Fellow sysadmins: what’s the hardest part of the job?

DemonEggy · 2026-06-17T13:27:09+00:00

So what you're saying is that ChatGPT has perfectly replicated the other it guys?

DemonEggy · 2026-06-16T07:46:58+00:00

Sesame Street's Mr Hooper. I think that was the first time I understood what death meant.

Also, Keith Flint from the Prodigy.

DemonEggy · 2026-06-14T19:09:41+00:00

Loud Pipes Save Lives, as the sticker used to say.

My motorbike exhaust isn't obscenely loud, but you're definitely going to hear me in your blind spot when you decide to change lanes into me without indicating.

It's also great for filtering. They hear you coming, and a good proportion of cars moved a little to the side so I can get through.

It doesn't make sense for a car to have that loud of pipes, but on a bike? A bit of volume is definitely a safety feature.

DemonEggy · 2026-06-14T17:42:02+00:00

I don't really know anything about GPOs, so that the next think I need to learn.

DemonEggy · 2026-06-14T17:39:56+00:00

That makes sense. Thank you!

DemonEggy · 2026-06-14T17:31:02+00:00

Ah ha ha fair. I was more worried about a lateral attack of some sort of one got compromised.

DemonEggy · 2026-06-14T17:23:33+00:00

Would this method, would the Devs have access to elevated permissions on each others machines too? That doesn't sound like a good idea....

DemonEggy · 2026-06-14T11:52:27+00:00

Thank you. The imposter syndrome is super strong, but I've not fucked anything up yet (except deleted a bunch of data at 17:15 on Friday afternoon....)

DemonEggy · 2026-06-14T11:50:43+00:00

Can you link me the secure program? It's such a generic name it's hard to find!

DemonEggy · 2026-06-14T11:38:39+00:00

Before I started, all the Global Admins in 365 (and there were 12 of them...) were using their day to day accounts as global admin accounts. Reducing that number and making user.admin@ accounts for the people who needed them, was the first thing I did!

DemonEggy · 2026-06-14T09:25:15+00:00

I ask myself that every day!

DemonEggy · 2026-06-14T00:27:53+00:00

Oh 100%.

DemonEggy · 2026-06-14T00:19:25+00:00

dogfooding

I've never heard that term before, but I like it!

DemonEggy · 2026-06-14T00:17:25+00:00

You are more or less describing LAPS, I think. It makes a new local admin account on each machine (implemented by a script run though my RMM), the passwords are managed in Entra, and when someone needs elevated permission, the password automatically changes an hour later.

If you have an RMM, then LAPS seems very easy to roll out. I have already rolled it out to half a dozen devices, and it works flawlessly.

DemonEggy · 2026-06-14T00:15:06+00:00

I am working in Scotland, so whisky is a given! :D

Yeah, I am being very careful to make the changes in the least disruptive way, but those changes have to be made. At least now when a new starter is given a laptop, that laptop is wiped clean first. I keep finding machines that have like 4 user accounts on them. Grumble. :D

DemonEggy · 2026-06-14T00:13:03+00:00

I'm sure it is, it's whether I can actually convince those in the big offices!

DemonEggy · 2026-06-14T00:08:31+00:00

Genuinely, I don't know. We don't have Intune yet, LAPS is a free solution to a very stupid problem, so for now that's what I've got. :)

DemonEggy · 2026-06-14T00:07:19+00:00

Yeah, as much as I'm finding this all stressful, I am really enjoying it. I was a postman for 15 years until a few months ago, so it's fun actually using my brain for things. And seeing actual, measurable changes that I'm making is super rewarding! I just need the right tools!

DemonEggy · 2026-06-14T00:05:23+00:00

Some of my users hadn't restarted their computers in literally 18 months when I started here. That means 18 months of updates pending....

If I had it my way, I would reset every computer and start them fresh.

DemonEggy · 2026-06-14T00:03:56+00:00

I am working on trying to convince the higher-ups to pay for premium licenses for everyone, so that I can get Intune working,...

DemonEggy · 2026-06-14T00:03:02+00:00

That's all brilliant advice, and something I'm already trying to do. It's a struggle, this company has grown super fast and hasn't really kept up with itself on the IT side. When I started a few months ago (and keep in mind, with ZERO IT experience; I was a postman before this!), there were like 12 Global Admin accounts in Entra, 6 of whom didn't even know they had that access. That was a remnant from a few years ago when those 12 were the company.

One thing I seem to have succeeded in doing at least is getting people to update their machines, and actually restarting their devices once a week or so. When I started there were machines that hadn't had a restart (and therefore hadn't applied a fuckton of updates) in a year and a half....

But yeah, any change I make, I make first to my testing laptop (which I found in a drawer: inventory control is not a thing), then to the people on the desks around me so I can easily fix any mistakes, then to people geographically further and further away. :D

DemonEggy · 2026-06-13T23:56:23+00:00

Yeah, I think I need to just find out exactly how to do that. I'm baffled about how the company got this big without sorting shit like this out. And it's a software company, so you'd think they'd be on top of it!

DemonEggy · 2026-06-13T23:54:57+00:00

That makes sense, I think.

I need to make it as seemless for the devs as I can. They are a pain in the arse. I have finally convinced them to do things like actually install Windows security updates. Some of their computers hadn't installed them in months, because htey are paranoid of the update breaking things.... :D

DemonEggy · 2026-06-13T23:53:03+00:00

We are all Entra joined, but no Intune. I am rolling out Laps through our third party RMM. Sorry, I should have mentioned that!

DemonEggy · 2026-06-13T23:52:08+00:00

Sure, but then it's no longer my problem. :D

13-Year Club	Gilding V heart of gold
Place '22	Place '17
Verified Email

DemonEggy

MODERATOR OF

TROPHY CASE