I have a ~10 year old IBM/Lenovo ThinkPad that I paid >$3000 to buy for very important business use. Since I have no intention of redoing setting up all the apps I have setup there, I have to fight to stop Windows Update from destroying it like it did to one of my other old PC.

The sneaky Windows Update service keeps re-enabling itself after repeated manual stop/disable. It and other stuff like MSFT Antimalware service detects the PC being idle and starts to use CPU (for bitcoin mining for MSFT who knows?) and the PC fan will start to spin (dusts / aged fan causing overheating is the main cause of old laptop dying). As a proof, as soon as I start using the PC the CPU usage goes back to 0% and fan stops.

I use a mouse wigger to trick them into thinking the PC is in use, but it only works sometimes.

But I found a really good way to stop all this I wanted to share. In my C drive there is a file that is exactly 1GB in size. I simply copy & paste this file repeatedly until the empty space in C drive drops below ~1GB. Now Windows Update have no space to download update and will stop using CPU and my PC is dead quiet with no fan running.

As soon as I need to install some app and need disk space, I simply remove some of these copied files and make just enough space.

Hopefully this trick helps!

Hello, I work in the IT department of a company and I’ve been tasked with migrating around 100 computers from Windows 10 to Linux for security reasons. We have a little over a month to complete the migration, and any computers still running Windows 10 after the deadline will no longer be allowed to access the company network.

The problem is that the process my team and I are currently using is extremely time-consuming:

1. We take the employee’s computer
2. Back up all of their files
3. Format the machine and install Linux Mint
4. Restore the user’s files

Most of these PCs are old and low-spec, and many of the hard drives are very slow or unreliable. Because of that, the backup process alone can sometimes take an entire afternoon or even a full day. That’s without counting unexpected issues that come up while working on the machines, which slows everything down even more.

Is there a faster or more scalable way to handle this kind of migration instead of manually doing everything one computer at a time? Any advice, tools, or workflow suggestions would be greatly appreciated.

EDIT: Thanks, everyone. I really appreciate all the suggestions — they gave me a much better idea of how to deal with this situation, and I’ll definitely make good use of the advice and tools you shared. Unfortunately, SSDs are still out of reach for us right now because getting new hardware approved involves a ton of bureaucracy, but I’ll definitely push for some kind of cloud system where users can back up their own files.

Hey everyone,

With the recent absolute nightmare surrounding the CVE-2026-41940 critical exploit in cPanel/WHM (the 9.8 CVSS auth-bypass that basically handed root access to anyone with an internet connection), I finally hit my breaking point with standard WHM infrastructure.

Between cPanel’s aggressive price hikes over the last few years and now zero-day exploits actively being used in the wild to hijack entire servers, relying on a monoculture panel feels like sitting on a ticking time bomb.

I’ve been testing out cloud hosting providers that use Hepsia instead of cPanel, and I wanted to share a quick, unbiased breakdown of how it actually holds up for anyone looking to migrate away from WHM.

The Good: Why custom/isolated panels are winning right now

• Security by Obscurity & Isolation: Because Hepsia isn’t running on millions of generic automated servers like cPanel, it isn’t a mass target for automated botnets. More importantly, its file architecture isolates domains into distinct root directories rather than stacking them as subdirectories under a single primary account. If one site gets hit, the rest don't immediately fall.
• All-in-One Dashboard: Unlike cPanel where you have to log into a separate WHMCS billing system, a domain registrar panel, and then the cPanel itself, Hepsia handles the site files, domain registration, and billing from one single login.
• Insane Panel Speed: Because it’s built natively for specific server cluster environments rather than being a bloated "one-size-fits-all" software, the file manager (which supports direct drag-and-drop) loads incredibly fast compared to a heavy WHM setup.

The Trade-offs (What to expect)

• The Learning Curve: If you’ve spent 10 years looking at the classic cPanel grid layout, Hepsia takes a few days to get used to. It's clean, but the settings are in different places.
• Lack of WHM Root Tweaks: If you're a hardcore sysadmin who likes breaking into the command line to tweak niche Apache modules every Tuesday, a managed Hepsia environment gives you less "raw" server control because it's optimized out of the box.

Who is actually using it?

It's surprisingly hard to find hosts using it because everyone defaults to cPanel out of laziness. If you want to check out how it looks/feels, a few independent providers run it. I’ve been testing my dev sites on a American/Moroccan host ( souini Hosting ) lately because their entry tiers are cheap, but there are a handful of others out there utilizing the platform.

Are any of you guys actively ditching cPanel after the April/May exploits? What panels (Hepsia, RunCloud, CyberPanel) are you migrating your clients to?

Large(ish) ISD. School admin wants a "house points" system with a lot of hesitancy about how to do it and a lot of faculty hesitation.

I (Computer Science (among other things) teacher) build a series of Sharepoint Lists and PowerAutomate flows to make a points system work (List X talks to List Y when Form Z is submitted). Nothing spectacular or particularly interesting.

While building, I realize that my own personal M365's tenant account (not personal as in outside the tenant, but my work account from within the tenant) might hit a 6k PPR/day ceiling, so I request either a service account for transparency/"bus" factor or insight into how I might get a higher rate limit if that's not possible.

CTO goes into red alert. In a private meeting from which I am excluded, mentions me "reverse engineering" the Ron Clark House Points app (lol what? It's literally get/append/update flows), how Sharepoint Lists aren't as "secure" as other parts of our Azure tenant, and how not even student email should be stored in Sharepoint due to security concerns.

I feel like I'm being gaslit, but I'm hoping those with experience can help me get some insight.

In our school district, which is a historically under served area, we have issues getting enough funding to meet student's dietary needs. Federally funded lunches help, but they're not enough.

Separately, an area of focus that our school board wants to improve is win higher placements in Math Olympiad. Recently, a number of teachers and parents have come up with a way to kill two birds with one stone. Local businesses can sponsor our Olympiad teams to get good publicity. That funding is then used to pay for school lunches.

The part we're trying to solve is getting students interested. We were thinking that students could volunteer as tribute for Math Olympiad, and if they are placed on the team, this allows their class to win free school lunches. Basically, we're going to implement the system from the Hunger Games, but a lot more fair lol.

Now I'm trying to figure out how to automate it. I wanted to avoid anything too complex, so I was thinking of a SharePoint list based solution. Can anyone in education IT give me feedback on the technical approach?

I think I completely locked myself out of my M365 tenant.

I enabled a Conditional Access policy requiring “Phishing-resistant MFA” for all admin accounts.

I DO have:

• a passkey created in Microsoft Authenticator
• Windows Hello for Business configured

But both are rejected during sign-in.

I only get a generic error:
“Something went wrong”
with no additional details at all.

I expected Authenticator passkeys and WHfB to satisfy the phishing-resistant MFA requirement, but apparently not in my setup.

Has anyone already hit this exact issue?
Is there a known limitation/bug with Authenticator passkeys + Authentication Strength policies?

Right now I have no active admin session left open.

EDIT : ITS WORKING AGAIN

I finally managed to access the tenant by signing into a PC with my admin account and configuring Windows Hello. The PIN failed, but fingerprint authentication finally worked and let me back in.

I disabled the CA immediately and created a proper break-glass account. I fully admit I was careless, but honestly Microsoft also shares some responsibility here because this whole flow is clearly not mature enough yet.

PS: Some people here are honestly malicious and seem to enjoy seeing a fellow admin in trouble. Human mistakes happen very quickly, and a situation like this can genuinely keep you awake all night.

Over 10yrs ago I built a self-hosted mailserver on Windows7 using hMailServer, MXGuardDog, FreeDNS and other 3rd party services and apps.

In 2023, I migrated all of my servers to Ubuntu and recreated my mailserver using all FOSS, DynDNS, and SMTP Relay through Brevo.

Using DynDNS and Brevo's SMTP Relay with DKIM, SPF and DMARC, my mailserver is scoring 9.3/10 for spam protection from a dynamic residential IP address on a completely self-hosted 4-node LAN with SSL, reverse proxy, mailserver, and 2 webservers -- all running Apache LAMP stacks.

Ask me how I did it. Would love to share!

https://preview.redd.it/j8fx5dtf9w1h1.png?width=1870&format=png&auto=webp&s=ae4b869b6865c8123e97c03f9cdddf8673d77b1d

Paid a red team good money. They found a path into our environment in 4 hours through a legacy admin panel someone built during an internal hackathon two years ago. Still running. Still exposed. Default credentials. Nobody remembered it existed until the report landed on the CTO's desk.

We spent 30k on a pen test and the biggest finding was something we built ourselves and forgot about. Not a zero day. Not a sophisticated attack chain. Just inventory failure.

Anyone else done a pen test and found your own ghosts? What was the dumbest entry point you've seen?

I could see this user kept routing the internet from his personal phone to use it on the company laptop (maybe to try to stop us from spying on him)

Instead of being a normal person and a competent SysAdmin, and properly adding a GPO to restrict the available Wi-Fi networks, I used the MDM to remotely download a 20GB ISO to his temp folder.

When the download was at 18GB the download speed went down to less than 50kbps. So I guess his data plan is over. By the next hour, I could see the laptop was connected back to the company wifi.

He will never do it again.

Company went from 50 devices to over 500 in six months. Everyone started installing their own SaaS crap, shadow IT everywhere, no centralized anything. Support tickets exploding, I am firefighting nonstop, no time to set up proper MDM or RMM. Finally snapped yesterday and wrote a quick PowerShell script to remotely uninstall a bunch of duplicate security tools people installed themselves. Tested it on my machine, worked fine, pushed it via PDQ to what I thought was our test group.

Except I fatfingered the group name. Hit the entire production fleet. Every laptop, every desktop, every server with AV accessible via WMI. 400+ endpoints, all of them. Wiped CrowdStrike, Defender, Malwarebytes, everything. Reboots started cascading because systems detected no protection and freaked out. Phones ringing off the hook, sales team cant access CRM because something broke, finance yelling about payroll server offline.

Spent 12 hours straight manually reimaging priority machines and pushing fresh AV installs via login scripts. We are back up but holy crap the embarrassment. Boss pulled me into a room this morning, face like thunder, but said recoverable if no breach happened overnight. I cannot believe I did this. No sleep, stomach in knots checking threat logs.

How did you claw back control when device count 10x'd and everyone went rogue with tools?

I know some laptops come with mobile network capability, in this case do you provide them with Sims to cater this? Or do you recommend them to their mobile hotspot?

PS: mistake with the title, not gsm but 4g/5g dongles

[supprimé]