Sysadmin

This is an automated archive.

The original was posted on /r/sysadmin by /u/AppearanceAgile2575 on 2024-01-22 00:24:50+00:00.

Whenever I get on the command line on my windows machine and can’t navigate the same way I am flustered and was wondering if there is a chart, video or infographic on this. I am decent on a Linux CLI and want to get to the same proficiency on windows. While there are some differences, the Mac CLI and Linux CLI are much more similar so I don’t get flustered as much. If there’s a resource that explains the differences between all three that would be preferred. Also, should I skip learning the windows CLI and jump straight to powershell?

This is an automated archive.

The original was posted on /r/sysadmin by /u/just-another-npc-89 on 2024-01-21 22:08:48+00:00.

Hello everyone

I'm in a bit of pickle career wise, so I'm needing some advice.

Prior to starting IT in October of 2022, I worked in residential cable and low voltage/voip.

My 1st IT job was as a project technician. I would go to new offices, pull their cable, dress it into the patch panel, configure firewalls, switches and access points. I would onboard servers and workstations prior to going on site. If there was an issue help desk couldn't fix, I would go onsite. I also did office upgrades, server migrations amd workstation upgrades.

I worked there from October of 2022 until June of 2023. I had a fairly large coverage area. Oklahoma, Missouri, Arkansas, Kansas and Nebraska was covered by myself. On new office builds, I was typically on my own thrown to the wolves and without any on-site help.

After being promised help and relief, I got fed up and took a local job that paid a little bit more and I'm always local. Here's the kicker: When I was offered this job, I was told this company was a 3rd party MSP. We contract out all msp services to a friend of the owner. I network copiers, setup scan to email, network folders and drivers. I have been here for 7 months and my earning potential is maxed out. I'm not learning anything here and if anything, feel as if I am regressing.

I start school here soon and I am getting a computer networking and IT certificate from a local university here in Tulsa. While I know this will help me in the future, I need out of this hell hole I'm stuck in. What type of job would you guys recommend I look for?

This is an automated archive.

The original was posted on /r/sysadmin by /u/_Synchronicity- on 2024-01-22 03:42:17+00:00.

Hi all here is the context. Do enlighten me if there is an easier way to do this.

Currently there are 2 data centers: DCA and DCB, with a grand total of 6 Windows domain controllers per data center. The plan is to decommission all servers on DCB.

Since these servers share the same forest, are there any ways to properly isolate them such that member servers on DCB side is still able to login with the domain accounts? Eventually, DCB's domain controllers will be demoted and decommissioned.

Is the above correct way to do so? If not, are there any suggestions on what the alternatives to the above are? TIA.

This is an automated archive.

The original was posted on /r/sysadmin by /u/ShaneDoesIT on 2024-01-22 03:25:25+00:00.

I had a user call up today;

• Outlook has his work account as primary email
• Has his personal @outlook.com added as well.

When trying to send an email from the personal @outlook.com account receives "You do not have the permission to send the message on behalf of the specified user"

I tried the usual (delete autocomplete entries etc) and still had the error. The From field wasn't an autocomplete entry and was pulled from the second account being added.

I typed his email address in manually into the From field and found when navigating out it changed from [email protected] to [email protected].

Checking the address book, I found a contact for;

• fullname: "randomlargebusiness.com - [email protected]"
• Email: "[email protected]"

I removed his email from the fullname field and re-tested and now emails are sending. It's almost like Outlook was changing the 'from' field to the email on this Outlook address book entry although the email on this entry wasn't his email and only existed in the fullname field.?

Anyway - keep this in the back of your mind in case it appears..

This is an automated archive.

The original was posted on /r/sysadmin by /u/Slight_Diamond_796 on 2024-01-22 02:53:54+00:00.

Our last congressional administrator mostly worked from home, though with some days in the building. She was the admin for Google Workspace, Constant Contact, Stripe, is the main user on Quickbooks online (this may change somewhat, but she will still have access) and has online access to all of the banking info. And now would also be an admin for Planning Center (which supports SMS and something like Google authenticator)

We set her up with a cheap church owned cell phone for MFA, supposed to be left at the office, but after she left, the team discovered she was using her personal cell phone. (Her supervisor was aware but wasn’t willing to force the issue). Due to being between ministers, she was supervised by volunteers, until we got a new minister recently.

So, my question is, how do we keep all of those accounts secure and still be able to revoke access if our next CA leaves suddenly, while allowing her access from home.

I’m the tech coordinator but not a security expert as my day job by any means.

This is an automated archive.

The original was posted on /r/sysadmin by /u/Hollow3ddd on 2024-01-22 02:44:55+00:00.

I currently avoid GPOs unless they are a required security setting per policy. Other cases I use an RMM to script deploy it, or if that proves difficult, I use GPOs. Company is closer to intune.

Does this align right? I have a way to reliably push but GPOs seem to be something looked at that needs to be enforced per a policy or requirement.

I feel this will be the way when using intune and remediation, the rest will be imported security GPOs or templates..ext

Quick sanity check on this for those who moved into the cloud or are moving

This is an automated archive.

The original was posted on /r/sysadmin by /u/power300 on 2024-01-22 02:38:37+00:00.

People of the internet, I need your help.

I just found a (very) small and short job that requires me making a software, were in a specific part, has to comunicate with an APC UPS through a network card.

I don't have access to the UPS nor its network card right now, but I need some progress.

I have no experience with APC UPS, or network controlled UPSs in general.

Is there any way I can run the firmware of the network card in a vm or in some kind of emulated or virtual enviroment so I can know what I'm even working with here?

What do I actually need?

A way of getting statistics through an ssh command or http request. Battery level, battery voltage, age, host, ip, grid voltage, UPS status, etc.

If there's a github repo with a project like this, it would be very useful to.

This is an automated archive.

The original was posted on /r/sysadmin by /u/joshbudde on 2024-01-22 02:22:58+00:00.

A customer would like to turn off all the Teams automatic emoji and reactions (in an embarrassing meeting they said they were excited about a business prospect and some sort of balloons or confetti happened and the prospective partner was not impressed). I've never had a request like this--they want to disable these things tenant wide, but I don't see anything in the documentation about doing that. For added difficulty these are Macs and not managed Windows devices.

This is an automated archive.

The original was posted on /r/sysadmin by /u/Bowlen000 on 2024-01-22 02:07:20+00:00.

Hi All

So our tenant and our client's tenants leverage DUO MFA. This is controlled by Conditional Access that directly links into DUO for accessing M365 MFA.

My question is: does M365 recognise that MFA is enabled for a user, if it's done via CA with DUO? I'm looking at the security score and the MS recommendations and some of them are like "Ensure MFA is enabled for all users" and it basically says no user has MFA enabled (although they all do).

Assuming M365 doesn't recognise it if it's via DUO, but wanted to make sure.

This is an automated archive.

The original was posted on /r/sysadmin by /u/MailSuperb on 2024-01-22 00:37:01+00:00.

Hello y’all,

How should I get ready for this sys admin interview, this is the job description:” Responsibilities:

« Diagnoses hardware and software problems, and replaces defective components

« Maintains and administers computer networks and related computing environments including computer hardware, systems software, applications software, and all configurations

« Plans, coordinates, and implements network security measures to protect data, software, and hardware

« Operates master consoles to monitor the performance of computer systems and networks, and coordinates computer network access and use

« Performs routine network startup and shutdown procedures, and maintains control records

« Designs, configures, and tests computer hardware, networking software, and operating system software

« Recommends changes to improve systems and network configurations, and determines hardware or software requirements related to such changes

« Confers with network users about how to solve existing system problems

« Performs data backups and disaster recovery operations adjustments need to be made, and to determine where changes will need to be made in the future

« Monitors network performance

« Trains people in computer system use

« Monitors security and system updates and reports on compliance

« Gathers data pertaining to customer needs, and uses the information to identify, predict, interpret, and evaluate system and network requirements

« Analyzes equipment performance records to determine the need for repair or replacement

« Maintains logs related to network functions, as well as maintenance and repair records

Qualifications:

« Bachelor’s or IT Trade School education, or related experience, required

« Minimum of two (2) years of Information Technology experience

« Experience with Windows 10 (or other Windows Operating System background)

« Experience with Office 365, Cisco, and VMWare is preferred

And this is my experience and education:” Experience Help desk (1 year) • Day-to-day technical assistance and support to employees with computer systems, hardware, or software issues. • Worked on the delivery routing app. • troubleshooting and resolving application and system problems.

Store manager (1 year 1 month) • Provide technical assistance to employees and customers with computers, and cell phones. • Customer service and retention, Audits, Employee training, Inventory management.

Education ( I get my bachelors in cybersecurity in fall2024) Current Coursework: • MCSA Guide to Administering Microsoft Windows Server 2012/R2, Exam 70-411 • CompTIA Security+ SYO-601 Exam (Network Security Fundamentals) • CompTIA Security+ SY0-601 Exam (Information Security Fundamentals) • Linux Essentials • Scripting Fundamentals

This is an automated archive.

The original was posted on /r/sysadmin by /u/itz_cool_247 on 2024-01-21 23:52:37+00:00.

I am running on Windows 2008R2 enterprise. I've made three DCS: DC1 (ROOT), DC2 and DC3.

For some reason when I do netdom query fsmo. All 5 fsmo roles are inside dc2 as well as dc1, while dc3, has three of its roles (RID, PDC, INFRASTRUCTURE) all run by dc1. While the other two (Schema,Domain) are run by dc2. What could have caused this? How can I fix it so it's all by dc1.

This is an automated archive.

The original was posted on /r/sysadmin by /u/Mysterious_Goal_2476 on 2024-01-21 22:45:05+00:00.

What advice would you give someone who's planning to go to the next step after working in the help desk for 2 years as T2? I have high goals and I've been preparing myself these past 2 years to gain enough knowledge and experience to move to the next level.

I have Bachelor's degree in IT, CompTIA Trifecta, AWS CCP, AZ-900, and MD-102. Currently studying for CCNA which I plan to complete in Q1 of this year. My current role doesn't expose me to any infrastructure work due to the separation of duties and access level so it's hard to get exposure to other systems and responsibilities beyond my role.

I've been the top performer in my team in terms of end-user support and ticket resolves but that isn't enough. I also tried reaching out to my manager and the System Admins in my team for shadowing, cross-training, or assisting them with projects but they've been busy with projects which I completely understand.

I want to take control of my career and I'm willing to put in the time and effort in leveling up. I've been mapping out courses and home labs I will do after I finish my CCNA to gain relevant experience outside my work. I also plan to automate things in my job after I successfully apply them in my test home lab environment.

Courses:

I know we have a dedicated wiki but I want to know your thoughts and opinions to guide me to the correct path. I am fully aware of the job market right now and it will be hard to compete with experienced admins. I'm not currently looking for a new job now, I just want to learn and be prepared when the opportunity comes which I have to create for myself. I don’t have to get this role in 2024, but I want to work towards this goal this year just to get me prepared. Thank you.

This is an automated archive.

The original was posted on /r/sysadmin by /u/supercilious-pintel on 2024-01-21 21:44:47+00:00.

I've been managing our "service desk" through an Outlook inbox, but due to our ongoing ISO 27k1 efforts, we're required to formalize our incident handling approach and transition to using a helpdesk system.

I'm in need of a system that can:

Receive tickets via email and link them to the sending user.

Allow the creation of tickets against a specific service or asset.

Be hosted entirely on-premises.

Offer a web GUI to technicians and users.

Be 'free' or at least offer the above features as part of a free plan.

After exploring various options, I've noticed that many "free" offerings are cloud-only, and others are filled with features we've already covered elsewhere (like network monitoring, etc.).

It's been a while since I've implemented a helpdesk system, but I'm considering making a case for Halo ITSM. However, it seems a bit overkill for our current needs. I did contemplate developing something in-house, but time constraints and approval processes make it unfeasible.

Is anyone here in a similar situation, managing a helpdesk as a one-person team, and has implemented a "minimalist" approach successfully? Open to any suggestions and insights.

EDIT: Thanks all. Looking into osTicket, as this looks absolutely ideal!

This is an automated archive.

The original was posted on /r/sysadmin by /u/imadam71 on 2024-01-21 21:08:33+00:00.

Hi,I am looking for KVM over IP, with 2 remote users (local users are not important) and 8 to 16 ports. I am at place where we can't order or get demo so any recommendation is welcome. I am looking something which actually has no lags, works well for servers/pc troubleshooting purposes. I know there are number of devices out there but they tend to have really different user experience. I managed to test Vertiv device and it wasn't Ok.

Any recommendations?

This is an automated archive.

The original was posted on /r/sysadmin by /u/jnievele on 2024-01-21 13:53:31+00:00.

I'm using PiHole, and among others I use OpenDNS as resolver... today I noticed the Twitter client on a tablet acting strangely, and after some checking the Twitter webpage failed to load due to a HSTS error.

This seemed rather strange, so I checked the Certificate - and noticed it was issued by OpenDNS, with a CN "Cisco Umbrella Secondary SubCA fra-SG"

Disabling OpenDNS fixed the issue, but WTF is going on there? Why would OpenDNS try to hijack traffic?

This is an automated archive.

The original was posted on /r/sysadmin by /u/anime_is_ded on 2024-01-21 20:56:00+00:00.

So we are in the process of finding another MSP(or Outsourced company) as current one have screwed up multiple times. we have inhouse IT as well but there are parts like VM hosting and Connectivity between sites etc are managed by this outsourced company

wondering anyone in the community has experience in terms of what all they had to do and what pitfalls we can avoid

Top of my head i would imagine that we need to have same IP ranges for Networks and Server else we will be in big trouble.

Cutover needs to occur as bing bang with major outage.

any ideas would be greatly appreciated.

This is an automated archive.

The original was posted on /r/sysadmin by /u/crankysysadmin on 2024-01-21 20:50:06+00:00.

This is all new to me. Need to centralize data from other systems for reporting purposes. Do you use anything dedicated for this purpose or just another database?

This is an automated archive.

The original was posted on /r/sysadmin by /u/AdFair845 on 2024-01-21 20:37:54+00:00.

Hello - this problem has been eating at me for days and I think I'm completely out of options for this.

When some users remote onto a server, their drive doesn't (correctly) pass through with them. When trying to access it, it just says "\tsclient\drive is not accessible. You might not have permission to use this network resource. Contact the administrator of this server to find out if you have access permissions."

Only a couple of users have this problem (out of about 30) that use remote desktop to connect to a server. Now, all of these users have a client drive that they get from a synology. The server is not on the same network as the drives, so we can't just map it. It has to pull through RDP - which it does perfectly fine for other users.

Restarting the user's pc hasn't worked; windows update worked once for a couple of hours, then the problem came back. I unchecked the option to pull through the drives on remote desktop, opened it up, signed them out and fully closed the session, then re-checked it. This worked for about an hour, then went back to not working. Tried signing them out of the session through the server, this didn't work.

The drive IS there, it does show up - but it's inaccessible.

There's no issue with permissions, as they all have the same permissions, nothing with the firewall either.

The server was recently rebooted and had updates (server 2019). I feel like if that's an issue, it would be an issue for everyone?

This is an automated archive.

The original was posted on /r/sysadmin by /u/punppis on 2024-01-21 20:26:39+00:00.

Im looking for a solution to host wordpress sites on multiple nodes but only one node at a time due to filesystem use. Just a basic Wordpress for customer to do what what he wants so it needs to be on os/container level.

Wordpress uses MySQL which is straight forward to scale/HA but Wordpress stores files too, which is hard.

Sites have fairly low traffic so one node is enough to serve traffic for multiple sites.

But in the case of node going offline, I need to have redundancy.

I tried using network storage before but that was very slow. I was thinking about having rsync to copy latest fs state on node startup. Then again the files in WordPress are few megabytes and most so that could work with some kind of SQL layer. But I want to support larger files too.

Should I keep the ”master copy” on network share and copy it when needed? Is there any other way to distribute file system easily when you know only one node is using the files and most are reads?

On Azure using Docker (looking at container app service atm). Docker volumes are not synced between nodes.

This is an automated archive.

The original was posted on /r/sysadmin by /u/Mailstorm on 2024-01-21 20:26:05+00:00.

We have a goal to move what we can to a "cloud first" approach. That is, if there is a cloud/SaaS of a solution we should try it first (assuming price is reasonable). Our next project is patch management of servers.

We are going to use WUfB for user endpoints. However this doesn't cover servers. We started looking and saw that Microsoft has Azure Update Manager. But after researching it's stupid expensive for what it is. $5 per server per month just to essentially manager updates? We have almost 200 VMs. For $1k a month we'd expect a lot more than just..patch management. We're looking at other products so I don't need suggestions. But I'm just wanting to know...

Does anyone actually use AUM for arc-enabled servers that don't live in Azure? Why?

This is an automated archive.

The original was posted on /r/sysadmin by /u/Drylnor on 2024-01-21 20:05:14+00:00.

We have an AVD setup with a few VMs for our CC agents. Up until a few months ago everything was runnign smoothly, then we started to get a storm of authentication errors bearing the code 1001.

We have tried every online fix we could find. For example lots of reports regarding the oneauth folder deletion and all that it entails.

We have tried replicating the error but to no avail, bevause it keeps coming up at random! There's no common denominator in any of the incidents we encounter. It affects different users, using different machines at all times of day. It doesn't matter if the VM the user's on is full or if there's only one person on it.

It's all random and we 've ran out of ideas.

As this affects the client login for Teams and Outlook, we have instructed our colleagues to simply go to the web version of those apps, but the problem is that their business flow involves opening .msg and .eml files. It is also important for our users to be able to access a saved email's attachments. But this does not work if they get the 1001 error.

Has any brave soul here stumbled upon a life-saving article that maybe I was unable to find? Is there a solution to this problem or do we have to wait for Microsoft to issue an update?

This is an automated archive.

The original was posted on /r/sysadmin by /u/imadam71 on 2024-01-21 19:32:34+00:00.

Hi, for some retail ops, I need rack which is server rack, floor, but server goes in to vertical like in this lenovo

why not lenovo: they want to charge for this rack cca €5000 which is insane. I don't know if there are alternatives on market

This is an automated archive.

The original was posted on /r/sysadmin by /u/haventmetyou on 2024-01-21 19:25:00+00:00.

anyone experiencing "cannot connect to repository" for Wasabi cloud storage? Our backups are failing, can't seem to find a Wasabi status page

This is an automated archive.

The original was posted on /r/sysadmin by /u/Nil729 on 2024-01-21 19:15:36+00:00.

Hey r/sysadmin community !

I'm a network administrator who's developed NetDoc, a web application to simplify network infrastructure documentation. Created non-profit, NetDoc is currently in beta, and I genuinely seek your opinions for improvements.

Key Features:

• Intuitive device management.

• Simplified network configuration.

• Clear documentation of connections.

Questions for You:

• Do you see real potential in NetDoc?

• How could NetDoc benefit your work or projects?

• Would you like to see additional features such as visualization in the form of automatically network map?

Your opinions are the compass that will guide the future of NetDoc. Thank you for being part of this community and sharing your ideas!

https://netdoc.dev

This is an automated archive.

The original was posted on /r/sysadmin by /u/TheCrazyPhoenix416 on 2024-01-21 18:15:53+00:00.

Question

I have two pgp public keys for the same company - one from their website, the other from the hockypuck keyserver.

These keys are different! 😨😱

Though, at least, the session encryption modulus (n) and exponent (e) are the same.

How do I verify if either key is trustworthy?

Details

I was browsing through IVPN's website and came across their warrant canary report with a link to their pgp public key to download. The question is, how can I verify the public key I download is trustworthy.

I downloaded this key from their website, and found the same pgp public key on the hockypuck keyservers. If they match, the key is probably trustworthy, but they aren't the same.

I've looked through the pgp key packets (using ), and they're mostly the same. The RSA session encryption keys (i.e. modulus n and exponent e) are the same. However, they have mismatched signature packets (though most are the same too).

Can anyone explain what this means?