Sysadmin

This is an automated archive.

The original was posted on /r/sysadmin by /u/BasementMillennial on 2024-01-22 12:42:10+00:00.

Howdy all,

I'm looking to see if there is a way to restrict file paths to 254 characters in regards to Sharepoint folder and file name paths. As its been stated in this sub and elsewhere, File explorer has a limit of 255 characters for file paths when synching Sharepoint folders. We've informed users about this, but have turned into a broken record with telling them this as this always happens. Excluding bringing this up the chain (which we've done before), is there a policy or a way to automatically reject or restrict naming a file or folder convention when the character limit is set to a certain limit?

This is an automated archive.

The original was posted on /r/sysadmin by /u/Failfish2015 on 2024-01-22 12:41:10+00:00.

Hi folks, the usual situation of things being done with zero documentation. Basically windows diagnostic data is “being managed by your organisation” and I can see reg keys generated to allow telemetry as basic which is fine but I want to find out WHERE these are coming from.

Tried running RSOP to find no group policy is modifying data collection under policies/windows components and we have devices co-managed by SCCM and intune but I can’t find any configuration profile in intune responsible and nothing in CCM either. The hierarchy settings under SITES has data diagnostics set to “Enhanced” but according to ms documentation this is just for the server hosting the DB not all clients

Is there any paper trail I can find on the client to help with this or just general advice when it comes to find where settings are being managed?

This is an automated archive.

The original was posted on /r/sysadmin by /u/Impossible_Ad4774 on 2024-01-22 12:22:57+00:00.

Hey fellow sysadmins! 👋 We're gearing up to migrate our systems from Windows 10 LTSC to Windows 11 Pro, and I'm seeking some advice from the community. Here's our current setup:We deploy a couple of central template Windows 10 LTSC images (Sysprep) to machines/VMs using MAK keys. For the sake of simplicity, assume we don't have any existing Windows licenses for our 20-40 devices (a mix of PCs and VMs). In reality, we have Windows 10 enterprise per-device licences but only up to 2016 LTSB.Our migration goals:

1. We have imaging rights (Sysprep).
2. Ensure continued access to Windows 11 through general availability channels for as long as it's supported.
3. Pay only a one-off fee (eliminating Windows 11 Enterprise).
4. Access to the VLSC portal for downloading and using 'clean' Windows 11 images for different versions (21H2, 22H2, 23H2, etc.).
5. Require per-device licenses (ruling out Windows 11 Enterprise).
6. Not interested in cloud deployment solutions like Smartdeploy, etc. It must be on-premise.

The confusion arises from the fact that Windows 11 is only sold as an upgrade license, meaning we need a base qualifying license. One vendor suggested that we can only upgrade by installing Windows 10 and then upgrading to Windows 11 via Windows Update. This feels inefficient to us, but maybe we're missing something.So, I'm reaching out to the community to hear your experiences and suggestions. How have you tackled similar migrations in your environments? Are we approaching this the right way, or is there a more efficient method that we're overlooking?Thanks in advance for your insights!

This is an automated archive.

The original was posted on /r/sysadmin by /u/tja1302 on 2024-01-22 12:22:25+00:00.

I've inherited a setup whereby all users have roaming profiles and redirected folders enabled, so they can sign in anywhere and all their details save back to a central file server. Currently, users are complaining that this is taking a long time to log in each day.

They also want a new RDS server configuration for remote workers. For this I've proposed using FSLogix due to the improved performance. Is this something that could also be enabled for the users in the office who are simply signing into the domain on their hot desks? I've not used it in a hot-desk/non-RDS setup before so I was wondering if this is even possible. I would imagine each PC would need the FSLogix app installed for this to even be a possibility.

If FSLogix is not an option, does anyone have any pointers on where to start looking at slow login times for redirected folders/roaming profile setups?

Any help/advice/links would be greatly appreciated!

This is an automated archive.

The original was posted on /r/sysadmin by /u/Suitable-Equipment65 on 2024-01-22 12:19:46+00:00.

Currently I am fighting an issue with one of our DPM servers.

In our setup, we have a local DPM 2019 server (on-prem) and one DPM 2019 server located in our data center (offsite). In the past we used to chain backup the on-prem to the data center. However, since the re-installation of the data center DPM, I am no longer able to add contents from the on-prem DPM (except for the DPMDB_xxxx_xxxx database.

When selecting the on-prem server, and REFRESH, I get the following errors:

DPM is unable to enumerate contents in  on the protected computer . Recycle Bin, System Volume Information folder, non-NTFS volumes, DFS links, CDs, Quorum Disk (for cluster) and other removable media can't be protected.

DPM could not enumerate instances of SQL Server by using Windows Management Instrumentation on the protected computer .

Both DPM machines are running the same version, DCOM settings have been checked. Data center machine has been re-installed (fresh). Both machines are in the same domain. And since I have been battling this beast for 2 weeks right now, I am out of options..

All help is appreciated! Thanks!

This is an automated archive.

The original was posted on /r/sysadmin by /u/AlcatrazZEcho on 2024-01-22 12:04:07+00:00.

Hi,

So im looking for a script that shows who have "Enable BitLocker pre-boot authentication" on our domain.

any suggestions?

thanks in advance

This is an automated archive.

The original was posted on /r/sysadmin by /u/rowansc1 on 2024-01-22 11:35:17+00:00.

Hi all,

I'm in the process of implementing additional backup servers into a network for a customer. At the moment they have a few backup servers running. However, one of them is starting to get quite full.

The customer doesn't want to purchase any more hardware at the moment, but we do have another storage server available to use. Is anyone aware of a way to "link" the storage of those two servers together to act as one large storage volume? In a similar way to RAID0 where it is a large volume.

FYI: The servers which are currently running do not have any additional storage bays to use, and the available drives we can use are at a similar capacity so there is no point in cloning the drives to move the data across.

We don't need fast data transfer rates, just a normal networking speed is fine.

I'll try and convince them to just purchase higher-capacity drives or let me split up the backups more. However, if anyone has encountered this before and knows the possibility of doing this, it would be appreciated if you could let me know so I can present some options to them.

Cheers all, enjoy the start of the week!

This is an automated archive.

The original was posted on /r/sysadmin by /u/tinker-rar on 2024-01-22 11:18:42+00:00.

Computer Objects for Entra-joined clients

At work we are facing the following problem.

There hasn’t been proper communication between different teams so the networking team bought a NAC software (macmon) to do 802.11X authentication. Macmon relies on AD computer objects to do EAP-TLS Auth. Unfortunately macmon does not support EAP-TLS for User certificates.

This is a problem because the team which manages workstations decided they‘ll only do Entra-join from now on and not hybrid-join.

Is there anything we could do to make this work? It has come to my attention that there might be an upcoming feature that may support our scenario but I couldn’t find any announcement from microsoft.

The only scenarios I see, that are possible right now, are:

1. go back to only On-Premises joined Machines so they can get a Computer Cert from our PKI and do EAP-TLS machine auth.
2. Ditch Macmon and build a NPS radius server which does EAP-TLS authentication without checking the AD for a computer object. The certificates would be issued over the Intune Certificate connector.

Looking forward to hear your thoughts on this.

This is an automated archive.

The original was posted on /r/sysadmin by /u/SuspiciousCatch6906 on 2024-01-22 11:05:16+00:00.

I'm currently in a mission for a large customer with ~2000 user licences.

A significant portion of those users are consultants who use their own laptop (with licensed Microsoft software) to access the company ressources. They just need to have a company mailbox and AD identity (hybrid on-prem/entraID environment).

Currently, each user in this category is registered with an Office 365 E1 licence.

The idea is to migrate them to Microsoft 365 F3.

Is that allowed ? Will they be able to use their (already licensed) Office suite (Outlook, Word, Excel, ...) to access company's ressources ? Or is F3 enforcing the used of web-based versions ?

Some of them will be a little squeezed with the 2GB Kiosk mailbox. Is it possible to have an extra exchange online capacity for them ?

This is an automated archive.

The original was posted on /r/sysadmin by /u/Ghostky123 on 2024-01-22 10:31:03+00:00.

Hi Guys,

We have an annoying problem on our Vcenter VM's, we are using Azure ARC to automatically update our servers at night in the weekend but the problem is that it doesn't install the VMware, Inc. - net 1.9.14.0 update.

I guess this has to do with the update classifcations we selected? But I don't see a drivers category in Azure Update Scheduler:

Does anybody of you guys have an idea how to fix this?

Thanks for your help & kind regards!

This is an automated archive.

The original was posted on /r/sysadmin by /u/danj2k on 2024-01-22 10:28:14+00:00.

At the moment we use an Excel spreadsheet to keep track of when our servers were last updated.

I'd like to add some conditional formatting to this to make it visually easier to spot servers that are out of date and need the latest updates installing.

At the moment I've got a simple "30 days" formula, but this doesn't take account of situations when the server was updated within the current month but before Patch Tuesday.

Does anyone have formulas that can be used with Excel conditional formatting that account for Patch Tuesday correctly?

This is an automated archive.

The original was posted on /r/sysadmin by /u/AutoModerator on 2024-01-22 10:00:15+00:00.

Howdy, /r/sysadmin!

It's that time of the week, Moronic Monday! This is a safe (mostly) judgement-free environment for all of your questions and stories, no matter how silly you think they are. Anybody can answer questions! My name is AutoModerator and I've taken over responsibility for posting these weekly threads so you don't have to worry about anything except your comments!

This is an automated archive.

The original was posted on /r/sysadmin by /u/LordLoss01 on 2024-01-22 10:22:38+00:00.

I'm trying to set up a PiSignage Server (). Unfortunately, one of the requirements if you want to access it from any computer is that you need to use a Public IP, of which I have none. Also, while both the Players and the servers would be on the same Wifi, it's a publicly accessible wifi for which I have no access to the admin side.

I do however have pretty much unlimited resources on Azure. I wasn't sure if I could set up some kind of VM on Azure, have it hosted on the web, and then point the server towards that instead of a Public IP?

I'd like for the web interface of the server to be accessible from any PC, even ones not on the same network as the server/player. Ideally, I'd prefer to use a physical machine over Azure because (A) My experience with Azure is minimal as I focus more on Intune and (B) Cut down on costs, however minimal.

This is an automated archive.

The original was posted on /r/sysadmin by /u/Lopsided-Dig-4661 on 2024-01-22 09:27:09+00:00.

Hello, is anyone aware of a service that can be used to pull all of the status pages/alerts from multiple SaaS products into one place?

Whenever someone reports downtime I find the relevant status page and put a message on slack to make people aware. I think it would be nice if there was some kind of service that would allow me to register for status updates for all the SaaS products we use all in one place so that if someone suspects downtime they just go to one place and can see for themselves easily.

I'm pretty sure it doesn't exist but wonder if it would be quite a simple thing to build.

This is an automated archive.

The original was posted on /r/sysadmin by /u/No_Competition_8788 on 2024-01-22 09:15:43+00:00.

I'd like to delete some print queues that are no longer used in my Papercut application. However, I'd like to keep the job logs that users have sent to these print queues for statistical purposes. Do you know if deleting these print queues will delete users' job history?

This is an automated archive.

The original was posted on /r/sysadmin by /u/Pflummy on 2024-01-22 09:03:33+00:00.

Hello,

What is stronger gpo or delegated permissions? I guess both needs to be set to allow to allow a certain settings? For deny if deny in gpo exists it always wins?

Many thanks

This is an automated archive.

The original was posted on /r/sysadmin by /u/ELMIOSIS on 2024-01-21 13:43:49+00:00.

So, i wonder whats the easiest way to deploy apps via sccm. In this scenario, all pc's in the organisation run Windows. When apps are being deployed, they're either in .exe file or a .msi file. I heard something about .msi apps being easier and simpler to deploy and are more windows friendly.

Is it possible to covert .exe to a .msi file for deployment then? Do y'all use a free msi wrapper when deploying apps, if so, which one and when in the process of deployment do you use it?

This is an automated archive.

The original was posted on /r/sysadmin by /u/frocsog on 2024-01-22 08:37:19+00:00.

Hello, I'm just a simple sysadmin in a middle school somewhere in an obscure country in Europe. I've been here (and in the trade) since 3 years, and one of the things I've learned pretty quickly is just how unreliable UTP cables are. Our school building has network cables running in the walls and the attic, and the number of times a mysterious network issue resolved with just changing a cable is mad. Now everytime someone calls me, saying "no net", I immediately check the cables. Well, almost everytime.

Lately, the longstanding extracurricular club "Edison club", which helps technically inclined students develop their skills and interests, built a new club house near our school. It has no official ties to our school, but their leader is our IT teacher, and they are somewhat integrated with us. So, they ask if they can have internet from our network. I say yes, because I'm nice, I don't see safety hazards and I know the principal, my boss, is OK with this. It's not a big job anyway, just putting an RJ45 on the end of their cable and firing up a Wi-Fi router. (they did the cabling from our building to theirs, but their cable connects with our in-built network).

Now, the connection is established, but it's unstable. Strange things happen. One time it works, the other time it does not. In the room where their cable is connected, there is an AP which spreads our own network. I discover that either the AP is working, or the club's router. If both connected physically, they do not work. I fiddle with our network settings, putting them in different vlans seems to work. I think I got the issue and I'm walking home happily. Now, after some days, it's not working again. I'm mad at this point, because what started as a 30 minute extra job is now occupying all my problem-solving skills (luckily there's not much work I have to do, one of the things I love this place), and I'm not even payed extra (as this is basically not my work).

So I start to experiment with putting their network connection behind another router, which I know is working, and it turns out it won't work that way either. Then I discover that our cable, with which they connect, is a crossover cable. It shouldn't matter in the age of auto MDI/MDIX, but what do I know. I've seen strange things. I re-make it, and it gets weirder. Judged on the colors, it looks like a straight-through cable, but it measures as a crossover. I look at the cable, I notice there's no "cat 5", or any other sign printed on it. Some 10 meters of cable, running through walls and the attic. I say to the club: we need another cable. I don't have any UTP cable, but they say the will buy and even replace it. They did it, thankfully it wasn't as in-built as I thought, and now it's working fine. Surprise, they discovered a hidden patching somewhere that I didn't know of.

So, check your cables first, folks. After DNS of course.

This is an automated archive.

The original was posted on /r/sysadmin by /u/ReactNativeIsTooHard on 2024-01-22 06:51:38+00:00.

Hey guys! I finally convinced my manger to allow us to migrate the DHCP role from our 2008 server (so we could shut it off) to our AD server. He wants me to write up a plan, obviously I know how to do the migration - I’ve looked into that. So I’ll include those steps in the plan of course, but what else do I put in said plan? Maybe estimated time, possible issues, etc.?

This is an automated archive.

The original was posted on /r/sysadmin by /u/MauriceMouse on 2024-01-22 05:58:15+00:00.

Hello, not sure if this is the right place to ask this question but here goes. My company bought a batch of Gigabyte servers recently and we're looking to buy more, particularly their all-flash storage server S183-SH0. One thing that Gigabyte tells us is a great advantage is their free-of-charge value-added management applications for remote server management. If I may paraphrase from the link:

GIGABYTE Management Console

For management and maintenance...the GIGABYTE Management Console is pre-installed on each server. IT staff can perform real-time health monitoring and management on each server through the browser-based graphical user interface. There's also support for standard IPMI specifications, automatic event recording, integrated SAS/SATA/NVMe devices and RAID controller firmware to monitor and control Broadcom® MegaRAID adapters.

GIGABYTE Server Management (GSM)

Software suite that can manage clusters of servers simultaneously over the internet. GSM can be run on all GIGABYTE servers and has support for Windows and Linux and complies with IPMI and Redfish standards. GSM includes the following utilities:

GSM Server: Real-time, remote control using a GUI through an administrator’s computer or through a server in the cluster.

GSM CLI: A command-line interface for monitoring and managing remotely.

GSM Agent: A software program installed on each node that retrieves information from each system and devices through the OS.

GSM Mobile: A mobile app for both Android and iOS that provides admins with real-time system information.

GSM Plugin: An application program interface that allows users to use VMware vCenter for real-time monitoring and management of server clusters.

My question is whether you all think this is impressive or not? We've surveyed other brands and they all charge us for similar functions, some even have a subscription system (meaning that we'll lose access to the software we bought if we stop paying!) So this is mighty generous of Gigabyte, right? Thanks, cheers.

This is an automated archive.

The original was posted on /r/sysadmin by /u/Archdragoon on 2024-01-22 03:51:05+00:00.

Has anyone here used new Dell latitude 5440 with Windows 11 from last year? My end user faced a weird issue which the external virtual switch that bridge with WiFi adapter lost the IP address it received from DHCP server, in this case it's the Wireless router from the ISP. I asked her to try to connect to mobile hotspot but it still didn't get the IP address. If I asked her to remove the external virtual switch the laptop immediately get the IP address again. This laptop OS image is out of the box.

the combination of Hyper-v external virtual switch plus Zscaler client connector work fine on another laptop with Windows 11 like on my laptop but my laptop is Latitude 5330 which is 1 year older. still the WiFi adapter is the same Intel AX211.

What I find it strange is that the laptop with the problem was working perfectly fine at my house.

This is an automated archive.

The original was posted on /r/sysadmin by /u/HazmarKoolie on 2024-01-22 03:11:33+00:00.

Hi Nerds,

I manage a couple of file servers that each have multiple disks of ~4TB, with one at ~9TB (a total of ~15TB each server) . I'd like to get your thoughts on backups and restore performance on these sorts of disks. I don't have huge experience with real world DR scenarios but my thoughts are:

Run more, smaller disks rather than fewer large disks. During a restore event, it's better to restore a smaller disk to get the bulk of current working data available to the business to get them up and running. Then, work on restoring auxiliary/non-critical data. Does this hold water or am I making it up?

The backup product, repository and scenario will of course have an impact on what how this is best handled but, I figure there's a fundamental in there that rings true, less data is always easier to restore than more. Right?

Hit me! Cheers.

This is an automated archive.

The original was posted on /r/sysadmin by /u/appleeimac1 on 2024-01-22 03:03:28+00:00.

Hi!

Does anyone know if the command omconfig storage globalinfo action=setnondellcertifiedmode mode=yes works on the MD3000/3000I forward

This is an automated archive.

The original was posted on /r/sysadmin by /u/need_some_water2 on 2024-01-22 02:51:58+00:00.

Contemplating a new job offer, what're your guys thoughts and would you take the offer or stick with the current job I have? Both don't require on-call responsibilities. Just looking to see if it's worth taking a pay cut to work in the Public Cloud space as my current job is all on-prem. I have around 10 years of experience but slim to none working in a Cloud provider (Azure, AWS, GCP, etc.) with the exception of some minor Office 365 administration.

I feel like my current gig is almost a Unicorn with how much it's paying (in relation to the work I do) and how lax the work environment is and given the 98% WFH. Thinking about giving it up is very hard but I know I need to start gaining some solid Cloud experience (Azure/AWS/GCP/etc.) so I'm stuck at a standstill. Do I stay or do I go?

Current gig:

Contractor W-2 (Public Trust)

Systems Engineer

• $80/hr
• 20 days PTO
• Meh, expensive health benefits and non-matching 401k
• Lax work environment, 98% WFH (Only time I'll really have to go in is if one of our devices in the DC goes down, even then I have a backup who can go in for me if I'm not available ASAP.)
• Managing VMware and Citrix environment, no cloud, all on-prem
• Doesn't have any room for upward trajectory in terms of career due to smaller team and supporting a smaller environment. Contract will most likely get renewed vs going FTE.

New Offer:

FTE (non Govt.)

Cloud Engineer

• $110k base and 10% bonus
• Unlimited PTO + (18 holidays and 12 sick days)
• Good health benefits and 8% matching 401k (3yr vesting period)
• Hybrid Remote (3 days in office 2 days remote)
• Performing VMware migrations from on-prem to Azure and working in Azure environment. This company also has infra in the AWS environment as well so I could potentially get to work on that.
• Has bigger upward trajectory for career since environment is much bigger and supporting much more

This is an automated archive.

The original was posted on /r/sysadmin by /u/Reddit_vialins3 on 2024-01-22 02:10:32+00:00.

I need an inexpensive tool to remote into a customer’s laptop and do admin work without giving the user local admin pw. Any suggestions? This is for Windows 10 or 11 enterprise or Pro.