More and more of my job is setting up and automating SaaS products with APIs and less about building full end to end solutions. Is this the future of IT for most businesses? I get that there is still work to do, but it feels very inconsequential by comparison. Anyone else have a different view on this?
A few years back, our organization transitioned from on-prem to O365 using EMS E3 along with O365 E3/E5 SKUs and Teams PSTN for calling. Initially, it seemed straightforward, with costs remaining comparable.
Fast forward to the last three years, and it’s become increasingly complex and frustrating. Now, we have the Intune Suite, the Entra Suite, Teams Premium, Power BI Premium, and the shift from O365 to M365, not to mention the addition of cloud PCs. And then there’s the chaos surrounding CoPilot.
Everywhere I look in Intune, there’s another button asking to enable a feature for $8 per user. Despite the hefty fees we already pay Microsoft, we’re being asked for an extra $1 per user for cloud PKI—something that should be included in the base package. This nickel-and-diming approach needs to stop. Microsoft must provide a clear and consolidated roadmap for organizations committed to staying cloud-native without being forced to pay twice for overlapping products.
The Dutch and French authorities, supported by Europol and Eurojust, have dismantled Matrix, an encrypted communication service used extensively by criminal networks.
During the operation, law enforcement intercepted and analyzed over 2.3 million messages, gaining unprecedented insight into global criminal activities. The platform, considered a successor to EncroChat, Sky ECC, and ANOM, was seized following an intensive investigation spanning several years.
EDIT - To clarify, im talking about computer fundamentals, not anything which could be considered as "support"
The amount of times during projects where I get tasked to help someone do very simple stuff which doesnt require anything other than a amateur amount of knowledge about computers is insane. I can kind of sympathise with the older generations but then I think to myself "You've been using computers for longer than I've been working, how dont you know how to right click"
Another thing that grinds my gears, why is it that the more senior you become, the less you need It knowledge? Like you're being paid big bucks yet you dont know how to download a file or send an email?
Sorry, just one of those days and had to rant
My opinion is that your every day account should be used for nothing more than logging into a computer, forwarding chain mail like you're Michael Scott and checking out the P-hub. Admin access and access to other resources within IT should be access through a separate account.
What are your thoughts?
I can’t. The help mgr hired this intern. Took 5 minutes trying to plug in network cable into jack today on the desk, not under. Where you can visibly see all the ports.. I was like how was he hired. My first encounter with him, I was trying to show him some things and I see him sitting next to me weaving Naruto hand signs. I’m like wtf
My boss had him put up the Xmas tree. I walked by and this is what he did.
I don't know if it happened slowly or all at once, but when did Google become so anti-user? I remember fondly back in the 00s when Google was dethroning Ask Jeeves and Yahoo because they just gave you search results, and any suggestions or sponsored content was boxed off to the side. In what world is sponsored content taking up 90% of the page acceptable?
We "moved" to Ninja (didn't really have a system before) last year for patching. We had been using SCCM (yes, actual SCCM, but a half decade version behind), and the costs were just too high. We also had no visibility for remote devices to do updates. The organization says that Intune is simply too expensive and not an option. Ninja seemed to get the job done, but we've had so many issues the entire time. Our latest was an overnight unexpected "OS Upgrade" reboot at 3AM across about 25% of our devices. We're still waiting on an RCA for an incident in September where the same thing happened. We've opened hundreds of tickets for various issues. Many with the web interface GUI just reporting wrong information. Lots of stuck patching jobs (they just blame us and say its a network issue on our end that lasts days or weeks at a time). Their support team constantly insists that they can't pull logs and require us to generate logs for them then request an FTP site because their support portal doesn't accept file attachments of the size of their logs. They 100% of the time require us to send screenshots of the interface with errors because the error logs are not sufficient, so they need a picture of the error code we send over. The support is awful and the reliability of the product has been getting worse.
The scripting and automation functions are useful. The "NinjaRemote" is used by our helpdesk team. We have PDQ Deploy, but their cloud/remote option licensing was too expensive for our management team when we last looked at it. I'd prefer to avoid ManageEngine and Kaseya for their notorious reasons. What software are you using for these functions and more and what has your experience been?
Mind you I’m still in college going for computer network security-goal is to be a network/Sys admin but since I have no experience in the work field just yet, I would love to know the amount of crap you guys put up with and what I should expect when I land my first job in the industry
I've got an issue.
I have a few power users who are amazing at their job. Productive, and we'll versed in the programs they use. Specifically Excel Macros.
Issue is, when they encounter a problem in their code base of 15k lines, they come to IT expecting assistance.
I know my way around VBA, and have written my own complex macros spanning all of the M365 platform. HOWEVER, I do not know what is causing your bug, because I didn't write the thing.
They send me the sheet (atleast they create an incident for it) and ask me to find the root cause of their bug, or error, or odd behavior ect ect.
I help to the best of my ability, but I can't really say it fits my job description.
How can I either, be of greater help and resolve their issue quicker, ooooor push it of as not my problem in the most polite way possible???
Plz help ~Overworked underpaid IT Guy.
I’m currently trying to set up a continuous synchronization between Microsoft Teams and a users Lotus Notes calendar. The goal is simple: whenever I create a meeting in Teams, it should automatically appear in my Notes calendar. I’ve installed and set up the Outlook Plugin for Lotus Notes but idk how it works because until now there's nothing on his outlook account, what am I missing here? I feel like I’m close, but either the Traveler setup needs more tweaking, or there’s an additional step to fully close the loop between Teams, Outlook, and Notes. Has anyone successfully implemented this type of sync before? Do I need extra tools or configuration? Any advice would be greatly appreciated!
Hello, helping a non-profit organization as one of my first experiences with Windows Server. They have a simple setup:
-
MS Server 2012
-
1 hosted app for clients within the LAN
-
Active Directory, no other roles
-
4 domain joined workstations
-
DC is running on the physical server.
-
There is only a handful of GPOs, not worried about those.
The current domain was set up a long time ago an it is running named .LOCAL which I read is not best practice anymore.
My plan is to:
-
Migrate to Server 2019
-
Create new domain using a owned TLD
-
Set up DC in hyper-v
-
Create trust relationship and migrate all objects to new domain
-----
My question is related to what happens once migrated:
-
Do the workstation require a any config?
-
Will users still log in to their regular user profiles or would they have to a new user profile?
-
Users are on the M365 platform so they use word, excel, etc. They use Sharepoint online to collaborate, all else is through the browser.
-
-
-
Any other tips? Excited about cleaning up and setting that up properly. Thanks
**Forgot to say, The hardware is getting migrated as well to a newer box.
Context: I got hit with the old redundancy last year after working at your typical MIC-backed silicon valley based weird tech company for a few years. Was a great career jump but it wasn't to be unfortunately. Spent the past year in complete burnout, but the last few months I've been putting myself out there again and am somehow at the final interview stage for one of the bigger algo trading firms. The job is for internal infra engineering of course, I'm no developer, but reading through glassdoor/reddit has me a little terrified. It really sounds like they expect total performance constantly and the salary/total comp package seems to reflect that.
So I guess what I'm asking is: any fellow sysadmins ever taken this plunge and gone all in on making bank at the potential expense of any WLB?
Has anyone here used this to block a computer?
Does it work to prevent a domain computer from accessing domain resources?
Set-ADAccountExpiration -Identity $_Computer.DistinguishedName -DateTime $Expiry_Date
Reasoning:
I just used it on a computer - But, unlike a user object, the ADUC GUI does not include an account tab that shows an Account expiry option - For computer objects.
I just gave a guy a new laptop, but I know from history, that he is very likely to keep using the old one...
After all, the old one already has all of the software he needs on it - So I expect him to ignore the new one, and not contact us with software install requests on the new - Even though the SSD on the old one is showing signs of failure...
So my strategy is to give him a cutoff date (I chose the end of 17 Jan 2025), and used the above to set the account Expiration Date on the computer object.
I have found that setting deadlines does a great job of keeping thing moving as long as that deadline includes a tangible penalty if not met - such as (hopefully - If the above will actually work) preventing the computer from being able to access the domain once it is expired.
I will also be posting this to s/powershell
For those of you who have setup smaller GCC Tenant's how have you managed to obtain Windows 11 Enterprise? We are under the 250 users/devices so we would not be eligible for EA or MPSA. Currently purchasing M365 E3 licensing through a CSP that does not do EA or MPSA. I cant seem to wrap my head around why Microsoft does this for a GCC Tenant and not Commercial. Any insight would be much appreciated.
TIA
We're using Dell Apex Backup Services (Druva) to backup our onprem VMware VMs to the cloud. I've been quite happy with the solution: backups works, it's intuitive, we have immutable backups, life seems to be good. The only downside is the cost. We're now out of credits, and my manager asked me to look for alternatives.
Management is pushing everything to Azure, we seem to get some large discount, the more we use Azure services. Looking for alternative solutions, I stumbled upon Microsoft Azure Backup Server (MABS). The backup application itself appears to be 100% free, so that's already something.
However, I've been reading quite some negative comments about MABS: backups seem to be failing regularly, restores often doesn't work, it's a half baked product derived from old System Center DPM, there's no decent support, etc. I'm also quite surprised it's not really well-known within the backup industry.
Anyone here been using it? Are all the negative feedback still relevant for the newest MABS v4? Is it worth investing my time to look into the solution? Or should we just go on with Dell Apex Backup Services? Our company is in difficult waters, so I always have to come up with decent arguments to buy a certain solution.
We use Exchange Online, and a user is having issues with their mailbox and people getting a “mailbox is full” alert when trying to send them something.
I took a look, and they’re only using like 11% of their quota, but digging deeper I found their “Versions” folder in their recoverable items is at 105GB. I suspect this is the issue, but I’ll be damned if I can figure out how to get rid of all that data. They’re not on a Lit Hold or anything, and that stuff just can’t be deleted.
I attempted to follow MSFTS article on it, but that didn’t help either. Does anybody have any experience with this or any advice?
Hey Gang, what do y’all use to manage your documents; how to’s, end user guides, installation notes, so on and so forth?
We have a cluttered mixture of word docs, txt files, and a few PDF’s. Anyone what a better solution than just dumping them into a folder?
Greetings all, just seeing if their is something I'm not considering as a sysadmin for a particular situation.
Obviously if a client has an exposed RDS web gateway server, brute forcing is going to happen, and when the attackers gets a list of users (from a past email compromise, etc.) then this will cause lockouts to AD accounts as expected.
But as for options to prevent this, these are all the ideas we've come up with.
- Block all access to the website except the US, via geolocation policies
(Not really a solution as the attacker can change their location via proxies)
- Block all access to the website and make users VPN into the network first, then access the website
(here the VPN could still be brute forced, but the hope is the process, and firewall IPS/IDS would stem the attacks enough to make the users go away)
- Setup MFA for the users, then hope that is good enough, and disable the GPO policy locking the account after failed attempts. Not a huge fan of this one.
Appreciate any other ideas!
Hi,
We have a particular program that generates stupidly long paths when it saves things. I got a request to enable Long Paths on that server. From my research, this requires a Group Policy change and a Registry Change. Is that right?
Assuming that's right, is there any reason to not just apply this to all the servers we have? Is there any danger in assign the GPO at the Servers level instead of just assigning it to the specific server that I know needs it today? If it still needs a registry key to actually work, I would only do that when we get a request for it. But if the GPO doesn't hurt anything by being applied to everything, it's one less thing to worry about later.
Thanks.
At the moment we just have all our infrastructure info stored in Confluence. Just tables of VLANs, devices, IPs, etc. And a lot of it is inaccurate.
Does anyone here have any experience with Netbox? I was just going to deploy the free, open-source version. Is it a pretty mammoth task to get this all up and running? Is it a good choice? Or is it not worth the time?
I have a Dell R6625, With Windows Server 2022 and an NVIDIA L4 I'm trying to Passthru to a VM and it just won't work.
These are the commands I have tried
Set-VM -Name TESTVM02 -GuestControlledCacheTypes $True -LowMemoryMappedIoSpace 3Gb -HighMemoryMappedIoSpace 33280Mb
Dismount-VmHostAssignableDevice -LocationPath "PCIROOT(80)#PCI(0101)#PCI(0000)" –force
Add-VMAssignableDevice -VMName TESTVM02 -LocationPath "PCIROOT(80)#PCI(0101)#PCI(0000)"
Before I install the GPU drivers I can see it in Display Adapters without drivers, when I install the Datacentre drives I get a code 45 in device manager and it hides itself
Has anyone done a similar config and got it to work. I've had a ticket open with the vendor for a while but it seems like it's going in circles, they can replicate the issue they just don't know how to fix it.
Hi all,
I'm being asked to implement Windows Hello for Business but Security wants the PIN and bio factors only available for unlocks.
They want initial login to be restircted to system/network credentials only. Is this possible? I haven't found any solid resources one way or the other.
We are engaging with an SaaS vendor. Their application needs to retrieve data from a legacy on-prem application. We want to implement an API server that will receive REST API calls from the SaaS vendor to sit in front of the legacy on-prem application's server. The API server will query the legacy server over PostgresSQL and then return data back to the vendor's application.
Simple diagram:
┌────────┐ ┌──────────┐ ╔════════╗ ┌────────┐
│ Vendor │ │ │ ║ API ║ │ Legacy │
│ SaaS ├─ REST API ─┤ Firewall ├──╢ Server ╟─ SQL query ─┤ App │
│ │ │ │ ║ ║ │ Server │
└────────┘ └──────────┘ ╚════════╝ └────────┘
┊
Cloud ┊ On-premises
┊Does anyone know of a product or project that we can use to make the API server, rather than attempting to code one from scratch?
Some notes:
-
REST API access must be highly secure
-
Inbound REST access will be locked to vendor's IP address
-
REST is read only
-
We cannot change the legacy app in any way, nor move it off premises
-
Query rate is low, probably no more that a few hundred queries a day
At my place of work, some employees work on company issued laptops that I have control over through an RMM tool. Most other employees have desktops here in the office. Some of our infrastructure is hosted locally, and in order to access it we're using SonicWall NetExtender as our VPN.
A frequent issue we have are the users on laptops doing client visits. Oftentimes, I will get a call in the middle of the day that they've been unable to use any of the VPN resources or internet isn't working well at all.
We currently have some Orbic 4G hotspots that we ordered from Verizon, but generally the clients that have the worst guest networks also are located in areas with very weak cellular service. As a result the hotspots themselves aren't the quickest (I will be looking into what our current plan is and possibly changing it).
What should I be doing in these scenarios? Currently I do a quick check on our Firewall to make sure that it's up and running properly, have users restart their computer (if I can connect to them I'll restart the netextender service), but other than that I don't know what to do to help them. Here in the office I can see everything in our environment, but that goes away once they're connecting to client networks. It's gotten to the point where they often will only contact me after they've spent hours trying to troubleshoot themselves because they feel I'm so useless. I just don't know how else we can fix this - thanks.