Fellow BC, Canada Sys Admins: What are you doing/What have you heard about the time change changes?

For everyone: Our province is finally abolishing the biannual time change. Today is the last time we'll spring our clocks forward, and we won't fall them back in 6 months.

Everything did as it should this morning. So what are the vendors doing about the fall? Will Microsoft include us in an upcoming patch? Will we have to take care of it ourselves? What about the Linux vendors? Appliances?

Personally, I have to change a bunch of Cisco/Linksys stuff on my homelab VOIP system, but I think that's about it.

https://redd.it/1roe2np
@r_systemadmin

AI training for sysadmins

Any good documentation/training/tips on how sysadmins can get the most out of AI?

https://redd.it/1roby8p
@r_systemadmin

On-Prem SMB Shares to Copilot 365 - GCC High

Hi All,
I've been fighting this for a week or so now so appreciate any input.

I'm trying to set up the Microsoft File Share Graph Connector for M365 Copilot on a GCC High tenant. The connector is published, shows green/Ready in the portal, the GCA agent health check passes, all endpoints are reachable, it can see the files in the test folder. But it never actually indexes them and fails with an "access is denied" error. I've used the user account and confirmed it has access to the files (even tried "everyone" permissions on the test files).

According to the MS setup guide you only have to change:

* appsettings.json CloudInstanceUrl is set to [login.microsoftonline.us](https://login.microsoftonline.us)

but i also found in the HostConfig there are references to commercial endpoints, so i tried adding the GCC High endpoints (gcs.office365.us, graph.microsoft.us, graph.microsoft.com, login.microsoftonline.us) still no dice.

I'm at a loss...

Help me Sysadmin Reddit.. you're my only hope.

https://redd.it/1ropyf0
@r_systemadmin

Thoughts on AI

First - this is a long post. I have a lot of thoughts on this topic. Yes, it's another AI rant.

So like with many other places, AI has recently enveloped our company to the point where it is now somehow behind the majority of our top priorities. Execs and Developers want to use every new shiny AI-related tool that comes out, and we seem to have no issues spending the money. In any event, since we have the tools available I've tried to make use of them when I can, cautiously. While at the same time observing others that I think are overusing it to an extreme - to the point that when I ask them a question, I get a response either from Google's search AI response or sometimes their own chat with Copilot or whatever. Which is dumb because if I asked them a question, I wanted their thoughts on it, not AI's. If I wanted AI's thoughts, I'd have asked it myself. So I try not to be that person, but at the same time don't want to be the person who can't adapt to changing times...so I try to sit somewhere in the middle, and embrace it where I can.

A little background on me, I'm a DBA, SysAdmin before that, who scripts a lot for my day job and also develops software as a hobby for most of my life, though I've never worked as a paid Developer. But I'm familiar enough with scripting, software internals and code. Yesterday was the first day I spent actually letting AI drive the majority of the tasks to write a couple scripts for some work I needed to do, as well as in Excel to piece data together from different sheets. And I have to say - I'm not all that impressed.

Everything I asked it for the script stuff was related to VMware PowerCLI, specifically ESXi storage-related commands (to get information I needed to pull, and dump to CSV and/or output to GridView). All the cmdlets, modules and APIs used are publicly documented, and it all pertained to standalone scripts, so no need for the AI to understand any context outside the scripts itself (other than an instruction file and my VS Code settings that I told it to read) - these weren't part of a larger project or anything like that. It wasn't making any changes to our environment, nor did it need to know anything specific about the environment (that would all be passed to the script via params), and it wrote both scripts itself. So it should be pretty simple for it, I would think, especially with what I've heard and seen first-hand lately about all these complex projects being vibe coded. This was using Sonnet 4.6, and later Opus 4.6 in VS Code in agent mode.

But it seemed to overthink things a lot even when it was a simple question, and do some things unnecessarily complicated, and often times it didn't even work. I read through it's detailed reasoning process on almost everything I asked it, and it would very often go in circles with itself and eventually settle on some answer that may or may not be correct. There were a few parts where if I hadn't actually known myself how to go about it, it would've been no help whatsoever. On the other pieces where it did finally get it right on its own, it took a ton of back-and-forth in many cases, and I'd still have to be very specific about certain things. Some things it took like 10 tries before it found a working method, and on some things it never did until I told it exactly how to. Stuff I would think is pretty simple would trip it up - like trying to read settings from my VS Code settings file to follow the instructions in the instruction file (which just pertained to formatting rules, nothing fancy). I was coaching it more than it was coaching me. Maybe PowerCLI was a bad use case, but given that everything is publicly documented and it seemed to have no trouble identifying the commands and APIs it thought it should use, I'd think it should be fine.

In the end, did it save any time? I really don't know - maybe? Even if it did, there's a tradeoff - the fact that I didn't get to beef up my skillset like I would've if I'd had to do all the research and write it all myself like I would've in the past. Mental skills are

like muscles - if we don't use them, we lose them over time. So as AI becomes better at what it does, I think we will become worse at what we do (those of us who already had skillsets in certain areas). When considering people newly entering the field, they will never build a skillset in the first place. When using AI, they may get a similar result as a more senior person eventually - likely in quite a longer time, due to not knowing as many specifics about what to ask - but also would learn very little in the process. Not sure that's a good thing.

In Excel, it was using Opus 4.5 in agent mode, and I really just asked it to match column values across sheets and fill in some blanks. And yeah, it generated formulas to do that - somewhat messy ones, initially. Once I told it to refine them in certain ways, it did, and it was good enough. So it may have allowed me to be more productive there. But again, same downside - I'm not getting "better at Excel" by learning a new formula (which I'd stash away in my notes for later use) and adding to my skillset, instead I'm getting better at talking to AI.

The biggest benefit I've seen from it so far is probably with meeting summarization, especially the integration with transcription features in Teams. This can make it very easy to jump the correct point of a long, recorded working meeting for example, where we cover some specific topic, without having to spend hours re-watching the whole thing. It's also very good at crawling structures and documenting them, although to an extent those features were already available before AI (e.g. specific tools to perform these tasks for specific use cases, like SQL databases) but I guess AI has just allowed that to be applicable in many more places than it was before. So that stuff has been good for the most part. It's not all bad.

But the coding stuff was largely a disaster, even with an expensive model that's supposed to be "the best" for coding. The experience I had yesterday aligns closely with the bits and pieces I had prior (I have used it quite a bit before but just for chat questions here and there, never in agent mode and never letting it "drive" like I did today). And even the Excel stuff, while somewhat "productive", has the negative tradeoff of not adding to/honing your skillset because you aren't actually using the product anymore. Finance people who used to be wizards with Excel, over time, will just become drones that talk to AI. New Finance people entering the workforce will never get those skills in the first place.

So when I hear about how "easy and cheap it is to write code now" because "any Junior Developer can vibe code stuff" I'm just thinking...maybe?....but with so many tradeoffs, long-term I'm not sure it's doing the company, the team, the customer, nor the developer themselves any favors (even if the immediate return "seems great"). And the same is true for using it to do your job in other disciplines as well - I expect this to permeate into the IT world more and more as we go forward, especially with administration of cloud infrastructure like Azure and AWS. Someone who "doesn't know what they don't know", as they say, won't know what guidance to give, or what things to challenge it on, because they don't know any better in the first place.

There were several times Claude actually tried to convince me it was right about something that it most definitely was not, telling me "this is the correct approach". Only after I explain to it, in depth, why this is not the correct approach, and give it a hint of what to do instead, would it change it's tune and go that direction. And given what I saw on the parts where I was familiar and had to coach it along, I'm honestly not all that confident that the parts where it did "get it right" on its own (meaning it at least produced a working piece of code without me telling exactly what to do) that those things are actually done in the correct or most efficient way. But "they work" (or seem to, anyway), which means when this happens in the wild, people are happy - likely nobody

is double checking anything, or very high-level spot checks at best. So some Junior Developer or SysAdmin might continue going back and forth with it all day until through enough trial and error and money spent on premium requests, they finally get a working product. But if what I saw today is any indication, I think a lot of it will be messy, and not necessarily optimal, performant nor elegant.

Do we plan to let these things make more serious decisions one day? Financial advice, health advice, etc. What happens when AI assures your paid "expert" (e.g. Financial Advisor, Doctor), that a certain route "is the correct approach"? If the expert doesn't catch it or doesn't know any better, and ends up parroting that guidance back to you, the client, you very likely accept it because again, they are the "paid expert" that's supposed to know what they're doing. So maybe the better question is - if/when this happens - will you even know?

And when it fucks up and leads real people down the wrong path with bad advice, and the person rightfully gets pissed, what will the response be - the same generic YMMV crap (e.g. "investing is a risk - past success does not guarantee future results" or "these may not be all side effects"). I know there's already been stories of AI convincing people to take their own lives, which is extremely sad. Of course, guardrails can and should be put in place to help mitigate some of this stuff, which supposedly has been done in many cases - but then I hear about AI agents that are allowed to modify their own configs. So if that's the case, what good are guardrails? If AI wants to go out of bounds on something, it'll just look at it's config, say "oh, I see the problem, there's this dumb restriction in the way", remove it, and proceed on it's merry way down whatever fucked up path we tried to stop it from going down. Some of this may sound like an unlikely scenario to some, but some of it (like agents modifying their own configs) is quite literally already happening - I don't think it's a stretch at all to say we're headed down a potentially very dangerous and destructive path.

At the end of the day, we're giving up our own mental capacity and critical thinking skills in the name of "productivity". Just because you produce more in a given amount of time does not always mean it's better. If quality drops, if manageability drops and overhead increases, if complexity increases unnecessarily with no benefit - then is it really a win? Not to mention, as time goes on and AI's "skills continue to "sharpen", and our own skills continue to decline, we will become less and less adept at catching AI's mistakes. So human review of AI-generated things will become less and less effective.

I'll leave it there for now because I could go on for quite a while. It's just shocking to me that the entire world is in such a fkin daze from the "magic" of AI that nobody, or at least not enough people with influence in this sphere, have actually sat and thought through some of this stuff. Or the other , more likely scenario - they have, but just sweep it under the metaphorical rug because of the money it's bringing in. And the public largely is OK with it, because again, they're just amazed by "what it can do".

I know this was long but thanks in advance to those who took the time to read it all. This is just coming from genuine concern I have about the long-term effects of this AI craze on our society. I'm just curious to get others' thoughts on this topic - any productive discussion is welcome. If you disagree, please elaborate on why, what I have missed, etc.

And before anybody asks, no I did not use AI to write the post about my thoughts on AI.

https://redd.it/1rodjmz
@r_systemadmin

Your thoughts on implementing PAM in real environments?

We’re starting to look into Privileged Access Management (PAM) to improve how privileged accounts are handled across our environment. Right now things are a bit mixed between AD admin accounts, sudo access, and some manual controls.

Main things we’re trying to improve:

Better visibility into who is using privileged access
Session monitoring/auditing for critical systems
Reducing shared admin credentials
Tighter control over contractor or temporary access

For those who’ve implemented PAM, did it actually improve security in practice, or did it just add operational overhead? Also curious how you approached rollout gradual vs full enforcement.

https://redd.it/1rosp2a
@r_systemadmin

How you manage cloud security visibility across 50+ accounts.. looking for vendor advice

dealing with a growing problem at work and  really not sure what the best solution looks like right now.

we have a large number of cloud accounts and well  the bigger issue is not the known assets, it is the unknown ones. See,  developers spin up virtual machines, they  finish their work, and just leave everything running. Problem is  nobody notices until the bill comes or something breaks. So  we need better visibility and i want to know what tools people are actually using.

here is what matters most to us before I actually tart evaluating vendors seriously. agentless is non negotiable, we cannot realistically manage agents at our scale. So we need AppSec and cloud security under one license, (not four tools stitched together.) similarly  vulnerability intelligence that gets ahead of CVE feeds,( not just reacts to them).  Then attack path analysis with the ability to define high value assets ourselves. And finally the  integrations with Slack, Teams, and email without custom scripting.

here is what i have already looked at and where i ran into friction:

Microsoft Defender for Cloud : good if we are all-in on Azure, but we are multi-cloud and the experience outside Azure felt like an afterthought
Orca Security : agentless and the asset visibility is genuinely good, but we are not sure it fully covers AppSec depth at our scale.
Lacework : liked the anomaly detection but AppSec coverage felt thin and the unified visibility we needed was not really there
Wiz : agentless and strong on asset visibility, but pricing came up as a concern at our account scale and some AppSec depth was missing compared to what we need

Have any of you people dealt with a similar setup and found something that genuinely covers all of this without the tradeoffs above? 



https://redd.it/1rotqs8
@r_systemadmin

Advice for an aspiring IT Manager

Hi all, worth asking here so I can pivot myself accordingly! For context I'm currently an "IT support engineer" for a medium sized company with a very small IT team consisting of myself and the IT Manager... There was a 3rd but redundancies happened that saw him off.

My end goal for my career is to work towards becoming an IT director, however I'm fully aware that requires the ladder to be climbed appropriately so my next step would be as an IT manager (to me). My question revolves around what was the jump point for 1st time IT managers that made you say "I'm qualified to do this and well" and what was "Wish I knew that sooner".

My skills have gone somewhat outside just "IT support" as recently I've been more and more involved in deployment of new technology such as building our new SFTP server, implementing Intune and taking on Security as a bigger step. The general consensus around the office is "why are you doing the Managers job?" and I always tend to agree... but for the sake of career progression these developments look good on my resume.

I also seem to create and maintain good relations with suppliers, 3rd party's etc and pride myself on being an actually approachable "IT Nerd". I've already attained Comptia Sec+ and working on Net+. I'm aware that qualifications look nice and while are helpful for landing higher end jobs, it's what you bring to the table that counts.

My plan was to give my current company 3 years of my service then look elsewhere but I'm curious how others have navigated their change from support to management?

Thanks all!

https://redd.it/1roucxa
@r_systemadmin

Firewall rule naming conventions: What actually works in practice?

Hi everyone,

I’m curious how others handle naming and structuring firewall / packet filter rules in larger environments.

Background: I recently moved into a more security-focused role, and one thing I’d like to improve is the consistency and clarity of our firewall rules. Right now there’s a mix of different naming styles and structures, which makes it harder to quickly understand what a rule is actually doing. Having that tidied up wasn’t really a thing for years, and I did not get my head around it in my previous networking role either. But it’s bugging me more and more with a growing network. From a security perspective, I’d also like to reduce the potential attack surface created by unclear or misleading rules, and introduce a consistent structure and naming scheme going forward. Before I start drafting a concept for this, I’d love to get some input from people who have already gone through something similar. My goal is to come up with something that is clear, consistent, and easy to understand even years later.

There seem to be many possible approaches for structuring rule sets, for example:

Port ranges (1–100, 101–200)
Department-based (IT, Sales, Support)
Technology stacks (Web, SSH, Database)

Rule names themselves also vary a lot, for example:

HTTPS to X
TCP to X
Application X to Y
ApplicationX
80/443 to X

I guess many internal firewalls aren't using application-level filtering, which makes names like HTTPs (Do you guys have 80 & 443 in one rule or to seperate ones for the same source and destination?) or SSH somewhat questionable because in reality you can’t guarantee what’s actually running over that port. Maybe that’s just my inner perfectionist talking.

So I’m curious how you guys are naming and sorting your firewall rules. Do you prefer protocol/port-based, application-based, or source to destination style naming?

Are there any best practices that have proven useful in the long run? Any experiences or lessons learned would be very helpful

https://redd.it/1rowr24
@r_systemadmin

Bitlocker with PIN seems impossible.

The title is a bit hyperbolic but I can't find a way to implement this without serious internal pain. I have been given a mandate to implement bitlocker with pin and no guidance on how to do so. Here are the problems I've found.

-Requesting a PIN each reboot means ever time we patch, every system needs to be manually unlocked to boot. We have wsus and it doesn't pause enforcement automatically when patching.

-To cut down on unlocks I wrote a script that runs as an on shutdown script. It SHOULD check for the most recent shutdown event and if it is a reboot, suspend bitlocker so it doesn't need a pin. Except, sometimes it just doesn't work for no apparent reason.

-When a single pin is assigned by me to multiple users, the users forgot the key they were all given.

-When allowed to assign their own pin, the users forgot their pin because the bitlocker pin requirements ban sequential or repeat numbers which makes this pin different than their existing PINs. This rule cannot be disabled.

So I can't stop the bitlocker pin lock on patch, nobody can remember their pin whether they are all set the same or set by them. Any suggestions for how this can be done without immense impact?

We have MECM, which supports suspending bitlocker on patch, but it isn't configured as a SUP. I am considering setting that up but for various reasons I'd rather not if I don't have to.

Finally, I won't be able to read this for hours so don't expect a quick response from me.

https://redd.it/1roxip0
@r_systemadmin

I reported a malicious Chrome extension yesterday — Google just pulled it from the Web Store. Here's the full technical breakdown of what it was doing

Full report: https://monxresearch-sec.github.io/shotbird-extension-malware-report/

TL;DR: Chrome extension ShotBird (gengfhhkjekmlejbhmmopegofnoifnjp) was sold to new operators who turned it into a remote-controlled malware channel. It was:

Stripping CSP/security headers via rules.json on every page you visited
Capturing form inputs (passwords, card numbers, IBANs)
Injecting fake Chrome update popups
Staging a credential-theft executable (googleupdate.exe → psfx.msi → irm orangewater00.com|iex)

Google removed it from the Web Store today. Chrome will auto-remove it from affected browsers within 24-48 hours.

Extension had 717 users and was Featured. Full IOCs, raw callback scripts, and PE analysis in the report.

https://redd.it/1roz2lw
@r_systemadmin

If you have >100 employees but don't use O365 Services what do you use for Mail & Chat?

Basically title. I figure most people are using Slack if they're not using Teams. But I got curious this morning before my Adderall kicked in: For organizations of over 100 people, if you're not locked into the O365 ecosystem what are you using?

And a sub question for people who see this and are using almost all of O365 but using Slack over Teams: Why?

https://redd.it/1rp0q2x
@r_systemadmin

Microsoft announces Microsoft 365 E7 with new agentic AI features

>Customers have told us E5 alone is no longer enough; they do not want multiple tools stitched together, they want one trusted solution. At $99 per user, E7 is priced below purchasing these capabilities à la carte, giving customers a simpler, more cost-effective way to deploy enterprise AI at scale.

Introducing the First Frontier Suite built on Intelligence + Trust - The Official Microsoft Blog

https://redd.it/1rp1rzu
@r_systemadmin

Ops engineer who built half our automation just gave notice. Nobody understands the system

Ok so our operations engineer just gave his notice a few days ago, and I just realized how much of our mid-size startup relies on what he built over the years. He wrote tons of automations that move data between systems, generate reports, trigger approval, and all the other QOL stuff.

I mean everything still technically works and we had a good chat. (He got a better offer and I completely understand his decision, we still keep in touch from time to time, especially when I have questions.) But the thing is, nobody unedrstands how things work except him.

There are some resources that he left behind, although they're pretty outdated, so now upper managemetn it scrambling asking if we can still keep things running. For those of you who have dealt with this, how do you recover when everythging is basically locked inside the automation stack of an employee who just left?



https://redd.it/1rp42rx
@r_systemadmin

PSA: Abble Business Manager can remove personal activation locks.

The last time I was reprovisioning old (pre-ABM/MDM) devices, I had to fire off a support ticket to remove activation locks. Did the same thing recently. But haven't heard back for a while, so I went poking around.

Devices -> select a device -> ellipsis (3 dots) top right -> Turn Off Activation Lock

Option is available for devices with Activation Lock status "On (User)" and "On (Organization)"

This is news to me, so I thought I'd share that in case anyone else was unaware and/or had an ABM-enrolled device they were unable to unlock for whatever reason. I wonder if the timing coincided with the terms update last year? (These last few phones were deployed for awhile before our ABM/MDM setup was fully configured)



edit: how did I typo B's and P's? I don't know. Apparently, I also need to go switch my auto insurance to Biberty.

Apple Business Manager.

https://redd.it/1rp7i95
@r_systemadmin

Patch Tuesday Megathread - March 10, 2026

Hello r/sysadmin, I'm u/automoderator and welcome to this month's Patch Megathread!

This is the (mostly) safe location to talk about the latest patches, updates, and releases. We put this thread into place to help gather all the information about this month's updates: What is fixed, what broke, what got released and should have been caught in QA, etc. We do this both to keep clutter out of the subreddit, and provide you, the dear reader, a singular resource to read.

For those of you who wish to review prior Megathreads, you can do so here.

While this thread is timed to coincide with Microsoft's Patch Tuesday, feel free to discuss any patches, updates, and releases, regardless of the company or product.

NOTE: This thread is usually posted before the release of Microsoft's updates, which are scheduled to come out at 5:00PM UTC.

Remember the rules of safe patching:

Deploy to a test/dev environment before prod.
Deploy to a pilot/test group before the whole org.
Have a plan to roll back if something doesn't work.
Test, test, and test!

https://redd.it/1rpzab4
@r_systemadmin

Medical Company Styker attacked by Iranian backed hackers - all data deleted

https://www.mirror.co.uk/news/world-news/stryker-live-iran-cyber-attack-36850867

Work devices including mobile phones 'wiped' by hackers
Around the world, Stryker operates in 61 countries and has more than 56,000 employees and its Cork base is the biggest site outside of the US.

Most work devices, including personal phones that had a Stryker work profile, have been wiped by cybercriminals.

https://redd.it/1rqye6u
@r_systemadmin

Irans Hack

With the recent cyberattack against Stryker reportedly linked to an Iranian-aligned hacker group, it looks like thousands of systems and devices were disrupted globally after attackers targeted their network environment. 

It got me wondering something about the current job market.

Over the past couple years a lot of IT roles seem to have been cut or consolidated, with companies expecting smaller teams to handle infrastructure, security, cloud, endpoints, etc. all at once. At the same time there’s been a big push toward automation and AI tools replacing parts of traditional IT work.

But when something like this happens especially a destructive attack (wipers, data destruction, etc.) it highlights how critical experienced infrastructure and security teams are.

For those of you working in enterprise environments:

• Do events like this actually push leadership to reinvest in IT/security staffing?

• Or do companies just treat it as a one-off incident and move on?

• Have you ever seen a major breach directly lead to more hiring?

Curious what people in the field are seeing right now.

https://redd.it/1rribwu
@r_systemadmin

Absolutely and totally checked out

Hello my fellow burnouts! I'm in my 20th year of IT work. I have been a sysadmin at my current job for about 5 years. I am the sole IT guy for this company that has grown since I got here, from about 200 to almost 300 people. My raises have been minimal and just had my yearly review and was bumped from 70k to 71k. I work almost every weekend. I get told there is no money, for a larger raise, but I know its a lie as at least 15 people take home more than 20k for a bonus from the previous year. I can see everything, I know what people's salaries and bonuses and see how low on the totem pole I am as I am run through the wringer daily.


I wish I could just quit, lockout the MSP account, and watch them all squirm. I apply for other jobs, had interviews, but nothing has lined up yet for me to jump ship. I feel disrespected at my current job and just miserable - sorry for the rant.

https://redd.it/1rqvpzy
@r_systemadmin

Thickheaded Thursday - March 12, 2026

Howdy, /r/sysadmin!

It's that time of the week, Thickheaded Thursday! This is a safe (mostly) judgement-free environment for all of your questions and stories, no matter how silly you think they are. Anybody can answer questions! My name is AutoModerator and I've taken over responsibility for posting these weekly threads so you don't have to worry about anything except your comments!

https://redd.it/1rrmla6
@r_systemadmin