Another viewpoint is that even the SMBs with a non-existent IT budget need IT services, too. The challenge for the consultant is to provide the best value for the dollar and to recommend an overall plan that will meet the client's needs. If the client won't/can't implement the plan, should the client be abandoned to fend for themselves? Or, like a dysfunctional F1000 company, should they be assisted day by day to keep them above water?
While best practices and logical designs and phased implementations are great, they're just not always possible. And we need to be able to determine what our tolerance for outside-the-box administration is. I've found that the SMBs that don't/can't/won't adhere to our level of best practices often look at computers as a barely tolerable necessary evil. I have a bicycle shop as a client. His PC went down; bad HD. I was able to recover the data for him and he was appreciative (even paid the bill) but when it was still uncertain, he told me he could do without it if he had to. He'd have to reinventory and would lose some information, but it wouldn't put him out of business; he could still order parts and sell stuff to his customers. The computer just made it easier when it worked. My point is that we look at computers and their tangents much differently than many of our clients do. It's a challenge to see it through their eyes sometimes and develop a solution that's good enough for them, not necessarily for us. I'd love to be in a situation where the boss could fire the clients that didn't dovetail with his/my standards. But in today's economy, that luxury isn't always available. You've found a great niche. Need any more consultants? LOL... But you are correct; some clients just aren't worth it and need to be dropped. That checkpoint varies from place to place and from IT shop to IT shop... Good discussion... Oh; and on the DC offline? Just set it up as a replication partner but not an authentication DC; a warm spare if you like... Set replication to a week or something and put it in its own site where no auth traffic will get to it... *********************** Charlie Kaiser [email protected] Kingman, AZ *********************** > -----Original Message----- > From: Jeremy Anderson [mailto:[email protected]] > Sent: Wednesday, July 08, 2009 5:44 PM > To: NT System Admin Issues > Subject: RE: Win2003 DC on Win2000 domain > > I did SMB consulting for a while and it made me CRY. I have > seen everything you guys have mentioned and more. > Anti-Virus? We don't need that, we have a firewall. And the > company I worked for still chose to work with that SMB, > because that SMB actually paid their bills. Basically, for > that customer, and MANY others, we told them their options, > but ended up designing a solution that fit the budget, never > best practices. > > > > And I HATED it. So I left. I went into the corporate world. > I started working for a large dot com that is on the Fortune > 100 list. I said to my self "There is no way these guys > don't get it, this is going to be awesome." Guess what? > They don't get it. Backups - what backups? At least now I > am actually running NTbackups, before I got there AD was not > even being backed up.. Exchange was backed up as a brick. I > fixed that too. Never mind that all 15 storage groups are in > use and each storage group is over 100 Gigs. I cant even > begin to imagine what it would be like to restore it. Weeks > of downtime. > > > > So I am leaving. I am going back to being a consultant. When > I went into my second interview, the owner was talking to me > about how he had to fire one of his largest accounts that > week. Yes, the company fired the client. Why? Because he > made a recommendation about the clients information security, > backups, and the client refuses to take the advice. He > doesn't want the client to come back at him if something bad > happens, and tries to blame his company. Nor does he want to > be in an "I told you so" situation. I am optimistic about > this new job. > > > > The moral of this story is that we can choose our clients > that we do business with, but someone out there will always > take the job. Personally, I hate doing things half assed and > working with clients that always want to half ass it, or run > with no policies, or no AV, or just a Linksys for a firewall > makes me angry. > > > > I personally feel that any company with a semi-realistic > budget can afford a solution that is "best practices". It > takes a good consultant to cater to that customer. The > amount of money we billed that poor schlub for hand removing > viruses and reloading machines could have been spent 5 times > over on a solid AV solution. But my boss liked the billable > hours and never made a graph to show that they spent $800 on > virus removal last month when Symantec cost $400 (I made > those numbers up, but you guys get the idea) . And sometimes > the client just won't listen. And that is when its time to > let the client go. > > > > Offsite backup? Most of the companies I have worked for in > the past go to the bank, get a safe deposit box and have them > take the tapes to the bank with them. Fed-Ex is AlWAYS > there, send the tapes somewhere FED-Ex, even if it's the > owners house. Is Fed-Exing the taps to the owners house the > best idea ever - no. Does it meet the needs of off site DR- > defiantly (and its relativity cheap). Again - risk vs reward. > > > > > > I hope I made some sense there and didn't go to far off on a rant. > > > > > > And back on topic, somewhat, is it just me, or would anyone > else just not want another domain controller existing, but > turned off for 3 or 4 days. In my head I see clients trying > to authenticate against it (its still in DNS) and the other > DCs trying to replicate to it, its not there. To me that > just kinda seems like a bad idea, but maybe I am off base here. > > > > Jeremy > > > > > > From: Ken Schaefer [mailto:[email protected]] > Sent: Wednesday, July 08, 2009 17:13 > To: NT System Admin Issues > Subject: RE: Win2003 DC on Win2000 domain > > > > I'm sure a business would appreciate a quick restore of > services. There is no argument there. > > > > Would the business also appreciate it if your laptop was > stolen and potentially sensitive information was in the hands > of someone unscrupulous? We've had consultants literally held > up at gun point and their laptops taken. It does happen. > > > > Cheers > > Ken > > > > ________________________________ > > From: Maglinger, Paul [[email protected]] > Sent: Wednesday, 8 July 2009 10:48 PM > To: NT System Admin Issues > Subject: RE: Win2003 DC on Win2000 domain > > IMHO... as long as you disclose what you are doing and why > you are doing it, and if the both you and the customer are > comfortable with it, then I don't see the problem. > Businesses that do have DR in place are savvy enough where > you won't get "blank stares" and will voice any objections at > the disclosure. I think any business would appreciate a > quick restore of services. > > > > ________________________________ > > From: Jake Gardner [mailto:[email protected]] > Sent: Wednesday, July 08, 2009 7:19 AM > To: NT System Admin Issues > Subject: RE: Win2003 DC on Win2000 domain > > Budget? Most SOHO's don't have $1 set aside for an IT > budget. Just a couple years ago, I had a handful of > customers that were still using NT4! I got them quotes for > server upgrades and very very simple tape backup or > backup-2-ext disk and most of them said no new purchases just fix it. > > > > I had one customer that owed my $1200 and I would keep going > to his office asking for a check, he finally gave me $600 on > a Thursday and on Monday the office was under new management > and said my contract/payment had nothing to do with them. > At least I got half, grrr. > > > > > > > > Thanks, > > > > Jake Gardner > > TTC Network Administrator > > Ext. 246 > > > > > > ________________________________ > > From: Ken Schaefer [mailto:[email protected]] > Sent: Wednesday, July 08, 2009 2:24 AM > To: NT System Admin Issues > Subject: RE: Win2003 DC on Win2000 domain > > Hi, > > > > Unless you have proper procedures for safegaurding this > stuff, and legals in place, I would do this all on the > customer's premises (or wherever they instruct you to work) > on their equipment. They must have a budget for this > (otherwise how are they paying you?), and it becomes a cost > of part of the project. If someone breaks into their offices > and steals a server, that's not your problem then. > > > > Now, I have a bunch of commercially sensitive stuff on my > laptop (as do most/all of our other consultants). But we have > our risk management in place (e.g. Bitlocker-ed laptops, > Exchange sync policy enforcement for phones, IRM/RMS, policy > documents we have to sign etc), and we have the contractual > stuff in place to indemnify us against customer lawsuits (and > no doubt the necessary insurance cover as well). > > > > Cheers > > Ken > > > > ________________________________ > > From: Erik Goldoff [[email protected]] > Sent: Wednesday, 8 July 2009 3:54 PM > To: NT System Admin Issues > Subject: RE: Win2003 DC on Win2000 domain > > > > "What happens when you tell the customer you've made a backup > of their whatever and their office burns down a couple days later? " > > > > You're waaaay off base here ... there are too many > theoreticals ... what happens, if during the upgrade, > something goes wrong and the active directory metabase > becomes corrupt... they have no internal backups, I don't > make a copy, and now they cannot login to their network > resources ... I can still be sued for free, and the > probability of that scenario happening is much higher than a > bus running over my laptop. And if their office burns down, > they're gonna need more than the DC image I have, not to > mention that I explicitly state the purpose of the backup > copy I make, 'to recover if the upgrade process goes wrong' > ... period ... > > > > I understand your perspective on the situation, but sorry, it > just won't fly in the real world dealing with SOHO and Small > business sites. Your data center fires is a neat story, but > for Soho and Small business, their 'data center' is usually a > commandeered closet or corner with a collection of servers > ... note that this issue revolves around upgrading from > Windows 2000 ??? Not a technilogically current installation, > no spare server or desktop hardware, nor OS license to spare. > > > > I'm curious as to how you would handle the business > continuity planning for a problem with the upgrade ... > > > Erik Goldoff > > > IT Consultant > > Systems, Networks, & Security > > > > > > ________________________________ > > From: Brian Desmond [mailto:[email protected]] > Sent: Wednesday, July 08, 2009 1:34 AM > To: NT System Admin Issues > Subject: RE: Win2003 DC on Win2000 domain > > Yes pretty much. > > > > Here's another way I'd think of this. What's your liability > insurance got to say about this bonus service? What happens > when you tell the customer you've made a backup of their > whatever and their office burns down a couple days later? > Sure you can just restore that bonus backup except your > laptop got runover by a bus in between the backup and the fire. > > > > A colleague had some wise words for me the first time I did a > gig at a legal services customer - "Just remember, they can > sue you for free." > > > > > > Many customers I deal with, offsite backups consist of tapes > going in these heavy duty metal boxes with locks on them. The > boxes are barcoded or numbered or something and a guy comes > to pick them up, signs for them, and the offsite people > basically guarantee their safety until you sign for them when > they come back. The delivery guy also drops off any locked > tape boxes whose retention policies dictate their return as > they've expired. In the unlikely event of some major crisis, > the offsite people are on the nut to get your box of tapes > somewhere in some prearranged guaranteed time window. > > > > Some customers are also sending stuff live (e.g. replicas on > standby hardware) into a 3rd party datacenter designed for > this sort of fallback plan (e.g. Sungard). They also have > contracts where if their computer room burns down or > something the vendor is on the nut to provide K servers of > approximate configuration Z in location Y within X hours of > notification of the requirement. > > > > These vendors have the kind of capacity and capability to > deal with something like 9/11 or Katrina if the customer has > the action plan to respond. Or perhaps something more simple > like the two datacenter fires this past weekend - Seattle and > Toronto both had high rise carrier hotel fires. One of them, > I forget which, the electrical busing between floors was > completely hosed (literally) from what I heard. > > > > Thanks, > > Brian Desmond > > [email protected] > > > > c - 312.731.3132 > > > > Active Directory, 4th Ed - http://www.briandesmond.com/ad4/ > <http://www.briandesmond.com/ad4/> > > Microsoft MVP - > https://mvp.support.microsoft.com/profile/Brian > <https://mvp.support.microsoft.com/profile/Brian> > > > > > > > > > > ***Teletronics Technology Corporation*** This e-mail is > confidential and may also be privileged.? If you are not the > addressee or authorized by the addressee to receive this > e-mail, you may not disclose, copy, distribute, or use this > e-mail. If you have received this e-mail in error, please > notify the sender immediately by reply e-mail or by telephone > at 267-352-2020 and destroy this message and any copies.? > > Thank you. > > ******************************************************************* > > > > > > > > > > > > > > > > > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
