Sysadmin

This is an automated archive.

The original was posted on /r/sysadmin by /u/b00nish on 2024-01-24 12:50:22+00:00.

Just a little rant and warning regarding Dropbox.

We don't use it for business but the boss of a company which is a customer of ours used it on his private laptop that died. He had activated the feature "dropbox backup" which stores a copy of some typical folders (Desktop, Documents, ...) in a separate area of the Dropbox.

Now we had to setup his new private laptop and wanted to access/use that backup.

But wait: you can't!

The Dropbox client has no "Restore" feature, unless it's the same computer & installation that you did the backup from.

The only way you can "access" (well, not really) the backup from another computer ist to download the whole thing via a webbrowser. Just that this doesn't work either, because that feature would provide the whole backup in one huge ZIP-File... but then fails doing so, because the backup is of course much too big to be provided via a ZIP-Download in the browser.

In other words: if you use Dropbox' Backup feature, you send all your data to Dropbox but have in most scenarios no way to get any of that data back. Ever. It's completely useless.

Unbelieveable that they have the nerve to release this nonsense and give their users a false sense of security.

This is an automated archive.

The original was posted on /r/sysadmin by /u/IN33DAB33R on 2024-01-23 23:48:37+00:00.

Stay safe out there. The only person who is really looking out for you is yourself.

This is an automated archive.

The original was posted on /r/sysadmin by /u/Atacx on 2024-01-23 23:08:58+00:00.

Currently creating a full documentation of my company. Found a good tool to document assets and their connections and documented everything.

Sadly this is still „too technical“ for some and I would like to make for example network diagrams or something like mailflow.

Do I just use Visio for that or is there is quicker/better way?

This is an automated archive.

The original was posted on /r/sysadmin by /u/SomethingCleverISee on 2024-01-23 21:26:22+00:00.

A business I support has some "public" computers for their clients, who live in a residential facility. The clients have discovered they can install VPN apps via the Microsoft Store to bypass our content filtering.

I have opened local group policy editor, gone to User Configuration > Administrative Templates > Windows Components > Store, and set "Turn off the store application" to "Enabled"

This has no effect, and the Store can still be opened and used to install apps. The policy does show as applied when running RSOP as the user. I have done it on two PCs and rebooted, but no effect.

Am I missing something? Is it no longer possible to disable the Microsoft Store application?

This is an automated archive.

The original was posted on /r/sysadmin by /u/Next-Landscape-9884 on 2024-01-23 20:42:19+00:00.

User is receiving non stop emails any one ran into the issue before if so what have you done? We got proof points with filters along with user based filters to block some keywords and external domains

This is an automated archive.

The original was posted on /r/sysadmin by /u/Cheese-Owl on 2024-01-23 20:30:54+00:00.

Just last week, I recall being left in purgatory by some places I interviewed at in the beginning of the month. I also got rejected after the first round or ghosted as well. I was seriously considering walking into restaurants and taking large pay cuts to work there while unemployed. I got a call from a recruiter who needed me to start ASAP (tomorrow) on Friday evening, and I got scheduled for an interview yesterday morning. I got the job and will start tomorrow, even though it’s a one month contract. I also had 3 other interviews today and got a message from a contact who submitted me for a position at her company after she came back from PTO. I’ve also been getting messages from recruiters as well.

I don’t know how to manage and keep all these folks on the line. I’m going to need them once my contract ends.

This is an automated archive.

The original was posted on /r/sysadmin by /u/ryukingu on 2024-01-23 20:11:45+00:00.

I’ll be in charge of choosing a new image deployment software and implementing it soon but I have no experience with these things. It’s a decently big business that is acquiring smaller businesses.

What I’ve gathered from my research was, For Mac ADE/DEP & JAMF and for windows MDT/WDS.

Also can anybody give me any pros and cons or why you would use these over any other softwares ?

This is an automated archive.

The original was posted on /r/sysadmin by /u/d0ugparker on 2024-01-23 19:29:38+00:00.

I'm using this

and this

to bump the drive size up on an original MacbookAir1,1, A1237. However, the original, 40-pin, ZIF flex cable doesn't feel as though it's bottoming out, nor does the friction lock on the adapter (the -9177 unit) hold the cable when its lever is in the clamped position.

Has anyone else made the same modification?

Is there a different flex cable required?

This is an automated archive.

The original was posted on /r/sysadmin by /u/AuPo_2 on 2024-01-23 19:02:51+00:00.

As I am writing this I am on a 22 minute hold queue. User cannot log in even after we have reset password 3 or 4 times to different passwords. After this call I will open my migration ticket to Microsoft. Sometimes they have great service, Ill admit that, but when I have to wait this long to figure out this frequent issue I start to get agitated. They always like to fight with me when I request a migration as well, saying they have the exact same licenses that Microsoft offers (yeah OK). Not only that, after the migration they leave their GD Encryption rules and connectors which should be removed by them anyways!

Update while writing: The tech doesn't even know why the password resets aren't going through lmao.

This is an automated archive.

The original was posted on /r/sysadmin by /u/tperondi on 2024-01-23 14:28:51+00:00.

Hi everyone,

I have a dilemma at work today. One of our customers has asked us for a specific type of GPU for machine learning operations to be installed in their ML350 Gen11. HP officially supports only a few graphics accelerators that are out of the budget for this project. Has anyone of you ever tried to install non-officially supported video cards on these servers? Unfortunately, since they are relatively new models, I have found very little information about it. My fear is that HP may have inserted some hardware block that prevents unauthorized hardware from working. What do you think?

Thanks.

This is an automated archive.

The original was posted on /r/sysadmin by /u/Alberto_Cavelli on 2024-01-24 12:30:22+00:00.

Hey guys!

we have a situation that is messing up computers quite badly after "some" recent updates. I am still not sure which update is causing this issue to happen, but we have a variety of windows 10/11 machines with different brands like Dell and Lenovo that are being messed up and unable to boot after the computer restart.

The machine restarts, and it fails to load the OS, it attempts to start diagnostics but also fails to do that.

The problem is identical to the below case:

Booting in safe mode/with networking/ with cmd doesn't work.

The only thing that can be done is to reset the computer. This is getting really tricky and challenging to deal with specially with remote users, so any insight that you can get to help prevent this issue would be highly appreciated!

This is an automated archive.

The original was posted on /r/sysadmin by /u/DenSataniskeHest on 2024-01-24 12:19:27+00:00.

So im about to move to a company where im supposed to manage linux servers, from a windows maschine. I cant install linux, it has to be windows. So what are the best options for doing so? just use the default windows terminal, and do my ssh from there? install wsl and do it from there? What is the best way to manage username and passwords?

Currently im using a mac with iterm2, and i love that function where it can insert a password(with option + command and f), along with sniplets and other stuff. Are there anything similar? without going overboard with huge guis and stuff?

This is an automated archive.

The original was posted on /r/sysadmin by /u/bukkithedd on 2024-01-24 12:18:07+00:00.

I was recently given the fairly hellish task of making sure that the managers our users sort under matches what's been set in D365 F&O, which got me thinking: Do others move OUs etc in AD around in order to reflect changes in the organizations and making them match?

So far I've mostly stuck to dealing with AD organized by a Location - Department - Job Function kind of way, which has served me pretty well since we don't have a lot of users (only about 200ish, which is tiny compared to those of you than handle 5000+). But I'm interested in hearing how you've chosen to organize things, and how/if you keep your AD more in tune with whatever shenanigans the execs come up with in terms of departments etc.

This is an automated archive.

The original was posted on /r/sysadmin by /u/i0n1ze on 2024-01-24 12:10:40+00:00.

Registrar prices are getting out of control these days. I own a .com domain name, that I used to pay ~11€/year back when I first acquired it in ~2016.

My renewal bill just came in today, and it's 22.80€. Basically the price doubled in the span of 8 years.

I know that, being yearly, it isn't that big of a deal, and when you put it in perspective with the inflation in electricity and server components prices, the increase might be justified.

But still, I solely use that domain name for my blog, that I generate 0 revenue with. Also, I manage my own DNS and don't rely on the registrar for name resolution.

So I was wondering if there were registrars that only let you set a domain delegation in exchange of a reduced annual renewal cost ? Technically they would be just handling a SOA, NS and A record, so they would receive lesser traffic than managing the whole zone, which can reflect in reduced infrastructure costs.

This is an automated archive.

The original was posted on /r/sysadmin by /u/maevian on 2024-01-24 11:55:42+00:00.

As we are trying to go passwordless, I was trying to configure RDS with WHfB. Remote Credential Guard isn't an option for as, as it is not compatible with an RDS broker. I was following the microsoft documentation:

Login works, but when I try to connect to RDS, it default to a local PIN or fingerprint, while it should default to the security device credential. Screenshot:

Anyone that had the same issue?

This is an automated archive.

The original was posted on /r/sysadmin by /u/mro21 on 2024-01-24 11:48:12+00:00.

So when we have a DMARC record configured, does that mean that SPF and DKIM must validate, or is it enough that either one or the other is ok (however both must not fail)?

Or does that not even have anything to do with DMARC? Probably people can choose to do whatever they want, i.e. they can probably configure their system such that 1) there must be a DMARC policy at the sender 2) SPF and DKIM must validate.

Thoughts?

This is an automated archive.

The original was posted on /r/sysadmin by /u/PutCommon on 2024-01-24 11:24:40+00:00.

Just as title says, to clarify, you can't normally set lockscreen image with GPO for Windows 11 Pro computers, as it only works for Enterprise and Education, however you could set these 3 different PersonalizationCSP registry keys and it would work, so I had this setup for one of my customers, but suddenly the 12th December last year, it just stopped working, anybody has any info regarding this? Has Microsoft finally prevented this to work with one of their updates? Do any of you still use PeronalizationCSP registry keys to set lockscreen image with GPO with the latest update and it still works on Pro devices?

Thanks in advance

This is an automated archive.

The original was posted on /r/sysadmin by /u/Alzzary on 2024-01-24 11:13:27+00:00.

I just had the most productive meeting in my life today.

I am the sole sysadmin for a ~110 users law firm and basically manage everything.

We have almost everything on-prem and I manage our 3 nodes vSphere cluster and our roughly 45 VMs.

This includes updating and rebooting on a monthly basis. During that maintenance window, I am regularly forced to shut down some critical services. As you can guess, lawers aren't that happy about it because most of them work 12 hours a day, that includes my 7pm to 22pm maintenance window one tuesday a month.

My boss, who is the CFO, asked me if it was possible to reduce the amount of maintenance I'm doing without overlooking security patching and basic maintenance. I said it's possible, but we'd need to clusterize parts of our infrastructure, including our ~7TB file, exchange and SQL/APP servers and that's not cheap. His answer ?

"There are about 20 lawers who can't work for 3 hours once a month, that's about a 10k to 15k loss. Come with a budget and I'll defend it".

I love this place.

This is an automated archive.

The original was posted on /r/sysadmin by /u/RedditFullOChildren on 2024-01-23 16:41:32+00:00.

Lately my team has been experiencing backup failures (B&R) and defender alerts regarding excel spreadsheets/macros identifying as Emotet!pz. These files have resided on the drive (both active appdata and shadowcopies) and are just now being identified. VirusTotal has no hits on the reported file(s) and searching around google (as much is possible these days) shows a similar result, most say it's a false positive.

Just curious if we're expected to clear all shadowcopies to allow our backups to continue? Seems like a big hole in MS's Defender operations but I could have all of this wrong.

This is an automated archive.

The original was posted on /r/sysadmin by /u/domanpanda on 2024-01-24 09:09:41+00:00.

1. My Unifi AP broadcats 2 SSIDs both on 2 separate VLANS. Ive seen in reddit that many ppl do the same even in companies networks.
2. Ive seen A LOT of people recommend and/or create "router-on-a-stick" setups with one WAN and one LAN gear - either with custom hardware (pfsense,opnsense, sophox xg, openwrt) or commercial boxes like Firewalla purlple, netgate, etc.

So is hopping not as serious threat as various youtube videos show?

This is an automated archive.

The original was posted on /r/sysadmin by /u/ShirtResponsible4233 on 2024-01-24 08:55:31+00:00.

Hi

I have sometimes an issue when connecting to a server via remote desktop. I still see the current toolbar when full screen instead of the servers toolbar. Very annoying. I have tried various of taskbar settings without any solution. Any idea?

Thanks in advance

This is an automated archive.

The original was posted on /r/sysadmin by /u/Important_Ad_3602 on 2024-01-24 08:49:36+00:00.

I have 2 Dell Hyper-V hosts, one being replication destination / standby in case of failure. These servers are connected to an out-of-band network via iDrac. They are powered via 2 UPSes both connected to a seperate outlet.

Now, when the power fails on both outlets, the UPSes send an SMTP trap to my out-of-band server. I want it to then immideately shutdown the standby Hyper-V host, to preserve power. But ONLY if it is not running Hyper-V guests.

So i need some way of communication between the OS and iDrac. In the manual i found "OS to iDRAC Pass-through" which may be what i need. Is there a risk in enabling this feature, since it gives the OS access to the iDrac module? Or is there another way to achieve what i want? Manipulate a hardware device that the iDrac monitors via SNMP trap?

This is an automated archive.

The original was posted on /r/sysadmin by /u/Disastrous-Title-911 on 2024-01-24 08:35:06+00:00.

So ive never had to do this because the jobs i had dint have a need for it but im 6 months into my "new" job and this place has no documentation or is old af so id like to know what you guys do when you join a new company

• How do you guys map/document the infra (what software/tool)
• where do you start, what is your process
• Where do you "limit/stop" yourself ?
• do you also do some pen testing ?
• please say anything you think is usefull important to know be it concepts, best practices, tools, etc

I dont want an extensive guide just stuff to google it and learn

This is an automated archive.

The original was posted on /r/sysadmin by /u/ReputationOld8053 on 2024-01-24 08:32:02+00:00.

Hi there,

we have around 8000 clients managed by SCCM and around 10 % haven't still installed the November updates. When I check the clients in most cases I cannot even do a DISM repair because of broken packages and unavailable sources. Checking the CBS.log I see that in a lot of cases the WHfB or the OneDrive package is broken. If I copy those files into the WinSXS folder I can do a dism repair and finally install the missing updates. Of course, this job would be a night mare.

Another workaround is to redeploy the install.wim and do a repair of the installation. After that I can also apply the latest updates. I automated this, but still feels wrong.

However, what most worries me is the high amount of broken installation and I cannot figure out why. We install the vanilla image, no changes there. We don't even use WHfB so that we use the package in any way that it might have been modified.

At home I never had these kind of issues, but also at home I am not using professional HP hardware ;)

Anyone else with these experiences?

Thanks

Stephan

This is an automated archive.

The original was posted on /r/sysadmin by /u/nogudatmaff on 2024-01-24 08:26:27+00:00.

Hey all,

I have a Precision Rackmount machine that has two Quadro cards in it. I want to put a virtual machine on there which can make use of one of these cards.

I have read that VMWare workstation PRO does not have “GPU pass through” feature (although apparently it can make use of dedicated GPU)

Can anyone recommend a solution?