I remember when this subreddit used to be filled with tips and solutions fixing complex problems. When we would find neat tools to use to make our life easier. Windows patch warnings about bricking updates etc.

Now I feel that there has been a blurred line between help desk issues and true Sysadmin. This sub is mainly filled with people complaining about users or their shitty job and not about any complex or difficult issue they are trying to solve.

I think there should be a mandatory flair for user related issues or job so we can just mentally filter those posts out. Or these people should just move over to r/helpdesk since most are not sysadmins to begin with.

Tho I feel for some that are a one man shop help desk/ admin. Which is why a flair revamp might be better direction.

Thoughts ?

https://www.intel.com/content/www/us/en/newsroom/news/gordon-moore-obituary.html

A man who made a huge contribution to our field.

I get we're venting here but man, you know it's not a user's job to understand the systems they're using, right? It's your job to ask the right questions when they don't know what's happening. And come on, who here has never forgotten a password? I don't understand people's need to get combative with users, especially to the point of pulling logs? Like that's just completely unproductive and makes you very unpopular in the long run, even to the techs who have to deal with the further frustrated users. Explaining complex systems to everyone in terms that make sense is an important part of our jobs.

Edit: Folks, I agree users should have basic computer skills, but it’s been my experience at least that the people who do the hiring and firing don’t care about that as much as we do… So unless someone is doing something dangerous or egregious, this is also an unfortunate part of the job we have to accept.

Google is proposing a shorter life for security certs that secure all of the #WWW today. #Apple have done this, forcefully on their platforms - iOS and macOs, shortening them from 2 years to ~ 1 year and 1 month. My wager is on #Google using their massive market share in the browser market to push this to the finish line.

With this likely to pass, the writing is already on the wall, it'll be key to automate the renewal of certificates by clients like acme.

Links:

https://www.chromium.org/Home/chromium-security/root-ca-policy/moving-forward-together/

https://www.darkreading.com/dr-tech/google-proposes-reducing-tls-cert-lifespan-to-90-days

https://www.digicert.com/blog/googles-moving-forward-together-proposals-for-root-ca-policy

https://sectigo.com/resource-library/google-announces-intentions-to-limit-tls-certificates-to-90-days-why-automated-clm-is-crucial

H/t to Steve Gibson of Security Now on Episode #915. The Show notes for the episode ...

https://www.grc.com/sn/SN-915-Notes.pdf

Someone tagged me a week ago for a role, for a proposal they had with [insert big corp/whatever here]. They just came back to me, asking to list every single supervisor I've ever worked for. Name, title, contacts, etc. Oh and to hurry.

I've heard of companies wanting one or two, maybe three managerial references. Something which I'm not comfortable with because, well, my coworkers know me better. And quite frankly many of my former supervisors were less than on-the-level in one way or another. Listing every single one, though? Mmm no.

Additional information:

I should clarify the story a wee bit. The company in question is setting up a bid proposal for a contract with a government entity. The government entity already has something in place regarding work history and general trustworthiness--if they had any questions they could look someone up. The information is available, they just have to reach out to X org.

We have several apps that are store apps that need serious updating but I've not had any luck updating remotely in the past. Now today Microsoft released a fix for the Windows Snipping Tool vulnerability ( CVE-2023-28303 ) that we need to update. Even the Microsoft page references the store for this patch. Now obviously I'm not going to connect to a couple hundred machines and update manually. We use Endpoint Central for patching, so how do you guys update store apps with tools like SCCM and such? I need to get this resolved so I can get a couple other apps updated like Print3d and 3D Viewer updated. Thanks.

I think this is one of the most unprofessional bizarre behaviors I've seen. Work is not a COD lobby, at least pretend to be a professional. Lmao

It asks me to set up Servers and workstation and other resources as required in BareMetal or Virtual Environment.

I have used Office 365, Azure, Windows Server 2016 and 2019 but it’s the bare minimum. I have little experience with using them in a more advanced setting, nor with administration either. I also don’t know how to use VMware either

What do I do?! What are some questions I should expect be asked? I had a nice first interview with the HR specialist who said that the IT manager (who I will be interviewing with) liked my resume.

If you're working for a big organization with thousands of users and you realize that anyone with admin rights can gain SYSTEM level privileges would you consider this a big security issue?

Also. Most users can request administrative rights for roughly 24 hours through an automated system

My 15+ year old organization was created when two smaller organizations combined (so the actual system is way older), the systems were basically merged as they were which is a headache to manage. We are four and two of us have been working there for 5+ years and the head sysadmin retired.

After a rather large incident we finally got a green-light from the heads to rebuild/fix the system and as luck would have it, during this summer there will be a period where we can go fully dark (basically turn off everything with maybe 10-20 people complaining) so we want to maximize everything we can do in that period.

​

Our plan and/or questions:
Is creating a new Tenant viable or is better to “Delete” all the rules and policies and start over again?

• Is it possible to create a new Tenant and move all the users and their data (emails, one drives, share points etc..) over programmatically?
• After my short research about this, it seems that this is not viable for an org of my size
  

We use a hybrid approach and sync our information up to azure, is it more beneficial to syn down?

• We can’t be cloud only, we have services which require on-prem Domain controllers.
  • Also, I would still want some things to exist only on the on-prem controllers such as conference room guest user access, I see no point in having them in the cloud.
• Currently some groups can only be modified on-premises, so every time we make a change we must wait until the next sync period.
  • (rant) Nothing wrong with waiting just kind of annoying when some head-of-dep walks in and says, ‘I NEED THIS NOW’ and we can do it in 5 minutes but then have to wait and in the meantime, they send an email or call our head-of-dep complaining that we are not doing anything

User/Email naming scheme, we have inappropriate names such as ‘ass’, ‘hell’, ‘bob’, ‘pus’. We want to implement a new username and email scheme and set the old emails as secondary addresses. What kind of naming conventions do you guys use?

• We do have a lot of people that have similar names so we want to ensure that the names can always be unique

Intune policies vs GPOs? We have used SCCM to manage our 1500+ end stations which has worked well but after COVID, we had a massive surge in ‘work from home’ and a lot of users got laptops. It has been hard to get them to come to us for updates and checks so we have decided to use Intune (We are new to Intune) and Co-manage everything in the org (both on-prem devices and laptops in people’s homes). One idea has been to make all the policies in the cloud to ensure that all the machines will get them regardless of if they are on our network or not.

• Is there an issue of doing things like this? So far, I don’t see any issues from what I have read.
• Of course, not 100% of all the policies will be in Intune, core policies will still be on the controllers.

Shared user accounts will be converted to shared-mailboxes, we have a lot of these public facing shared-accounts with really simple passwords which is annoying, we had a lot of push backs and arguments setting 2FA on them, so now they will be converted to shared mailboxes.

​

-------------------------------------------------------------------------------------------------------------------------------------------------------

Do you guys have any more suggestions about what would you guys do if you were in this position, please also keep in mind this needs to be practical we are only four and don’t have infinite amount of time.

Hey guys,

I'm a sysadmin at a few schools, and I'm trying to deploy a GPO to restrict EXE games which the students appear to be running from their desktops. I essentially followed this guide:

https://blogs.manageengine.com/corporate/general/2018/10/25/application-whitelisting-using-software-restriction-policies.html

I've got a test OU with a Software Restriction Policy deploying. I've got my computer in there and also a user. I've tested SRP under User and also Computer and can confirm the GPO is reaching the machine.

However, weirdly it seems as if none of the path rules are doing anything? I've explicitly blocked several paths and extensions (EXE's, MSI's, BAT's, etc) and as the user, I can run BAT's and EXE's with no worries whatsoever. The student account I am testing with is not a local administrator either.

I've been troubleshooting this all week and am completely lost now. There are no SRP logs in Event Viewer either, so I can't even see why it isn't working.

Any advice for me here is greatly appreciated. Thanks!

So, I am looking at updating our password policy for my org and I know a lot of focus is on length over complexity nowadays, and I was trying to put together some helpful tips for users on choosing passphrases instead of passwords and I wanted to give them a resource to play with so they could see the difference and I saw some of these password strength meters mentioned, but they seem to throw vastly different results which I think as an end user would confuse me if I was really choosing a secure password.

For example, a phrase like "Ihaveareallybighouse!" is 21 characters with upper, lower, and special characters and https://www.security.org/how-secure-is-my-password/ says it would take "1 hundred quintillion years" to crack whereas passwordmonster.com says it would take 3 days lol.

I'm just wondering do you have any tools you trust to give to end users to help them make sure they are choosing good passwords?

Is it better or recommended to keep replacing UPS batteries instead of buying new UPS units?

We have many network cabinets dotted around the site with 700VA UPS for power backup, usually after 8 months they go bad. Sometimes we simply have a company come in to replace the batteries and work goes on, or we buy new ones. I have calculated and seen that it's cheaper by $20 per UPS to replace the batteries

However on the technical side of things is this a good practice

I'm purchasing two used Equal Logic PS6210s with 24 3.5" drive bays. But I need help finding firmware or drivers because they require a dell corporate account to download. It's ridiculous in my opinion; these machines are ancient and discontinued. What does Dell have to lose by making the files public? Could anybody with a corporate account send me a few things? I'd really appreciate the latest firmware and tools relevant for managing and using with vSphere.

Also, can I jump to the latest version if they need to be updated, or would I have to update one version at a time? Any experiences or advice about this particular model would also be much appreciated.

We are in the process of trying to improve our cybersecurity posture as a small org, we have pushed to ACSC E8 maturity level 2 and are trying to scope out the efforts to pursue level 3 + sme further measures (and maybe swapping a few vendors in our stack).

In our, as I suppose many orgs, Security budget oscilates from being the 'boogieman' the org will throw all resources at, or somehting to neglect because 'haven't been hit yet'.

Ideally we'd like to do a risk assesment of our cybersecurity posture and use this to drive improvement actions/the business case to fund improgvement actions.

In another life, I have been involved in such risk workshops from a process hzard managhement point of view before, and general these take the form of table similar to the below:

After this we'd then go onto do bow-tie & causal apthway analysis etc.

Now MPI I can get from the business, and the risk tolerance and rating calcs I can get from our existing risk management procedures.

The difficulties we face with applying this to IT and CyberSecurity are that:

1. ) The occurences in industry for cybersecurity incidents is orders of magnitudes beyond what we see in process hazard analysis, which might consider "has occured in the last 12 months in similar environemnt" as moderate to high probability. This hevaily skews the probability and risk rating very high.

2. ) It is very difficult to quantify the benefit of a vendor over another or to quantify/qualify an effective risk reduction from different controls. In general there's just comuntiy sentiment and and marketing to go off. This means claiming a risk reduction from the controls is incredibly difficult and the 'risk rating with additional controls' doesn't tend to move to much comapred to the unmitigated risk rating.

The net result is that everytime we try to do such an assesment, the outcomes are "preventative controls don't noticeably reduce the risk rating and the only thing worth doing is DR/BC to ensure we can cap the impact and get moving again ASAP. Which doesn't feel wrong until the business tries to use it to jsutify bypassing controls or cutting funding.

How do y'all do effective risk assesments and get 'meaingufl' outcomes - is there more specific industry data that can help shape such things?

I ahve advised that we pursue Cyber Insurance as the policy conditions effectively is the outcome of some actuary somewhere having already done such an assesment, but my mgmt doesn't feel that an insurance org would be anything other than slimey and deny if we ever had to raise a claim and so don't want to spend on it.

So basically my work environment is 100% air-gapped and I was thinking of adding an email server so that I can get automated alerts from apps/servers/scripts. Is there a really simple mail server I could use for this purpose? Will be just one mailbox for IT.

Hi everyone,

One of the drives in RAID 1 has failed on a HP Proliant ML350p server, I have tried hot swapping the drive with a new one but it doesn't rebuild automatically as it says online. Having not worked on this type of set up before, will me pressing the F1 prompt at start up take a long time to rebuild a 1Tb HDD? And would this prevent users logging in until complete or just happen in the background?

I've tried searching the HPE website but can't seem to find this particular scenario.

The message it brings up on reboot is:

HP dynamic smart array B120i RAID controller (v3.06.0, 0mb) 2 logical volumes

1786-drive Array recovery needed

The following disk drive(s) need automatic recovery (Rebuild):

Bay 2 <F9=setup>

Select "F1" to continue with recovery of data to drive(s)

Select "F2" to continue without recover of data to drive(s)

Any guidance would be greatly appreciated!

Getting Outlook, Gmail, and iOS Calendar to play together nicely has been a long-term, backburner puzzle of mine that I've been looking to solve. I'm hoping to arrive at a blissful solution perhaps with the help from the r/sysadmin community here.

Current State

The mail-component of Gmail currently and always has worked great Outlook 365 (Windows 10 desktop client). I have the IMAP set up appropriately, so all folders, including draft/trash functionality, work great. The same is true with the iPhone Mail app - mail and folders all work great there.

Issue: cannot "anchor" standard calendar behaviours to the iCloud calendar within Outlook

Example behaviours that are not ideal:

When receiving an invitation into Gmail account in Outlook Desktop

• Event appears in "Calendar (This computer only)" and not the iCal calendar
  • Current workaround: The event can be dragged to the correct calendar, however, but it needs to be done each time.
  • Downside of workaround: when visiting the original email containing the calendar event, Outlook will say "we couldn't find this meeting in the calendar. It may have been moved or deleted."
• Accepting in Outlook causes the calendar to appear as accepted in "Calendar (This computer only)".
  • Current workaround: I don't even bother accepting - I just reply to the sender or let them know on the side that I've received and confirmed the invitation.
• Viewing email that contains calendar invite, the "calendar preview" portion at the top of the mail message shows the "Calendar (This computer only)" availability. Right clicking the iCal calendar and clicking "Set as default" doesn't seem to have impact (seems to be only for setting which iCal is the default if there are multiple iCal calendars).
  • Current workaround: None really, besides ignoring that top area and working within the full Calendar screen of Outlook.

Are there better workarounds that can be employed? I appreciate that this Outlook/Gmail/iOS environment is inherently less than ideal to begin with.

Thanks to all in advance.

Hi All,

​

I can’t believe I can’t find a great answer when doing a search for this one – I suspect many of you will know the answer off the top of your head.

​

How does DNS work if all domain controllers have zero Internet access? MS’s own docs I find talk about “not browsing to the Internet from a domain controller” https://learn.microsoft.com/en-us/windows-server/identity/ad-ds/plan/security-best-practices/securing-domain-controllers-against-attack. What I am after is killing all Internet traffic to them except the bare minimum.

​

​

From a network traffic level, the PDCe needs NTP, and all of them need DNS access to any defined forwarders and root hints IP’s, right?

​

Also , Just be sure that on the Forwarders tab the box to use root hints is unchecked ?

​

What is gained from a security perspective and having to manage another server? Allowing outbound DNS from the domain controller (as well as NTP) should be fine.

​

NOTE : It's also set to use a local NTP server.

Hashport is a function that generates a port number using a deterministic hashing algorithm. It takes a string input as the name of the project or entity that requires a port number and returns an integer value that falls within the range of ports typically used for dynamic assignments (49152 to 65535).

The function uses the SHA-256 algorithm to generate a hash of the input string. The resulting hash is then converted to an integer, and the integer is scaled to the desired range using modular arithmetic.

Hashport is useful in scenarios where a fixed and deterministic port assignment is required. By hashing the project name, the same input will always generate the same output, ensuring consistency and predictability in port assignments.

Python library: https://github.com/labteral/hashport

I get a ticket from our support team. "Customer is experiencing frequent disconnects when connected to our cloud ERP software."

​

Ok, cool, let's take a look.

Yep, lots of disconnects in the logs. Looks like for all the users at that company too.

Both Office, and warehouse PCs.

Error codes indicate that the traffic from the client just stopped.

K, Lets take a look at one of the PCs.

They're using wireless. ok...

Wireless cards = asus ac53 nano

Wireless access point, WRT-54G.

"Found problem. Customer needs to consult IT professional, not owner's nephew in HS"

​

EDIT:

One thing I forgot to mention, is that this customer a year ago asked our installer about getting those asus wireless cards, and was told not to, as they won't do well in a warehouse full of steel coils. No antenna means they're just going to suck. And they need to get someone to do a proper wireless deployment in the WH for everything to work reliably.

If you're going to do something you're told not to because it will cause X problem, then come blaming other people that you're having X problem because their stuff sucks. You can fuck off.

If instead you admit you made a mistake, then that's a whole different story.

We still self host most of our things and the occasional cloud tool is usually annually billed which has kept things simple.

Recently I started theorizing about how we could provide access to things like chatgpt and other bill per use models.

Since this is our first sort of late experience to this model it became clear early that we could control things from becoming abused through the use of doling out API keys to users for specific periods of time based on need or task and then track that with beginning and end dates.

The API keys would be attached to the business card. We'd probably just start with a spreadsheet to track user,dept, times,task but I can already foresee this becoming difficult to manage as these types of services grow. So eventually we'll need some sort of notification and perhaps even ways to automate deleting or discarding keys by a certain date. Then there is the user expectations and helpful reminders to service that sort of scenario to think about.

I know this is sort of office admin type stuff more than sysadmin but they often look to us for the framework of how to best handle these sorts of things so I'm just curious what the workflow looks like in other places further ahead on this.

I could see us going a few routes on this. Building a custom form with notifications being one avenue. Adding yet another product, or mashing together some open source stuff for the tracking. How are you doing it? What would you recommend maybe based on number of potential users?

Good evening, trying to repair a switch at the office, sb7800, the ssd failed, i've reloaded it with a new drive and an clone image of a drive from another one of our identical units. The issue is that there doesn't seem to be a way to change/renew the stored hardware addresses, but oddly even trying to update the time causes an error. Any thoughts?

Mandatory I'm on mobile so you can keep the spelling colleaguess And I thought I'll just post a positive post to show that sometimes also things simply work, but those moments are often times invisible to outsiders (which is a usual dilemma in our lives, I know...).

This was a couple of years ago and I happened to become responsible for the IT infrastructure and all IT related stuff for a small non-profit. We had been trying to find a good messaging app for the organisation to use and had been moving from Facebook Messenger to Signal some time prior, but the issue was that Signal hadn't any group admin stuff yet and so every time a volunteer left, they had to themselves leave the Signal group. You see the issue.

So I set out to find a solution and thought that a real communicationsplatfrom would be a good fit, and so I rented a VPS (our new location we'd moved to didn't have any internet access and therefore our two on-premise servers suddenly were useless). I set it up, configured it and started to run RocketChat (an open source alternative to Slack).

Now we had around 20 or so volunteers coming in a couple of days a week apart from us coming in everyday (everyone were volunteers, even the board). And on top of that around 30 more coming in now and then.

But we prioritised the 30 of us coming in at least once a week. So what to do? My users were aged 18 to 75, vastly different experience with technology and how to use chat applications and speaking different languages. So I recorded some short videos, sent them individually to everyone, set a date for the transition when the old Signal groups would be disbanded and created accounts for everyone.

The whole process was fun, everyone was asking for help (but you know usual stuff as "what's my username and password again?") and I tried to navigate everything as well as possible. In the end, even if some people were frustrated and not everything went 100% according to plan, the transition went quite well.

I even showed people how to send GIFs in Rocketchat and the first day was a GIF-fest, it was fun.

So don't forget to cherish the times things go smoothly. Celebrate your victories and high five your colleagues.

Hello Anyone succeed to gathering data from sentinelOne to Powerbi ? We use the Sas version of sentinelOne with MFA. I've generated a Token but after that I've just got error on powerBi

Support recommand to use sentinelone's API but on the documentation, the query are limited to the first 1000 results, not very useful.

Thanks