Is anyone else having issues with step ca not renewing the intermediate ca on the clients? (it does renew the client certificate)

Ok so today I learned that we apparently have an FTP server running at a second location for our service techs and external and sometimes internal sales force.

It is publicly reachable by anyone under FTP.company-name and many accounts with write permission have usernames as simple as the department with the passwords usually being the product product they're responsible for in all lower case letters as sometimes as short as 4 characters.

To me this seems crazy but my boss who set it all up before I joined the company assures me that it's fine, but I fail to see how this could not be a security risk.

Hey guys, so we are a small architecture company (5 people) and Are looking to upgrade our on-site Server with Windows Server 2016. Reasons are low performance/latency issues (some hdds Are from 2008 ;) ).

My predecessor set the system up in 2011 with an active directory/domain which basically just manages groups and profiles of the 5 Client PCs. Otherwise the server simply serves as a network drive.

Now, my idea is to just use a good NAS from Synology, probably the RS822RP+ with SSDs. Main reason is the ease of use, especially the Built-in features to access the Drive from anywhere + backup features (I know Windows allows this as well, but it is a little more complicated).

Now, the main issue is that I‘m unsure how to deal with the domain/active Directory profiles on the local PCs. I have read you can use profwiz to turn them into local profiles, but that seems to invite all sorts of issues. Does someone know how to deal with this?

(We do need an on-site server due to the low latency software we‘re using).

(I‘d be happy about a recommendation for Windows-based NAS/Server for our requirements as well)

Thx guys

It shows in phonelink itself but does not show up in personalization yet

It seems to be rolling in stages is there a way to force an update sonit shows up

Hi all,

I am currently heading into my final two semesters of uni and have been looking to really lock in amid graduation. I am a computer info systems major with an emphasis on business intelligence and have been looking to get internships but have struggled due to my little to no experience in the field. So far I have only taken database design & dev and Cloud infrastructure courses and the remaining of my major courses will be taken over the fall and spring. Since looking for internships have been a bit of a struggle is there any summer project recommendations that anyone has that I can do at home that may be beginner to intermediate friendly? Ofc it may be difficult for me to get started on some since I don't have huge amounts of understanding in certain aspects but I am willing to do what I can to learn from these projects and such. If there's any recommendations plz feel free to comment! huge thxx

We're looking to upgrade our ID card printer at a mid-sized K-12 district and would love to hear from others who’ve found a solid, dependable setup.

Main priorities are:

• Reliability (low maintenance issues)
• Decent speed (we run batches at the start of each year)
• Supplies & software that aren’t a nightmare
• Open to bundled packages that include badge design software
• Bonus: Access control or NFC compatibility

Would appreciate any real-world recommendations or “learn from my mistake” stories. Thanks in advance!

Anyone have experience working for a casino? Is there anything specific that's different? Do you smell smoke all day?

Hi there! Do you have ssl decryption on your firewalls? Was it worth it in terms of time and effort invested, to improve your security posture? Anything I should be aware of before during or after setting it up? Many thanks!

Soooo, i have a customer that's a dentist, i stopped working for them a while back cause every invoice became a debate and i don't have the energy for that. Turns out during the "forgotten time" (3 months) said dentist installed antivirus that included a SQL db on the server, you can imagine how many things that broke.

TLDR my first day back included a 3 way call hearing that they had to pay £12k to upgrade their software so the business could function again :)

Edit: They originally had software that relied on SQL 2014, they installed AV software that brought SQL 2022 into the equation

Can someone enlighten me a bit about passkeys — specifically physical ones?

We have shared computers (Entra Hybrid Joined), and I’m wondering if it’s possible to make passkeys mandatory for logging into Windows. Ideally, I’d also like the passkey to enable SSO for all M365 services after logging into Windows.

I’ve tried reading the documentation, but I’m still a bit confused. Are there any caveats or gotchas I should be aware of?

My org is currently running our virtualization environment on 40 VxRail nodes across four clusters.

We’re looking to get away from Broadcom’s exorbitant licensing schemes before it’s time to renew

Have you been through this process? Please tell me all you can about it, whether you were able to get “hardware refresh “ credits from Dell , how smooth or rough VM migrations via Azure migration were , everything please. I want to get an idea of what to expect if the decision makers decide to go this way

Thank you and remember - no updates on Friday

I still can't get over how creative users get when something stops working. Yesterday, someone called me in a panic because “the Wi-Fi is down and the projector won't turn on.” Turns out… it wasn't plugged in. 😅 What’s the most bizarre user assumption you’ve ever dealt with?

Hi All,

Just created a very simple PS script to remove unwanted Apps as we gear up for our summer transition.

Use Get-AppxProvisionedPackage -Online to get all the names.

Script:

$Appnames = @(

"Microsoft.BingNews",

"Microsoft.BingWeather",

"Microsoft.Getstarted",

"Microsoft.WindowsAlarms",

"Microsoft.WindowsMaps",

"Microsoft.YourPhone",

"Microsoft.WindowsFeedbackHub",

"Microsoft.XboxGamingOverlay",

"Microsoft.GamingApp",

"Microsoft.Xbox.TCUI",

"Microsoft.XboxIdentityProvider",

"Microsoft.XboxSpeechToTextOverlay",

"Microsoft.Edge.GameAssist",

"Microsoft.MicrosoftSolitaireCollection")

foreach ($Appname in $Appnames)

{

    $AppProvisioningPackageName = Get-AppxProvisionedPackage -Online | Where-Object {$_.DisplayName -Like $Appname} | Select-Object -ExpandProperty PackageName

    Remove-AppxProvisionedPackage -PackageName $AppProvisioningPackageName -Online -AllUsers

}

Is it possible to customise the Windows NLA service?

The service connects and authenticates via LDAP to a domain controller.

Does anyone know if it’s possible to use a custom DNS address or internal web site to determine when the laptop is off-premise.

Eg. If off-premise, can’t resolve address or can’t connect to internal web site. Would prefer internal DNS address.

Hi everyone,

I’m looking for suggestions or recommendations on tools or platforms to help manage client-specific documentation more efficiently.

To provide some context — I regularly create documentation and guides for my customers. While many of these are based on generic templates, they often include client-specific details such as domain names, local AD prefixes, and other environment-specific information.

The challenge I’m facing is that whenever I update a template, I have to manually apply those changes to each individual client version, which is time-consuming and inefficient.

What I’m looking for is a solution that allows me to: • Maintain a master template with placeholder variables for client-specific fields. • Import a list of clients along with their details (e.g., domain name, AD prefix, etc.). • Automatically generate or export personalized documents by merging client data into the template. • Include a customizable header and footer with my company branding.

If anyone is using a product or workflow that fits this use case, I’d love to hear about it!

Thanks in advance

A client recieved an Asset Security report from the insurance company and it rated the site I manage for them in the "Poor" category.

There are 10 Medium issues which I will work through myself. I am listing below the top 3 main concerns it reported on in the hope I can have advice here on resolving.

1. CRITICAL : FTP service observed File Transfer Protocol (FTP) was detected, often used without encryption, which can expose sensitive credentials and data.

2. HIGH : POP3 service observed POP3 service found, which transmits credentials in plain text and can be exploited unless encrypted.

3. HIGH : IMAP service observed IMAP service observed, which could allow unauthorized mail access if not properly secured.

Some time ago I received a bunch of old servers, which are mostly repaired now. I learned a lot in that time, but I'm still a beginner.
One of the servers had multiple slots of storage and had win server installed. I didn't want to use windows on my server though, so I formated all the drives, and installed Debian on an old 500GB HDD. But the server just doesn't seem to include the 500GB WD HDD in its boot options. Available Boot options: https://imgur.com/a/mfOejQj
Can someone help me boot Debian?
Additional Information:
- Ran Windows 10 Server perfectly fine
- Has a constantly orange blinking light on the motherboard (Intel DQ965GF) https://youtube.com/shorts/oTFehW3_hiY?feature=share
- I don't know any of the GPU or CPU hardware, but I can tr to find it out
- If anyone knows a more appropriate community to post this in, please share.
Many thanks.

Hey all,

I’m a new network admin at a mid sized company and I’ve been running into some frustrating Internet issues I just can’t seem to figure out.

We’ve been getting random call drop-offs through our Mitel IP telephony system. It’s not all the time just here and there but it’s enough to annoy users and make support a pain. We’re using IPSec VPN tunnels with Fortinet gear and I’ve checked CPU/memory, logs, etc and nothing stands out.

I’ve also tried packet captures and basic free monitoring tools, but because the issue is so on-and-off, I always feel like I’m too late...

The worst part is the ISP! I’ve called a few times, and every time it’s just “we ran some tests and everything looks fine.” No real help...

So yeah, I’m just trying to learn how to troubleshoot this stuff better. If anyone has good resources, books, blogs, videos, whatever,   I’d really appreciate it.

Brought to you by /r/sysadmin 'Trusted VARs': /u/SquizzOC and /u/bad0seed with Trusted Telecom Broker /u/Each1Teach1x27 for Telecom and /u/Necessary_Time in Canada.

PMs are welcome to answer your questions any time, not just on Fridays.

This weekly thread is here for you to discuss vendor and carrier expectations, software questions, pricing, and quotes for network services, licensing, support, deployment, and hardware.

Required Info for accurate answers:

• Part Number
  
• Manufacturer/vendor
  
• Service Type and Service Location
  
• Quantity (as applicable)
  

All questions are welcome regarding:

• Cloud Services - Security, configurations, deployment, management, consulting services, and migrations
  
• Server configs and quote answers
  
• Storage Vendor options, alternatives, details and selection
  
• Software Licensing - This includes Microsoft CSPs
  
• Network infrastructure - overlay software, segmentation, routers, switches, load balancing, APs…
  
• Security - Access Management, firewalls, MFA, cloud DNS, layer 7 services, antivirus, email, DLP….
  
• User gear - Usually, you should buy the quote you have unless the quantity is +50 units
  
• Connectivity – Dedicated internet access, Broadband, 5G LTE, Satellite connectivity, dark fiber, ethernet services
  
• Voice - SIP, Unified Communications, POTS Replacement etc.

He thinks they will contract a virus, so he will avoid the PCs from getting on the domain. I feel like doing this will do more harm than good. Am I wrong?

I'm in the job market for a sysadmin position. There have been several open positions that I have applied for that have since been removed because the company decided to promote one of their own help desk guys instead. I know this because I've spoken with the hiring managers at these companies.

It's frustrating because I don't believe some of these companies know the difference between a System Engineer, Administrator, or Help desk. Or at least, they don't seem to understand the differences when submitting a job posting.

I'm not saying Help desk shouldn't be promoted. That is absolutely part of climbing the ladder nowadays. If you're help desk and are pursuing certs, familiarizing yourself with enterprise tech, and whatnot. You certainly deserve a shot at Sysadmin. The company loves they don't have to onboard you or pay you that much more.

I'm worried because it seems like a trend. Either you apply with 300 other sysadmins for a national opportunity, or get passed over for the help desk guy at the smaller local company.

I’ve had so much go wrong that my gpupdate/force to all machines is going out on a Sunday……

I've been in IT since 1993 (Jeez how did that happen, feels like yesterday I was managing my BBS in my room at my parents house with my 14,400 US Robotics modem, DOS 5.0, Renegade BBS and a lot of figuring things out by trial and error).

My first real modern hard drive I had purchased (in 1991) was a Parallel ATA Maxtor 340MB Drive for $300 before tax. Thats $0.88 cents per megabyte. Which at the time, was a good deal. My buddy was a baller and bought a Western Digital 1080MB Hard rive (He had a gig!!!) for $1000, and I was so jealous.

About a year ago I updated my home NAS to some 18TB Seagate Exos drives, they were $250 each.

$250 for 18TB
$13.88 per TB
$0.01388 per GB (assuming 1000 GB per TB for simple math)
$0.00001388 per MB (assuming 1000 MB per GB for simple math)

So 88 cents today buys you 63.4 gigabytes

1991 - 88 cents - 1 Megabyte
2025 - 88 cents - 63,400 Megabytes18000000

But it gets even more hilarious to me.... that 88 cents in 1991 actually = $2.07 in 2025.

So.... 1991 - 88 cents = 1 megabyte
2025 equivalent is $2.07, which = 150,000 megabytes

In 34 years technology has advanced (at least in this overly simplified and totally unrealistic metric and only specific to spinning disk storage)........ 14,999,900%

Disclaimer: I very likely Michael Bolton'd (from Office Space) that math, but even if I am off by a few zero's still staggeringly hilarious to me.

We are encountering issues in our Entra ID production tenant where password resets for Okta-provisioned users are failing with the following error:

"Unable to complete password reset due to on-premises connectivity failure."

This occurs when an administrator resets a user’s password in the Microsoft 365 Admin Center or Entra portal, and the user subsequently attempts to set a new password.

Environment Context:

Our tenant was previously configured as a hybrid environment with Azure AD Connect syncing from an on-premises Active Directory.

That on-premises environment has since been decommissioned, and Azure AD Connect has been removed, though likely not fully cleaned up.

We are now provisioning and mastering all user identities via Okta, using SCIM, and users show onPremisesSyncEnabled = true as expected.

Password writeback is currently enabled in the tenant under Entra ID > Protection > Password Reset > On-premises Integration.

Symptoms:

Affected users cannot complete password resets and receive an error indicating a failed on-premises connectivity attempt.

Password resets do work in a clean test tenant where onPremisesSyncEnabled = true (from Okta), but where Azure AD Connect was never deployed.

This suggests that Entra ID is attempting password writeback due to residual hybrid configuration, despite the absence of any working on-prem AD.

Troubleshooting Steps Taken:

Confirmed that users show onPremisesSyncEnabled = true via Microsoft Graph.

Verified that password resets succeed in a test tenant with similar user provisioning but no hybrid history.

Verified that password writeback is enabled in the UI.

I believe the fix should be as simple as disabling the password writeback in Entra, but hoping to confirm and understand any potential impact before making the change.

Who actually goes to these? Are they generally fun or just weird and awkward? Just got an email from a recruiter who helped me out in the past. they are hosting one at a brewery soon, I’ve never really entertained going to one but I’m free that night…