Sysadmin

This is an automated archive.

The original was posted on /r/sysadmin by /u/shushine4neptune on 2024-01-24 02:47:51+00:00.

Wondering what solutions others use for on- premise MFA for AD authentication. Very recently migrated into O365, Entra ID sync next. We have some remote users currently using DUO already before they hit the VPN. What are your recommendations?

This is an automated archive.

The original was posted on /r/sysadmin by /u/a_crossing on 2024-01-24 01:41:39+00:00.

Hi All,

I was wondering if others are experiencing an increase in spam getting though from random Gmail accounts in the last few weeks?

I personally am getting a lot trying to sell website development, SEO, leads etc.

I've had a number of clients also complaint about similar issues in the last 2 weeks or so.

People reporting the issue are using a mix of M365 default anti-spam with others using a full blown 3rd party anti-spam solution in front of the M365 tenancy. Both configurations are receiving these spam messages more often than normal now.

Are others experiencing this, or worked out a way to stop it?

This is an automated archive.

The original was posted on /r/sysadmin by /u/UniqueSteve on 2024-01-23 22:55:52+00:00.

It seems that Dell makes our contact information available to an army of salespeople who all claim they are our contact and can save us the most money.

When I logged into Dell.com to ask who our salesperson was the guy I chatted with said he can get us the best deal, then gave me a quote with the wrong customer ID.

I do not want to email or talk to a salesperson to tell them what I want only to have them botch it, or hear a story about how their manager got us an extra special deal only available today.

All I want is a portal where I can maybe configure a standard build and set preferences like no McAfee, or bloatware of any kind, ever. I also want to know I’m getting the best price without having to look for coupons like I’m shopping on QVC.

I thought what I wanted was Dell Premier, but we don’t spend the $100k/yr necessary I guess.

We might buy 5-10 workstations a year, but each time I kind of dread it.

Any other small operations figured out a solution?

This is an automated archive.

The original was posted on /r/sysadmin by /u/pAceMakerTM on 2024-01-24 01:32:43+00:00.

Sorry, just had to share this. The guys in the office were talking about user error and I just came across this.

Lenovo got a good chortle out of me.

This is an automated archive.

The original was posted on /r/sysadmin by /u/jontyruggers on 2024-01-24 00:43:35+00:00.

I (with the help of an MSP) look after the IT of a company of around 40 people. We recently migrated to Microsoft and shifted across almost all devices to be managed via Intune.

The key exception is the CEO who refuses to have their laptop added to MDM. The CEO cites the 'issues' other members of staff have had using Microsoft systems, inability to download and install their own apps and lack of clarity of the benefits.

I have raised it multiple times to no avail. I understand there are security risks and liability associated with BYOD, particularly with regard to primary laptops, but I haven't seen a clear, concrete list of the risks and benefits of moving a device onto MDM.

Hoping some more experienced people here can share their thoughts on the risks / benefits of MDM / BYOD and how you might persuade a reluctant senior employee!

This is an automated archive.

The original was posted on /r/sysadmin by /u/everysaturday on 2024-01-24 00:38:39+00:00.

Hey folks

I've inherited a site that has a single NetGear switch that I'm ready to set fire to, but I need support in the meantime.

The previous provider said it was unmanaged, but they were just lazy. I've found through the vendor doco that the switch has an IP, I can ping it, and I can see it's open on port 80, but I can't get to it via a browser.

The NetGear discovery tool finds the switch too so i know it's online. AngryIP is telling me port 80 is open but i can't access the damn thing?

Does anyone have wizardry they've worked with NetGear stuff before in a situation like this? Is something obscure to get a web browser to talk to the device?

thanks in advance!

This is an automated archive.

The original was posted on /r/sysadmin by /u/myblusky on 2024-01-23 22:45:15+00:00.

I'm "the IT" guy of the company I work for. It is not my main job here, I just did some IT work in my previous life so I got assigned this stuff. We are a small company of about 20 people. According to the users the past two days, some emails we send to clients are getting bounced back. Of course, they never tell you when it starts happening, only several days later. /s These are people we have sent emails to previously without issue. Sometimes, even though there's a bounce back, the client still receives the email as confirmed by a phone call.

Our email is via Office 365. Was previously with GoDaddy's O365 offering but I migrated us away from that on Dec31/Jan 1 and have been running without issues until two days ago.

Below is the same info I keep seeing on these bounce backs. What's the best route of correction?

Error Details

Error: 550 5.7.350 Remote server returned message detected as spam -> 554 5.7.1 DNS Blacklisted by bl.spamcop.net hostkarma.junkemailfilter.com

Message rejected by: secureyourmail.com

UPDATE: It appears this has been ongoing since Jan 4th.

This is an automated archive.

The original was posted on /r/sysadmin by /u/abelahunter on 2024-01-23 22:28:29+00:00.

What is a legit enterprise call center software option that plays well with 3rd parties, not hated by compliance departments, robust UI/UX, and a support team that doesn't take multiple working days to get back to you. Trying to help procurement avoid potential landmines. Any predicaments / companies we should avoid at all cost?

This is an automated archive.

The original was posted on /r/sysadmin by /u/SigFlow-576 on 2024-01-23 22:21:28+00:00.

Hi there,

I manage around 10 laptops assigned to employees in the company. On all the PCs, Windows 11 is installed, and there are two accounts (1) an admin account, and (2) a standard account for the employee.

For the employee to install a program, he/she needs to let me know, then I remote access that machine, enter the admin password, and the program is installed.

I want to streamline the operation, and I came across Admin By Request. I installed it on a standard account on the test machine, and now I can approve requests for installations. When I went back to the admin account, I found that I need to request approval to install programs!

1. Can I enable ABR for standard accounts only?
2. Is ABR trying to remove local admin rights for the admin account as well, even if it is installed in the standard account?
3. Any recommendations on a better work flow? This one is archiac.
4. I want a program to remotely install programs and update them using CLI. Example, I want to install Control-D on the laptops without asking each user to give me some time.

Thx!

This is an automated archive.

The original was posted on /r/sysadmin by /u/PowerShellGenius on 2024-01-23 20:59:24+00:00.

It's nearing the end of January 2024, the month Microsoft was supposed to open up a public preview of device-bound Passkey support in Entra ID. Anyone heard anything more recent on this?

K12 sysadmin here looking at MFA for students in the next few years. Student devices are iPads; Passkeys would be seamless for that. Can't wait to check it out.

This is an automated archive.

The original was posted on /r/sysadmin by /u/InternetStranger4You on 2024-01-23 20:46:30+00:00.

Turns out I have a lot of computers that will not install KB5028997 and fail with 0x80070643 - ERROR_INSTALL_FAILURE. I wrote a PowerShell script to find the recovery partition, disable WinRE, resize the OS partition -250MB, recreate the recovery partition based on if it's GPT or MBR, then reenable WinRE. This is coded/tested for single disk systems with normal partition layouts but should adapt if it's not regular. Here is the Microsoft support article I used to build this:

I tested it on a few machines that have GPT partitions, and it works great. I did simulate an MBR disk on my computer and the logic works but has not been tested on real computers. As always, test in your own environment. Not responsible for any damages.

#Script to fix the recovery partition for KB5028997 by /u/InternetStranger4You 
#Mostly Powershell version of Microsoft's support article: https://support.microsoft.com/en-us/topic/kb5028997-instructions-to-manually-resize-your-partition-to-install-the-winre-update-400faa27-9343-461c-ada9-24c8229763bf    
#Test in your own environment before running. Not responsible for any damages.

#Run reagentc.exe /info and save the output
$pinfo = New-Object System.Diagnostics.ProcessStartInfo
$pinfo.FileName = "reagentc.exe"
$pinfo.RedirectStandardOutput = $true
$pinfo.UseShellExecute = $false
$pinfo.Arguments = '/info'
$p = New-Object System.Diagnostics.Process
$p.StartInfo = $pinfo
$p.Start() | Out-Null
$p.WaitForExit()
$stdout = $p.StandardOutput.ReadToEnd()

#Disable Windows recovery environment
Start-Process "reagentc.exe" -ArgumentList "/disable" -Wait -NoNewWindow

#Verify that disk and partition are listed in reagentc.exe /info. If blank, then something is wrong with WinRE
if(($stdout.IndexOf("harddisk") -ne -1) -and ($stdout.IndexOf("partition") -ne -1)){
    #Get recovery disk number and partition number
    $DiskNum=$stdout.substring($stdout.IndexOf("harddisk")+8,1)
    $RecPartNum=$stdout.substring($stdout.IndexOf("partition")+9,1)

    #Resize OS partition
    $size=Get-Disk $DiskNum | Get-Partition -PartitionNumber ($RecPartNum-1) |Select-Object -ExpandProperty Size
    Get-Disk $DiskNum | Resize-Partition -PartitionNumber ($RecPartNum-1) -Size ($size - 250MB)

    #Remove the recovery partition
    Get-Disk $DiskNum | Remove-Partition -PartitionNumber $RecPartNum -Confirm:$false

    #Create new partion with diskpart script
    $DiskpartScriptPath = $env:TEMP
    $DiskpartScriptName = "ResizeREScript.txt"
    $DiskpartScript = $DiskpartScriptPath+'\'+$DiskpartScriptName
    "sel disk $($DiskNum)"|Out-File -FilePath $DiskpartScript -Encoding utf8 -Force
    $PartStyle = Get-Disk $DiskNum |Select-Object -ExpandProperty PartitionStyle
    if($PartStyle -eq "GPT"){
        #GPT partition commands
        "create partition primary id=de94bba4-06d1-4d40-a16a-bfd50179d6ac"|Out-File -FilePath $DiskpartScript -Encoding utf8 -Append -Force
        "gpt attributes =0x8000000000000001"|Out-File -FilePath $DiskpartScript -Encoding utf8 -Append -Force
    }else{
        #MBR partition command
        "create partition primary id=27"|Out-File -FilePath $DiskpartScript -Encoding utf8 -Append -Force
    }
    "format quick fs=ntfs label=`"Windows RE tools`""|Out-File -FilePath $DiskpartScript -Encoding utf8 -Append -Force
    Start-Process "diskpart.exe" -ArgumentList "/s $($DiskpartScriptName)" -Wait -NoNewWindow -WorkingDirectory $DiskpartScriptPath

    #Enable the recovery environment
    Start-Process "reagentc.exe" -ArgumentList "/enable" -Wait -NoNewWindow

}else{
    Write-Warning "Recovery partition not found. Aborting script."
}

This is an automated archive.

The original was posted on /r/sysadmin by /u/ITdirectorguy on 2024-01-23 19:54:56+00:00.

We are having an issue with files that appear to save but then disappear with google drive version 85.0.xx.x

This started about 24 hours ago. Is anyone seeing something similar?

This is an automated archive.

The original was posted on /r/sysadmin by /u/dcomander1 on 2024-01-23 19:45:46+00:00.

Hi, I am a IT MSP / Sysadmin for a bakery and they have been having non-stop issues with two canon pixma multifunction printers that was bought for them. I have one connected via USB to a print server running Server 2022 enterprise and connected via ethernet and another connected via Wireless to their network. One started printing blanks while the other one just decided to drop from their network. I was considering replacing both with two ricoh printers, but until then not sure how to alleviate their current issue of not being able to print. I have tried swapping out the print server with something a bit stronger, and reinstalling the drivers to no use. Thanks in advance.

This is an automated archive.

The original was posted on /r/sysadmin by /u/cgiles999 on 2024-01-23 19:35:29+00:00.

Now required to encrypt at rest server data. Looking at SED drives, controller based encryption, and good old bitlocker. Should mention, we use HP Proliant servers, so the controllers would have SR Secure Encryption licensing and probably a virtual remote key manager to save some money versus the physical unit. My understanding is that SEDs require a password at server boot. If there's no way around this, then this will knock them out of the running.

I have a dumb question. Using any kind of encryption, I won't be able to pop the drives out of one server and into another if there is a physical problem? I would have to restore the server from backup to another server? I could go Bitlocker, I would just needs to add TPMs to our servers.

What say those that have been down this road? I know, I know, put your servers behind a locked door and this won't be a problem. Apparently, that's not good enough anymore. Hooray progress.

This is an automated archive.

The original was posted on /r/sysadmin by /u/crankysysadmin on 2024-01-23 19:35:16+00:00.

I'm in a relatively new job and there's an interesting phenomenon with how people fight change and keep legacy systems and processes in place.

Someone will propose something that might be somewhat new to this organization but that would be seen as reasonable in the IT industry.

For example:

"Let's use WSUS to apply Windows updates to servers at 4 am rather than having a person wake up and do it manually"

and then the response is often something that is completely out of left field like:

"How can you prove that this won't turn your hair green?"

The problem: there is no literature on the subject. Nobody in their right mind would ever think that using WSUS would change the color of someone's hair. So the absence of anything on this topic means that "we have no way of knowing"

This stuff is completely out of left field usually, but it's enough to scare VPs.

It's very very difficult to fight this because again, it's not within the reasonable scope of what you'd think would be a problem with the change you want to make. But it's "scary" and as a result slows down change.

How do we combat this?

It's totally weird. Never encountered anything like this before.

If the FUD was about stuff that's actually connected to the issue at hand you can show people how systems work. But if they come up with something totally nutty, you often can't guarantee because there's literally nothing written about such a topic.

This is an automated archive.

The original was posted on /r/sysadmin by /u/MySecretWorkAccount2 on 2024-01-23 19:28:30+00:00.

I am in the process of looking into swapping from a hosted phone platform to something on-prem, primarily due to the internal paging system needing to function even if there isn't an active internet connection (in the event of a fire for example).

Currently our hosted system has worked great for everything except the paging system - constant 'unanswered' calls that require the paging device be power cycled before it works again, support has not been able to assist.

So now I'm pushing to go on-prem (even though I don't particularly want to support an on-prem system...) from a safety perspective due to how unreliable the paging system has been because of the hosted solution.

Can anyone recommend me a relatively simple to manage on-prem solution that has active support? No free/open source options please - we need to be able to contact an "expert" for assistance if required (and be able to point a finger their way if something breaks).

I haven't had to work with on-prem systems in many years - last things I remember managing were 3CX and some Avaya system that I don't recall the name of. Have been happily using cloud hosted services until this issue with the paging system being critical came up.

More than happy to spend (my boss's) money on new hardware to support this - just needs to be a rock-solid solution.

Also, I am guilty of using this subreddit as a "catch-all" for all things "System Administration" related, so if there is a better sub for this question please point me in that direction and I'll post over there.

This is an automated archive.

The original was posted on /r/sysadmin by /u/atw527 on 2024-01-23 19:20:09+00:00.

I have favored Lenovo X1 Carbon and T-Series for years, but recently, I have had multiple issues with thunderbolt docks, charging issues, and damaged ports. Gone from not having a Lenovo account to making 1+ warranty claims a week for less than 100 in production. Seems like a decrease in quality control over the last year or two.

Any other favorites?

This is an automated archive.

The original was posted on /r/sysadmin by /u/SomeWhereInSC on 2024-01-23 18:47:53+00:00.

I'm being asked to scan the lab instrument computer systems that are not connected to the Internet. My searches for a CD/DVD/USB bootable programs have not been fruitful, except for Sophos (sbav), any other suggestions are appreciated. Also found the new Sophos scan and clean that might be helpful.

System OS'es are pre-Win10 :) and all MBR boot... yup old crap, but not my call to change it at the moment.

This is an automated archive.

The original was posted on /r/sysadmin by /u/argus25 on 2024-01-23 18:10:51+00:00.

Recently downloaded Fing on my phone and I’ve used it to do some quick and dirty IP scans on WiFi networks both public and private. I have always used Advanced IP Scanner on the desktop and find it to be very useful for a wide range of reasons. Fing is $60/year, does anyone use it and is it worth it for an admin tool for WiFi scanning and security checks?

This is an automated archive.

The original was posted on /r/sysadmin by /u/scubafork on 2024-01-23 17:57:19+00:00.

Give me your best answers to this question. I'll take notes.

This is an automated archive.

The original was posted on /r/sysadmin by /u/GrindingGears987 on 2024-01-23 17:55:45+00:00.

Hi ya'll,

We have a computer that is on the network, but not on our domain. It needs an automated task to upload files to one of our network shares. Does anybody have any ideas on how to do this? I am looking into powershell script, but am having trouble getting it to automatically authenticate in the script.

Thank you, GrindingGears987

This is an automated archive.

The original was posted on /r/sysadmin by /u/sccmjd on 2024-01-23 17:52:51+00:00.

The current Patch Tuesday Recovery partition size and winre update issue sounds the same as what Microsoft mentioned in the fall of 2022. November 2022, I think it was. The Recovery partition was too small, needed to be resized to at least 800MB (I think), and then winre.wim there could be updated. Same situation in Jan 2024 I think.

I remember that after doing the resizing and updating work, there was still a possibility -- You can have that updated, but what prevents someone from swapping out the winre.wim to the previous UN-updated version? The Recovery partition isn't Bitlockered, is it? And is that still a possibility? Pop the drive out. Swap the winre.wim file on Recovery. And then you get it to boot into the unupdated winre environment. Is that still a flaw? Was it an actual flaw? If it is, it's an extra step. Add in nvme SSDs or having them soldered in to make that step more difficult.

This is an automated archive.

The original was posted on /r/sysadmin by /u/esquaredtrading on 2024-01-23 17:32:40+00:00.

I have an auto attendant set up for an after hours call line in Teams. I have set up 2 users to be able to make changes, but the AA is not in either of the users' calls settings.

I have edited the AA by removing each user, saving, then adding back again and saving, and logging out each user and logging back in hoping the changes would propagate, but it has not worked.

Web search has only turned up instructions on adding the users to the AA, and that step has already been performed. Ran a troubleshooter for the AA account and it did not detect any problems.

This is an automated archive.

The original was posted on /r/sysadmin by /u/HiImEins on 2024-01-23 17:27:14+00:00.

I am facing a quite tricky problem, maybe you can help me out.

I was handed a domain in which:

• Computers are not connected to the Internet.

• Some computers are out of sync in time with the DCs (because users set time instead of timezone) and so that GPO can't be applied.

• There were no GPO that defines NTP server, so the computers were set to sync with Microsoft's server. Since there is no Internet, incorrect time on computers won't be corrected. Users cannot correct time themselves because they need to be admin on their machine, which is not the case.

So it's like a loop here: In order to have correct time, I need to apply a GPO, and in order to have that GPO applied, I need to have the correct time. Some computers with incorrect time are on a distant site from mine, so I want to get out of this loop remotely.

Do you have any idea how I can fix this? Thanks in advance.

This is an automated archive.

The original was posted on /r/sysadmin by /u/vallahkriehse on 2024-01-23 17:09:57+00:00.

Hi, i was talking to my students (apprenticeship) today about bob and alice, encryption and certificates - and about a case i remember where a big globel CA had a scandal or a data breach in the last years (somewhere between 2018 and 2021) i guess, causing major problems as some Browsers and OS untrusted the CA. So all of the connections signed by that CA were marked as untrusted. Can someone remember? Couldnt find anything on google