Sysadmin

This is an automated archive.

The original was posted on /r/sysadmin by /u/bravid98 on 2024-01-22 22:54:28+00:00.

We have shifted our file shares to Azure Files and we're using Entra DS for permissions. We moved files with the Mover and it brought over all our permissions from on prem which have been synced into DS. This work great, no issues.

However, the vast majority of groups are from AD sync and our next step is to shut down our onprem DCs where these are coming from.

I would like to find or write a script that reads all permissions and matches the old group to a new group so we can cleanly cut over. We've got hundreds of groups and inherited and uninherited permissions all over the place, so it's not a simple matter of just changing root folders.

Has anyone tackled this before? Are we going about this the right way?

This is an automated archive.

The original was posted on /r/sysadmin by /u/root_15 on 2024-01-22 22:31:03+00:00.

What are you currently using for Task / Project Management?

This is an automated archive.

The original was posted on /r/sysadmin by /u/thebuff1234 on 2024-01-22 22:30:44+00:00.

After some recommendations for a PXE boot capable deployment tool to use on our clients, we have a large range of clients using multiple different setups (Domain joined AD / Azure / Local workgroups) all using windows 10/11 and just simple software installs. Happy for it to be a paid service or free.

Ideally id like something similar to SCCM where we can build task sequences and individualize steps of the deployment, but open to really any solutions.

I have played with FOG a bit, but im unsure of any other solutions

This is an automated archive.

The original was posted on /r/sysadmin by /u/revoman on 2024-01-22 21:55:48+00:00.

Everything is working correctly except that when I click an app on the webpage, it downloads an RDP shortcut to the app. That shortcut runs the app just fine, but I want to know how to just have the app run when clicked.

This is an automated archive.

The original was posted on /r/sysadmin by /u/210Matt on 2024-01-22 21:52:31+00:00.

We are looking (like everyone) in migrating from VMWare. The 2 top recommendations are Nutanix Azure Stack HCI. They both seam pretty capable, but we are very iSCSI SAN heavy for our data. As management does not want to ditch the new SANs they just bought a year ago, is anyone using their SANs in Nutanix or Azure Stack HCI. I know we could go Proxmox or Hyper-V. MS looks like they are moving away from traditional Hyper-V and Proxmox is lacking a couple features.

This is an automated archive.

The original was posted on /r/sysadmin by /u/cyr0nk0r on 2024-01-22 21:50:18+00:00.

I'm out of the loop on the current best way to handle this. Back in the day, I'd boot from a USB disk, boot into Ghost, select my USB disk as the destination location, and take a whole disk image of the drive.

I'm looking for something similar, but a little easier to use. I don't want to use PXE since we already have PXE being used for imaging. I'm imagining the following process, and tell me what tool or combination of tools I might need to accomplish.

Step 1) Boot from USB stick. (This is the preferred method for various internal reasons)

Step 2) Select drive that contains the operating system for the computer.

Step 3) Point the destination location to a network share, ideally supporting SMB/CIFS.

To restore, I just flip flop Step 3 and Step 2.

Our goal is to have disk images of industrial control machines in the event of drive failure or any other issues. The images would be stored on a network share. These machines are highly specialized with very specific software that we don't always have the installers to. Restoring via reinstall of OS is not an option in most cases.

I'm fine with something open source as long as it's not super complicated to get going. I'm also fine if the process is through CLI since we won't be taking or restoring images but maybe once per year.

This is an automated archive.

The original was posted on /r/sysadmin by /u/JerradH on 2024-01-22 21:44:48+00:00.

Is there a way to have it so specified apps will always appear in the top right of an email in the OWA/365 portal?

Reason being, I'd like to have it so our phishing/spam button app is always there. If it's hidden underneath the "app waffle", users are likely to miss it.

This is an automated archive.

The original was posted on /r/sysadmin by /u/ArtificialDuo on 2024-01-23 00:21:08+00:00.

The environment I started working at has two root CA servers in the domain serving the same purpose from what I can tell. CA server "A" is a very old windows server and CA server "B" is slightly newer.

My theory is that a previous SysAdmin was meant to be moving the CA services to CA "B" but didn't complete the task or left before completion without leaving any notes.

Problem is that the environments servers, workstation, user accounts seem to be authenticating to either CA server randomly. I've exported issued certificate lists from both servers and compared them - it does look like the admin got halfway through swapping CA servers then stopped for whatever reason.

What I want to is just Power off the old CA server "A" and see what breaks overtime and reissue any problems to CA server "B" but my worry is all the servers and workstation that are currently authenticated to CA server "A".

Has anyone dealt with a similar situation?

This is an automated archive.

The original was posted on /r/sysadmin by /u/ringminusthree on 2024-01-23 00:20:14+00:00.

working through my operating system management and deployment over bare metal machines in my datacenter. using iPXE running on the NIC to bootstrap new machines.

(everything deployed inside a unified kernel image).

writing a custom init program i'll package in a primary initramfs that when loaded/executed partitions, creates, mounts, installs (by aid of a package manager) the operating system and its rootfs onto the machine's persistent media.

this primary initramfs carries inside of it a secondary UKI that will be installed into the boot partition.

curious is this is common practice? are other people out there doing this?

This is an automated archive.

The original was posted on /r/sysadmin by /u/Snorlax_420 on 2024-01-23 00:18:11+00:00.

So I have our two vCenters in LANsweeper but they are both showing "RPC Unavailable" errors. I read through the knowledge base and it mentions that a few ports need to be closed on the vCenter in order for LANsweeper to scan it properly. I used the connectivity test and it shows port 135 open.

My question might sound stupid but what's the best way to close this port? From what I know, it can't be done on the vCenter appliance itself. So would I just create an ACL on the switch the esxi hosts are plugged into and block access to that port between the VM running LANsweeper and the VCSA? Or is there a better way?

We are running LANsweeper 10.0.2.0 (I know we need to update it) and vCenter 7.0 update 3o

This is an automated archive.

The original was posted on /r/sysadmin by /u/jwckauman on 2024-01-22 23:49:29+00:00.

For those that use APC Back-UPS and/or Smart-UPS, do those devices power themselves back on after a power outage occurs and the batteries completely drain? we have had mixed results with these devices, with some restoring power immediately and others waiting for us to press the power button on the UPS before power would be restored to a user's dekstop.

This is an automated archive.

The original was posted on /r/sysadmin by /u/HJForsythe on 2024-01-22 23:49:24+00:00.

We recently noticed that server pricing for servers with AMD Epyc 4 CPUs are completely detached from the price of the actual hardware and reality.

For example a server with a pretty basic spec with two 9174F CPUs is about $9600. The server with the exact same specs but two 9124 CPUs is about $8000.

The confusion comes from the fact that the 9174F is a $3850 part and the 9124 is an $1100 part.

We also noticed that Epyc 3 servers with essentially the same specs as the Epyc 4 servers but two 7313 CPUs are about $5200. However the EPYC 4 server with two 9124 is about $8000. That is an unheard of generation over generation increase.

It seems like the large server vendors all got in a room together and decided on a minimum sale price. Single CPU seems to be impossible to buy for less than $3700. Dual CPU seems to be impossible to buy for less than $8000. Even at quantities in the 1000s.

Does anyone know what is going on?

This is an automated archive.

The original was posted on /r/sysadmin by /u/-TheDoctor on 2024-01-22 21:01:59+00:00.

Hey all,

I just installed a TrueNAS X20 in our datacenter. We are setting it up to be iSCSI storage for a new HyperV cluster (two servers running WS2022 Datacenter).

I have created an iSCSI share on the TrueNAS and connected it to both servers through the M$ iSCSI Initiator. While the storage space seems connected, if I look in Event Viewer, under the system logs, I am seeing event ID 20, followed by event ID 34, over and over and over again literally every second and multiple times per second. This is happening on both servers.

I've been researching, and tried all the low hanging fruit fixes I can find on Google (changing the iSCSI timeout, verify the network interfaces configuration, jumbo frames, etc.) but the issue persists.

Here are some screenshots of what I'm seeing.

Have any of you run into this before? Can you guys help me out here?

I should also say I'm really not super familiar with Hyper-V. I'm a VMWare/ESXi guy.

This is an automated archive.

The original was posted on /r/sysadmin by /u/ChickenPicture on 2024-01-22 20:47:49+00:00.

Got a weird problem that I have seen pop up in multiple environments across the years on occasion. The gist is this:

1. User on corp network sends a regular old email.
2. For various reasons, Outlook farts and says "durr I ain't got not connection to da mail server lol" and sticks the message in the outbox.
3. The user says WTF, closes Outlook and/or reboots.
4. User re-opens Outlook, message is gone from outbox and never hit the Exchange server, all attempts to trace end with nothing to show.

This recently happened to someone higher up in my company with their notes for a meeting the next morning, which obviously did not go over super well, and at the very least I need to come up with a procedure for the helpdesk to assist recovering the message when this happens, but I'd really like to know what is going on when this happens.

It can't be as simple as Outlook firing a message off into nothing, can it? Why would it do that?

So far my procedure is, don't close outlook, don't reboot, copy the message out of the outbox, but I need something a bit more robust that ideally could recover these phantom emails after Outlook was restarted.

Any assistance or input is appreciated!

This is an automated archive.

The original was posted on /r/sysadmin by /u/BlackSquirrel05 on 2024-01-22 19:45:43+00:00.

I'm just wondering...

Boss for some reason all of a sudden wants to be ISO 27001 compliant... Thinks a place with no existing compliance dept, and just a handful of admins and engineers (One sec guy. Ahem) Can just be ISO compliant by... August for a medium size business... that's global. (Never mind a few other major projects that take months to work out during this time.)

I don't see the real benefit, and already if I point out how plenty of things are not ISO compliant (Cough Cough now wanting to just spin up some random shit in the cloud because... because... With no planning is for sure no ISO compliant with "just make local admins".)

So who here's business/gov't refuses to also do business with non-ISO compliant places?

Because well seems like a lot of man hours and money for what's looking to be just a dog and pony show... To say were doing it, but in reality just really gonna lie about it once we get into the nitty gritty.

Which then just makes me think... How many places are in fact just lying their asses off on said audits?

/quesrant

This is an automated archive.

The original was posted on /r/sysadmin by /u/TheWolfOfWalmart on 2024-01-22 18:56:46+00:00.

What the actual fuck. This can't be real. I wanted to spin up a VM for this on my home lab. I have an old Dell R610 running ESXi with dual X5670 Xeons and 72 GB of TOTAL memory!

Surely for a single mailbox Exchange install, I don't actually need 128 GB, right? I was planning to set up a Server 2022 VM with maybe 16 GB of RAM and then I saw these requirements.

This is an automated archive.

The original was posted on /r/sysadmin by /u/itryanditryanditry on 2024-01-22 18:18:55+00:00.

I'm a 44 yo sysadmin and have been doing IT for 20+ years but do not have a degree. I have holes in my knowledge I would like to fill and have been thinking about getting a degree in hopes to find better employment opportunities.

Has anyone gone though one of the IT programs at WGU? How was the experience? What is the curriculum like?

This is an automated archive.

The original was posted on /r/sysadmin by /u/itryanditryanditry on 2024-01-22 18:18:55+00:00.

I'm a 44 yo sysadmin and have been doing IT for 20+ years but do not have a degree. I have holes in my knowledge I would like to fill and have been thinking about getting a degree in hopes to find better employment opportunities.

Has anyone gone though one of the IT programs at WGU? How was the experience? What is the curriculum like?

This is an automated archive.

The original was posted on /r/sysadmin by /u/Desert_Dog_Tech on 2024-01-22 18:18:29+00:00.

Hello All,

I'm trying to convince our director to allow "frequency of password changes" from 3 months to 6 or 6+ months as long as we meet the complexity requirements. We also use DUO. I've read several articles stating that changes once a year are acceptable. I've looked at several docs/pdfs/pages on NIST but I can't seem to find anything that talks about the frequency of changes. Does anyone know where this is posted on the NIST website?

Thanks.

The original post: /r/overclocking by /u/FoGoDie on 2025-02-17 16:52:54.

The original post: /r/overclocking by /u/wam22 on 2025-02-17 15:47:26.

Pretty much the title but some background. I have a 9800X3D that I currently have overclocked on my Aorus Elite. Nothing too crazy, just some PBO settings, scalar, and curve optimizer with Expo and Turbo mode turned on. I had some stability issues earlier on but after a clean windows install, CMOS reset, BIOS updates, and removing bloatware (gigabyte command center), I have not encountered any stability issues related to the CPU other than a small handful of times I got an error during start up which was solved by a simple power cycle.

I was reading that the Nova has an independent lanes for the GPU and storage, ECC support, and higher power phases. And it seems a lot of guides out there use an ASRock motherboard.

My only concern is the sound chip on the Nova. The ALC4082 is a downgrade from the ALC1220 in the Gigabyte and I read some users report crackling and pops. I am mostly using USB for audio (steel series headset) but I will transfer my hifi setup over eventually (Schiit stack).

The rest of my set up is a 4090 Tuf OC (will be replaced by a 5090 eventually), g.skill trident Z4 64gb 6000mt/s cl30, and 2x crucial T700 2TB. My case will only fit a traditional ATX motherboard. This was my first PC (Mac user before) and PC build, so figuring what I like as I move along this journey. It would be about a $200 upgrade after selling my Aorus Elite.

The original post: /r/overclocking by /u/velhamo on 2025-02-17 15:43:56.

As soon as I hit the apply button, it reverts to the old/default curve. What gives?

The OC scanner curve is saved in Profile 1 (I select it, press Apply and poof, reverts to the old one).

Apparently many people have the same issue, I don't know what to do... already tried OC scanner multiple times (30min each one) with zero results.

This is an automated archive.

The original was posted on /r/sysadmin by /u/NOLAblonde on 2024-01-22 16:59:39+00:00.

I am wanting to setup a desktop specifically for data erasing. Can I use an adapter to plug in a SAS disk into a SATA port and have GParted read it and erase the data?

This is an automated archive.

The original was posted on /r/sysadmin by /u/spermcell on 2024-01-22 16:42:46+00:00.

I’m working in a startup and I’ve noticed a pattern where recently management made a bunch of decisions to stop providing people with personal accounts and start creating shared accounts with SAAS software we use like postman SF and the list goes on..

Obviously as a sysadmin I’m against it but we all know that management don’t always listen to IT people when they can save a few bucks..

I wanted to ask if you have also experienced similar things in your career… also is that a sign that the company is going under or something? Also , do you guys have any advice for how to manage shared accounts used for SAAs ? Looks like we’re currently using Google groups for the emails to create them .. Can the SAAS companies do anything if they find out ?

This is an automated archive.

The original was posted on /r/sysadmin by /u/bigTractor on 2024-01-22 15:59:16+00:00.

I purchased a few Samsung PM983 M.2 NVMe SSDs from Ebay. Once I received them, I ran the Samsung DC Toolkit against them and received the following output.

sudo ./samsung_dc_tool2.1 --disk 2:c -NG --lifetime

================================================================================================

Samsung DC Toolkit Version 2.1.L.Q.0

Copyright (C) 2017 SAMSUNG Electronics Co. Ltd. All rights reserved.

================================================================================================

Estimated Life Time: 1 %

------------------------------------------------------------------------------------------------

[Success] Get Log Page Feature completed successfully

sudo ./samsung_dc_tool2.1 --disk 3:c -NG --lifetime

================================================================================================

Samsung DC Toolkit Version 2.1.L.Q.0

Copyright (C) 2017 SAMSUNG Electronics Co. Ltd. All rights reserved.

================================================================================================

Estimated Life Time: 1 %

------------------------------------------------------------------------------------------------

[Success] Get Log Page Feature completed successfully

sudo ./samsung_dc_tool2.1 --disk 4:c -NG --lifetime

================================================================================================

Samsung DC Toolkit Version 2.1.L.Q.0

Copyright (C) 2017 SAMSUNG Electronics Co. Ltd. All rights reserved.

================================================================================================

Estimated Life Time: 1 %

------------------------------------------------------------------------------------------------

[Success] Get Log Page Feature completed successfully

udo ./samsung_dc_tool2.1 --disk 5:c -NG --lifetime

================================================================================================

Samsung DC Toolkit Version 2.1.L.Q.0

Copyright (C) 2017 SAMSUNG Electronics Co. Ltd. All rights reserved.

================================================================================================

Estimated Life Time: 1 %

------------------------------------------------------------------------------------------------

[Success] Get Log Page Feature completed successfully

Are these drives 1% used? Or have 1% remaining?

I am leaning towards 1% remaining based the word usage of "Estimated Life Time:" and the example picture from the DCToolkit manual (page 45, Manual Link) show a screenshot that says 99%... Which I am not sure how to interpret, but I would assume that they would show the output from a nearly new SSD and not a nearly dead SSD...

Any reason to keep these and use them vs contacting the seller and attempting to get my money back?

-BT