Sysadmin

This is an automated archive.

The original was posted on /r/sysadmin by /u/b00nish on 2024-01-24 12:50:22+00:00.

Just a little rant and warning regarding Dropbox.

We don't use it for business but the boss of a company which is a customer of ours used it on his private laptop that died. He had activated the feature "dropbox backup" which stores a copy of some typical folders (Desktop, Documents, ...) in a separate area of the Dropbox.

Now we had to setup his new private laptop and wanted to access/use that backup.

But wait: you can't!

The Dropbox client has no "Restore" feature, unless it's the same computer & installation that you did the backup from.

The only way you can "access" (well, not really) the backup from another computer ist to download the whole thing via a webbrowser. Just that this doesn't work either, because that feature would provide the whole backup in one huge ZIP-File... but then fails doing so, because the backup is of course much too big to be provided via a ZIP-Download in the browser.

In other words: if you use Dropbox' Backup feature, you send all your data to Dropbox but have in most scenarios no way to get any of that data back. Ever. It's completely useless.

Unbelieveable that they have the nerve to release this nonsense and give their users a false sense of security.

This is an automated archive.

The original was posted on /r/sysadmin by /u/IN33DAB33R on 2024-01-23 23:48:37+00:00.

Stay safe out there. The only person who is really looking out for you is yourself.

This is an automated archive.

The original was posted on /r/sysadmin by /u/Atacx on 2024-01-23 23:08:58+00:00.

Currently creating a full documentation of my company. Found a good tool to document assets and their connections and documented everything.

Sadly this is still „too technical“ for some and I would like to make for example network diagrams or something like mailflow.

Do I just use Visio for that or is there is quicker/better way?

This is an automated archive.

The original was posted on /r/sysadmin by /u/SomethingCleverISee on 2024-01-23 21:26:22+00:00.

A business I support has some "public" computers for their clients, who live in a residential facility. The clients have discovered they can install VPN apps via the Microsoft Store to bypass our content filtering.

I have opened local group policy editor, gone to User Configuration > Administrative Templates > Windows Components > Store, and set "Turn off the store application" to "Enabled"

This has no effect, and the Store can still be opened and used to install apps. The policy does show as applied when running RSOP as the user. I have done it on two PCs and rebooted, but no effect.

Am I missing something? Is it no longer possible to disable the Microsoft Store application?

This is an automated archive.

The original was posted on /r/sysadmin by /u/Next-Landscape-9884 on 2024-01-23 20:42:19+00:00.

User is receiving non stop emails any one ran into the issue before if so what have you done? We got proof points with filters along with user based filters to block some keywords and external domains

This is an automated archive.

The original was posted on /r/sysadmin by /u/Cheese-Owl on 2024-01-23 20:30:54+00:00.

Just last week, I recall being left in purgatory by some places I interviewed at in the beginning of the month. I also got rejected after the first round or ghosted as well. I was seriously considering walking into restaurants and taking large pay cuts to work there while unemployed. I got a call from a recruiter who needed me to start ASAP (tomorrow) on Friday evening, and I got scheduled for an interview yesterday morning. I got the job and will start tomorrow, even though it’s a one month contract. I also had 3 other interviews today and got a message from a contact who submitted me for a position at her company after she came back from PTO. I’ve also been getting messages from recruiters as well.

I don’t know how to manage and keep all these folks on the line. I’m going to need them once my contract ends.

This is an automated archive.

The original was posted on /r/sysadmin by /u/ryukingu on 2024-01-23 20:11:45+00:00.

I’ll be in charge of choosing a new image deployment software and implementing it soon but I have no experience with these things. It’s a decently big business that is acquiring smaller businesses.

What I’ve gathered from my research was, For Mac ADE/DEP & JAMF and for windows MDT/WDS.

Also can anybody give me any pros and cons or why you would use these over any other softwares ?

This is an automated archive.

The original was posted on /r/sysadmin by /u/d0ugparker on 2024-01-23 19:29:38+00:00.

I'm using this

and this

to bump the drive size up on an original MacbookAir1,1, A1237. However, the original, 40-pin, ZIF flex cable doesn't feel as though it's bottoming out, nor does the friction lock on the adapter (the -9177 unit) hold the cable when its lever is in the clamped position.

Has anyone else made the same modification?

Is there a different flex cable required?

This is an automated archive.

The original was posted on /r/sysadmin by /u/AuPo_2 on 2024-01-23 19:02:51+00:00.

As I am writing this I am on a 22 minute hold queue. User cannot log in even after we have reset password 3 or 4 times to different passwords. After this call I will open my migration ticket to Microsoft. Sometimes they have great service, Ill admit that, but when I have to wait this long to figure out this frequent issue I start to get agitated. They always like to fight with me when I request a migration as well, saying they have the exact same licenses that Microsoft offers (yeah OK). Not only that, after the migration they leave their GD Encryption rules and connectors which should be removed by them anyways!

Update while writing: The tech doesn't even know why the password resets aren't going through lmao.

This is an automated archive.

The original was posted on /r/sysadmin by /u/tperondi on 2024-01-23 14:28:51+00:00.

Hi everyone,

I have a dilemma at work today. One of our customers has asked us for a specific type of GPU for machine learning operations to be installed in their ML350 Gen11. HP officially supports only a few graphics accelerators that are out of the budget for this project. Has anyone of you ever tried to install non-officially supported video cards on these servers? Unfortunately, since they are relatively new models, I have found very little information about it. My fear is that HP may have inserted some hardware block that prevents unauthorized hardware from working. What do you think?

Thanks.

This is an automated archive.

The original was posted on /r/sysadmin by /u/Alberto_Cavelli on 2024-01-24 12:30:22+00:00.

Hey guys!

we have a situation that is messing up computers quite badly after "some" recent updates. I am still not sure which update is causing this issue to happen, but we have a variety of windows 10/11 machines with different brands like Dell and Lenovo that are being messed up and unable to boot after the computer restart.

The machine restarts, and it fails to load the OS, it attempts to start diagnostics but also fails to do that.

The problem is identical to the below case:

Booting in safe mode/with networking/ with cmd doesn't work.

The only thing that can be done is to reset the computer. This is getting really tricky and challenging to deal with specially with remote users, so any insight that you can get to help prevent this issue would be highly appreciated!

This is an automated archive.

The original was posted on /r/sysadmin by /u/DenSataniskeHest on 2024-01-24 12:19:27+00:00.

So im about to move to a company where im supposed to manage linux servers, from a windows maschine. I cant install linux, it has to be windows. So what are the best options for doing so? just use the default windows terminal, and do my ssh from there? install wsl and do it from there? What is the best way to manage username and passwords?

Currently im using a mac with iterm2, and i love that function where it can insert a password(with option + command and f), along with sniplets and other stuff. Are there anything similar? without going overboard with huge guis and stuff?

This is an automated archive.

The original was posted on /r/sysadmin by /u/bukkithedd on 2024-01-24 12:18:07+00:00.

I was recently given the fairly hellish task of making sure that the managers our users sort under matches what's been set in D365 F&O, which got me thinking: Do others move OUs etc in AD around in order to reflect changes in the organizations and making them match?

So far I've mostly stuck to dealing with AD organized by a Location - Department - Job Function kind of way, which has served me pretty well since we don't have a lot of users (only about 200ish, which is tiny compared to those of you than handle 5000+). But I'm interested in hearing how you've chosen to organize things, and how/if you keep your AD more in tune with whatever shenanigans the execs come up with in terms of departments etc.

This is an automated archive.

The original was posted on /r/sysadmin by /u/i0n1ze on 2024-01-24 12:10:40+00:00.

Registrar prices are getting out of control these days. I own a .com domain name, that I used to pay ~11€/year back when I first acquired it in ~2016.

My renewal bill just came in today, and it's 22.80€. Basically the price doubled in the span of 8 years.

I know that, being yearly, it isn't that big of a deal, and when you put it in perspective with the inflation in electricity and server components prices, the increase might be justified.

But still, I solely use that domain name for my blog, that I generate 0 revenue with. Also, I manage my own DNS and don't rely on the registrar for name resolution.

So I was wondering if there were registrars that only let you set a domain delegation in exchange of a reduced annual renewal cost ? Technically they would be just handling a SOA, NS and A record, so they would receive lesser traffic than managing the whole zone, which can reflect in reduced infrastructure costs.

This is an automated archive.

The original was posted on /r/sysadmin by /u/maevian on 2024-01-24 11:55:42+00:00.

As we are trying to go passwordless, I was trying to configure RDS with WHfB. Remote Credential Guard isn't an option for as, as it is not compatible with an RDS broker. I was following the microsoft documentation:

Login works, but when I try to connect to RDS, it default to a local PIN or fingerprint, while it should default to the security device credential. Screenshot:

Anyone that had the same issue?

This is an automated archive.

The original was posted on /r/sysadmin by /u/mro21 on 2024-01-24 11:48:12+00:00.

So when we have a DMARC record configured, does that mean that SPF and DKIM must validate, or is it enough that either one or the other is ok (however both must not fail)?

Or does that not even have anything to do with DMARC? Probably people can choose to do whatever they want, i.e. they can probably configure their system such that 1) there must be a DMARC policy at the sender 2) SPF and DKIM must validate.

Thoughts?

This is an automated archive.

The original was posted on /r/sysadmin by /u/PutCommon on 2024-01-24 11:24:40+00:00.

Just as title says, to clarify, you can't normally set lockscreen image with GPO for Windows 11 Pro computers, as it only works for Enterprise and Education, however you could set these 3 different PersonalizationCSP registry keys and it would work, so I had this setup for one of my customers, but suddenly the 12th December last year, it just stopped working, anybody has any info regarding this? Has Microsoft finally prevented this to work with one of their updates? Do any of you still use PeronalizationCSP registry keys to set lockscreen image with GPO with the latest update and it still works on Pro devices?

Thanks in advance

This is an automated archive.

The original was posted on /r/sysadmin by /u/Alzzary on 2024-01-24 11:13:27+00:00.

I just had the most productive meeting in my life today.

I am the sole sysadmin for a ~110 users law firm and basically manage everything.

We have almost everything on-prem and I manage our 3 nodes vSphere cluster and our roughly 45 VMs.

This includes updating and rebooting on a monthly basis. During that maintenance window, I am regularly forced to shut down some critical services. As you can guess, lawers aren't that happy about it because most of them work 12 hours a day, that includes my 7pm to 22pm maintenance window one tuesday a month.

My boss, who is the CFO, asked me if it was possible to reduce the amount of maintenance I'm doing without overlooking security patching and basic maintenance. I said it's possible, but we'd need to clusterize parts of our infrastructure, including our ~7TB file, exchange and SQL/APP servers and that's not cheap. His answer ?

"There are about 20 lawers who can't work for 3 hours once a month, that's about a 10k to 15k loss. Come with a budget and I'll defend it".

I love this place.

This is an automated archive.

The original was posted on /r/sysadmin by /u/RedditFullOChildren on 2024-01-23 16:41:32+00:00.

Lately my team has been experiencing backup failures (B&R) and defender alerts regarding excel spreadsheets/macros identifying as Emotet!pz. These files have resided on the drive (both active appdata and shadowcopies) and are just now being identified. VirusTotal has no hits on the reported file(s) and searching around google (as much is possible these days) shows a similar result, most say it's a false positive.

Just curious if we're expected to clear all shadowcopies to allow our backups to continue? Seems like a big hole in MS's Defender operations but I could have all of this wrong.

This is an automated archive.

The original was posted on /r/sysadmin by /u/regis_majestick_af on 2024-01-24 10:02:55+00:00.

Sorry for the bad english in advance, also am 16 and just learning how to use Active Directory and stuff.

Hey guys, in my internship my tutor asked me to see if it's possible to add LAPS to the environment. I'm using 2 VM (1 Windows Server 2019 and Windows 10) to simulate it, and not screw stuff up with the real thing.

BTW it's LAPS coupled with Active Directory.

Here are the steps I followed:

On Powershell in the Domain Controller.

'Get-Command -Module LAPS'

'Import-Module LAPS'

'Update-LapsADSchema -Verbose'

After doing that I checked the presence of the Windows LAPS attributes (msLaps-) and they are there.

Afterwards:

Set-LapsADComputerSelfPermission -Identity "CN=TESTW10, CN=Computers DC=kirbi, DC=toto"

But then I found a problem. The tutorial I followed, said that I has to take the LAPS.admx file in:

C:\Windows\PolicyDefinitions\LAPS.admx

And put it in here:

C:\Windows\SYSVOL\sysvol\domain\Policies\PolicyDefinitions

(Btw I had to create the PolicyDefinition folder.)

I tried making a GPO, and a error message appeared.

I tried solving the error by copying the PolicyDefinition folder from C:\Windows\ and pasting it where I created my folder, and the message error didn't appear this time.

(Pretty much replaces the PolicyDefinition folder I made, by the one that was in C:\Windows)

(I don't know if there's no error message because that's how to fix it, or there's an error that is not being detected rn)

I set up a few parameters for the GPO such as the legth of passwords and stuff, and I typed on Powershell 'gpupdate /force'.

It says that the GPO is running, but I feel like I made a mistake of some sort.

I added the Windows 10 VM to the domain, and I can see it from the DC, however when I go to its LAPS properties, there's nothing.

I also typed on PowerShell

Get-LapsADPassword "TESTW10" -AsPlainText

But there's no result.

If you have any tips, other guides or experience to correct what I could've done wrong I would be really grateful.

Thank you for reading this far.

This is an automated archive.

The original was posted on /r/sysadmin by /u/leyorcoe on 2024-01-24 09:57:09+00:00.

Hi all,

Our org is using a hybrid of AD on prem and Azure AD. Some of our applications are administered out in the business, For cyber reasons we are having them use separate admin accounts in their systems. These accounts are tied to a mailbox. We can't use a shared mailbox or similar, as it gets us sync errors. We are currently using P1 licenses. Our expectation in the sync problems will be gone once we go fully to Azure AD in the future.

As the usage is increasing, the cost is going up and the boss is complaining. Anyone have some smart tips to keep the costs down?

This is an automated archive.

The original was posted on /r/sysadmin by /u/funkyferdy on 2024-01-24 09:53:49+00:00.

Hello!

Following situation: We have here a Network setup with 4-5 different VLAN's and we do NAC over wifi/wireles with maschine certificates, Guest Portal, different SSID's etc. Main goal is to only allow access to internal network for managed Clients. So long everything works, exept when it does not work :)

To not to make the story to long: The NAC Component that we are using, SUCKS! Simplest things (like changing a Certificate or do some basic configurations) escalates into "reinstall product" when stuff is going south. The Product is one from a vendor with a violet branding. Switches and AP's also from that brand (they work fine) but my team is tired of that after 2 Years production. We want get rid of it because it's too expensive to maintain alive but we want/need NAC for regulation and other reasons. NACing makes sense in our setup.

Anyway: Has somebody a good recomendation what i could take in consideration? So long i stumbled across and it sounds not bad. Any other recommendations from experienced people?

This is an automated archive.

The original was posted on /r/sysadmin by /u/Far_Choice_6419 on 2024-01-24 09:23:41+00:00.

I ask such question because I like taking notes and archiving information.

Notion is great, what sucks is that I can only upload 5MB of data per instance. Many of my notes contains website HTML snapshots (using chrome extension) as references sometimes are 12MB or more.

Usually websites shutdown or disappear, I keep site snapshots so that I have an original copy.

As an IT person, paying every month for saving notes makes no sense to me to get more storage space.

I was thinking what if there was something like a nonprofit Notion like service startup where every new account has about 500GB free, if serious note takers wants more space then $20 purchase would give them 1TB free storage for life. Basically in simple terms the user is just buying their own 1TB hard drive at the cloud level.

The service buys bulk large drives, like 10TBs. It offer low cost pricing/TB. The customer simply buys 1TB portion forever. As again this is Non-profit.

Could this be done at budget start up level and how could the server system be maintained long term as a non-profit? Something how Wikipedia gets funding to pay for electricity...

The best alternative I can think of now, is using GitHub as a file server... but this is simply the wrong way to do things.

Thanks.

This is an automated archive.

The original was posted on /r/sysadmin by /u/domanpanda on 2024-01-24 09:09:41+00:00.

1. My Unifi AP broadcats 2 SSIDs both on 2 separate VLANS. Ive seen in reddit that many ppl do the same even in companies networks.
2. Ive seen A LOT of people recommend and/or create "router-on-a-stick" setups with one WAN and one LAN gear - either with custom hardware (pfsense,opnsense, sophox xg, openwrt) or commercial boxes like Firewalla purlple, netgate, etc.

So is hopping not as serious threat as various youtube videos show?

This is an automated archive.

The original was posted on /r/sysadmin by /u/ShirtResponsible4233 on 2024-01-24 08:55:31+00:00.

Hi

I have sometimes an issue when connecting to a server via remote desktop. I still see the current toolbar when full screen instead of the servers toolbar. Very annoying. I have tried various of taskbar settings without any solution. Any idea?

Thanks in advance