Going to go against the grain a little here and say, why bother? If you already have a background in Linux, that will get you further in your career much faster. My education was 100% windows/cisco, but I haven’t touched either in the better part of a decade since I’ve been working with mostly “web stuff” where Linux dominates.
Invest the time you would spend slogging through learning Active Directory and grinding MCSE into something useful like Docker, ansible, bash, infra-as-code, etc. It’s more fun, and it’ll make you way more money!!
Microsoft publishes a learning platform that covers a large amount of topics, from Windows Server to Azure services. I used it to prepare for an Azure DevOps Database Administration certification. Should be a good place to start as it's free. Just search for what you're looking to learn or select a product from the filters and off you go. https://learn.microsoft.com/en-us/training/
From an admin perspective one of the best things to lab out is setting up a standard SMB server stack, which is 2x domain controllers, 2x DHCP servers, a file server, and a couple of desktop VMs, then practice setting it up to be nicely locked down like in a standard corporate environment. For example:
redirect user directories to the file server and set permissions so only the user, admins and departmental managers can access files
setup departmental directories on the share with departmental and managerial permissions
setup group policies to lock down the desktops so that users just get a standard experience
But also make sure to set this up both in Windows Server with the full "Desktop Experience" as well as on Windows Server Core, and try to do so while following best practices with redundancy, network segmentation, etc. you could even get fancy and setup a remote site with redundant servers and replication to the remote site as well to experiment with how that works.
Then of course, once you have your virtual SMB network setup, try to break it. Fill up some of the VMs so it's out of disk space, corrupt one of the VMs and try to recover it, power off the servers when you shouldn't, cut some important virtual Ethernet connections and leave them severed for a while, or degrade the virtual ethernet connection and see what happens, delete the only domain controller and see what the best path to business continuity is, etc.
This covers a lot of the tickets and critical failures you'll see on a standard SMB network and will give you a good amount of exposure to a lot of what you'll work with in the "real world"
A real world cursed config a friend who works at an MSP told me about is a domain controller with HyperV setup on it. You read that right, the DC is on the HyperV host. Apperently they've been wanting to fix it for a few years but haven't gotten the go ahead on the hours or downtime to fix it
How to learn Windows? Years of pain and torture of course.
What to learn? Powershell, learn powershell.
Then as you follow along any guides or howtos for administrative tasks, try to search how to accomplish the same things in powershell. Take notes on your own powershell learnings. I keep all my windows administrative powershell one liners, scripts, and notes in the same digital notebook for quick reference and updating.
If you're already experienced with bash, like I was, learning powershell might be tough. As it was for me, I had trouble understanding why PS cmdlets seemed to hide data when piped... Format-table(ft) and Format-List(fl) help tremendously
Powershell remoting is still a pain in my ass in most places, I rarely use it.
YouTube! Don't necessarily look for YouTube powershell windows videos. Just the necessary tasks through the GUI will give you the correct direction to begin converting a process to PS. Learn how other Admins process tasks by watching them. Especially if it's an often repeated task try converting some or all of what they do in the video into PS equivalent.
With all of that said knowing powershell doesn't really help recovering from disasters. Knowing how to install windows and recover data from borked systems is a task best learned through battles. So, absolutely set up VMs and installed all manner of versions you'll be working with...that way you'll have familiarity with when things go wrong in them. I've yet to install windows 11 in a VM but I did try to install a copy onto a surface tablet only to learn the hard way that do ing so leaves the tablet without the drivers necessary for using the keyboard and touchscreen...weird need a custom built image or recovery image, great fun.
Powershell remoting is still a pain in my ass in most places, I rarely use it.
So the big thing with remote Powershell sessions is that you can't hop around like you can with SSH, but it's super useful when troubleshooting complaints of frozen/misbehaving systems with less resource needs than rdp
I love python. Even on windows but I tend to try to learn to live off the land and not prerequisite my admin skills on additional software that may not always be available or an option.
Nah you dont need a special image for the touchscreen and stuff. Check the advanced update settings for optional downloads and also give the surface app in the microsoft store a shot. It actually is not terrible for troubleshooting.
Other than that:
Create your own custom image if you deeply wish to. Here is the help doc:
Not sure if there are any great resources online but there isn't that much you need to know. I'd say just download it and mess around. Here's some random tips:
Windows has its own terminal package manager called winget, it's very useful.
Nobody uses CMD anymore, everyone moved onto Powershell. The new windows terminal is also nice.
Windows has a lot of random features and controls hidden in its registry, which you can access via regedit. You usually don't want to mess around with it but sometimes it is useful.
There are a lot of scripts online to de-bloat windows and quickly default to the best privacy settings. I'd run that if you're setting up a new install. Note that some of it comes back every time you update and you'll need to run the script again.
Just understand the file system well and how to use the control panel and firewall and you'll already be ready to go as a sysadmin
I've been using https://github.com/hellzerg/optimizer for debloating my Windows VM (Yeah I forgot to mention I have one installed which I use for some school related activities, mostly Office 365 stuff), but a script would definitely streamline the debloating process.
Winget seems interesting, going to check that out!
Powershell, while it seems like a useful tool, is just gibberish to me. Somehow the syntax is just so weird for my brain to wrap around (this is no criticism towards Powershell, more like "I'm too stupid to understand PS")
I do like Control Panel, as it reminds me of the sweet sweet XP times. And I've fiddled around the registry a couple of times, always blindly trusting what some random blog post advices while having no idea what I'm actually doing. It's kinda daunting, but I guess that's just the way it is. Maybe it gets easier over time :D
Oh and one last thing, you may want to install PowerToys. It's an official program that has a suite of features for power users, things like bulk renaming, easier access to environment variables, checking which files are in use by which apps, and a couple of other neat stuff. I use the color picker all the time.
Windows can go fuck itself, I’m sick of their shit. Teams kept opening links in Edge even though it’s not my default browser. Found out that Teams specifically has a setting to ignore the default browser and use Edge anyway. The fuck is that about?
Then I wanted to turn off the web search in the Start menu and I had to do a fucking RegEdit! They’re making it more and more complicated to not use their services, where’s the anti-trust regulations when you need them?
This is the norm. They have settings in Group Policy for a lot of this (sans the teams opening in edge, that is absolutely utter horseshit).
The regedit you did (and most regedits to “fix” stupid default settings) is a manual version of the GP setting to just disable web search in the start menu.
If you don’t use Windows with a Pro license, and you stay with Windows, next time buy a Pro license from a bulk OEM Pro License seller for cheap (or look up the latest way to spoof licensing and get it for free), and get access to Group Policy. It’s effectively Control Panel/Settings menu on steroids for corporate sysadmins.
I swear that 80% of peoples complaints with Windows can be handled with Group Policy. Shit that it’s locked away from the average user, but the average user literally can’t tell the difference between web browsers if you make the shortcuts have the same icon.
I swear that 80% of peoples complaints with Windows can be handled with Group Policy.
One shouldn't have to go into the Group Policy screens just to restore basic functionality like 'use my default browser' and 'stop searching the web when I am searching my computer' and 'stop sending all my actions to your servers'. There is a reason people have been telling others to use Linux, rather than continue to put up with Microsoft's crap.
Install Pro or Enterprise, or Tiny10 and then go here and run the Power Shell script: https://massgrave.dev/
And choose the first option. Takes a minute but then you'll be fully activated. If you don't trust the script, download it and check it yourself.
Then you can use the Group Policy editor to turn a bunch of crap off that Home users aren't allowed to. I use Winaero Tweaker to edit all these things with a UI. It works even on the Home edition except for the few settings that require the Group Policy.
I understand the need for security, but default is powerful, which is why the eu requires os vendors to provide a browser choice screens instead of letting the os vendors to pick their own default browser. Without coupling this restriction with a browser choice screen, this would guarantee to increase edge market share simply because it’s the default.
Your assuming everyone understands how default apps work. And you are forgetting that most people get intimidated by the popups trying to get you not to change the default.
It is complete enshitification if you ask me. There should be no reason why a application can't have a button to make it the default.
It's possible that I've been lucky, and my experience of end users when it comes to Windows lately have been using it since Windows 10 which strongly pushed the Default Apps configuration vs previous versions. The world is a big place after all
Maybe I'm just over reacting. But people like us deal directly or indirectly with the fallout of such madness. I hope that the DOJ goes after Microsoft at some point soon or at least scares them a little.
Wow, thank you for sharing this! Grumblegrumble have to reinstall my system…
This straight on the back of a thread about flatpak verification and security - a reminder that a lot of the incredible work of a distribution, especially Debian, is a community of people curating packages with care, and not just for how quick they can be made to work together.
Also a highlight for the work toward fully replicatable systems - if I understand right, the exploit here was snuck in in the binary, not in the source code.
That’s not correct as far as I can tell. The backdoored code ended up in release tarballs (but not source tarballs because of autoconf fuckery), see eg. this mailing list discussion.
Well you only have to reinstall if you had affected versions installed.
For e.g. Debian stable, thats not the case. Or e.g. Arch sshd doesnt link to xz, so thats not a concern there.
Most systems wont be affected because their sshd doesnt link xz, didnt update to that version yet or simply isnt accessible from the outside.
Though it does show how vulnerable critical packages can be and how much better we need to protect them.
Sysadmin
Hot