System Administrators Check List

[Mosa Tladi]

Hi Guys and Girls,

Not sure if this was already request but anyhow, I'm a new systems admin and kind of having a tough time so I need assistance with some basic things from the Guys who have been around please.

from your experience guys what are the Daily duties of a admin?
what preventative measures should I be aware of?
check list?
how do I design a security template before applying it on a live enviroment?


I just need enough info to get me started, please dont give me info from google I feel its better from people who have been in my shoes, it aint easy beeing a new admin.

Regards and thanks in advanced.
P.S dont wana use tools to manage because of security issues.

 

[MindoverMaster]

Umm, your job is System Admin and you don't know what to do? Sounds like you shouldn't have the job.

 

[carnageX]

Umm, your job is System Admin and you don't know what to do? Sounds like you shouldn't have the job.

I honestly hate when people say that.

You can't always know everything about your job, especially when just starting out in the position. If you're coming from school or a different job role, you can't (and shouldn't) be expected to know everything.

 

[C0RR0SIVE]

What type of environment are you working in?

You should consider preventative maintenance highly, and have a schedule designed for the upkeep of each segment in your network.
That is basically ensuring the fans are clean, operating, dust buildup doesn't exist and so on.

Why not look into the old policies of the previous admin? Or get input from the lower tier workers in the department to help you go about things?

You really need to consider using tools and software to manage your network if this is a major network, anything from remote temp/hardware monitoring of each machine, down to AD. Everything is essentially a tool, so don't say you don't want to approach things from a software standpoint when that is one thing you must do as an administrator is use software to deploy updates and check things out.

We can't really tell you how to develop any form of security as every single environment will be different, which would require different layers and forms of security, from typical passwords for all users that only have 3 rules, up to actual bio-metric logon for mission critical systems.

 

[MindoverMaster]

You can't always know everything about your job, especially when just starting out in the position. If you're coming from school or a different job role, you can't (and shouldn't) be expected to know everything.

Yes, but it sounds like he knows about nearly nothing that fits the job title. Even college won't tell you everything. You get personal experience and certifications to do that.

 

[KSoD]

Yes, but it sounds like he knows about nearly nothing that fits the job title. Even college won't tell you everything. You get personal experience and certifications to do that.

From your replies it sounds like you dont either, so why are you commenting on something that you dont know about either? Treat others as you want to be treated. It shouldnt have to be said.

The 1 thing I can tell you from an Admin POV, make sure you have a system in place for deploying Windows Updates to machines. Pick 1 machine that you will deploy the updates to first to test out your current software against the updates to make sure that nothing goes wrong and that the updates don't mess with your current software. Seeing as we dont know who you work for or their purpose, we can only assume that they use some form of proprietary software. Most companies have at least 1 piece of software that they have dragged along from years past and continue to use them. If your company is on newer software, congrats, but that still doesnt mean that the updates wont have an adverse effect on the machines. Follow the Microsoft Security Response Center Blog:

TechNet Blogs

The advantage is they will give advance warning of upcoming updates and information about those updates so that you can see how important they will be to your daily operations. If an update is being deployed for Office 2010 that secures a massive vulnerability, you will want to research it and make sure that it isnt something that could have massive impact on your company.

The other thing I can tell you, learn about Images. Meaning learn how to make a system image of your machine so that if something does go wrong, which it will at some point, you can deploy an image to the affected machine and get it back operational with minimal downtime. It takes about 15 minutes to deploy an image compared to the hour or more it will take to reinstall Windows, updates and software. If your not ready to deploy images using software like FOG or CloneZilla there is always WAIK:

Windows Automated Installation Kit for Windows 7

It isnt as direct as using something like FOG or CloneZilla or even Acronis true Image, but it can get the job done. I would recommend FOG over WAIK and CloneZilla as well. Acrnois is good to use too, but it is pay software while FOG and CloneZilla are free.

 

[carnageX]

FOG would be the choice to go with in a corporate environment. CloneZilla is meant more for single-to-few device images... with a company, FOG would be a much better choice, unless your the Sysadmin of a small business (< 10 computers, or having most computers the exact same hardware).

 

[Mosa Tladi]

Guy How did I get the Job if I know nothing? All im asking for is peoples experiences for when they started out if you dont wana share then cool, but dont be a thorn.

The previous administrator did not do much with security, users are allowed plain passwords, admin rights and all sorts of things which I plan on changing.
At the moment its just the manager and myself, the is a vacancy for a Junior tech.
We running a Virtual enviroment with a 2003 DC and 08 servers running TS and other roles.

I will look into using tools maybe at a later stage and thanks for the advise, don't stop now

Awe

 

[Lexluethar]

I agree with others, you should have a game plan of what you are going to do. I think YOUR BIGGEST goal right now is to see the short comings in the company from a network standpoint. Take a step back, look at the current infrastructure and see what is missing. Things to focus on are backups, security, AD structure, authentication, replication, etc. Once you find out the area's the company really needs to focus on and then come up with a game plan.

Fixing things willy-nilly isn't going to help squat. Just because you fixed the group policy structure doesn't mean squat if you only have one server holding your user data and it crashes with no backup. Or fixing the security policies when you have no DHCP redundancy.

You get the point.

 

[Mosa Tladi]

I hear you Lex... and which is why I am hear, thus far we have decided to change the dc to 08 and draw policies the after, basic sec is the, backups are functional its just a matter of impruving what already is in place and making it work for the company. thanks for the advise