Sysadmin

The original post: /r/overclocking by /u/aja_jb_ on 2025-02-17 01:30:55.

Basically it is my first time using this software to measure performance, these are all on default settings on 3DMark and GPU:

First score was this one, after that I could only achieve around 5670 (still above average so I am ok with that)

Average score for my build, second and third results were 1-3% apart, I am ok with that

Below average and the highest i could get on stock was 15551

Port Royal for the score above

The steel nomad and time spy scores seems ok to me, the thing is port royal is oddly below average (15859), but my temperatures are ok, highest the cpu got was 68°C and the GPU was 75°C, so could this be because I am not overclocking the CPU? The only thing I did was UV a little bit so it wouldn't go over 85°C when I am working/gaming. I am using a Palit Gaming GamingPro White OC with no OC and UV on first tests. I tried 4 different settings after the first run and the best I could get was this one:

https://preview.redd.it/5sos0djlnlje1.png?width=345&format=png&auto=webp&s=ce32445762441e45064decf0e83b263a2d73813b

https://preview.redd.it/zyqblqsmnlje1.png?width=1520&format=png&auto=webp&s=b6c1b8ca3b278e212fca15bb810ad099867dc83a

A bit above average with these settings: https://imgur.com/a/bDEvYDc

It seems stable, but I didn't notice any significant gains in gaming, got a few seconds in Revit rendering and thats it. Should I just push it back or is this okay in long terms considering the temps are low?

This is an automated archive.

The original was posted on /r/sysadmin by /u/shtbrcks on 2024-01-22 15:30:36+00:00.

[End user support question + rant ahead]

So we are using a certain web-based tool/service and this tool unfortunately has wild issues. So of course my users complain, call and submit tickets that [tool] doesn't work, and rightfully so.

The problem is that this is just a website and an app that we access. I as admin have the exact same sync issues, things not saving, sporadically no notifications etc. I am literally in the same boat as my users.

On top of that, the web UI is utter trash; there are like three buttons in the admin dashboard, I can invite new users, I can check our subscription and bills, I can see stats. That's it. There is no actual backend and I have zero control over all the countless features that don't work, there simply are no settings panels to influence these things.

Now obviously I reached out to the business customer support of this tool, I have opened several requests and it takes them 4-10 business days (!) to reply, with generic questions back like "have you tried logging out and back in again" which is of course silly in the grand scheme of the entire application not working right. Using different browsers and deleting chache/cookies is among the first things I do, long before even arriving at the conclusion that it really is their web service not working as it should and that I need to contact them. I even sent them a 3 minute screen recording of these problems, including what we already tried, and I'm sure nobody in their customer support watched it.

This tool has many reviews in the respective app stores, with people from all over the world experiencing the same issues. It is very discouraging to read that someone in India has the exact same problem since last August. To me, this pretty much means that that's just how it is.

Wtf do I do in such a situation? I keep getting tickets and calls about [tool], 50 something year old users chewing my ear off about how x and y doesn't work. They aren't wrong, but I can't do anything with this. Not even the actual vendor of [tool] offers phone support for it and even they don't seem to solve tickets about it in any realistic time.

How do you explain these things to people? I can't just say stuff like "I'm sorry, we just chose a bad product"???

EDIT: spelling

This is an automated archive.

The original was posted on /r/sysadmin by /u/dieselfluxcapacitor on 2024-01-22 14:55:54+00:00.

How are others creating/updating disaster recovery/business continuity plans? What are things that are included in your plans (other than just server configurations)?

Looking to learn how others in the industry are creating their DR runbooks and what I can take away as wisdom of the crowd.

In addition (bonus points), does anyone know of software (OSS or paid) that can be used to aid in the creation/update of such plans? I'm thinking of something where I can feed it data (manually or, preferably, automated) and it can spit out a PDF report. Thanks!

This is an automated archive.

The original was posted on /r/sysadmin by /u/One_Leadership_3700 on 2024-01-22 14:29:23+00:00.

With the acquisition of Vmware through broadcom and the big impact for not-so large enterprise setups, there will be a need for other Type-1 Hypervisor setups. Most likely Hyper-V, but also Proxmox might geht a lot of boost (I hope for it. I am from austria and rooting for it, since Proxmox is in Vienna (: )

the downside is not just the migration, but also the ecosystem and a very important part will be the backup solution. What vmware is for the virtualization, Veeam tends to be for backup.

The ladder now seems to strive to support Proxmox. Go for it! :)

https://www.theregister.com/2024/01/22/veeam\_proxmox\_oracle\_support/

This is an automated archive.

The original was posted on /r/sysadmin by /u/Haulinbass_2001 on 2024-01-22 15:42:00+00:00.

Corporate reached out about a local user of mine's account locking just about every hour. They are using "pop a lock" script to unlock it automatically. They supposedly did some troubleshooting and passed it to me. I checked her cached creds, etc. I turned off her PC and logged her out of a shared PC, that was all I could find with the tools I have. Still the account locks. I suggested the mobile phone, the guy in Corp. said they don't authenticate against the domain, huh? I know they can lock out accounts. The screen shot they sent has EventSource which is blank, IP and Origin IP are both IPs for the DCs. Any ideas on narrowing this down?

This is an automated archive.

The original was posted on /r/sysadmin by /u/zer0_snot on 2024-01-22 15:37:14+00:00.

If you use windows 10, you might run into lots of printer problems like these:

• why is my printer showing offline even though it's on
• Why did my printing suddenly pause?
• Why didn't my printing start? (Delayed start, like 20 mins)
• Every time I cancel a job I need to do the restart printer, restart windows services $#!T!
• Why did the printer print in the wrong order

After a lot of trial and error I finally figured how to fix Canon printer issues on windows 10! This is what I did:

1. Disable windows spooler

   1. Go to Printers
   2. Click on your printer > Manage
   3. Click Printer properties
   4. The printer preferences dialog will open (general, sharing etc - the place where you choose color / greyscale etc)
   5. Click Ports Tab
   6. At the bottom, uncheck "Enable Printer Spooling"
   7. And make sure "Enable bidirectional support" is turned on
   8. Here's a screenshot:

2. Disable the Firewall:

   1. Ideally, we need to figure out what ports are wrongly getting blocked by the AV (I was using Kaspersky Plus Internet Security) but I've seen problems with other AVs as well.

At this point my printing setup works like a charm.

• Prints instantly
• Cancels instantly
• Printer never incorrectly shows offline
• The page orders don't get messed up

Hope this helps someone out there because I've gone through loads of posts on reddit while looking for a solution for myself.

This is an automated archive.

The original was posted on /r/sysadmin by /u/Comfortable_Store_67 on 2024-01-22 14:55:45+00:00.

Backup software vendor Veeam is doing early research on VMware alternative Proxmox, potentially with a view to creating a product to protect data created using the tool.

"We're researching and doing some prototyping around Proxmox to see what's possible there as far as backup goes," Anton Gostev, Veeam's senior veep for product management posted on January 11.

Another Veeam product manager, Fabian Kessler, last week confirmed that effort, writing "Proxmox is something we are doing some early research on."

www.theregister.com/2024/01/22/veeam_proxmox_oracle_support/

At least they are looking at Proxmox support.

Could be promising... But who knows how long it will be before any progress will be made

This is an automated archive.

The original was posted on /r/sysadmin by /u/B-HDR on 2024-01-22 14:32:35+00:00.

"We're researching and doing some prototyping around Proxmox to see what's possible there as far as backup goes," Anton Gostev, Veeam's senior.

Source: TheRegister.com

This is an automated archive.

The original was posted on /r/sysadmin by /u/Jumpy_Potential1872 on 2024-01-22 13:40:55+00:00.

Outside of items with a known CVE associated with them, do you keep device firmware and drivers up to date across your fleet of installed hardware? Or, do you let it sit with "tried and true" until there is a problem.

I'm running into the issue with some devices showing buggy behavior that is resolved with the latest and greatest driver and or firmware. BUT, in the past we've been bitten by doing a driver upgrade that throws in other previously unseen issues in our environment.

If you do manage all driver revisions, how do you inventory all of that and keep it up to date? We see probably 100 different models of computers, printers, scanners, etc... and each one has multiple subcomponents that might need to be patched.

This is an automated archive.

The original was posted on /r/sysadmin by /u/DryOrganization1301 on 2024-01-22 09:54:38+00:00.

Background: I'm a relatively new jr sysadmin, but was desktop support for 5 years prior. Current org is smallish (<200 users) and local government.

At my current role, there are some IT practices that I can't help but think make our org vulnerable to attack.

This includes:

1. Unencrypted hard drives (we have bitlocker available to us already)
2. Everyone's an admin on their own computers
3. No MDM for our mobile devices

I've brought these up to my IT director (small org, so I report straight to him) and I've pretty much been brushed to the side for all of them.

A lot of his reasoning is along the lines of "we've been fine so far" and that it's more convenient. He seems content on keeping things as they are for the most part. He's the old stubborn sort

In the back of my mind, all of this is a ticking time bomb for a major security incident.

Am I crazy?

Edit 1: advice is also appreciated

This is an automated archive.

The original was posted on /r/sysadmin by /u/sun_nony on 2024-01-22 13:09:31+00:00.

Hey guys!

I need to create access review documentation, a kind of step-by-step guide and considerations that must be taken to release/remove/review user access. However, I can't find an example online to put together and I don't even know where to start. Could anyone provide an example of IT access review documentation? Thanks!

This is an automated archive.

The original was posted on /r/sysadmin by /u/ikrbb on 2024-01-22 13:04:51+00:00.

I have a old server IBM 3690 x5 where I have 2 Raid 1 arrays. Is there option to create a dedicated hotspare for one array only?

This is an automated archive.

The original was posted on /r/sysadmin by /u/DeifniteProfessional on 2024-01-22 13:04:34+00:00.

I've run into this once before, and I've seen a couple of questions with the same issue on MS Forums (naturally with moronic and useless answers).

So basically it boils down to Edge has this, presumably hidden, feature where it automatically signs you in to Office apps. If you sign out of office.com, and then click back on the sign in link, and this auto sign in is enabled, you don't have to type in a password or anything, you're straight in.

Possibly useful for some people, but it's absolutely fucked my user's Edge installation. They have two Work email addresses (as they do work for two sister companies). The second work account, they can't access office or SharePoint because the main profile signs them in automatically to their fist work account

So I think, no problem, will create a second profile. However, despite that second profile being signed in to the second work account, Edge is still signing in to office and SharePoint using the first account automatically

Has anyone run into this, and possibly even has a solution?

This is an automated archive.

The original was posted on /r/sysadmin by /u/FusionX-Steven on 2024-01-22 12:58:37+00:00.

Morning! We have 3 identical hosts in a Server 2019 Cluster. Same hardware, same network configuration. Absolutely losing my mind chasing this for over a week. One of our nodes is reporting "Cluster network name resource 'Cluster Name' failed registration of one or more associated DNS name(s). The error code was '-1'. Ensure that the network adapters associated with dependent IP address resources are configured with access to at least one DNS server." I triple checked everything in regards to DNS and can't shake this error.

Only one node has this error under the Cluster Events. Research suggested deleting / recreating an A record. This hasn't helped. Unfortunately I do not have enough resources to do a full migration out at the moment, evict the node, and try to join it again. Does anyone have any suggestions? All the VMs are running fine, it's just a single host node that is complaining.

When running nslookup DNS commands on the affected node, DNS resolution doesn't seem to be an issue, so I am really stumped. Thank you for your time.

This is an automated archive.

The original was posted on /r/sysadmin by /u/ITStril on 2024-01-22 12:57:03+00:00.

Hi!

I need to install a high performance server for an OLTP-database and need to minimize storage latency.

--> NVMe, EPYC 9174F

Now, the big question: How would you install them redundant, today?

• Hardware-RAID-controller - e.g. Megaraid 9600

--> I did only test the predecessor and it did slow down the NVMs A LOT!

• StorageSpaces (no direct)

• Software-Raid

• GRAID (GPU-card)

A Raid 1 with very fast NVMe should be sufficient.

What would you choose?

Thank you for your thoughts

ITStril

This is an automated archive.

The original was posted on /r/sysadmin by /u/BasementMillennial on 2024-01-22 12:42:10+00:00.

Howdy all,

I'm looking to see if there is a way to restrict file paths to 254 characters in regards to Sharepoint folder and file name paths. As its been stated in this sub and elsewhere, File explorer has a limit of 255 characters for file paths when synching Sharepoint folders. We've informed users about this, but have turned into a broken record with telling them this as this always happens. Excluding bringing this up the chain (which we've done before), is there a policy or a way to automatically reject or restrict naming a file or folder convention when the character limit is set to a certain limit?

This is an automated archive.

The original was posted on /r/sysadmin by /u/Failfish2015 on 2024-01-22 12:41:10+00:00.

Hi folks, the usual situation of things being done with zero documentation. Basically windows diagnostic data is “being managed by your organisation” and I can see reg keys generated to allow telemetry as basic which is fine but I want to find out WHERE these are coming from.

Tried running RSOP to find no group policy is modifying data collection under policies/windows components and we have devices co-managed by SCCM and intune but I can’t find any configuration profile in intune responsible and nothing in CCM either. The hierarchy settings under SITES has data diagnostics set to “Enhanced” but according to ms documentation this is just for the server hosting the DB not all clients

Is there any paper trail I can find on the client to help with this or just general advice when it comes to find where settings are being managed?

This is an automated archive.

The original was posted on /r/sysadmin by /u/Impossible_Ad4774 on 2024-01-22 12:22:57+00:00.

Hey fellow sysadmins! 👋 We're gearing up to migrate our systems from Windows 10 LTSC to Windows 11 Pro, and I'm seeking some advice from the community. Here's our current setup:We deploy a couple of central template Windows 10 LTSC images (Sysprep) to machines/VMs using MAK keys. For the sake of simplicity, assume we don't have any existing Windows licenses for our 20-40 devices (a mix of PCs and VMs). In reality, we have Windows 10 enterprise per-device licences but only up to 2016 LTSB.Our migration goals:

1. We have imaging rights (Sysprep).
2. Ensure continued access to Windows 11 through general availability channels for as long as it's supported.
3. Pay only a one-off fee (eliminating Windows 11 Enterprise).
4. Access to the VLSC portal for downloading and using 'clean' Windows 11 images for different versions (21H2, 22H2, 23H2, etc.).
5. Require per-device licenses (ruling out Windows 11 Enterprise).
6. Not interested in cloud deployment solutions like Smartdeploy, etc. It must be on-premise.

The confusion arises from the fact that Windows 11 is only sold as an upgrade license, meaning we need a base qualifying license. One vendor suggested that we can only upgrade by installing Windows 10 and then upgrading to Windows 11 via Windows Update. This feels inefficient to us, but maybe we're missing something.So, I'm reaching out to the community to hear your experiences and suggestions. How have you tackled similar migrations in your environments? Are we approaching this the right way, or is there a more efficient method that we're overlooking?Thanks in advance for your insights!

This is an automated archive.

The original was posted on /r/sysadmin by /u/tja1302 on 2024-01-22 12:22:25+00:00.

I've inherited a setup whereby all users have roaming profiles and redirected folders enabled, so they can sign in anywhere and all their details save back to a central file server. Currently, users are complaining that this is taking a long time to log in each day.

They also want a new RDS server configuration for remote workers. For this I've proposed using FSLogix due to the improved performance. Is this something that could also be enabled for the users in the office who are simply signing into the domain on their hot desks? I've not used it in a hot-desk/non-RDS setup before so I was wondering if this is even possible. I would imagine each PC would need the FSLogix app installed for this to even be a possibility.

If FSLogix is not an option, does anyone have any pointers on where to start looking at slow login times for redirected folders/roaming profile setups?

Any help/advice/links would be greatly appreciated!

This is an automated archive.

The original was posted on /r/sysadmin by /u/Suitable-Equipment65 on 2024-01-22 12:19:46+00:00.

Currently I am fighting an issue with one of our DPM servers.

In our setup, we have a local DPM 2019 server (on-prem) and one DPM 2019 server located in our data center (offsite). In the past we used to chain backup the on-prem to the data center. However, since the re-installation of the data center DPM, I am no longer able to add contents from the on-prem DPM (except for the DPMDB_xxxx_xxxx database.

When selecting the on-prem server, and REFRESH, I get the following errors:

DPM is unable to enumerate contents in  on the protected computer . Recycle Bin, System Volume Information folder, non-NTFS volumes, DFS links, CDs, Quorum Disk (for cluster) and other removable media can't be protected.

DPM could not enumerate instances of SQL Server by using Windows Management Instrumentation on the protected computer .

Both DPM machines are running the same version, DCOM settings have been checked. Data center machine has been re-installed (fresh). Both machines are in the same domain. And since I have been battling this beast for 2 weeks right now, I am out of options..

All help is appreciated! Thanks!

This is an automated archive.

The original was posted on /r/sysadmin by /u/AlcatrazZEcho on 2024-01-22 12:04:07+00:00.

Hi,

So im looking for a script that shows who have "Enable BitLocker pre-boot authentication" on our domain.

any suggestions?

thanks in advance

This is an automated archive.

The original was posted on /r/sysadmin by /u/rowansc1 on 2024-01-22 11:35:17+00:00.

Hi all,

I'm in the process of implementing additional backup servers into a network for a customer. At the moment they have a few backup servers running. However, one of them is starting to get quite full.

The customer doesn't want to purchase any more hardware at the moment, but we do have another storage server available to use. Is anyone aware of a way to "link" the storage of those two servers together to act as one large storage volume? In a similar way to RAID0 where it is a large volume.

FYI: The servers which are currently running do not have any additional storage bays to use, and the available drives we can use are at a similar capacity so there is no point in cloning the drives to move the data across.

We don't need fast data transfer rates, just a normal networking speed is fine.

I'll try and convince them to just purchase higher-capacity drives or let me split up the backups more. However, if anyone has encountered this before and knows the possibility of doing this, it would be appreciated if you could let me know so I can present some options to them.

Cheers all, enjoy the start of the week!

This is an automated archive.

The original was posted on /r/sysadmin by /u/tinker-rar on 2024-01-22 11:18:42+00:00.

Computer Objects for Entra-joined clients

At work we are facing the following problem.

There hasn’t been proper communication between different teams so the networking team bought a NAC software (macmon) to do 802.11X authentication. Macmon relies on AD computer objects to do EAP-TLS Auth. Unfortunately macmon does not support EAP-TLS for User certificates.

This is a problem because the team which manages workstations decided they‘ll only do Entra-join from now on and not hybrid-join.

Is there anything we could do to make this work? It has come to my attention that there might be an upcoming feature that may support our scenario but I couldn’t find any announcement from microsoft.

The only scenarios I see, that are possible right now, are:

1. go back to only On-Premises joined Machines so they can get a Computer Cert from our PKI and do EAP-TLS machine auth.
2. Ditch Macmon and build a NPS radius server which does EAP-TLS authentication without checking the AD for a computer object. The certificates would be issued over the Intune Certificate connector.

Looking forward to hear your thoughts on this.

This is an automated archive.

The original was posted on /r/sysadmin by /u/SuspiciousCatch6906 on 2024-01-22 11:05:16+00:00.

I'm currently in a mission for a large customer with ~2000 user licences.

A significant portion of those users are consultants who use their own laptop (with licensed Microsoft software) to access the company ressources. They just need to have a company mailbox and AD identity (hybrid on-prem/entraID environment).

Currently, each user in this category is registered with an Office 365 E1 licence.

The idea is to migrate them to Microsoft 365 F3.

Is that allowed ? Will they be able to use their (already licensed) Office suite (Outlook, Word, Excel, ...) to access company's ressources ? Or is F3 enforcing the used of web-based versions ?

Some of them will be a little squeezed with the 2GB Kiosk mailbox. Is it possible to have an extra exchange online capacity for them ?

This is an automated archive.

The original was posted on /r/sysadmin by /u/Ghostky123 on 2024-01-22 10:31:03+00:00.

Hi Guys,

We have an annoying problem on our Vcenter VM's, we are using Azure ARC to automatically update our servers at night in the weekend but the problem is that it doesn't install the VMware, Inc. - net 1.9.14.0 update.

I guess this has to do with the update classifcations we selected? But I don't see a drivers category in Azure Update Scheduler:

Does anybody of you guys have an idea how to fix this?

Thanks for your help & kind regards!