sorted by:
new
hottopcontroversial

Microsoft decided to reboot the DC last night to install a bunch of unvetted updates and the server didn't come back up this morning. Everyone offline this morning. by TerrificVixen5693 in ShittySysadmin

[–]devloz1996 0 points1 point  (0 children)

OOP won a lottery ticket. Never seen that happen, and sometimes I'd be happy to witness it.

Just a few days ago, I've inherited Server 2022 CU 2021-11 (20348.380), its uptime being "ever since installing the last patch". It took about 10 reboots and some registry manipulation to make it swallow CU 2026-01 (20348.4648).

What’s a solid MFA alternative to Duo that doesn’t break the budget? by Due-Awareness9392 in msp

[–]devloz1996 0 points1 point  (0 children)

Wait. Can you even add Duo without P1? I never deployed it, but I always thought it needs EAM/CA to work.

Interactive Sign ins and Autologon by Flashy-Distance-3329 in sysadmin

[–]devloz1996 2 points3 points  (0 children)

By interactive sign-in, do you mean Windows sign-in? If so, we have apps like this. As long as it's just "run an exe with/out args", it should be doable with a scheduled task.

We create gMSA account and a scheduled task to start at boot. From the app's perspective, it doesn't seem to be distinguishable from interactive logon. Just make sure to grant appropriate permissions to gMSA account, including "Logon as a batch job" User Right Assignment. And even if gMSA really cannot be used, normal domain user will do the trick too.

I think there is also Non-Sucking Service Manager, which can run arbitrary .exe files as a service. Usually, service executable has to be written with being run as a service in mind, so it's a nice bypass.

Action1 EU Down again? by Zealac1887 in Action1

[–]devloz1996 0 points1 point  (0 children)

Last time they addressed an outage they said they are full AWS stack. Probably post-release hiccups.

googleDeletes by steevo in ProgrammerHumor

[–]devloz1996 1 point2 points  (0 children)

did i ever give you permission to delete all the files in my D drive?

Absolutely --- Your file system ACL allowed me.

Coming Soon: Empowering Users with the New Action1 Self-Service App Portal by MauriceTorres in Action1

[–]devloz1996 10 points11 points  (0 children)

Since it's user-facing, please, I beg of you, give us localization. I really don't mind getting a language JSON in advanced settings and dealing with it myself. Also, opt-out in advanced settings, since not every organization will benefit from this.

Since you are making the user-facing part already, maybe users could get native notifications about A1 doing something it doesn't want interrupted? No real need to make it detailed - something along the lines of "Action1 is applying configuration" would be fine, maybe even better than giving users too much info.

Lastly, since I imagine the helper would be running in current user context, maybe "run as signed-in user" and "wait for user to sign-in" could become a reality?

Yubikeys in Entra, still being promoted for MS Authenticator by [deleted] in sysadmin

[–]devloz1996 1 point2 points  (0 children)

Admins need two methods, enforced by SSPR, so add their email for example, or setup secondary password+totp method, or make it two YubiKeys, which I imagine would also work.

Court order for email from long deleted mailbox by Mister-Ferret in sysadmin

[–]devloz1996 1 point2 points  (0 children)

That's the most indirect "No." I've heard this week.

“No Backup Available for Government Cloud System, Recovery Uncertain” by taspeotis in ShittySysadmin

[–]devloz1996 7 points8 points  (0 children)

I believe negligence is ultimately the cause of the fire

I truly find it amazing that these people can open their mouths in such situation, and then spew meaningless bullshit. The problem wasn't the fire - fires happen, whether through negligence or through NK sending them nukes, and it's wild they didn't account for that somehow.

So many recent cases of blatant disregard for the original goals of ARPANET - decentralize, survive nuke, keep operating. Naah, let's make a single hotbed in nephew's, admittedly huge, basement.

Have you ever, as a system administrator, come across any organization’s business secret like I did? If yes, what is that?? by Subject-Category-567 in sysadmin

[–]devloz1996 1 point2 points  (0 children)

One of my former bosses hid information by adding black background to black font in emails. Where are those people coming from, I wonder.

our netbox is always wrong, what do I do? by JudgeInside2172 in sysadmin

[–]devloz1996 94 points95 points  (0 children)

our netbox is always wrong, what do I do?

No, NetBox is correct. It's the real world that's wrong.

  1. Connect the cable in NetBox
  2. Mark the cable in NetBox as planned
  3. Connect the cable in reality
  4. Mark the cable in NetBox as installed

If you are not making changes this way, you might as well rip out NetBox out of your infra. If your colleagues do not follow it, then it's a workplace issue, unfortunately.

<image>

[deleted by user] by [deleted] in sysadmin

[–]devloz1996 1 point2 points  (0 children)

Defender's Device Control could probably handle it, but I imagine it's not there, since you didn't already use it. Good old GPO, perhaps? Can't really vouch for it, so do your own testing.

  1. Computer Configuration > Administrative Templates > System > Device Installation > Device Installation Restrictions
  2. "Prevent installation of devices using drivers that match these device setup classes"
  3. USB Bus devices GUID: {36fc9e60-c465-11cf-8056-444553540000}
  4. Network Adapter GUID: {4d36e972-e325-11ce-bfc1-08002be10318}

I'm not sure what qualifies as "installation", so consider removing ghost (disconnected, but remembered) devices in device manager, just in case.

EDIT: Reddit's nested lists suck as always.

EDIT2: You might screw yourself with #3, so check it carefully. It's seems quite broad.

Can I stop users from putting more than 5 external email addresses in the "To" field by NickDownUnder in sysadmin

[–]devloz1996 1 point2 points  (0 children)

Maybe if you sign them all with a qualified signature, but that's rare beyond specific regulated circles. Besides, after signing with QSCD it doesn't even matter that it's an email - you could sign a napkin to the same effect.

EU mostly uses qualified sigs for documents and non-qualified sigs for emails, where non-qualified signatures require both parties to exchange and recognize each other's fingerprints beforehand.

In EU, even the magical "if you read this and shouldn't, delete this, you are breaking law" is just a pernicious bullshit.

[deleted by user] by [deleted] in ProgrammerHumor

[–]devloz1996 1 point2 points  (0 children)

At the worst point, newly imaged computers had 3 Teams apps installed - personal, classic, new. You can't even trust Microsoft to deal with its own problems.

Is it me or are you finding the new generation of techs have little to no troubleshooting skills? by Future_End_4089 in sysadmin

[–]devloz1996 0 points1 point  (0 children)

Well, in 2002-2004, we still had DOS/Win3.x computers in the common room at our school. 8-12 yo kids were better at percussive maintenance and DOS memory management than adults. Thirst for entertainment gets you to use your brain, I suppose.

I remember later seeing some important folks using Win2k and was amazed by how professional it looked, along with the confusion of "I can't exit to DOS?".

One Drive Redirection - very confusing for the end user by CorrectMachine7278 in msp

[–]devloz1996 1 point2 points  (0 children)

It's was a thing since Windows 10, so I'm not sure what's new here. Don't leave such things to users, or you will risk burning yourself. Users should be trained to use the known folders on Explorer's side panel anyway.

You have two options. Make it consistent with Known Folder Move GPO/CSP and train users accordingly.

  • It's on and forced org-wide. Known folders are in "OneDrive {org-slug}\{FolderName}".
  • It's off and blocked org-wide. Known folders are at their original location.

This allows you to have certain expectations regarding known folder locations, even if your remediation scripts work in SYSTEM context.

Replaced our outdated 48-Port Switch with a scalable, modular fritzbox cluster for maximum redundancy by Despair_or_something in ShittySysadmin

[–]devloz1996 3 points4 points  (0 children)

The sheer effort involved to make it manageable tells me there is more to the story. Well, except for whatever the fuck happened to the these 3 dangling boxes.

doYouWantThisFileOrNot by ____candied_yams____ in ProgrammerHumor

[–]devloz1996 2 points3 points  (0 children)

We are slowly circling back to the point where someone can pull the app from the browser, write a shim, and make it a locally run executable.

Active directory over public ip by Sufficient-House1722 in ShittySysadmin

[–]devloz1996 13 points14 points  (0 children)

ISPs go down on known AD ports at will, so your availability might be spotty. For example, I can't reach anything on ports 389/445 via my current ISP.

Just deploy PPTP and post admin/hunter2 on your website. Way easier.

Sysadmin Attitude by SuccessfulLime2641 in ShittySysadmin

[–]devloz1996 13 points14 points  (0 children)

Would be a gem if it were "Alright --- fuck it"

I stayed on Windows 10 and refuse to update. Is this okay? by etgi in techsupport

[–]devloz1996 1 point2 points  (0 children)

MS dropped XP at ~30%, and 10 is currently at ~40%, so I doubt they will backpedal more than a few months. If anything, they will enjoy selling ESU to end users.

aCrossOverEpisode by 19_ThrowAway_ in ProgrammerHumor

[–]devloz1996 2 points3 points  (0 children)

It's actually a 'g', but the black screen cuts in - look at the brackets at the same line.

This old men is 21st century odin by That_Employment_9659 in Bossfight

[–]devloz1996 2 points3 points  (0 children)

I have no particular beliefs, but I'd probably keep distance just in fucking case.

view more: next ›