bullying

Posted by ActualNeverEvent@reddit | sysadmin | View on Reddit | 44 comments

systonia_@reddit

Prepare your resume, document the bad behavior of the others, make sure they know why you left and hand them the documentation. Leave professionally, don't look back

Consistent Perfect Backups?

Posted by Mr_Dobalina71@reddit | sysadmin | View on Reddit | 59 comments

systonia_@reddit

I use Commvault here and have 99.x. Most of the time it is perfect. Depends a lot on your environment of course. But Commvault has a ton of agents that are at a point of working flawless

What’s your best use case for AI in your company so far?

Posted by ranrib@reddit | sysadmin | View on Reddit | 220 comments

systonia_@reddit

Therapy AI for me. I write my text the way I want. I give it to AI and let it rewrite professionally. It removes the insults and lets me sound like a sane and calm, professional person

I don't understand why the path to becoming a sysadmin can be so difficult. reality is a soldering iron and a 14-hour grind.

Posted by Unlucky-Ad-5157@reddit | sysadmin | View on Reddit | 24 comments

systonia_@reddit

If you tie yourself to a relative, pinning you to a village without any jobs in your field, and you also don't get a car to drive to a company: what do you think will happen? A company moving to you? Remote work as a beginner? You are young. Care for yourself. Move and/or get a car.

IT Admin (5 years, on-prem) earning 2300€ net – how to increase salary / switch specialization?

Posted by 0xSebulba@reddit | sysadmin | View on Reddit | 31 comments

systonia_@reddit

Net doesn't mean anything to have an idea for fair payment. If you have Taxclass1 that means you get around 3500 gross With Taxclass1 5 you'd be around 6500 So gross is what is needed here. Also the area is important. Southern Germany pays generally better than eastern. That said, let's assume class1, means 3500 gross. That isn't too bad for a rural area and a small company, depending on your duties and skills. For 5 years, i'd say around 4000 should be possible even in a smaller company. To increase, go for bigger companies. They pay better and give more bonuses. Specialize. Devops, security, etc. The usual. But in small companies will always pay worse

robots.txt Wars

Posted by jedimarcus1337@reddit | sysadmin | View on Reddit | 25 comments

Org is banning Notepad++

Posted by PazzoBread@reddit | sysadmin | View on Reddit | 968 comments

What is your favorite enterprise backup solution?

Posted by Key-Brilliant9376@reddit | sysadmin | View on Reddit | 46 comments

systonia_@reddit

General opinion will be veeam. It just works, but has basically no options. It's easy to setup. I personally prefer Commvault, which is a bitch to set up and has a trillion of settings. But it can do absolutely anything you may ever think of. If it runs as you want, it won't fail.

Did I break the server, or was it already broken?

Posted by mediumevil@reddit | sysadmin | View on Reddit | 28 comments

systonia_@reddit

Well, 150*30 is 4500. That alone is not the reason for a crash. It's literally nothing, even for a heavily undersized server. Something that holds 100+tb of data shouldn't be run by something with the power of a smartwatch, so there is no way this overloads that server. Can you reproduce the issue by running your stuff?

How are you automating repetitive, document-heavy tasks with AI in 2026?

Posted by Fluffy_Tourist8558@reddit | sysadmin | View on Reddit | 25 comments

Child Folders Randomly Losing Inheritance

Posted by Relevant_Stretch_599@reddit | sysadmin | View on Reddit | 4 comments

Do you guys have a system in place to remind you rotate security keys etc.

Posted by TraditionalBag5235@reddit | sysadmin | View on Reddit | 14 comments

Recommendations for my first gaming PC

Posted by Mobile-Ad-5526@reddit | sysadmin | View on Reddit | 3 comments

Copilot can't even automatically resize screenshots in MS Word...yes AI is overhyped

Posted by sys_admin321@reddit | sysadmin | View on Reddit | 88 comments

I just need to vent

Posted by phalangepatella@reddit | sysadmin | View on Reddit | 231 comments

systonia_@reddit

He may be a clueless idiot, but holy hell, is the C Level even dumber. By a lot. How can you live in 2025, even as a completely Non-IT person, and think that Excel is the right tool for your own Companys ERP

Endpoint Manager for Windows Recommendation??

Posted by Actual-Astronaut7845@reddit | sysadmin | View on Reddit | 92 comments

systonia_@reddit

What is the explanation (and who decided it?) for going with home? Managing 300 clients without management tools is criminal. No patch management, no policy management, no central user management. Jesus Christ. I would not accept that at all.

Be honest - is signing before year-end ever worth it?

Posted by killas19958@reddit | sysadmin | View on Reddit | 39 comments

Best practice for MFA on local admin accounts on network gear?

Posted by ChaoticHeresy@reddit | sysadmin | View on Reddit | 57 comments

systonia_@reddit

MFA does not necessarily mean that you need to have AzureMFA or something like that. Depending on what your hardware supports, having a Yubikey is a perfect second factor We have our daily Accounts with MFA, but there is also a Breakglass account without, but it is limited to the Management interface which requires local access to the device, for this exact scenario. The physical presence and access to the serverroom is a perfectly valid second factor

Primary Domain Controller Hardware failure - How to Restore

Posted by FTWNiners@reddit | sysadmin | View on Reddit | 427 comments

Primary Domain Controller Hardware failure - How to Restore

Posted by FTWNiners@reddit | sysadmin | View on Reddit | 427 comments

systonia_@reddit

can you at least access the data on the disk ? If so, make a clone of the disk and put that in another server and try to get that working. Or use one of the P2V Tools to make a VM out of that. in any case, whoever decided that a single DC running on stonage old hardware without a backup is a good idea needs to get fired .