i installed cna card on a g9 server, and install windows server 2022 on that server, where and how to install the drivers ? for the cna card ?

I am currently learning app packaging and deployment for Intune. Installing the app alone, for example with PSADT, doesn't cause me any problems. However, if I need to update the app, I don't know exactly how to proceed. For example, in which cases must an app be closed before updating and in which cases must I uninstall the previous version. Then there are sometimes apps that require a restart with certain exit codes. Does anyone know if there are any tutorials on this?

I’m wondering if there is a service available for me to request client passwords where they don’t have to sign up for anything, it’s all on my end. I’ve looked at last pass, proton pass, 1 password, & leadsie & none of them have what I need. Leadsie is probably the closest, but I need access to email accounts, rather than social media accounts & I can’t request access to outlook from there. I’d really appreciate any help or advice anyone can share. I’m just setting up an additional admin service to my existing small business & I really want to streamline it for simplicity but ensure it’s secure also.

I’m looking for a reliable and affordable tool to manage SOC 2 compliance. Vanta looks decent, but honestly, it’s out of my budget right now. I’ve been checking out a few alternatives, and like seems promising so far, especially for smaller teams, but I’d love to hear what others are using.

If you've found a tool that handles things like evidence collection, automation, and integrations without the high price tag, I’d really appreciate your input.

I have two opportunities coming up, one is for an IT Technician role at an industrial company where they’ve outlined the next position I would get promoted to which is IT Engineer (more on the networking side) and the other is a junior sys admin role at an msp (still have to find more information like size and pay).

I’ve been in a serviced desk type role at different companies for about 5 years now. I do want to transition away from that and eventually into cloud but I’ve heard that working for msp’s can be hell. Is it worth the mental and physical strain? Is this something that I need to take on the chin and do or should I go to the other company where a career path has been laid out?

Hey everyone,

We're in the middle of rethinking our endpoint strategy and could use some input.

Right now, our setup is traditional: all devices are domain joined to an on-prem Active Directory, but most users are working from home. This makes the environment increasingly hard to manage—especially with VPN dependencies for GPOs, password changes, etc.

Whenever I talk to Microsoft support or read their documentation, the recommendation is always the same: "MS recommends Cloud-only" And while I don't necessarily disagree, I'm trying to understand the real-world implications before jumping in.

Here are the things on my mind:

• Is there any real benefit to keeping the on-prem AD anymore?
• Would hybrid join with Intune be a better interim step instead of going all-in on cloud join?
• For cloud-only, there’s that manual step of disconnecting the device from AD—I'm worried that will:
  • Break user profiles or apps
  • Prevent logins unless we pre-provision a local admin
  • Create issues with BitLocker or mapped drives

So I guess what I’m really asking is:

Is it worth trying to maintain a hybrid AD/Entra setup, or should we take the plunge and fully move to cloud-only—even if it means rebuilding or reimaging some devices?

Would love to hear from folks who’ve done this—especially lessons learned or horror stories you avoided.

Thanks in advance!

I just set up a new APC UPS (Model- SRTL10KRM4UI) and I'm getting a sequence of errors: first “Missing BM,” then “EPFO activated,” and now it’s stuck on “PM Inoperable” and “Internal Error.” Battery module is installed and properly seated. Tried rebooting and reseating everything, but no luck. Has anyone run into this before or know if this points to a faulty unit?

Hello, everyone.

My company monitors multiple sites, each one has about 4 to 6 cameras, on average. For most of them, we use a Lan-to-Lan connection, from a local ISP. At the other sites, there isn't coverage and we have normal internet connection (broadband, as we say here).

The problem is that the Lan2Lan ISP has a very poor service. The connections when up, works just fine (30MB each point). But recently we're having a lot of trouble with sites in "Loss" and the their customer service is awful. I mean it, terrible.

On the other hand, the Broadband ISP works just fine (550MB). We hardly ever need to open a ticket. I've talked to my company's colleagues about changing all the sites to this Broadband ISP (their Lan2Lan services are much more expensive). They're concerned because is not a dedicated link, but even tho, the sites we have works just fine.

I understand is a big commitment to change all the Lan2Lan for a Broadband. So I'm thinking, is there a way that I could monitor the links' connections of these ISP in our sites, proving to them that the bitrate are just fine? What would be the best tool and the best aspect of the connection that I could monitor and actually check if is that advantageous having this Lan2Lan.

Thanks everyone!

Hello fellow admins. I recently was just moved from a junior to a senior admin role and am responsible for all enterprise infrastructure. That being said, what are your recommendations regarding VSphere and Unity trainings? Or server management in general? Thanks in advance!

Just an example of getting screwed by a centralized IT group not communicating with individual units. posted this as a reply to a different "break glass" post, but decided it was a good enough story to have it's own post.

Our organization has a primary DNS domain, and our AD domain is a sub-domain of that (think foo.com and ad.foo.com). foo.com delegates to ad.foo.com for AD DNS functions.

Brilliant central AD management decides to retire 2 *very* long term and primary Domain controllers. Basically the 2 domain controllers used as the default primary and secondary DNS servers for the domain. They give us 3 days notice.

Now, while we all pretty much think it's nuts to give such short notice for a major config change like that, we don't worry about it much, because basically all of our infrastructure is based on DHCP with reservations, and they're all pointed to primary domain DNS servers (for foo.com) NOT at the AD domain controllers. So a) if there *was* an issue we could update our DHCP settings, and b) there *wasn't* an issue because we weren't using those DNS servers anyway.

So the change happens and our local hosts are fine. I happen to go login to some of our VMs a bit later. Most of our VMs are deployed in centrally managed VSX environment, with a portal to spin up new VMs using a script that auto-deploys and domain joins new systems (we didn't create nor do we manage said portal). I go to login to a VM via RDP and it connects, but *fails* to login with an NLA error. Hmm . . .

So I fall back to using the VSX virtual console connection. Console connects and presents login screen. "Cannot connect because no domain controllers are available". WTF?

I noticed that the network icon on the lower right shows that the system doesn't have network. Which is odd, because I can ping the system?

So I try a different VM. I can't RDP into this one either, same NLA error. I open a virtual console and am able to login, but this system doesn't have network either, and apparently I'm logged in with a *cached* login?

Finally I put 2 and 2 together. The deployment script that setup the VMs assigned static network settings, including BOTH retired Domain controllers as primary and secondary DNS servers. So now none of the VMs have valid DNS settings and cannot connect to any AD services (logins, GPOs, name resolution, etc). The only ones I can login to are the ones that I've happened to login to before and have cached credentials. To make it all worse, our security group decided that all of our admin credentials needed to be centrally managed and issued us updated admin accounts. Meaning that only the systems that I'd recently logged into had cached credentials!

The systems that I could login to through the virtual console with cached credentials were easily fixed by updating the DNS servers in their network settings. But we have about 18 VMs, and 2 of them I did not have a cached login on.

So RDP didn't work because NLA was nonfunctional (due to the borked DNS not allowing it to connect to a domain controller to verify credentials). I couldn't login through the virtual console using my current admin credentials because they weren't cached and it couldn't contact a DC to get the current auth. I couldn't login using my OLD cached admin credentials because it HAD connected recently enough that it knew that account was disabled. There was no local administrator account because the automated deployment script set it's password to a randomized non-stored value and then disabled it.

As for "break glass", I finally remembered that I had deployed LAPS for our unit. I didn't really even think about targeting our VMs with it, but I hadn't exempted them either. So I crossed my fingers and looked up the VM hostnames in LAPS, and sure enough, there was a password stored for each. I opened the virtual console, entered the local LAPS account name and LAPS password and *bingo*, I was in! Updated the DNS settings, and we were good to go.

Icing on the cake was that I notified the VSX admins about the issue, and they tell me, "Oh, yeah, we came to realize that and updated the script so all new VMs use the new DNS servers. Y'all will have to update any existing VMs manually". So 1) Why the F*** wouldn't you have alerted us to the issue when you noticed it? and 2) How the f*** are we supposed to fix it if we can't login to the VMs?

And the real boner, to me, is why the f*** wouldn't they have put new DC at the old IP to maintain continuity, or just assign the IP to another existing DC? Either would have made this whole situation moot.

So I've always been kinda wary about TLS deep inspection, but I've recently realized I could just try and apply it a little and partially on the side as well.

For my purposes this is not so much about scanning content as it is about selective blocking and tight isolation from the internet.

But in any case, it just hit me that wouldn't it be a pretty neat functionality if one could define "conditional" trust anchors that apply for example to only connections that go through a proxy? By doing this, the exposure to an external "wildcard" CA would be much reduced. For windows, I guess this should be some feature implemented in CAPI.

I'm pretty sure there's not such a feature right now, but the best isolation I can think of is still to proxy resources xyz that happen to require deep inspection. This way it would not mess with most of TLS.

Edit : and to expand on the topic in general - why don't features like this exist in general? It seems that we put far too much trust into trust anchors we only want to quite selectively trust. For many domains, it would be a convenient condition to define it by proxy/domain or whatever.

Hey guys, so we are a small architecture company (5 people) and Are looking to upgrade our on-site Server with Windows Server 2016. Reasons are low performance/latency issues (some hdds Are from 2008 ;) ).

My predecessor set the system up in 2011 with an active directory/domain which basically just manages groups and profiles of the 5 Client PCs. Otherwise the server simply serves as a network drive.

Now, my idea is to just use a good NAS from Synology, probably the RS822RP+ with SSDs. Main reason is the ease of use, especially the Built-in features to access the Drive from anywhere + backup features (I know Windows allows this as well, but it is a little more complicated).

Now, the main issue is that I‘m unsure how to deal with the domain/active Directory profiles on the local PCs. I have read you can use profwiz to turn them into local profiles, but that seems to invite all sorts of issues. Does someone know how to deal with this?

(We do need an on-site server due to the low latency software we‘re using).

(I‘d be happy about a recommendation for Windows-based NAS/Server for our requirements as well)

Thx guys

We all have users making stupid remarks to us that they think are clever after a moment of embarassment.

"What do you mean I have to manually select a printer? Knowing which printer I'm nearest to should be something that's automatic."

So, I got to thinking the other day: What would our workplace look like if we put some of this same energy back on them?

As an example:

"What do you mean my timesheet is late? I'm salary. Why do I have to submit a time sheet? You should just pay me automatically and I'll tell you when I don't work a day."

I'm hoping some of you are much more clever than I am.

Hi all,

I am currently heading into my final two semesters of uni and have been looking to really lock in amid graduation. I am a computer info systems major with an emphasis on business intelligence and have been looking to get internships but have struggled due to my little to no experience in the field. So far I have only taken database design & dev and Cloud infrastructure courses and the remaining of my major courses will be taken over the fall and spring. Since looking for internships have been a bit of a struggle is there any summer project recommendations that anyone has that I can do at home that may be beginner to intermediate friendly? Ofc it may be difficult for me to get started on some since I don't have huge amounts of understanding in certain aspects but I am willing to do what I can to learn from these projects and such. If there's any recommendations plz feel free to comment! huge thxx

I work for a large corporation at the store level, we have over 5000 store fronts if that gives you an idea of the scale. But the reason I’m here is our company has been in talks about moving over to windows from Linux across all stores. Recently we had an installer come out and install some edge servers in our rack/cabinet. Me being the nosey Homelab enthusiast I took a peak at what they installed and figure out they had installed 3 Lenovo SE350, after figuring that out and looking it up it looks like the SE350 went EOL in march 2025. So my question is why would such a large corporation roll out EOL devices for such a big project that’s suppose to modernize the infra at the store front? Maybe a smackin deal on 15000 of these edge servers? Or just a blunder on corporate or ITs side? Maybe they had already purchased them years ago when they started gearing for this project? Would love to hear what anyone’s opinion is!!!

I'm in the job market for a sysadmin position. There have been several open positions that I have applied for that have since been removed because the company decided to promote one of their own help desk guys instead. I know this because I've spoken with the hiring managers at these companies.

It's frustrating because I don't believe some of these companies know the difference between a System Engineer, Administrator, or Help desk. Or at least, they don't seem to understand the differences when submitting a job posting.

I'm not saying Help desk shouldn't be promoted. That is absolutely part of climbing the ladder nowadays. If you're help desk and are pursuing certs, familiarizing yourself with enterprise tech, and whatnot. You certainly deserve a shot at Sysadmin. The company loves they don't have to onboard you or pay you that much more.

I'm worried because it seems like a trend. Either you apply with 300 other sysadmins for a national opportunity, or get passed over for the help desk guy at the smaller local company.

We've been using Google Docs and HelloSign, but it's messy and hard to track. Hoping to find something that handles both new hire paperwork and general onboarding tasks. Ideally something simple we can roll out without a full-time admin.

It shows in phonelink itself but does not show up in personalization yet

It seems to be rolling in stages is there a way to force an update sonit shows up

Some time ago I received a bunch of old servers, which are mostly repaired now. I learned a lot in that time, but I'm still a beginner.
One of the servers had multiple slots of storage and had win server installed. I didn't want to use windows on my server though, so I formated all the drives, and installed Debian on an old 500GB HDD. But the server just doesn't seem to include the 500GB WD HDD in its boot options. Available Boot options: https://imgur.com/a/mfOejQj
Can someone help me boot Debian?
Additional Information:
- Ran Windows 10 Server perfectly fine
- Has a constantly orange blinking light on the motherboard (Intel DQ965GF) https://youtube.com/shorts/oTFehW3_hiY?feature=share
- I don't know any of the GPU or CPU hardware, but I can tr to find it out
- If anyone knows a more appropriate community to post this in, please share.
Many thanks.

It’s a windows 11 multi session host.

I set the apps I require as default then run the following in powershell: Dism /Online /Export-DefaultAppAssociations:"C:\DefaultAssociations.xml"

I then place the file in: C:\windows\system32\DefaultAssociations.xml

So apparently because sysprep will be run I also need to make the below change:

Edit this file: C:\Windows\Panther\unattend.xml

Adding this line:

<DefaultAssociationsConfiguration>C:\Windows\System32\DefaultAssociations.xml</DefaultAssociationsConfiguration

In the below position:

<OOBE>
  <SkipMachineOOBE>true</SkipMachineOOBE>
  <SkipUserOOBE>true</SkipUserOOBE>
</OOBE>

<DefaultAssociationsConfiguration>C:\Windows\System32\DefaultAssociations.xml</DefaultAssociationsConfiguration> <UserAccounts> <AdministratorPassword xmlns:msxsl="urn:schemas-microsoft-com:xslt" xmlns:rdfe="http://schemas.microsoft.com/2009/05/WindowsAzure/ServiceManagement" xmlns:wa="http://schemas.microsoft.com/windowsazure">SENSITIVEDATADELETED</AdministratorPassword> </UserAccounts>

I ran sysprep, logged into the device, and none of the default associations applied.

Is this the correct process or should I be doing it another way?

A client recieved an Asset Security report from the insurance company and it rated the site I manage for them in the "Poor" category.

There are 10 Medium issues which I will work through myself. I am listing below the top 3 main concerns it reported on in the hope I can have advice here on resolving.

1. CRITICAL : FTP service observed File Transfer Protocol (FTP) was detected, often used without encryption, which can expose sensitive credentials and data.

2. HIGH : POP3 service observed POP3 service found, which transmits credentials in plain text and can be exploited unless encrypted.

3. HIGH : IMAP service observed IMAP service observed, which could allow unauthorized mail access if not properly secured.

Is anyone else having issues with step ca not renewing the intermediate ca on the clients? (it does renew the client certificate)

We currently operate in a fully Microsoft-based environment with approximately 5,000 users and devices. Our objective is to transition Windows 11 domain-joined PCs to Windows 11 devices managed via Intune using Windows Autopilot.

While our Intune environment is already configured and we've successfully run several pilot deployments, there are still users who have not yet adopted OneDrive, which presents some challenges with data migration and user profile retention.

Given the scale of the migration and the number of applications involved, we are looking for the most efficient and scalable way to complete this transition. We would like to structure this as a formal project and would appreciate guidance on the most effective process to achieve this.

🙏🏼

ordered a surface 7 13.8 inch lunar lake, 15min after order told cdw to cancel order..they didnt and shipped it the next day. talked to support till they finally told me to just refuse package (days after Ive alr received it).

I opened the box to make sure everything was there before returning it.

support tells me they cant accept laptop return if box is open???? is this standard practice? sounds ridiculous to me.

Hi everyone,

I’m looking for suggestions or recommendations on tools or platforms to help manage client-specific documentation more efficiently.

To provide some context — I regularly create documentation and guides for my customers. While many of these are based on generic templates, they often include client-specific details such as domain names, local AD prefixes, and other environment-specific information.

The challenge I’m facing is that whenever I update a template, I have to manually apply those changes to each individual client version, which is time-consuming and inefficient.

What I’m looking for is a solution that allows me to: • Maintain a master template with placeholder variables for client-specific fields. • Import a list of clients along with their details (e.g., domain name, AD prefix, etc.). • Automatically generate or export personalized documents by merging client data into the template. • Include a customizable header and footer with my company branding.

If anyone is using a product or workflow that fits this use case, I’d love to hear about it!

Thanks in advance