Will California age-attestation law impact device imaging and deployment?
On January 1, 2027, California Assembly Bill No. 1043 will come into effect. The law requires every operating system provider in California to collect age information from users at account setup. This includes Windows, Linux, macOS, iPadOS, etc.
For Windows computers, if we currently have an unattend file to answer the OOBE questions, will we have to add a new question/answer to the file? And how the fuck do we answer it if there is some possibility that an under-18 user *could* use the device? Or even worse, is it going to end up being a question that cannot be automatically answered and must be manually answered? How would a library with shared public kiosk computers answer this age question? Will Autopilot now require the question to be answered?
Same for iPad's: we have the OOBE questions auto-answered currently so that setting up a new iPad kiosk is quick and easy. Is this law going to change that?
https://redd.it/1rhx04k
@r_systemadmin
On January 1, 2027, California Assembly Bill No. 1043 will come into effect. The law requires every operating system provider in California to collect age information from users at account setup. This includes Windows, Linux, macOS, iPadOS, etc.
For Windows computers, if we currently have an unattend file to answer the OOBE questions, will we have to add a new question/answer to the file? And how the fuck do we answer it if there is some possibility that an under-18 user *could* use the device? Or even worse, is it going to end up being a question that cannot be automatically answered and must be manually answered? How would a library with shared public kiosk computers answer this age question? Will Autopilot now require the question to be answered?
Same for iPad's: we have the OOBE questions auto-answered currently so that setting up a new iPad kiosk is quick and easy. Is this law going to change that?
https://redd.it/1rhx04k
@r_systemadmin
Reddit
From the sysadmin community on Reddit
Explore this post and more from the sysadmin community
Best SASE options in 2026?
We're a small team, mostly remote, mix of mac and PC. Currently using a basic VPN and separate DNS filtering, but it's becoming a pain to manage two tools for what feels like it should be one solution. Looking at SASE as the logical next step.
From what I understand, SASE combines SD-WAN with cloud-delivered security (firewall, SWG, CASB, ZTNA, etc) into a single platform. The appeal is obvious. One vendor, one dashboard, fewer headaches.
I've looked at a few options:
Cloudflare One seems well-regarded and has a generous free tier. Wondering if it scales reasonably for SMB without jumping to enterprise pricing.
Zscaler comes up constantly in recommendations, but feels more enterprise-focused. Is it overkill for a small team?
Cato Networks appears to be built with mid-market in mind, which is appealing. Less familiar with how it performs in practice.
Netskope gets good reviews around data protection specifically, but unclear on pricing and complexity for a smaller shop.
A few things I'm trying to figure out. Is there a meaningful difference between these for a team under 25 users, or do they mostly converge at that scale? Are any of these reasonably self-managed, or do they all assume you have a dedicated IT person? Is there an all in one that handles DNS filtering, VPN replacement, and basic DLP without needing add-ons?
Not looking for the most feature-rich option. Just something solid, manageable, and priced for SMB. Open to guidance from anyone who's actually deployed one of these.
https://redd.it/1ri1lwz
@r_systemadmin
We're a small team, mostly remote, mix of mac and PC. Currently using a basic VPN and separate DNS filtering, but it's becoming a pain to manage two tools for what feels like it should be one solution. Looking at SASE as the logical next step.
From what I understand, SASE combines SD-WAN with cloud-delivered security (firewall, SWG, CASB, ZTNA, etc) into a single platform. The appeal is obvious. One vendor, one dashboard, fewer headaches.
I've looked at a few options:
Cloudflare One seems well-regarded and has a generous free tier. Wondering if it scales reasonably for SMB without jumping to enterprise pricing.
Zscaler comes up constantly in recommendations, but feels more enterprise-focused. Is it overkill for a small team?
Cato Networks appears to be built with mid-market in mind, which is appealing. Less familiar with how it performs in practice.
Netskope gets good reviews around data protection specifically, but unclear on pricing and complexity for a smaller shop.
A few things I'm trying to figure out. Is there a meaningful difference between these for a team under 25 users, or do they mostly converge at that scale? Are any of these reasonably self-managed, or do they all assume you have a dedicated IT person? Is there an all in one that handles DNS filtering, VPN replacement, and basic DLP without needing add-ons?
Not looking for the most feature-rich option. Just something solid, manageable, and priced for SMB. Open to guidance from anyone who's actually deployed one of these.
https://redd.it/1ri1lwz
@r_systemadmin
Reddit
From the sysadmin community on Reddit
Explore this post and more from the sysadmin community
Weekly 'I made a useful thing' Thread - March 06, 2026
There is a great deal of user-generated content out there, from scripts and software to tutorials and videos, but we've generally tried to keep that off of the front page due to the volume and as a result of community feedback. There's also a great deal of content out there that violates our advertising/promotion rule, from scripts and software to tutorials and videos.
We have received a number of requests for exemptions to the rule, and rather than allowing the front page to get consumed, we thought we'd try a weekly thread that allows for that kind of content. We don't have a catchy name for it yet, so please let us know if you have any ideas!
In this thread, feel free to show us your pet project, YouTube videos, blog posts, or whatever else you may have and share it with the community. Commercial advertisements, affiliate links, or links that appear to be monetization-grabs will still be removed.
https://redd.it/1rm9z3i
@r_systemadmin
There is a great deal of user-generated content out there, from scripts and software to tutorials and videos, but we've generally tried to keep that off of the front page due to the volume and as a result of community feedback. There's also a great deal of content out there that violates our advertising/promotion rule, from scripts and software to tutorials and videos.
We have received a number of requests for exemptions to the rule, and rather than allowing the front page to get consumed, we thought we'd try a weekly thread that allows for that kind of content. We don't have a catchy name for it yet, so please let us know if you have any ideas!
In this thread, feel free to show us your pet project, YouTube videos, blog posts, or whatever else you may have and share it with the community. Commercial advertisements, affiliate links, or links that appear to be monetization-grabs will still be removed.
https://redd.it/1rm9z3i
@r_systemadmin
Reddit
From the sysadmin community on Reddit
Explore this post and more from the sysadmin community
I'm quitting my job due to vibe coders and poor leadership
Our exec leadership this year is making a big push for AI. They're encouraging everyone to generate ideas and try to make them real with vibe code. The team with the best idea that generates real results gets a bonus. This has led to a huge influx of users creating their own apps. Honestly, some of the ideas aren't bad. But most of them don't know how to integrate them, support them when there's an issue, use good security practices or basic IT knowledge. When you try to debate one of these people you'll get a "well ChatGPT said.." response that drives me up the wall.
We're flooded with vibe-coded app requests, we can't keep up with them and real work at the same time. We're forced to take them seriously. When I see a red flag, I call it out, I report it to security and my boss which turns into a meeting, which turns into a debate, lots of messages back and forth.. Eventually many of them get approved one way or another. All I did was waste time.
To make things worse, users are installing AI agents on their work computers, despite some of us saying "absolutely not" it's fucking approved from the top down. I feel like we're holding onto a ticking time bomb.
We already have a very full plate of work but there's so much noise from this that its so hard to keep up. Everyone is suddenly an expert on everything, telling us how to improve our infrastructure with AI.
Tomorrow I'm giving notice, I don't have a job lined up but I don't care. I have savings and I plan on taking a year off from work. I'm not sure if I'm coming back to this career. I know the market is horrible but I've lost what joy I had left with this career after 20 years of working in it.
--------
edit: I didn't expect so many responses. I'll sleep on this again and will consider FMLA.
I'm in my 40s, working in IT for a long time. Maybe this is a midlife crisis. My health has slipped the last couple of years simply from not taking care of myself. I used to be fit. My parents aren't doing well and I don't know how much quality time we have left. That's also driving this decision somewhat. I'm very aware that this isn't good for my career
https://redd.it/1roi3ne
@r_systemadmin
Our exec leadership this year is making a big push for AI. They're encouraging everyone to generate ideas and try to make them real with vibe code. The team with the best idea that generates real results gets a bonus. This has led to a huge influx of users creating their own apps. Honestly, some of the ideas aren't bad. But most of them don't know how to integrate them, support them when there's an issue, use good security practices or basic IT knowledge. When you try to debate one of these people you'll get a "well ChatGPT said.." response that drives me up the wall.
We're flooded with vibe-coded app requests, we can't keep up with them and real work at the same time. We're forced to take them seriously. When I see a red flag, I call it out, I report it to security and my boss which turns into a meeting, which turns into a debate, lots of messages back and forth.. Eventually many of them get approved one way or another. All I did was waste time.
To make things worse, users are installing AI agents on their work computers, despite some of us saying "absolutely not" it's fucking approved from the top down. I feel like we're holding onto a ticking time bomb.
We already have a very full plate of work but there's so much noise from this that its so hard to keep up. Everyone is suddenly an expert on everything, telling us how to improve our infrastructure with AI.
Tomorrow I'm giving notice, I don't have a job lined up but I don't care. I have savings and I plan on taking a year off from work. I'm not sure if I'm coming back to this career. I know the market is horrible but I've lost what joy I had left with this career after 20 years of working in it.
--------
edit: I didn't expect so many responses. I'll sleep on this again and will consider FMLA.
I'm in my 40s, working in IT for a long time. Maybe this is a midlife crisis. My health has slipped the last couple of years simply from not taking care of myself. I used to be fit. My parents aren't doing well and I don't know how much quality time we have left. That's also driving this decision somewhat. I'm very aware that this isn't good for my career
https://redd.it/1roi3ne
@r_systemadmin
Reddit
From the sysadmin community on Reddit
Explore this post and more from the sysadmin community
Windows 11 Feature Updates (In-Place Upgrade) breaking 802.1X (NAC) wired authentication policies
We’re seeing a persistent issue with **Windows 11 feature updates (in-place upgrades)** breaking **802.1X wired authentication** on enterprise devices.
Curious if anyone else is seeing this or has found a reliable mitigation.
Related Articles / Threads:
[https://cybersecuritynews.com/windows-11-23h2-to-25h2-upgrade/](https://cybersecuritynews.com/windows-11-23h2-to-25h2-upgrade/)
[https://old.reddit.com/r/sysadmin/comments/1fy95vz/win11\_updates\_break\_8021x\_until\_gpupdate\_happens/](https://old.reddit.com/r/sysadmin/comments/1fy95vz/win11_updates_break_8021x_until_gpupdate_happens/)
[https://www.reddit.com/r/sysadmin/comments/1rj1os3/win11\_upgrades\_wiping\_dot3svc\_8021x\_wired\_policy/](https://www.reddit.com/r/sysadmin/comments/1rj1os3/win11_upgrades_wiping_dot3svc_8021x_wired_policy/)
# Environment
* Windows 11 (23H2 → 24H2 / 23H2 → 25H2)
* Cert-based **802.1X (EAP-TLS)**
* NAC enforced on wired and wireless networks
* Feature updates deployed via **Intune Autopatc**h
# Suspected Root Cause
During the upgrade, the contents of *C:\\Windows\\dot3svc\\Policies* appear to be **silently removed**. These files store **802.1X wired authentication profiles deployed via Group Policy**.
Observed behavior:
* Machine certificates and root certificates remain intact
* **Wired AutoConfig (dot3svc)** loses the applied authentication policy
* Authentication settings revert to **PEAP-MSCHAPv2 (default)**
* Devices fail NAC authentication as our settings related to enterprise are not applied and they are reverted to windows default **PEAP-MSCHAPv2**
# Impact
Enterprise devices that rely on **wired 802.1X** lose connectivity immediately after the feature update and require manual remediation like Connect to an non 802.1X network > Run gpupdate so that the policies intended will get applied again and machine can connect back to protected network.
# Question
Has anyone found a **reliable mitigation or workaround** for this?
Possible ideas we’re exploring:
* Backing up/restoring the `dot3svc` policy files
* Re-applying wired profiles via script post-upgrade
* Intune remediation scripts
However, with **Intune Autopatch feature updates**, options during the upgrade process are limited.
Would appreciate hearing how others are dealing with this.
https://redd.it/1ro3av7
@r_systemadmin
We’re seeing a persistent issue with **Windows 11 feature updates (in-place upgrades)** breaking **802.1X wired authentication** on enterprise devices.
Curious if anyone else is seeing this or has found a reliable mitigation.
Related Articles / Threads:
[https://cybersecuritynews.com/windows-11-23h2-to-25h2-upgrade/](https://cybersecuritynews.com/windows-11-23h2-to-25h2-upgrade/)
[https://old.reddit.com/r/sysadmin/comments/1fy95vz/win11\_updates\_break\_8021x\_until\_gpupdate\_happens/](https://old.reddit.com/r/sysadmin/comments/1fy95vz/win11_updates_break_8021x_until_gpupdate_happens/)
[https://www.reddit.com/r/sysadmin/comments/1rj1os3/win11\_upgrades\_wiping\_dot3svc\_8021x\_wired\_policy/](https://www.reddit.com/r/sysadmin/comments/1rj1os3/win11_upgrades_wiping_dot3svc_8021x_wired_policy/)
# Environment
* Windows 11 (23H2 → 24H2 / 23H2 → 25H2)
* Cert-based **802.1X (EAP-TLS)**
* NAC enforced on wired and wireless networks
* Feature updates deployed via **Intune Autopatc**h
# Suspected Root Cause
During the upgrade, the contents of *C:\\Windows\\dot3svc\\Policies* appear to be **silently removed**. These files store **802.1X wired authentication profiles deployed via Group Policy**.
Observed behavior:
* Machine certificates and root certificates remain intact
* **Wired AutoConfig (dot3svc)** loses the applied authentication policy
* Authentication settings revert to **PEAP-MSCHAPv2 (default)**
* Devices fail NAC authentication as our settings related to enterprise are not applied and they are reverted to windows default **PEAP-MSCHAPv2**
# Impact
Enterprise devices that rely on **wired 802.1X** lose connectivity immediately after the feature update and require manual remediation like Connect to an non 802.1X network > Run gpupdate so that the policies intended will get applied again and machine can connect back to protected network.
# Question
Has anyone found a **reliable mitigation or workaround** for this?
Possible ideas we’re exploring:
* Backing up/restoring the `dot3svc` policy files
* Re-applying wired profiles via script post-upgrade
* Intune remediation scripts
However, with **Intune Autopatch feature updates**, options during the upgrade process are limited.
Would appreciate hearing how others are dealing with this.
https://redd.it/1ro3av7
@r_systemadmin
Cyber Security News
Windows 11 23H2 to 25H2 Upgrade Allegedly Breaking Internet Connectivity
A persistent bug in Windows 11 in-place upgrades is reportedly wiping critical 802.1X wired authentication configurations, leaving enterprise workstations completely offline until manual intervention is performed.
Godaddy sending emails asking me to authorize issuance of an SSL certificate for a domain we control
I spoke to the developer who manages the company web site to ask if he requested a certificate from Godaddy. "Nope. We use Let's Encrypt"
Over the last few weeks I've gotten 4 or 5 of these authorization requests, all for the same domain...I think each email after the first was a reminder to authorize. At one point I called Godaddy to ask them to cancel the cert request, but other stuff came up while I was on hold and I never called back. Silly thought that Godaddy should provide a link in the email to explicitly deny the request.
I also control the public DNS (at Cloudflare) so I don't see anyone getting any scamming mileage out of having the cert anyway.
Any idea why someone would be trying to get a cert for a domain they don't own?
https://redd.it/1rom5n1
@r_systemadmin
I spoke to the developer who manages the company web site to ask if he requested a certificate from Godaddy. "Nope. We use Let's Encrypt"
Over the last few weeks I've gotten 4 or 5 of these authorization requests, all for the same domain...I think each email after the first was a reminder to authorize. At one point I called Godaddy to ask them to cancel the cert request, but other stuff came up while I was on hold and I never called back. Silly thought that Godaddy should provide a link in the email to explicitly deny the request.
I also control the public DNS (at Cloudflare) so I don't see anyone getting any scamming mileage out of having the cert anyway.
Any idea why someone would be trying to get a cert for a domain they don't own?
https://redd.it/1rom5n1
@r_systemadmin
Reddit
From the sysadmin community on Reddit
Explore this post and more from the sysadmin community
Fellow BC, Canada Sys Admins: What are you doing/What have you heard about the time change changes?
For everyone: Our province is finally abolishing the biannual time change. Today is the last time we'll spring our clocks forward, and we won't fall them back in 6 months.
Everything did as it should this morning. So what are the vendors doing about the fall? Will Microsoft include us in an upcoming patch? Will we have to take care of it ourselves? What about the Linux vendors? Appliances?
Personally, I have to change a bunch of Cisco/Linksys stuff on my homelab VOIP system, but I think that's about it.
https://redd.it/1roe2np
@r_systemadmin
For everyone: Our province is finally abolishing the biannual time change. Today is the last time we'll spring our clocks forward, and we won't fall them back in 6 months.
Everything did as it should this morning. So what are the vendors doing about the fall? Will Microsoft include us in an upcoming patch? Will we have to take care of it ourselves? What about the Linux vendors? Appliances?
Personally, I have to change a bunch of Cisco/Linksys stuff on my homelab VOIP system, but I think that's about it.
https://redd.it/1roe2np
@r_systemadmin
Reddit
From the sysadmin community on Reddit
Explore this post and more from the sysadmin community
AI training for sysadmins
Any good documentation/training/tips on how sysadmins can get the most out of AI?
https://redd.it/1roby8p
@r_systemadmin
Any good documentation/training/tips on how sysadmins can get the most out of AI?
https://redd.it/1roby8p
@r_systemadmin
On-Prem SMB Shares to Copilot 365 - GCC High
Hi All,
I've been fighting this for a week or so now so appreciate any input.
I'm trying to set up the Microsoft File Share Graph Connector for M365 Copilot on a GCC High tenant. The connector is published, shows green/Ready in the portal, the GCA agent health check passes, all endpoints are reachable, it can see the files in the test folder. But it never actually indexes them and fails with an "access is denied" error. I've used the user account and confirmed it has access to the files (even tried "everyone" permissions on the test files).
According to the MS setup guide you only have to change:
* appsettings.json CloudInstanceUrl is set to [login.microsoftonline.us](https://login.microsoftonline.us)
but i also found in the HostConfig there are references to commercial endpoints, so i tried adding the GCC High endpoints (gcs.office365.us, graph.microsoft.us, graph.microsoft.com, login.microsoftonline.us) still no dice.
I'm at a loss...
Help me Sysadmin Reddit.. you're my only hope.
https://redd.it/1ropyf0
@r_systemadmin
Hi All,
I've been fighting this for a week or so now so appreciate any input.
I'm trying to set up the Microsoft File Share Graph Connector for M365 Copilot on a GCC High tenant. The connector is published, shows green/Ready in the portal, the GCA agent health check passes, all endpoints are reachable, it can see the files in the test folder. But it never actually indexes them and fails with an "access is denied" error. I've used the user account and confirmed it has access to the files (even tried "everyone" permissions on the test files).
According to the MS setup guide you only have to change:
* appsettings.json CloudInstanceUrl is set to [login.microsoftonline.us](https://login.microsoftonline.us)
but i also found in the HostConfig there are references to commercial endpoints, so i tried adding the GCC High endpoints (gcs.office365.us, graph.microsoft.us, graph.microsoft.com, login.microsoftonline.us) still no dice.
I'm at a loss...
Help me Sysadmin Reddit.. you're my only hope.
https://redd.it/1ropyf0
@r_systemadmin
Reddit
From the sysadmin community on Reddit
Explore this post and more from the sysadmin community
Thoughts on AI
First - this is a long post. I have a lot of thoughts on this topic. Yes, it's another AI rant.
So like with many other places, AI has recently enveloped our company to the point where it is now somehow behind the majority of our top priorities. Execs and Developers want to use every new shiny AI-related tool that comes out, and we seem to have no issues spending the money. In any event, since we have the tools available I've tried to make use of them when I can, cautiously. While at the same time observing others that I think are overusing it to an extreme - to the point that when I ask them a question, I get a response either from Google's search AI response or sometimes their own chat with Copilot or whatever. Which is dumb because if I asked them a question, I wanted their thoughts on it, not AI's. If I wanted AI's thoughts, I'd have asked it myself. So I try not to be that person, but at the same time don't want to be the person who can't adapt to changing times...so I try to sit somewhere in the middle, and embrace it where I can.
A little background on me, I'm a DBA, SysAdmin before that, who scripts a lot for my day job and also develops software as a hobby for most of my life, though I've never worked as a paid Developer. But I'm familiar enough with scripting, software internals and code. Yesterday was the first day I spent actually letting AI drive the majority of the tasks to write a couple scripts for some work I needed to do, as well as in Excel to piece data together from different sheets. And I have to say - I'm not all that impressed.
Everything I asked it for the script stuff was related to VMware PowerCLI, specifically ESXi storage-related commands (to get information I needed to pull, and dump to CSV and/or output to GridView). All the cmdlets, modules and APIs used are publicly documented, and it all pertained to standalone scripts, so no need for the AI to understand any context outside the scripts itself (other than an instruction file and my VS Code settings that I told it to read) - these weren't part of a larger project or anything like that. It wasn't making any changes to our environment, nor did it need to know anything specific about the environment (that would all be passed to the script via params), and it wrote both scripts itself. So it should be pretty simple for it, I would think, especially with what I've heard and seen first-hand lately about all these complex projects being vibe coded. This was using Sonnet 4.6, and later Opus 4.6 in VS Code in agent mode.
But it seemed to overthink things a lot even when it was a simple question, and do some things unnecessarily complicated, and often times it didn't even work. I read through it's detailed reasoning process on almost everything I asked it, and it would very often go in circles with itself and eventually settle on some answer that may or may not be correct. There were a few parts where if I hadn't actually known myself how to go about it, it would've been no help whatsoever. On the other pieces where it did finally get it right on its own, it took a ton of back-and-forth in many cases, and I'd still have to be very specific about certain things. Some things it took like 10 tries before it found a working method, and on some things it never did until I told it exactly how to. Stuff I would think is pretty simple would trip it up - like trying to read settings from my VS Code settings file to follow the instructions in the instruction file (which just pertained to formatting rules, nothing fancy). I was coaching it more than it was coaching me. Maybe PowerCLI was a bad use case, but given that everything is publicly documented and it seemed to have no trouble identifying the commands and APIs it thought it should use, I'd think it should be fine.
In the end, did it save any time? I really don't know - maybe? Even if it did, there's a tradeoff - the fact that I didn't get to beef up my skillset like I would've if I'd had to do all the research and write it all myself like I would've in the past. Mental skills are
First - this is a long post. I have a lot of thoughts on this topic. Yes, it's another AI rant.
So like with many other places, AI has recently enveloped our company to the point where it is now somehow behind the majority of our top priorities. Execs and Developers want to use every new shiny AI-related tool that comes out, and we seem to have no issues spending the money. In any event, since we have the tools available I've tried to make use of them when I can, cautiously. While at the same time observing others that I think are overusing it to an extreme - to the point that when I ask them a question, I get a response either from Google's search AI response or sometimes their own chat with Copilot or whatever. Which is dumb because if I asked them a question, I wanted their thoughts on it, not AI's. If I wanted AI's thoughts, I'd have asked it myself. So I try not to be that person, but at the same time don't want to be the person who can't adapt to changing times...so I try to sit somewhere in the middle, and embrace it where I can.
A little background on me, I'm a DBA, SysAdmin before that, who scripts a lot for my day job and also develops software as a hobby for most of my life, though I've never worked as a paid Developer. But I'm familiar enough with scripting, software internals and code. Yesterday was the first day I spent actually letting AI drive the majority of the tasks to write a couple scripts for some work I needed to do, as well as in Excel to piece data together from different sheets. And I have to say - I'm not all that impressed.
Everything I asked it for the script stuff was related to VMware PowerCLI, specifically ESXi storage-related commands (to get information I needed to pull, and dump to CSV and/or output to GridView). All the cmdlets, modules and APIs used are publicly documented, and it all pertained to standalone scripts, so no need for the AI to understand any context outside the scripts itself (other than an instruction file and my VS Code settings that I told it to read) - these weren't part of a larger project or anything like that. It wasn't making any changes to our environment, nor did it need to know anything specific about the environment (that would all be passed to the script via params), and it wrote both scripts itself. So it should be pretty simple for it, I would think, especially with what I've heard and seen first-hand lately about all these complex projects being vibe coded. This was using Sonnet 4.6, and later Opus 4.6 in VS Code in agent mode.
But it seemed to overthink things a lot even when it was a simple question, and do some things unnecessarily complicated, and often times it didn't even work. I read through it's detailed reasoning process on almost everything I asked it, and it would very often go in circles with itself and eventually settle on some answer that may or may not be correct. There were a few parts where if I hadn't actually known myself how to go about it, it would've been no help whatsoever. On the other pieces where it did finally get it right on its own, it took a ton of back-and-forth in many cases, and I'd still have to be very specific about certain things. Some things it took like 10 tries before it found a working method, and on some things it never did until I told it exactly how to. Stuff I would think is pretty simple would trip it up - like trying to read settings from my VS Code settings file to follow the instructions in the instruction file (which just pertained to formatting rules, nothing fancy). I was coaching it more than it was coaching me. Maybe PowerCLI was a bad use case, but given that everything is publicly documented and it seemed to have no trouble identifying the commands and APIs it thought it should use, I'd think it should be fine.
In the end, did it save any time? I really don't know - maybe? Even if it did, there's a tradeoff - the fact that I didn't get to beef up my skillset like I would've if I'd had to do all the research and write it all myself like I would've in the past. Mental skills are
like muscles - if we don't use them, we lose them over time. So as AI becomes better at what it does, I think we will become worse at what we do (those of us who already had skillsets in certain areas). When considering people newly entering the field, they will never build a skillset in the first place. When using AI, they may get a similar result as a more senior person eventually - likely in quite a longer time, due to not knowing as many specifics about what to ask - but also would learn very little in the process. Not sure that's a good thing.
In Excel, it was using Opus 4.5 in agent mode, and I really just asked it to match column values across sheets and fill in some blanks. And yeah, it generated formulas to do that - somewhat messy ones, initially. Once I told it to refine them in certain ways, it did, and it was good enough. So it may have allowed me to be more productive there. But again, same downside - I'm not getting "better at Excel" by learning a new formula (which I'd stash away in my notes for later use) and adding to my skillset, instead I'm getting better at talking to AI.
The biggest benefit I've seen from it so far is probably with meeting summarization, especially the integration with transcription features in Teams. This can make it very easy to jump the correct point of a long, recorded working meeting for example, where we cover some specific topic, without having to spend hours re-watching the whole thing. It's also very good at crawling structures and documenting them, although to an extent those features were already available before AI (e.g. specific tools to perform these tasks for specific use cases, like SQL databases) but I guess AI has just allowed that to be applicable in many more places than it was before. So that stuff has been good for the most part. It's not all bad.
But the coding stuff was largely a disaster, even with an expensive model that's supposed to be "the best" for coding. The experience I had yesterday aligns closely with the bits and pieces I had prior (I have used it quite a bit before but just for chat questions here and there, never in agent mode and never letting it "drive" like I did today). And even the Excel stuff, while somewhat "productive", has the negative tradeoff of not adding to/honing your skillset because you aren't actually using the product anymore. Finance people who used to be wizards with Excel, over time, will just become drones that talk to AI. New Finance people entering the workforce will never get those skills in the first place.
So when I hear about how "easy and cheap it is to write code now" because "any Junior Developer can vibe code stuff" I'm just thinking...maybe?....but with so many tradeoffs, long-term I'm not sure it's doing the company, the team, the customer, nor the developer themselves any favors (even if the immediate return "seems great"). And the same is true for using it to do your job in other disciplines as well - I expect this to permeate into the IT world more and more as we go forward, especially with administration of cloud infrastructure like Azure and AWS. Someone who "doesn't know what they don't know", as they say, won't know what guidance to give, or what things to challenge it on, because they don't know any better in the first place.
There were several times Claude actually tried to convince me it was right about something that it most definitely was not, telling me "this is the correct approach". Only after I explain to it, in depth, why this is not the correct approach, and give it a hint of what to do instead, would it change it's tune and go that direction. And given what I saw on the parts where I was familiar and had to coach it along, I'm honestly not all that confident that the parts where it did "get it right" on its own (meaning it at least produced a working piece of code without me telling exactly what to do) that those things are actually done in the correct or most efficient way. But "they work" (or seem to, anyway), which means when this happens in the wild, people are happy - likely nobody
In Excel, it was using Opus 4.5 in agent mode, and I really just asked it to match column values across sheets and fill in some blanks. And yeah, it generated formulas to do that - somewhat messy ones, initially. Once I told it to refine them in certain ways, it did, and it was good enough. So it may have allowed me to be more productive there. But again, same downside - I'm not getting "better at Excel" by learning a new formula (which I'd stash away in my notes for later use) and adding to my skillset, instead I'm getting better at talking to AI.
The biggest benefit I've seen from it so far is probably with meeting summarization, especially the integration with transcription features in Teams. This can make it very easy to jump the correct point of a long, recorded working meeting for example, where we cover some specific topic, without having to spend hours re-watching the whole thing. It's also very good at crawling structures and documenting them, although to an extent those features were already available before AI (e.g. specific tools to perform these tasks for specific use cases, like SQL databases) but I guess AI has just allowed that to be applicable in many more places than it was before. So that stuff has been good for the most part. It's not all bad.
But the coding stuff was largely a disaster, even with an expensive model that's supposed to be "the best" for coding. The experience I had yesterday aligns closely with the bits and pieces I had prior (I have used it quite a bit before but just for chat questions here and there, never in agent mode and never letting it "drive" like I did today). And even the Excel stuff, while somewhat "productive", has the negative tradeoff of not adding to/honing your skillset because you aren't actually using the product anymore. Finance people who used to be wizards with Excel, over time, will just become drones that talk to AI. New Finance people entering the workforce will never get those skills in the first place.
So when I hear about how "easy and cheap it is to write code now" because "any Junior Developer can vibe code stuff" I'm just thinking...maybe?....but with so many tradeoffs, long-term I'm not sure it's doing the company, the team, the customer, nor the developer themselves any favors (even if the immediate return "seems great"). And the same is true for using it to do your job in other disciplines as well - I expect this to permeate into the IT world more and more as we go forward, especially with administration of cloud infrastructure like Azure and AWS. Someone who "doesn't know what they don't know", as they say, won't know what guidance to give, or what things to challenge it on, because they don't know any better in the first place.
There were several times Claude actually tried to convince me it was right about something that it most definitely was not, telling me "this is the correct approach". Only after I explain to it, in depth, why this is not the correct approach, and give it a hint of what to do instead, would it change it's tune and go that direction. And given what I saw on the parts where I was familiar and had to coach it along, I'm honestly not all that confident that the parts where it did "get it right" on its own (meaning it at least produced a working piece of code without me telling exactly what to do) that those things are actually done in the correct or most efficient way. But "they work" (or seem to, anyway), which means when this happens in the wild, people are happy - likely nobody
is double checking anything, or very high-level spot checks at best. So some Junior Developer or SysAdmin might continue going back and forth with it all day until through enough trial and error and money spent on premium requests, they finally get a working product. But if what I saw today is any indication, I think a lot of it will be messy, and not necessarily optimal, performant nor elegant.
Do we plan to let these things make more serious decisions one day? Financial advice, health advice, etc. What happens when AI assures your paid "expert" (e.g. Financial Advisor, Doctor), that a certain route "is the correct approach"? If the expert doesn't catch it or doesn't know any better, and ends up parroting that guidance back to you, the client, you very likely accept it because again, they are the "paid expert" that's supposed to know what they're doing. So maybe the better question is - if/when this happens - will you even know?
And when it fucks up and leads real people down the wrong path with bad advice, and the person rightfully gets pissed, what will the response be - the same generic YMMV crap (e.g. "investing is a risk - past success does not guarantee future results" or "these may not be all side effects"). I know there's already been stories of AI convincing people to take their own lives, which is extremely sad. Of course, guardrails can and should be put in place to help mitigate some of this stuff, which supposedly has been done in many cases - but then I hear about AI agents that are allowed to modify their own configs. So if that's the case, what good are guardrails? If AI wants to go out of bounds on something, it'll just look at it's config, say "oh, I see the problem, there's this dumb restriction in the way", remove it, and proceed on it's merry way down whatever fucked up path we tried to stop it from going down. Some of this may sound like an unlikely scenario to some, but some of it (like agents modifying their own configs) is quite literally already happening - I don't think it's a stretch at all to say we're headed down a potentially very dangerous and destructive path.
At the end of the day, we're giving up our own mental capacity and critical thinking skills in the name of "productivity". Just because you produce more in a given amount of time does not always mean it's better. If quality drops, if manageability drops and overhead increases, if complexity increases unnecessarily with no benefit - then is it really a win? Not to mention, as time goes on and AI's "skills continue to "sharpen", and our own skills continue to decline, we will become less and less adept at catching AI's mistakes. So human review of AI-generated things will become less and less effective.
I'll leave it there for now because I could go on for quite a while. It's just shocking to me that the entire world is in such a fkin daze from the "magic" of AI that nobody, or at least not enough people with influence in this sphere, have actually sat and thought through some of this stuff. Or the other , more likely scenario - they have, but just sweep it under the metaphorical rug because of the money it's bringing in. And the public largely is OK with it, because again, they're just amazed by "what it can do".
I know this was long but thanks in advance to those who took the time to read it all. This is just coming from genuine concern I have about the long-term effects of this AI craze on our society. I'm just curious to get others' thoughts on this topic - any productive discussion is welcome. If you disagree, please elaborate on why, what I have missed, etc.
And before anybody asks, no I did not use AI to write the post about my thoughts on AI.
https://redd.it/1rodjmz
@r_systemadmin
Do we plan to let these things make more serious decisions one day? Financial advice, health advice, etc. What happens when AI assures your paid "expert" (e.g. Financial Advisor, Doctor), that a certain route "is the correct approach"? If the expert doesn't catch it or doesn't know any better, and ends up parroting that guidance back to you, the client, you very likely accept it because again, they are the "paid expert" that's supposed to know what they're doing. So maybe the better question is - if/when this happens - will you even know?
And when it fucks up and leads real people down the wrong path with bad advice, and the person rightfully gets pissed, what will the response be - the same generic YMMV crap (e.g. "investing is a risk - past success does not guarantee future results" or "these may not be all side effects"). I know there's already been stories of AI convincing people to take their own lives, which is extremely sad. Of course, guardrails can and should be put in place to help mitigate some of this stuff, which supposedly has been done in many cases - but then I hear about AI agents that are allowed to modify their own configs. So if that's the case, what good are guardrails? If AI wants to go out of bounds on something, it'll just look at it's config, say "oh, I see the problem, there's this dumb restriction in the way", remove it, and proceed on it's merry way down whatever fucked up path we tried to stop it from going down. Some of this may sound like an unlikely scenario to some, but some of it (like agents modifying their own configs) is quite literally already happening - I don't think it's a stretch at all to say we're headed down a potentially very dangerous and destructive path.
At the end of the day, we're giving up our own mental capacity and critical thinking skills in the name of "productivity". Just because you produce more in a given amount of time does not always mean it's better. If quality drops, if manageability drops and overhead increases, if complexity increases unnecessarily with no benefit - then is it really a win? Not to mention, as time goes on and AI's "skills continue to "sharpen", and our own skills continue to decline, we will become less and less adept at catching AI's mistakes. So human review of AI-generated things will become less and less effective.
I'll leave it there for now because I could go on for quite a while. It's just shocking to me that the entire world is in such a fkin daze from the "magic" of AI that nobody, or at least not enough people with influence in this sphere, have actually sat and thought through some of this stuff. Or the other , more likely scenario - they have, but just sweep it under the metaphorical rug because of the money it's bringing in. And the public largely is OK with it, because again, they're just amazed by "what it can do".
I know this was long but thanks in advance to those who took the time to read it all. This is just coming from genuine concern I have about the long-term effects of this AI craze on our society. I'm just curious to get others' thoughts on this topic - any productive discussion is welcome. If you disagree, please elaborate on why, what I have missed, etc.
And before anybody asks, no I did not use AI to write the post about my thoughts on AI.
https://redd.it/1rodjmz
@r_systemadmin
Reddit
From the sysadmin community on Reddit
Explore this post and more from the sysadmin community
Your thoughts on implementing PAM in real environments?
We’re starting to look into Privileged Access Management (PAM) to improve how privileged accounts are handled across our environment. Right now things are a bit mixed between AD admin accounts, sudo access, and some manual controls.
Main things we’re trying to improve:
Better visibility into who is using privileged access
Session monitoring/auditing for critical systems
Reducing shared admin credentials
Tighter control over contractor or temporary access
For those who’ve implemented PAM, did it actually improve security in practice, or did it just add operational overhead? Also curious how you approached rollout gradual vs full enforcement.
https://redd.it/1rosp2a
@r_systemadmin
We’re starting to look into Privileged Access Management (PAM) to improve how privileged accounts are handled across our environment. Right now things are a bit mixed between AD admin accounts, sudo access, and some manual controls.
Main things we’re trying to improve:
Better visibility into who is using privileged access
Session monitoring/auditing for critical systems
Reducing shared admin credentials
Tighter control over contractor or temporary access
For those who’ve implemented PAM, did it actually improve security in practice, or did it just add operational overhead? Also curious how you approached rollout gradual vs full enforcement.
https://redd.it/1rosp2a
@r_systemadmin
Reddit
From the sysadmin community on Reddit
Explore this post and more from the sysadmin community
How you manage cloud security visibility across 50+ accounts.. looking for vendor advice
dealing with a growing problem at work and really not sure what the best solution looks like right now.
we have a large number of cloud accounts and well the bigger issue is not the known assets, it is the unknown ones. See, developers spin up virtual machines, they finish their work, and just leave everything running. Problem is nobody notices until the bill comes or something breaks. So we need better visibility and i want to know what tools people are actually using.
here is what matters most to us before I actually tart evaluating vendors seriously. agentless is non negotiable, we cannot realistically manage agents at our scale. So we need AppSec and cloud security under one license, (not four tools stitched together.) similarly vulnerability intelligence that gets ahead of CVE feeds,( not just reacts to them). Then attack path analysis with the ability to define high value assets ourselves. And finally the integrations with Slack, Teams, and email without custom scripting.
here is what i have already looked at and where i ran into friction:
Microsoft Defender for Cloud : good if we are all-in on Azure, but we are multi-cloud and the experience outside Azure felt like an afterthought
Orca Security : agentless and the asset visibility is genuinely good, but we are not sure it fully covers AppSec depth at our scale.
Lacework : liked the anomaly detection but AppSec coverage felt thin and the unified visibility we needed was not really there
Wiz : agentless and strong on asset visibility, but pricing came up as a concern at our account scale and some AppSec depth was missing compared to what we need
Have any of you people dealt with a similar setup and found something that genuinely covers all of this without the tradeoffs above?
https://redd.it/1rotqs8
@r_systemadmin
dealing with a growing problem at work and really not sure what the best solution looks like right now.
we have a large number of cloud accounts and well the bigger issue is not the known assets, it is the unknown ones. See, developers spin up virtual machines, they finish their work, and just leave everything running. Problem is nobody notices until the bill comes or something breaks. So we need better visibility and i want to know what tools people are actually using.
here is what matters most to us before I actually tart evaluating vendors seriously. agentless is non negotiable, we cannot realistically manage agents at our scale. So we need AppSec and cloud security under one license, (not four tools stitched together.) similarly vulnerability intelligence that gets ahead of CVE feeds,( not just reacts to them). Then attack path analysis with the ability to define high value assets ourselves. And finally the integrations with Slack, Teams, and email without custom scripting.
here is what i have already looked at and where i ran into friction:
Microsoft Defender for Cloud : good if we are all-in on Azure, but we are multi-cloud and the experience outside Azure felt like an afterthought
Orca Security : agentless and the asset visibility is genuinely good, but we are not sure it fully covers AppSec depth at our scale.
Lacework : liked the anomaly detection but AppSec coverage felt thin and the unified visibility we needed was not really there
Wiz : agentless and strong on asset visibility, but pricing came up as a concern at our account scale and some AppSec depth was missing compared to what we need
Have any of you people dealt with a similar setup and found something that genuinely covers all of this without the tradeoffs above?
https://redd.it/1rotqs8
@r_systemadmin
Reddit
From the sysadmin community on Reddit
Explore this post and more from the sysadmin community
Advice for an aspiring IT Manager
Hi all, worth asking here so I can pivot myself accordingly! For context I'm currently an "IT support engineer" for a medium sized company with a very small IT team consisting of myself and the IT Manager... There was a 3rd but redundancies happened that saw him off.
My end goal for my career is to work towards becoming an IT director, however I'm fully aware that requires the ladder to be climbed appropriately so my next step would be as an IT manager (to me). My question revolves around what was the jump point for 1st time IT managers that made you say "I'm qualified to do this and well" and what was "Wish I knew that sooner".
My skills have gone somewhat outside just "IT support" as recently I've been more and more involved in deployment of new technology such as building our new SFTP server, implementing Intune and taking on Security as a bigger step. The general consensus around the office is "why are you doing the Managers job?" and I always tend to agree... but for the sake of career progression these developments look good on my resume.
I also seem to create and maintain good relations with suppliers, 3rd party's etc and pride myself on being an actually approachable "IT Nerd". I've already attained Comptia Sec+ and working on Net+. I'm aware that qualifications look nice and while are helpful for landing higher end jobs, it's what you bring to the table that counts.
My plan was to give my current company 3 years of my service then look elsewhere but I'm curious how others have navigated their change from support to management?
Thanks all!
https://redd.it/1roucxa
@r_systemadmin
Hi all, worth asking here so I can pivot myself accordingly! For context I'm currently an "IT support engineer" for a medium sized company with a very small IT team consisting of myself and the IT Manager... There was a 3rd but redundancies happened that saw him off.
My end goal for my career is to work towards becoming an IT director, however I'm fully aware that requires the ladder to be climbed appropriately so my next step would be as an IT manager (to me). My question revolves around what was the jump point for 1st time IT managers that made you say "I'm qualified to do this and well" and what was "Wish I knew that sooner".
My skills have gone somewhat outside just "IT support" as recently I've been more and more involved in deployment of new technology such as building our new SFTP server, implementing Intune and taking on Security as a bigger step. The general consensus around the office is "why are you doing the Managers job?" and I always tend to agree... but for the sake of career progression these developments look good on my resume.
I also seem to create and maintain good relations with suppliers, 3rd party's etc and pride myself on being an actually approachable "IT Nerd". I've already attained Comptia Sec+ and working on Net+. I'm aware that qualifications look nice and while are helpful for landing higher end jobs, it's what you bring to the table that counts.
My plan was to give my current company 3 years of my service then look elsewhere but I'm curious how others have navigated their change from support to management?
Thanks all!
https://redd.it/1roucxa
@r_systemadmin
Reddit
From the sysadmin community on Reddit
Explore this post and more from the sysadmin community
Firewall rule naming conventions: What actually works in practice?
Hi everyone,
I’m curious how others handle naming and structuring firewall / packet filter rules in larger environments.
Background: I recently moved into a more security-focused role, and one thing I’d like to improve is the consistency and clarity of our firewall rules. Right now there’s a mix of different naming styles and structures, which makes it harder to quickly understand what a rule is actually doing. Having that tidied up wasn’t really a thing for years, and I did not get my head around it in my previous networking role either. But it’s bugging me more and more with a growing network. From a security perspective, I’d also like to reduce the potential attack surface created by unclear or misleading rules, and introduce a consistent structure and naming scheme going forward. Before I start drafting a concept for this, I’d love to get some input from people who have already gone through something similar. My goal is to come up with something that is clear, consistent, and easy to understand even years later.
There seem to be many possible approaches for structuring rule sets, for example:
Port ranges (1–100, 101–200)
Department-based (IT, Sales, Support)
Technology stacks (Web, SSH, Database)
Rule names themselves also vary a lot, for example:
HTTPS to X
TCP to X
Application X to Y
ApplicationX
80/443 to X
I guess many internal firewalls aren't using application-level filtering, which makes names like HTTPs (Do you guys have 80 & 443 in one rule or to seperate ones for the same source and destination?) or SSH somewhat questionable because in reality you can’t guarantee what’s actually running over that port. Maybe that’s just my inner perfectionist talking.
So I’m curious how you guys are naming and sorting your firewall rules. Do you prefer protocol/port-based, application-based, or source to destination style naming?
Are there any best practices that have proven useful in the long run? Any experiences or lessons learned would be very helpful
https://redd.it/1rowr24
@r_systemadmin
Hi everyone,
I’m curious how others handle naming and structuring firewall / packet filter rules in larger environments.
Background: I recently moved into a more security-focused role, and one thing I’d like to improve is the consistency and clarity of our firewall rules. Right now there’s a mix of different naming styles and structures, which makes it harder to quickly understand what a rule is actually doing. Having that tidied up wasn’t really a thing for years, and I did not get my head around it in my previous networking role either. But it’s bugging me more and more with a growing network. From a security perspective, I’d also like to reduce the potential attack surface created by unclear or misleading rules, and introduce a consistent structure and naming scheme going forward. Before I start drafting a concept for this, I’d love to get some input from people who have already gone through something similar. My goal is to come up with something that is clear, consistent, and easy to understand even years later.
There seem to be many possible approaches for structuring rule sets, for example:
Port ranges (1–100, 101–200)
Department-based (IT, Sales, Support)
Technology stacks (Web, SSH, Database)
Rule names themselves also vary a lot, for example:
HTTPS to X
TCP to X
Application X to Y
ApplicationX
80/443 to X
I guess many internal firewalls aren't using application-level filtering, which makes names like HTTPs (Do you guys have 80 & 443 in one rule or to seperate ones for the same source and destination?) or SSH somewhat questionable because in reality you can’t guarantee what’s actually running over that port. Maybe that’s just my inner perfectionist talking.
So I’m curious how you guys are naming and sorting your firewall rules. Do you prefer protocol/port-based, application-based, or source to destination style naming?
Are there any best practices that have proven useful in the long run? Any experiences or lessons learned would be very helpful
https://redd.it/1rowr24
@r_systemadmin
Reddit
From the sysadmin community on Reddit
Explore this post and more from the sysadmin community
Bitlocker with PIN seems impossible.
The title is a bit hyperbolic but I can't find a way to implement this without serious internal pain. I have been given a mandate to implement bitlocker with pin and no guidance on how to do so. Here are the problems I've found.
-Requesting a PIN each reboot means ever time we patch, every system needs to be manually unlocked to boot. We have wsus and it doesn't pause enforcement automatically when patching.
-To cut down on unlocks I wrote a script that runs as an on shutdown script. It SHOULD check for the most recent shutdown event and if it is a reboot, suspend bitlocker so it doesn't need a pin. Except, sometimes it just doesn't work for no apparent reason.
-When a single pin is assigned by me to multiple users, the users forgot the key they were all given.
-When allowed to assign their own pin, the users forgot their pin because the bitlocker pin requirements ban sequential or repeat numbers which makes this pin different than their existing PINs. This rule cannot be disabled.
So I can't stop the bitlocker pin lock on patch, nobody can remember their pin whether they are all set the same or set by them. Any suggestions for how this can be done without immense impact?
We have MECM, which supports suspending bitlocker on patch, but it isn't configured as a SUP. I am considering setting that up but for various reasons I'd rather not if I don't have to.
Finally, I won't be able to read this for hours so don't expect a quick response from me.
https://redd.it/1roxip0
@r_systemadmin
The title is a bit hyperbolic but I can't find a way to implement this without serious internal pain. I have been given a mandate to implement bitlocker with pin and no guidance on how to do so. Here are the problems I've found.
-Requesting a PIN each reboot means ever time we patch, every system needs to be manually unlocked to boot. We have wsus and it doesn't pause enforcement automatically when patching.
-To cut down on unlocks I wrote a script that runs as an on shutdown script. It SHOULD check for the most recent shutdown event and if it is a reboot, suspend bitlocker so it doesn't need a pin. Except, sometimes it just doesn't work for no apparent reason.
-When a single pin is assigned by me to multiple users, the users forgot the key they were all given.
-When allowed to assign their own pin, the users forgot their pin because the bitlocker pin requirements ban sequential or repeat numbers which makes this pin different than their existing PINs. This rule cannot be disabled.
So I can't stop the bitlocker pin lock on patch, nobody can remember their pin whether they are all set the same or set by them. Any suggestions for how this can be done without immense impact?
We have MECM, which supports suspending bitlocker on patch, but it isn't configured as a SUP. I am considering setting that up but for various reasons I'd rather not if I don't have to.
Finally, I won't be able to read this for hours so don't expect a quick response from me.
https://redd.it/1roxip0
@r_systemadmin
Reddit
From the sysadmin community on Reddit
Explore this post and more from the sysadmin community
I reported a malicious Chrome extension yesterday — Google just pulled it from the Web Store. Here's the full technical breakdown of what it was doing
Full report: https://monxresearch-sec.github.io/shotbird-extension-malware-report/
TL;DR: Chrome extension ShotBird (gengfhhkjekmlejbhmmopegofnoifnjp) was sold to new operators who turned it into a remote-controlled malware channel. It was:
Stripping CSP/security headers via rules.json on every page you visited
Capturing form inputs (passwords, card numbers, IBANs)
Injecting fake Chrome update popups
Staging a credential-theft executable (googleupdate.exe → psfx.msi → irm orangewater00.com|iex)
Google removed it from the Web Store today. Chrome will auto-remove it from affected browsers within 24-48 hours.
Extension had 717 users and was Featured. Full IOCs, raw callback scripts, and PE analysis in the report.
https://redd.it/1roz2lw
@r_systemadmin
Full report: https://monxresearch-sec.github.io/shotbird-extension-malware-report/
TL;DR: Chrome extension ShotBird (gengfhhkjekmlejbhmmopegofnoifnjp) was sold to new operators who turned it into a remote-controlled malware channel. It was:
Stripping CSP/security headers via rules.json on every page you visited
Capturing form inputs (passwords, card numbers, IBANs)
Injecting fake Chrome update popups
Staging a credential-theft executable (googleupdate.exe → psfx.msi → irm orangewater00.com|iex)
Google removed it from the Web Store today. Chrome will auto-remove it from affected browsers within 24-48 hours.
Extension had 717 users and was Featured. Full IOCs, raw callback scripts, and PE analysis in the report.
https://redd.it/1roz2lw
@r_systemadmin
ShotBird Extension Malware Report
From a Sophisticated Browser-Extension Supply-Chain Compromise to a VibeCoded Twist: A Chrome Extension as the Initial Access Vector…
Independent technical analysis of a Chrome extension compromise, fake update chain, and Windows-stage malware activity.
If you have >100 employees but don't use O365 Services what do you use for Mail & Chat?
Basically title. I figure most people are using Slack if they're not using Teams. But I got curious this morning before my Adderall kicked in: For organizations of over 100 people, if you're not locked into the O365 ecosystem what are you using?
And a sub question for people who see this and are using almost all of O365 but using Slack over Teams: Why?
https://redd.it/1rp0q2x
@r_systemadmin
Basically title. I figure most people are using Slack if they're not using Teams. But I got curious this morning before my Adderall kicked in: For organizations of over 100 people, if you're not locked into the O365 ecosystem what are you using?
And a sub question for people who see this and are using almost all of O365 but using Slack over Teams: Why?
https://redd.it/1rp0q2x
@r_systemadmin
Reddit
From the sysadmin community on Reddit
Explore this post and more from the sysadmin community
Microsoft announces Microsoft 365 E7 with new agentic AI features
>Customers have told us E5 alone is no longer enough; they do not want multiple tools stitched together, they want one trusted solution. At $99 per user, E7 is priced below purchasing these capabilities à la carte, giving customers a simpler, more cost-effective way to deploy enterprise AI at scale.
Introducing the First Frontier Suite built on Intelligence + Trust - The Official Microsoft Blog
https://redd.it/1rp1rzu
@r_systemadmin
>Customers have told us E5 alone is no longer enough; they do not want multiple tools stitched together, they want one trusted solution. At $99 per user, E7 is priced below purchasing these capabilities à la carte, giving customers a simpler, more cost-effective way to deploy enterprise AI at scale.
Introducing the First Frontier Suite built on Intelligence + Trust - The Official Microsoft Blog
https://redd.it/1rp1rzu
@r_systemadmin
The Official Microsoft Blog
Introducing the First Frontier Suite built on Intelligence + Trust
Today Microsoft is announcing: Wave 3 of Microsoft 365 Copilot Expanded model diversity with Claude and next-gen OpenAI models available today General availability of Agent 365 on May 1 for $15 per user General availability of the new Microsoft 365 E7: The…
Ops engineer who built half our automation just gave notice. Nobody understands the system
Ok so our operations engineer just gave his notice a few days ago, and I just realized how much of our mid-size startup relies on what he built over the years. He wrote tons of automations that move data between systems, generate reports, trigger approval, and all the other QOL stuff.
I mean everything still technically works and we had a good chat. (He got a better offer and I completely understand his decision, we still keep in touch from time to time, especially when I have questions.) But the thing is, nobody unedrstands how things work except him.
There are some resources that he left behind, although they're pretty outdated, so now upper managemetn it scrambling asking if we can still keep things running. For those of you who have dealt with this, how do you recover when everythging is basically locked inside the automation stack of an employee who just left?
https://redd.it/1rp42rx
@r_systemadmin
Ok so our operations engineer just gave his notice a few days ago, and I just realized how much of our mid-size startup relies on what he built over the years. He wrote tons of automations that move data between systems, generate reports, trigger approval, and all the other QOL stuff.
I mean everything still technically works and we had a good chat. (He got a better offer and I completely understand his decision, we still keep in touch from time to time, especially when I have questions.) But the thing is, nobody unedrstands how things work except him.
There are some resources that he left behind, although they're pretty outdated, so now upper managemetn it scrambling asking if we can still keep things running. For those of you who have dealt with this, how do you recover when everythging is basically locked inside the automation stack of an employee who just left?
https://redd.it/1rp42rx
@r_systemadmin
Reddit
From the sysadmin community on Reddit
Explore this post and more from the sysadmin community