This is an automated archive made by the Lemmit Bot.

The original was posted on /r/sysadmin by /u/IndyPilot80 on 2023-10-07 17:58:01.

We have a server that has some old Samsung 860 Pros in them that we are looking at preemptively replacing.

I've been doing some shopping around and I'm seeing that Intel Enterprise SSDs are a decent amount less expensive than other brands. Also, correct me if I'm wrong, but I think Dell uses Intel SSDs. I did see few posts from 3-4 years ago where people say they were failing quicker than expected, though.

The exact ones we are looking at are D3-S4510 SSDSC2KB019T801. Any thoughts on them?

EDIT: Here is a link if that helps at all. Price seems a little too good to be true.

This is an automated archive made by the Lemmit Bot.

The original was posted on /r/sysadmin by /u/BoltActionRifleman on 2023-10-08 00:30:14.

This will not only irk us, in many cases it will make us look elsewhere for someone less disrespectful of our time.

This is an automated archive made by the Lemmit Bot.

The original was posted on /r/sysadmin by /u/gahd95 on 2023-10-07 20:55:44.

Hi,

So i have been asked to plan for our AAD to be our primary AD. Currently we sync our on-premise AD to AAD wuth Azure Connect 2.0.

I do like the idea of having just AAD and getting rid of our on-prem AD. Most likely not getting completely rid of it due to our server infrastructure not being completely ready to fully move to the cloud and a few other thing.

However, what i am trying to figure out is:

• How do we keep our file servers available for the users? Most of them work in Sharepoint, but we do have some users that rely in the on-prem fileshare and Azure fileshare would be much too expensive for this kind of data.
• Same for print servers. Microsoft Universal Print is not supported for all of our printers. We are working towards a printserverless solution, but we are not quite there yet
• All the different integrations and services we have depending on on-prem AD.

Should be just forget it and keep our on-prem AD as our primary for a few more years and try to move services, integrations and dependencies to the cloud?

This is an automated archive made by the Lemmit Bot.

The original was posted on /r/sysadmin by /u/jdlnewborn on 2023-10-07 19:06:21.

I am posting this, since its going to be a HUGE thing for me.

Over the last few years, seems there are posts about 'portable' monitors that we use in the field so we dont have to tote around a big display. I made one personally earlier this year, and settled on a USB capture card and OBS Studio. Works, a bit clunky, but it works great.

I am an Apple guy, so carry iPad Pro and iPhone with me normally, but use windows desktops. Such is life.

Listening to MacBreak Weekly this week, they mentioned how Orion - a free app that allows USBC iPads to work as monitors. This....is going to change things for the better for me, and thought it best to pass along to someone else who could benefit as well.

Cheers!

This is an automated archive made by the Lemmit Bot.

The original was posted on /r/sysadmin by /u/throwaway-4016 on 2023-10-07 16:50:26.

Hey yall, so I quit my helpdesk position and got a job as a system administrator in the internal IT department of an MSP, and was told that I will mostly be responsible for the hardware of the employees and with the IT asset management. I was happy hearing that since I was getting kinda sick of costumer service (was working retail and IT support years ago) but I recently was told by my mentor that I will most likely be working 50/50 internal IT stuff / dealing with clients. My other colleague in the internal IT also do client tickets / support the line while dealing with internal stuff. Im not against it, I think its more experience for me but I was just wondering how common it is? Like theres also a bunch of colleges who basically manage internal IT while working as consultants for clients.

This is an automated archive made by the Lemmit Bot.

The original was posted on /r/sysadmin by /u/RodoggA on 2023-10-07 10:54:21.

Hi All,

I looking to build out my tool box with handy resources that will be beneficial. I don't need to use them everyday but it would be nice to have a list of resources/tools I can leverage for any request that get's thrown my way.

Resources like

Tools like sys-internals.

What tools/resources does system admins/engineers have that I should check out and potentially add to my list. These can cover a wide range from endpoint management, networking, security and database administration.

This is an automated archive made by the Lemmit Bot.

The original was posted on /r/sysadmin by /u/adstretch on 2023-10-07 05:18:19.

Is anyone else getting burnt out chasing / managing the upgrades related to modern release cycles?

I’m finding more and more of my job is not maintaining a functioning environment but just keeping up with release cycles and trying to make sure what is coming down the road isn’t going to kill our environment.

Even if we aren’t prepping to move to new releases we need to confirm support for our existing releases and make sure no auto or unattended upgrades will force us there. Sometimes we don’t even get to kick the can that far down the road. (Looking at you 90 day deferral for macOS and iPadOS)

Dealing with aging VMWare (6.5), windows 10 -> 11. Windows server 2012r2/2016 -> 2022, macOS 14, iOS 17, palo 9.1 going eol, 18.04 going eol (yes I know this was LTS and we were way out ahead of it).

I generally keep my head above water with all of them but the fast past major release cycle is killing me. I’ll take 5+ years of minor patches and minor feature upgrades over all of these 1-2 year rewrites and major changes.

The upgrades would be easier to deal with too if so many of them weren’t buggy disasters at launch, but so many are.

That doesn’t even include Microsoft trying to kill off all their established on-prem services and pushing everything to Azure/entra.

/rant

This is an automated archive made by the Lemmit Bot.

The original was posted on /r/sysadmin by /u/undercovernerd5 on 2023-10-07 01:53:52.

EDIT: I guess the SecureX platform is going EOL July 31, 2024 😣 Perhaps this is still a good avenue for the initial deployment for large organizations

Fellow Admins,

Figured I'd mention it for folks who utilize Cisco products, namely Umbrella as it's pretty darn helpful.

Now that the Cisco Umbrella Roaming Client is going End of Life we will need to deploy the Cisco Secure Client in its place.

It seems like the default method is to hop into the Umbrella dashboard where you can download the Secure Client as well as a .JSON configuration sidecar which will both be needed at the time of install.

Nasty...

So I went digging and I discovered that you can actually signup/login to the Cisco SecureX platform (free) where it'll let you manually configure all of the various Cisco products (AnyConenct, ISE, Umbrella, etc.) or simply by uploading your configuration file. This then spits out a .exe that embeds the configuration within it so folks can better deploy it remotely such as through an RMM solution.

This is done in the Insights Dashboard > Secure Client > Deployment Management

This is an automated archive made by the Lemmit Bot.

The original was posted on /r/sysadmin by /u/Scary-Jury1059 on 2023-10-07 11:33:12.

So it looks like the "hack" cost MGM $100 million so far in fixes and lost business.

Considering the "hack" was essentially someone calling up and saying "can you change this password please " ; how do you guys feel about firms being able to essentially price in bad practice & rely on insurance companies?

I would have hoped the insurance firm would turn around and go....nooooope...your lack of processes and bad working practices caused this and refuse to pay out. Actually COST the firm money.

What this teaches firms is...don't worry about security or training your staff. Don't worry about having motivated well trained relaxed staff...you can insure yourself out of it.

With the ransomware business due to be worth $10 trillion within a couple of years hopefully insurance firms will find it impossible to pay these things out

This is an automated archive made by the Lemmit Bot.

The original was posted on /r/sysadmin by /u/sysadmin_dot_py on 2023-10-07 02:41:03.

Just sharing case this helps others, or others can add their own input, but this is how we're deploying the new Teams client and uninstalling the old Teams client with our deployment tools. I also included some of my notes.

Right now, the upgrade path that uses Teams Update Policies in the TAC assumes the user has the old Teams client installed. I wanted a mechanism that I fully control with my standard deployment tools and that I can use to install the new Teams client directly on new computers without installing and upgrading the old client first.

1. Make sure your users' Teams Update policy setting "Use new Teams client" is NOT set to "Not enabled" (in the TAC, that is under Teams > Teams Update Policies).
2. Bulk deploy the new Teams using the bootstrapper from Microsoft. Run teamsbootstrapper.exe -p with your deployment tool of choice, with elevated or SYSTEM privileges. Do not run as the user. This installs MSTeams as a provisioned packaged (Get-AppxProvisionedPackage -Online).
3. When users log in next, the the app will be provisioned within the user profile.
4. If you use the old Teams Machine-Wide installer, uninstall that with your deployment tool (perhaps in the same deployment package/script as the above and again, run with elevated or SYSTEM privileges):

MsiExec.exe /qn /norestart /X{731F6BAA-A986-45A4-8936-7C3AAAAA760B} 5. Lastly, you need to actually uninstall the old Teams client, which is installed in each user's profile. You can deploy the following script to run as the user using your preferred tool, or if your tool does not allow, run this in a logon script, or deploy a scheduled task that runs as the logged in user and triggers when the user logs in. The script checks whether both Teams clients are installed for the current user, and if so, uninstalls the old client from the user profile.

if ((Get-AppxPackage -Name MSTeams) -and (Test-Path "$($env:LOCALAPPDATA)\Microsoft\Teams\current\Teams.exe")) {

& "$($env:LOCALAPPDATA)\Microsoft\Teams\Update.exe" --uninstall -s

}

If you just want to use the policies in the TAC to force the new version, you can do that too, and just perform the last couple of steps to remove the old client.

Hope this helps :)

This is an automated archive made by the Lemmit Bot.

The original was posted on /r/sysadmin by /u/kellarman on 2023-10-06 20:14:35.

With all the recent strikes and successful (?) negotiations between unions and industries, it got me thinking, why isn’t there more prominent unionization in the IT sector? Imagine if sys admins went on strike? It’d be like an internal ransomware attack.

Possible reason: Fear of whole department being replaced by MSPs

Thoughts?

This is an automated archive made by the Lemmit Bot.

The original was posted on /r/sysadmin by /u/BronnOP on 2023-10-06 22:51:14.

Director of the company is the person that grants approval for device upgrades. I’ve been there for a few months.

70% of our inventory is Windows 10 that cannot upgrade to Windows 11 due to hardware limitations - most of it is a decade old.

He’s in agreement we must upgrade before windows 10 goes EoL, but is trying to go for the cheapest stuff possible, even considering refurbished Win 11 machines.

He says that “this is just something that needs to be done, it doesn’t bring any value to the business it’s just something we have to bite the bullet on” however what this actually means in his mind is buying the cheapest crap that gets us on Windows 11.

How can I counter this and show investing in quality devices (I’m pushing for laptops and docking stations) does bring value to the business?

Any arguments for laptops over desktops? Everywhere I’ve been laptops are generally the standard, but he says he doesn’t care because we don’t work from home so why would we need laptops.

This is an automated archive made by the Lemmit Bot.

The original was posted on /r/sysadmin by /u/axis757 on 2023-10-06 20:31:17.

Is anyone else seeing a crazy amount of phishing being sent from compromised 365 accounts? And I don't just mean your run of the mill phishing, these are vendors and clients of ours that are getting popped. There's been at least 10 instances of one of our contacts getting their email account compromised just in the past month.

They're all sending very similar phishes which makes me think they're all from a common attacker or tool, and I'm sure they're trying to compromise more accounts with what they're sending.

This is an automated archive made by the Lemmit Bot.

The original was posted on /r/sysadmin by /u/oldcowboi on 2023-10-06 19:54:40.

Work for an investment bank and naturally the hot new topic in the industry is AI, got all the MD's super excited (especially with 365 copilot) so now I've been asked what kind of "AI programs" we can make use of right now, while ofc neglecting cost and headache of implementation. So I'm just after suggestions of any small handy AI programs to keep their sacks empty until we get copilot. All responses appreciated.

This is an automated archive made by the Lemmit Bot.

The original was posted on /r/sysadmin by /u/joshtaco on 2023-10-06 20:33:22.

From the same place that claimed it in the first place...

As well as this:

This is an automated archive made by the Lemmit Bot.

The original was posted on /r/sysadmin by /u/lycosawolf on 2023-10-06 17:07:02.

Our company has falling sales and the CEO brought in this young brash “head of marketing” who is dumping tons of Salesforce changes (Pardot, RevIO, Iornhorse etc) onto my team. He hired a consulting firm himself to do Pardot (Marketing email spam platform) to blast out email campaigns and without any planning expected everything to work out. The consulting group was useless and chucked their failures over to my team.

How do you deal with other department executives that pass blame onto IT?

This is an automated archive made by the Lemmit Bot.

The original was posted on /r/sysadmin by /u/Lotheretan on 2023-10-06 19:12:04.

I work in a local phone carrier/VoIP company, around 10 employees, 2 of them being me and another tech guy. Both of us are the only two guys with any computer knowledge, no IT department per say. I was the one setting up the NAS we're now using, the VPN accesses, the wireless APs, all that stuff.

My boss once asked me to change everyone's password to the same password so HE would have a better time when having to access anyone's machine, but I told him it would be the same as just having no password at all, so he let it go.

Later on he asked my colleague to collect everyone's computer password, ours as well and put it in a spreadsheet and email it to him... I still put mine in, but changed it right after.

Then a few weeks later, he asked for the full control over the NAS, he already thought he had access but never connected once since we've had it, so I had his access limited in term of control and it's been over a year, no issue.

He wanted us to show him how everything worked, asked us to delete all the folders, accounts and accesses from departed colleagues. I only had them disabled, so no one could access after they left and we still had access to whatever data was on their shared drive. The reason I didn't delete their account is because it would also delete their data and backups of their data (It'll be important later on).

On the next day, me and my colleague's credentials had been changed, we received emails from the NAS saying our password had been reset. We asked him about it, he said he was making changes and had to disable our accounts in the meantime.

That night I received an email saying the daily backup failed. Then on the weekend, you guessed it, the Weekley failed as well.

He then removes my email from the backup software so at least no more spam about what I can't deal with.

A week later, the new IT guy he had contacted to deal with all this called me (He's actually the IT guy from one of our client) asking me if I could help him out with an issue on the NAS, no one could access their files over the VPN, it was working fine before though...

My boss took me in his office to tell me I couldn't be trusted anymore because the people who recently left had their data wiped from the NAS and he couldn't access their data anymore, but he could access anyone else's recycling bin and deleted data, I tried to explain to him it was because he asked us to delete those people's account but he wouldn't believe it. I gave my resignation latter a week after that, I had another company asking me to join them for a while, this, was the last straw and decides to join them instead.

Thanks for listening to my TEDtalk.

This is an automated archive made by the Lemmit Bot.

The original was posted on /r/sysadmin by /u/va_bulldog on 2023-10-06 17:20:14.

I just got an email wanting a camera in the server room. I work in a small company and the server rack is physically in my office. I don't think there is a way that I could angle a camera where it can view the server rack but not me or my tech. No one else in the company works on camera. We have cameras in the office to see who is going and coming, mainly for after hour events. My door is key fobbed, and I get alerts of anyone who accesses the server room. Does anyone have any experience/insight on this?

This is an automated archive made by the Lemmit Bot.

The original was posted on /r/sysadmin by /u/KindOne on 2023-10-06 16:40:11.

Just a rumor.

Other discussions on Reddit:

/r/windows/duplicates/171dwpi/microsoft_might_want_to_be_making_windows_12_a/

Hacker News:

This is an automated archive made by the Lemmit Bot.

The original was posted on /r/sysadmin by /u/Pommes254 on 2023-10-06 13:05:10.

We are currently running around 400 vms (mostly linux but also a few windows) on our main production cluster on a kvm based hypervisor and

i am currently tasked with implementing a solution that automatically keeps a centralized database of what programs are installed where (including version) that in case there is a vulnerability we know which machines need to be pached,

currently this is done mostly manually and coverage is spotty at best...

We are currently using zabbix for our monitoring so and integration into that would be a bonus,

also automatic checking / alerting with the cve database would be nice.

What would you recommend.

This is an automated archive made by the Lemmit Bot.

The original was posted on /r/sysadmin by /u/ilikeshawarma on 2023-10-06 14:01:48.

In an interview i told we use DFS, the IT manager was like, you guys still use DFS? isn't it too legacy. I asked him what they use, he said they have some Dell Storage based File sharing, i couldnt ask further due to the fast pace of the interview but what is the newest technology in use when it comes to File Sharing + AD integration?

This is an automated archive made by the Lemmit Bot.

The original was posted on /r/sysadmin by /u/sixtiethcomet34 on 2023-10-05 14:52:02.

Why do the managers who suck the most think that putting their entire email in the subject line is okay? Every bad manager I have ever had thinks that putting their request/thoughts in just the subject line is okay. It’s always cryptic or lacking details and just doesn’t make sense.

This is an automated archive made by the Lemmit Bot.

The original was posted on /r/sysadmin by /u/Kurosanti on 2023-10-05 21:29:58.

Our client is a small government branch (5 employees) who receives hardware, helpdesk, and 0365 administration. Today we had an issue that had me stuck, and every sign pointed towards issues with the state-provided security certificate(s).

I took notes on the steps I had taken, as well as noted some weird things I noticed on the way. (At one point in the process a user's name appeared whom no one recognized, and has never been employed at this location) About a notepad's page worth of notes.

Left the notes on the user's desktop and asked them to reach out to the state's helpdesk and asked them to 3-way me in so that I can provide information, passwords, etc.

Get a call with the user and the helpdesk both on the line. State help desk was beyond rude and approaching useless. I got on the call and asked if they need Admin access, and the State help desk says "No, I'm honestly not even sure why you're on this call". I give him a rundown on which services we managed and he responds similarly, "I mean I'm not sure why you have ME on this call"

Me: "I left some documentation explaining the situation and the steps taken to resolve it, have you had a chance to look at those?"

Him: "No, it's a software issue and we don't touch that."

Me: "Oh okay, do you have a list of the steps you've taken so I can compare it to mine and maybe find something that will help us solve this issue"

Him: "No... (silence)

Me: "Because after digging around I'm starting to think theirs some certificate issues, which it seems like are issued by you guys. Was just hoping you might have ran into this before."(Has his department listed in error code)

Him: (silence)

Me: "Okay Janet, I think we can go ahead and end the call with Jared. Thanks for you time, Jared."

If this were another business's IT, I would simply go over their head. However since this is a State employee, I'm not really sure how to proceed in this situation or future situations like this that may come up.

Appreciate any insight from those who have run into these situations before.

State is Kentucky.

This is an automated archive made by the Lemmit Bot.

The original was posted on /r/sysadmin by /u/HughJohns0n on 2023-10-05 21:26:33.

Systems Administrator is the new job title.

After one year of Sr. IT Technician, got a backhanded promotion? ;-}

It was a goal I set for myself a few years back, so yay!

This is an automated archive made by the Lemmit Bot.

The original was posted on /r/sysadmin by /u/junk_in_thetrunk on 2023-10-05 23:10:56.

Just got a letter from the cyber insurance company letting us know that we have a public facing server that has RDP enabled on it. They listed why it was an issue, etc, etc. They gave us the DNS name and the IP address.

The DNS name is of a server that we used for testing. It was online for a few weeks and only on during testing. That server no longer exists. It was a cloud server and we no longer own that IP. However we forgot to remove it from our DNS. So I don't know who's server they scanned but it wasn't our. Is this an issue?

Bonus question: Has it ever happened that an insurance company scanned a server that they thought belonged to a client but turned out to be something like the federal government server?

Who would get in trouble? The client for having a "mistake" in their DNS records? Or the insurance company for scanning random (potentially government) servers that don't belong to them?

TIA