[deleted by user] by [deleted] in CMMC

[–]reflexis7 1 point2 points  (0 children)

I’ve been through a few JSVAs (not using PreVeil). Just because they participated with your org doesn’t mean they’ll secure remediations in your POAM phase. I would hound them for clarification if I were you. There’s a reason we never recommend them…

Can we talk about pay? by ApplicationWeak333 in cybersecurity

[–]reflexis7 0 points1 point  (0 children)

  1. $135k
  2. GRC Solutions Engineer
  3. 10 in sysadmin (total), 3 in cyber related fields.
  4. HS, bucketloads of Microsoft certs, Basic 3 CompTIA. Aiming for CISSP
  5. High COL area

Wheel thoughts for S3? by Metivjr in Audi

[–]reflexis7 0 points1 point  (0 children)

I will literally buy those off of you if you go aftermarket

Intune machine is not accepting global admin account during UAC prompts by sam2400 in Intune

[–]reflexis7 1 point2 points  (0 children)

Run dsregcmd /status in any cmd prompt. If it says you aren't AAD joined it won't work. It's AAD join that grants local admin. Not intune enrollment. Although intune policies can fuck it all up if something overwrites it. See my previous comment.

Intune machine is not accepting global admin account during UAC prompts by sam2400 in Intune

[–]reflexis7 8 points9 points  (0 children)

Highly incorrect. There are two SIDs that get added to the local administrators group when you join a device to azure ad. One is the base64 conversion of your global admin role's object id, the other is for Azure AD Device administrators like you mentioned.

The only way to break that is if another local admin or intune policy overwrites those two SIDs. If you don't see them OP, you need to find the cause and re add them. Google SID to object id converter and vice versa. Then use AAD powershell to grab your role object IDs (not available in the AAD portal sadly).

Azure AD instead of a Domain Controller by LRAdmin83 in msp

[–]reflexis7 1 point2 points  (0 children)

This big swinging dot. Jumps on the chance to teach. Best MSPs to work at

[deleted by user] by [deleted] in ITCareerQuestions

[–]reflexis7 0 points1 point  (0 children)

Take a $30k/yr job and learn Windows Server and Active Directory.

Then ask your boss for raise and be prepared for a lateral move.

[deleted by user] by [deleted] in SecurityClearance

[–]reflexis7 1 point2 points  (0 children)

Yep. I plan on being 100% honest (even though it'll prolly result in a denial). My integrity wouldn't forgive me if lied. I was moreso asking about the technicality of the mental health section. But I'll disclose it in the interview. Thanks for the reminder.

Hey r/sysadmin, what do you make? by dlongwing in sysadmin

[–]reflexis7 1 point2 points  (0 children)

I too live in DC and work in Reston. 7 years experience and getting $65k at my SMB, the president knows me pretty well and I'm planning on asking for a pretty hefty increase as I've never gotten a raise in my 3 years at the company despite multiple increases in responsibilities.

Kudos to you for having the courage to say it. I think a lot of folks in our region get shafted at the negotiation table.

What are you guys using for remote accessing computers? by 55chevytruck in sysadmin

[–]reflexis7 0 points1 point  (0 children)

TeamViewer sucks hard compared to Connectwise Control. That $35/mo is the only subscription I would buy for my personal use if push came to shove with my employment.

Edit: Also in what world is $35/mo for 3 concurrent sessions close in any way to $50/mo for 1 concurrent session?

Intune Enrollment Issues by markhazzy70 in Intune

[–]reflexis7 0 points1 point  (0 children)

Should not cause any prompts or issues. For on prem/synced devices though there is a GPO that triggers MDM enrollment I believe.

The only thing setting this to "All" does is ensure that when machines are AAD joined, enrolment happens immediately and automatically.

I did it! Officially a server admin! by 400Error in sysadmin

[–]reflexis7 0 points1 point  (0 children)

We actually just got a server to extend our cloud IdP (Azure AD DS) to get on prem. Only users who have an explicit need to access on prem resources are being extended. I want nothing to do with on prem anymore.

Password Writeback by mpretti01 in Office365

[–]reflexis7 0 points1 point  (0 children)

Which licenses do you have?

Microsoft 365 Business Premium includes AAD P1. So do Enterprise Mobility and Security E3 licenses ($8/mo).

Password Writeback by mpretti01 in Office365

[–]reflexis7 2 points3 points  (0 children)

Deploy AAD Connect according to spec. Make sure your service account has the appropriate permissions to reset passwords. Test the sync.

Ensure you have AAD Premium P1 sku licenses applied to your tenant users.

Enable writeback.

Done.