Best Practices in Workgroup Maintenance? 43
option8 asks: "As the sysadmin for a smallish workgroup (15 or so users) I'm constantly wrestling to balance a regular maintenance regime with the users' continued productivity. As it is, I strive to keep my regular maintenance to a minimum -- optimizing drives, checking for directory and file corruption, permissions repairs, clearing logs, software updates -- after hours, on weekends, or whenever someone goes on vacation. I have a lot of stuff scripted - backups and whatnot go off every night - but there's a lot that requires at least a minimum of my 'monkey clicks the Okay button now' attention. Is this the best way, or do the other BOFHs out there have a better solution to regularly scheduled maintenance for the workgroups/labs/studios they oversee?"
Simple. (Score:4, Funny)
One whip, one master, 14 slaves. "Code, ye dogs!"
Remote Desktop and Weekends (Score:5, Interesting)
Re:Remote Desktop and Weekends (Score:4, Insightful)
I use DameWare myself...glad I was able to talk the boss into it. System administration without DameWare would be a real drag...yes, everything you can do with DameWare can be done with the regular Windows software (Remote Desktop, etc.), but DameWare makes things much more centralized and easily accesable. Bottom line: I'd highly reccomend it.
Re:Remote Desktop and Weekends (Score:2)
With a name like "DameWare" ("DameWear"?) I'd think it was for doing drag! [rimshot] Thank you, dahlings, you've been loverly! I'm Angie O'Plasty and I'll be here all week! [cue exit music]
Re:Remote Desktop and Weekends (Score:2)
Isn't the workday 9-5?
Re:Remote Desktop and Weekends (Score:1)
Re:Remote Desktop and Weekends (Score:2)
Re:Remote Desktop and Weekends (Score:1)
More often then no employers force a 30-60 minute lunch that needs to be made up in the morning or the afternoon.
Re:Remote Desktop and Weekends (Score:1)
However, I agree and disagree with both sides of the argument. 9-5 is a fallacy for most people these days, 8 hours a day, 7 after a lunch break, just doesn't get the job done. As a professional recruiter I do 7 hours of interviews a day as standard, so 9-5 wouldn't give me any
Re:Remote Desktop and Weekends (Score:1)
My concern about ACs, like most people, is all the abuse that comes from it. But then I don't like the fact of having to register for a website or something when I just want to make one comment or point. Maybe SlashDot should put in place some ability to link a username to a post, without having to register.
Re:Remote Desktop and Weekends (Score:1)
um (Score:3, Funny)
UltraVNC. AutoIt. OpenVPN. (Score:4, Informative)
I've found that UltraVNC [ultravnc.com] is the best VNC. Version 1.0.0 was released on 24 Jun 2005, but it is a quite advanced package. Be sure to install UltraVNC with the video driver [uvnc.com], which is not included on Sourceforge.
AutoIt [autoitscript.com] is by far the best open source software for automating Windows installs and other tasks in which the program pretends to be a user. There's an IDE with an Intellisense-like interface and a compiler.
I've heard that OpenVPN [openvpn.net] is the best software-based VPN, but I have not used it. There are hardware firewalls with VPNs; I suggest you stay away from Netgear's, which I have found to be quirky.
--
Bush lied, 100,000 died. J.C. said not to return violence with more violence.
"The Best" (Score:2)
"The Best" is what you decide on after evaluating all reasonable choices. The question is not what "the best" is, but what "the recommended" are.
I hate "the best".
Re:"The Best" (Score:2)
More often than not, however, people do get blindsided by things they don't know. For example, if I hadn't read about the grandparent's post of ultravnc, I may not have ever heard about it. At this point, I am going to look into it as a solution for managing my own boxes at work and at home, as a possible replacement for plain-van
Re:"The Best" (Score:2)
Re:UltraVNC. AutoIt. OpenVPN. (Score:2)
cfengine (Score:3, Interesting)
AutoIt could help you (Score:1)
It is the perfect tool/language for automating away tedious tasks. You can even make executables with it.
AutoIt is script based, so it might take a few minutes to write what you want, but in my experience it's worth it. The language is very simplistic and reminds a bit of batch-files in DOS. But, using the utilities that comes with it, automating a task is a relatively quick undertaking.
It has saved me a lot of time and hassle in
a pound of prevention, vs. a ton of maintenance (Score:4, Interesting)
Most of my efforts are preventative, putting a lot of thought and fine-tuning into the base software images, to harden them against user abuse and malware, and to automate security patches and definition updates as much as possible. For the Windows machines that's Symantec Anti-Virus with daily updates, Spybot S&D with full Immunization, and MS's auto-critical-updates.
I've found Apple Remote Desktop to be very handy for occasional maintenance on the Macs, such as OS updates and security patches.
For the Windows machines, I usually wait for users to complain about spyware before I wipe them and reload a clean image, rather than doing it on a regular basis during the semester. Mostly that's because the profs don't teach their students good backup habits, and I'm not BOFH enough to go around teaching them painful lessons about not keeping the only copies of their work on the hard drive. Yet. I'm still new on staff, so I'm building up my goodwill reserve before I start doing that.
Re:a pound of prevention, vs. a ton of maintenance (Score:1)
Faronics Deep Freeze [faronics.com]
Deep Freeze works by "freezing" a workstation after you've imaged it (with remote console functions in the Enterprise version). All changes after that point are journaled (?) and the journal is fl
Re:a pound of prevention, vs. a ton of maintenance (Score:2)
Re:a pound of prevention, vs. a ton of maintenance (Score:1)
Classrooms:
We build and create a new default image with all the new software that we require on the machines (most is actually provided via dfs) every year for the 'summer upgrades'. Paranoid policy settings to restrict access to as much as we can get away with without breaking software. These have an automated reboot every night and install whatever patches etc on the reload. This does create an issue where some users ignore the pop up warning of the reboot in 15mins/10.. etc and theref
Scripting to the rescue!! (Score:4, Informative)
Seriously, you can do everything you've hinted to with VBScript.
I recommend:
The Microsoft ScriptCenter has just launched a new monthly column regarding beginning scripting in Windows; it's called Sesame Script. (The scripting guys are a little geeky.)
Also, point your favorite nntp client at msnews.microsoft.com and do a search for wsh, script, etc, and subscribe and ask! The newsgroups are full of helpful folks!
Remember the motto: If it has to be done more than once, script it!
PS, to get a script to emulate a monkey pressing ok, have it loop, watching for a dialog box of whatever name it will be, then activate that dialog (WScript.AppActivate) and then send an "Enter" keystroke (WScript.SendKeys). Good example is here:
Re:Scripting to the rescue!! (Score:2)
Perl might be a better choice if you have multiple playforms to manage (Win32, Unix-like, some big iron).
Script a lot and use centralised management tools. You have got a windows domain, and not just a workgroup? With a Windows or Novell domain you get a directory service and either Group Policy or ZEN works to manage your workstations. Forget even going to those workstations every month, reduce that to every quarter.
Remember that 15 workstations might turn in to 20
Take all of this good advice... (Score:3)
Use this advice to save yourself time, but don't tell your boss about it. Keep him thinking that you do it all on Sundays, and continue to take the extra time off.
Since you seem to actually care about Things Being Done Properly, you deserve it
Hire a monkey. (Score:3, Insightful)
I know of at least one shop in town that has hired weekend help (usually honest and lonely college students) to maintain their end-user Windows PCs. At the end of the year the monkey salary still adds up so little that it's still cheaper than moving to a new platform (Linux, Mac OS X).
Re:Hire a monkey. (Score:2)
Spare me. You are the sysadmin, not the Prince Consort. The job description for such positions (especially in small shops) probably does include "click OK buttons as needed". I've got the proverbial brain the size of a planet, but I'm not above cleaning mice balls or other menial tasks if they need to be done. In a small shop the sysadmin's job is "make it go" and this is all just part of that.
Hiring an additional primate (of whatever species a
Re:Hire a monkey. (Score:1)
Damn - I'm still laughing - whats up with that
CRON scripts? (Score:1)
Aside from that...
In my line of work (web application development), I write scripts to do database integrity checks on my clients' systems, filesystem monitoring (for checking file sizes and permissions), and data transfer monitoring. Scripting all of these things together, and
ClickOff? (Score:2)
At my work we have about 25 desktops. Because our company is small, one of my side responsibilities is sysadmin stuff. The maintainance part is really small. If you leave a system with auto-updates and an under-targetted browser and email program, it almost maintains itself.
Most of our systems run XP Home with an extra script to properly mount everything on bootup. I have another script for easy installion of that script. We enable auto-update. It hasn't c
Monkey clicks (Score:2, Insightful)
lazy admin is good admin (Score:3, Insightful)
Off-site backup and good PR. (Score:1, Insightful)
One of our local ISPs runs a 'data fortress' where people keep off-site backups. It's a really good idea. Depending on how prone your area is to natural disasters, you might want your backup a long way from where you are.
People are also starting to run virtual machines for their servers. I haven't done it myself but I'm told that you can get back online really fast even if the original server is
If You're Using Windows.... (Score:4, Informative)
If you plan to grow any larger I'd recommend moving to a Domain instead of a Workgroup. This would give you centralized administration, give you the ability to remotely publish software updates to you systems and the ability to control all your systems via Group Policies.
This will be a hard sell to you boss but, try to provide a detailed cost/benifit analyse looking at the manpower that currently is wasted by having maintain each system seperately and scaleability issues.
If that doesn't work you can still create local policies on each computer to prevent problems.
Good Luck
My Team is Developing MATTER (Score:1)
It is being developed to help reduce and organize administrative tasks. It allows you to manage the computers connected to your network using a Jabber Client as your admin interface. It works like this:
1) Create scripts that determine which computers have a problem.
2) Send scripts to the MATTER clients in your Global Buddy List.
3) MATTER executes those scripts which reports the result back though the MATTER client by assigning a new buddy to their roster. ie.