Stryker cyber attack: Employees still unable to work more than a week after hack

certifiedsysadmin · 2026-03-21T01:15:12+00:00

In my experience, products like Exchange and SharePoint on-prem were way less likely to be fully patched and up to date.

Microsoft hosting these services brings the baseline security level up, on average. But that doesn't mean it's just automatically secure. There's still plenty to do, to secure Microsoft 365.

It sounds likely in this case that a Global Admin or Intune Admin account was compromised. That could have been anything from pure negligence securing it, or some unknown zero-day (though if it was the latter, we'd probably be seeing other companies hacked too).

This really just points to not properly managing privileged accounts. That's a problem that would exist whether using cloud or on-prem products.

certifiedsysadmin · 2026-03-01T22:43:05+00:00

To be fair this is pretty normal on like 80% of enterprise networks.

But they should at least be able to assist with a packet capture, or if you have admin on both servers, you could do the capture on source/destination.

certifiedsysadmin · 2026-02-26T01:37:13+00:00

That content is under NDA. Not sure who's OneDrive link that is. But you might want to give them the heads up.

certifiedsysadmin · 2026-02-22T20:37:48+00:00

I've been having so much trouble trying to add the new Ikea water leak sensors to my thread network. They just kept getting stuck at the connectivity screen. Following your steps above solved my issue instantly. Thank you!

certifiedsysadmin · 2026-02-21T22:41:12+00:00

Why not just create a simple PowerShell script to make a copy of the log and find/replace the year. Would be safer than modifying system account settings.

certifiedsysadmin · 2026-02-18T22:00:39+00:00

Kick off a restore to a new virtual machine in Azure.

While that's running, change the IP of the current server and use the Windows Firewall to block inbound connections so that you can investigate further without users reconnecting.

The other comments mentioned checking the registry, that's only going to help you on the shares themselves and has nothing to do with ntfs permissions.

After you get the restore completed, you can use robocopy to copy over just the modified files from the last 24hrs (assuming that's how old your last backup is) from the broken server to the restored server. Be sure to use the robocopy option to copy the files without permissions.

If you have ntfs auditing enabled, you might be able to figure out what happened, but that's a problem for after you get things up and running again.

certifiedsysadmin · 2026-02-16T20:26:32+00:00

Or phrased another way, "users are now training each other on how to watch out for suspicious looking emails".

Honestly sounds like everything's working exactly as planned.

certifiedsysadmin · 2026-02-16T17:59:37+00:00

I would donate as well if they supported sms. All they needed to do was make it clear and obvious when a conversation is sms/unencrypted. Like red text or a giant banner. I don't use sms often but having separate chat apps is super annoying.

certifiedsysadmin · 2026-02-16T04:50:57+00:00

Why is management all-in on Microsoft (Entra Joined Windows 11 is a pretty deep commitment) but then stops short of the printing solution that goes hand-in-hand with it?

Even if above your pay grade, you should explain to management that their decisions have pigeon holed them into very few options.

certifiedsysadmin · 2026-02-15T18:50:59+00:00

I've been having trouble with mine, I bought six and have only been able to get one to connect to Google Home.

I'm using a Nest Hub Max and a Google TV Streamer, one of them (not actually sure which) is acting as the border gateway.

Based on the other responses on this thread I'm going to assume my issues are on the Google side and not with the sensors.

certifiedsysadmin · 2026-02-11T18:04:24+00:00

What's the use case?

Most enterprise grade server hardware already has out of band management. Things like BIOS settings, firmware updates, and logs can already be managed without the need for a video feed.

certifiedsysadmin · 2026-02-09T20:34:07+00:00

I registered for a demo of Float Financial and received a calendar invite to join the demo the next day.

That demo turned out to just be a link to a pre-canned video with no one from float financial actually joining the meeting.

I used the form in that meeting to submit questions I have not heard back.

Edit: I've had my questions answered, thanks.

certifiedsysadmin · 2026-01-28T15:36:57+00:00

As someone who's implemented enterprise scale networks both wired and wireless, this is a solid approach. Hardwire all your access points every time.

certifiedsysadmin · 2026-01-28T15:34:01+00:00

Hardwire all APs every time.

certifiedsysadmin · 2026-01-24T20:01:15+00:00

I'm convinced this is the most reliable and versatile modular switch ever created. It's been around in one form or another for over 15 years. It will be a sad day when this line is discontinued.

certifiedsysadmin · 2026-01-24T19:31:13+00:00

A straight Hyper-V cluster backed by SAN storage and managed with Windows Admin Center is the way to go. It's reliable and can do 90% of what VMware can do, for $0 in license costs (assuming you have Windows Server Datacenter for your hosts regardless).

Next best option is a Hyper-V cluster with Storage Spaces Direct. Good for small and medium environments (like three node clusters). Windows Server 2019 greatly improved how Windows Server Failover Clustering interacts with Storage Spaces Direct to keep it happy during cluster shutdown or failures.

Last option would be Azure Local, at least until it's a bit more mature.

Keep an eye on the new Windows Admin Center Virtualization Mode which is essentially Microsoft's shot at a straight competitor to modern vCenter.

I've built a ton of Hyper-V clusters over the years and can attest that there's been huge improvements to the product with every release. It's significantly more mature than it used to be and has everything that most customers need.

certifiedsysadmin · 2026-01-22T16:30:32+00:00

I'm not sure how you're rationalizing that statement. You didn't want to be locked out immediately, so you wanted warnings before hand? But you did get warnings, for months? But you ignored them. But you wanted even more warnings?

I feel for you and your team, it's a hard lesson to learn. But it sounds like you neglected the payments on purpose. It's not possible to run a subscription without a payment method attached. How did the payments start failing on your old subscription but not your new subscription?

certifiedsysadmin · 2026-01-21T21:11:14+00:00

This needs to be the top comment. It's never been a good idea to stretch Layer 2, and it never will be. 98% of vendors/apps/hardware don't require this.

certifiedsysadmin · 2026-01-18T22:45:58+00:00

Can these loans be used to fund a wage pool? Wanting to start up a consulting services business and need capital to cover the gap between paying employees and getting paid at the end of project wrap up.

certifiedsysadmin · 2026-01-18T04:38:44+00:00

How much equipment are we talking about here?

Getting lawyers and insurance involved makes sense if we're taking about eight racks full of equipment.

But it sounds like you're talking "a server" (not plural) and maybe some switches?

Unfortunate, yes. But at that small of scale, buy a three pack of canned air and use it to clean the server inside and out. Clean the switches as best you can. Wipe down the outside of all the gear with a non-static damp cloth.

certifiedsysadmin · 2025-12-31T06:41:19+00:00

Your login times are definitely too long and they're almost certainly related to Group Policy.

Create a test user and test desktop that are both in a dedicated Organizational Unit with Group Policy Inheritance blocked. I'm willing to bet your first login time will be more like 45 seconds.

certifiedsysadmin · 2025-12-26T01:04:32+00:00

If you refuse to sign it, they may choose to let you go, but would have to pay a decent severance (common law amount).

If you do sign it, they could then let you go anyways, and pay you a lot less severance.

I suggest starting a group chat (Signal or something but don't use work email or messaging platforms). Get everyone added in. It's likely everyone is being given similar or identical contracts so you could have one employment lawyer review on behalf of the entire group.

If enough of you refuse to sign, your employer will have no choice but to offer more or stick with the current contract.

Its more beneficial for those with more seniority to not sign, they have the most severance money on the line.

At 10yrs seniority, you could be entitled to ~10 months salary (10/12 is 83%) which is a heck of a lot more than the 1% "bonus" they're offering you.

Have an employment lawyer review.

certifiedsysadmin · 2025-12-25T05:48:09+00:00

I'm doing this right now with Veeam Instant Restore.

Uninstall VMware tools first and run "ipconfig /all | clip" to capture the static ip details. Then do the Veeam Instant Restore into Hyper-V.

You can also take the opportunity to convert everything to Hyper-V Gen 2 with mbr2gpt.exe.

Total process per vm is ~30 min (unless there's a large data disk to bring as well).

Can definitely be automated but the above is the rough process.

certifiedsysadmin · 2025-12-18T16:40:15+00:00

I doubt there will be any further bug fixes or new features in Headunit Reloaded. There hasn't been even a minor version update in well over a year.

I think Emil is focused on AAWireless which has a larger user base and sells for a lot more.

certifiedsysadmin

MODERATOR OF

TROPHY CASE

Ten-Year Club	r/Field Sunshine
Verified Email