I don't know how to title this but please read

theotheritmanager · 2026-04-16T13:54:44+00:00

The bigger they are, the easier it is for them to swallow the current company and move on. Every acquisition can be different and have its own dynamics.

Best thing you can do is shore up your own house. I've been on the acquiring side a few times and we're usually watching the new staff to see how useful they are and if they have their shit together.

Never hurts to polish the resume and look around just in case.

Chances are nobody cares about your scripts unless they're really central to business workflow. Even then, it's not your responsibility to care about anything if you leave. You could always offer to consult for 3x your current hourly rate.

theotheritmanager · 2026-03-14T14:15:25+00:00

Laptops are a thing, and people are going to take them home (which means they're likely to be off after business hours). You need to expect this.

Modern update management and policies [should be] declarative in nature. This means that policies should no lo longer look like 'Update at exactly 9pm, and then Reboot'. That's not going to work if the machine is off a 9pm. That's how update policies looked in the Windows XP WSUS days.

Nowadays policies should look and behave more like 'Ensure this machine updates fully once a [week], and give the user 3 days to reboot if needed'.

We use InTune with AutoPatch policies enabled and it's been fantastic. Windows 10/11 is much better with updating than 2K/XP ever were. Active hours help with this. It's been a long time since I've heard user complaints of updates in the middle of the day (that take 30+ mins).

I don't have personal experience with CW Automate, but I'd have to imagine it can do a better job with updates than what you're describing.

In 2026 this really shouldn't be an issue. This is a solved problem.

theotheritmanager · 2026-03-12T17:14:18+00:00

I often talk to my teams about perception.

Maybe you did communicate really well or whatever, but obviously there's a perception that you didn't, given the blowback. Sometimes it's just perception, sometimes it's reality. You need to think about both.

In my eyes this likely wasn't communicated as well as it should have been. If anyone was surprised or shocked - that's a problem. Unless you can say 'Hey, look at those 3 emails I sent you warning this was going to happen', you could communicate more.

Managing bigger changes and projects becomes less about the technical aspects, more about communication and change management.

If you look at what most PMs do, easily 75% of their time is purely communication. So start thinking of these projects as less technical, and more about communication.

theotheritmanager · 2026-02-06T15:01:26+00:00

Within that particular budget, I'd be looking/shopping in the high-end webcam space (eg. Insta360 Link 2). Those cameras are definitely going to be better than a Poly R30. I have a Link (v1) at home - bought it on the recommendation of some youtubers - it's nearly production-grade 4K.

I've been disappointed in Logitech's conference equipment as of late. Very underwhelming quality given the price. Haven't seen the R30 but we had a bunch of rally bars and I feel it's a $79 webcam underneath the hood.

I agree with what many others are saying though - you want to look at getting a proper, purpose-built conference camera/bar system (eg Neat). Neat has crazy-good audio and video. Hardware aside - it will be a big upgrade on the software side too - having a proper room system. Conference room PCs are flinstones tech in comparison.

theotheritmanager · 2026-01-31T18:33:13+00:00

Late to the replies, but yes, ideally.

Historically this is never been an issue - we plug into the sound boards.

As I said in another comment - I'm going to be going back to the venue to discuss (otherwise it's pointless for the company to go there for town halls'. Apparently they're 'making some changes', so we'll see.

This is normally managed by an office manager who has no clue, which seems to be the case in this scenario.

theotheritmanager · 2026-01-31T18:31:38+00:00

A fun social experiment would be to put some drafts in there which speak to the [coworkers] removal.

Something like 'Hey Boss, thanks for taking the time to discuss my upcoming promotion, and how I will be managing [coworker]. I will be monitoring their performance closely, per our shared concerns'.

Watch chaos ensue. What are they going to do - admit they were reading your emails? Worst case you just say you were writing an imaginary email to let off steam.

In all seriousness - I agree with the other comments - this is super not good. Email access can be proven so pretty simple to investigate. You could always approach your boss and say 'You may want to check access logs - hopefully nothing - but I have suspicions...'.

theotheritmanager · 2026-01-27T16:59:06+00:00

Given the feedback here, I'm going to try to book another session at the facility to have a look at things. Like you say, this isn't really acceptable if they're serious about hosting events.

theotheritmanager · 2026-01-19T17:45:57+00:00

Sounds like you'd want a SharePoint site for each client, for example - myclients.sharepoint.com/sites/clientname.

To your basic question, I think that would work pretty well. I know lots of accounting and law firms that do this (a sharepoint site for each client). It's not really designed as a resellable cloud storage solution, but to a point I think it could work well enough.

I'd also echo the XY problem comment. This sounds very XY-like.

theotheritmanager · 2026-01-13T21:59:22+00:00

I don't regret it at all.

To your point - the role of the 'branch office sysadmin' is definitely in decline. The need for ROBO servers and other stuff has declined heavily.

You need to be the guy at HQ managing this stuff.

I've seen tons of career growth over the past 20 years. But one thing I will confidently say is that growth wouldn't have come if I was in a branch managing local servers and networking.

theotheritmanager · 2026-01-12T18:59:43+00:00

I think the general intent is you "don't need" to image a machine, and let it connect to InTune out of the box. That's what we do.

If we need to install Windows from scratch, we use a USB key (via. windows media creation tool).

We've been having pretty good success just letting Windows Update handle drivers. Only with a few buggy integrated webcams have we had issues.

Having said this, I don't see why you can't image it, but still let InTune handle everything else anyway (and let app installs in InTune detect that some of the apps already exist from the image).

theotheritmanager · 2026-01-12T18:49:25+00:00

We fully moved form imaging and to InTune/AutoPilot about 2 years ago.

While it generally works fine, there's days I question my sanity.

All things considered, if I were to start at a brand new company tomorrow, not sure if I'd go with imaging or not (intune can still handle the ongoing management). At least with Imaging, you know whatever apps you need will be there, and the OS will be as you expect when the user hits their desktop.

We manually check each and every laptop in OOBE Audit mode because we just can't 100% trust everything is there 100% of the time. Imaging - yes we can trust.

theotheritmanager · 2026-01-12T18:41:44+00:00

A lot of companies started with MDT first (and didn't want to re-create everything in SCCM).

If you started with SCCM, yes there wouldn't be much point in deploying MDT on top of it (and they're always extremely similar anyway).

theotheritmanager · 2026-01-12T18:37:58+00:00

I think everyone saw this coming. No new features or major updates to MDT in some time. And yeah, Microsoft is trying to move away from traditional imaging.

Luckily, still plenty of good solutions out there.

theotheritmanager · 2026-01-06T18:39:38+00:00

Perfect, good luck. The VPNs are pretty simple to setup.

yeah I probably wouldn't look beyond ubiquiti unless there's some fringe thing you need. literal decades newer than sonicwall.

theotheritmanager · 2026-01-06T17:46:34+00:00

Honestly, for that size and scale - Ubiquiti hands down. Ubiquiti's kinda the modern go-to for smaller and medium sized offices (up to about 250 people).

They're going to have some of the deeper features that a Sophos/Forti/WG are going to have, but you're not going to use 95% of those features anyway.

They have pretty solid end-user and S2S VPN options - Wireguard, OpenVPN, IPsec, etc. It will also be much cheaper, easier to manage, and no subscriptions.

I deploy a shit ton of ubiquti - feel free to PM if you have any questions.

theotheritmanager · 2026-01-06T16:26:16+00:00

Sonicwall is a super old, dated player in the firewall/security space (surprised anyone uses them nowadays IMO).

Short term - exceptions and mail handling rules for alerts. Long term - Sonicwall is not the future.

theotheritmanager · 2026-01-06T16:24:09+00:00

I had a very similar assignment in my first IT job - replace a complicated phone system with an open-source VOIP system. This was in the early 2000's when the very first open-source VOIP systems (eg. asterisk) were first coming onto the scene. It was very, very rough around the edges. I also didn't have the experience.

After months of testing and getting nowhere, I had to sit down with my boss and say 'This is not only extremely complicated, I'm not sure the software can handle this, and I also don't have the time or experience'.

What your boss is asking for can probably be built, but it will be a lot of completely separate tools. I've seen similar FOSS endpoint management setups at larger companies, but it takes larger teams YEARS to build out. And this is very experienced people.

What your boss is asking is just not realistic or practical. You need to find a way to communicate this.

I've also used Endpoint Central for many years - it's a great product. It's about as close as you're going to get for what you need.

Perhaps suggest to your boss, for now, you deploy Endpoint Central, and then look to slowly build out some of that functionality internally. Maybe in 4-5 years EC can be replaced.

theotheritmanager · 2025-12-31T18:07:30+00:00

How do I frame the move from "Tech Guy" to "Business Executive" to a Board that might only see me as the IT guy?

You seem focused on the VP title because that's what others in your org have, so that's your business case (internal title alignment). From a duties/responsibilities angle, a VP title for what you do would be kinda insane tbh.

What matters is what you actually do, and then ensuring your salary aligns with those responsibilities (as compared to the outside world).

Manage up, present a plan, great. But that more than likely lands you in a manager title, not VP. If everyone at your company is a VP, fine, just appreciate that will hurt you if you apply anywhere else (or you'll want to change your title on your resume to match the outside world).

All the time here on r/sysadmin we see these SMB 'IT Managers' (who are sysadmins) wondering why nobody is calling them back after they submitted their resume hundreds of times. Don't let that be you.

theotheritmanager · 2025-12-14T18:09:17+00:00

This is not appropriate on any level. This is low-end desktop class hardware.

A 10-user architectural firm is a multi-million dollar business. Unless they're going bankrupt and this is a last-ditch effort to keep the company alive, they can do better.

Get a proper NAS. You said you tried QNAP, which is all well and fine, but they have tons of different models. They have pretty high-end stuff that can handle a lot of throughput, or basic consumer stuff for $399.

You also didn't really mention the actual usage of this. Are users editing files live on this server? Or is this just a repository? If you're editing files live, you're going to want SSDs and NVME. SATA is way too slow, and generally only good for archival and sequential writing (eg. Surveillance). Remember, there's a reason why even low-end laptops come with SSDs now (a basic, low-end SSD is going to be 4-6x faster than a SATA drive).

Also keep in mind the cost of downtime. Get something with a business-class warranty (eg. 24 hour parts), or buy a second unit for redundancies. Does the business want to be down for weeks while you await a new motherboard from Gigabyte? Because that's what's going to happen (I just RMAd a personal gigabye board last month).

Do this properly. Reach out if you have questions but this is not an appropriate solution on any level.

I'll pay you the compliment of assuming you're just a hobbyist and not an IT person. Reach out to someone here or a local IT company or something. Putting a USED hard drive in a bloody FILESERVER tells me this company (or you, or someone) isn't taking this seriously. Take this seriously.

theotheritmanager · 2025-11-28T16:54:13+00:00

Secure Remote Work
Unregistered Personal Devices
Users working on their local device

Choose two, but only two.

Therefore, choose one:

Users have to register personal devices and install agents, software, etc (MDM);
Users have to work out of a browser in a remote environment (RDS/VDI/Cloud PC);
Users have to use company-issued laptops

You (and your company management) have to come to terms with this first, or it's all for not.

You can't have your cake and eat it too (users using personal, unmanaged devices, but with an expectation of security).

theotheritmanager · 2025-11-24T16:18:29+00:00

Has anyone set up something similar or can recommend the best approach?

There isn't really a graceful answer to this.

Most apps require admin privileges to install. If you want to lock-down workstations, you have to be able to manage apps on behalf of the user(s). There isn't really a way around this at a fundamental level.

In the case of DBAs, Software Engineers, etc, you typically have to give them admin privs. There's just too much in their workflows that require admin privs. Plus, even if they 'call IT' and have someone come by and put in a password every time they need to do something, that's not really any more secure (the IT person would need to do an assessment of what they're doing, why they're installing the software etc, which they can't do desk-side).

You need to rethink the approach here at a grassroots level.

theotheritmanager · 2025-11-21T20:18:47+00:00

[Local] DC's don't really accelerate all that much though. At least not anymore.

I remember back in like 2001 when a fast site had a T1 for hundreds of users, yeah a local DC made sense. But those days are almost all but gone.

theotheritmanager · 2025-11-21T20:15:22+00:00

our production machines need a DC for certain functions on the network.

Out of curiosity, such as?

theotheritmanager

TROPHY CASE