I have the same problems with users returning, so I archive their group memberships to a file before removing all their privileges. Then I reset their password and then stick them in an Inactive Users OU for a month (which disables their logons to everything except Exchange systems) while their email is directed to their replacement. After this month they are disabled and sit in the Disabled Users OU for another three months before they are deleted, their email and home drives archived to CD and their records stricken from the HR system. This process ties in nicely with the automated parts of our HR system that cuts helpdesk cases for us when a record is marked for removal, or created.
There is some glory in running and maintaining - the big green markers next to your patch coverage and your service availability stats. But it's the old problem - the better we do, the less the rest of the business thinks we are doing anything. 2009/12/3 David Lum <[email protected]> > > So what’s the root cause for each of those little problems? That’s what > I’d be digging at. > > Agreed. For now many of them just sit due to other commitments they put me > on – this capacity plan will alleviate that problem though “look, if you > want me to free up my time, I need to spend time getting to the root cause > instead of fighting fires.” > > > > Hires/fires, the only impact on me is my monthly AD maintenance as they > don’t _*delete*_ accounts until I run my monthly report. Same for computer > accounts. It does take time to go through these because sometimes the user > accounts shouldn’t be deleted because the user comes back later. > > > > In short, a LOT of what I do is stuff that was neglected until it became a > problem. “You mean we had 14 unpatched PC’s and that’s how they got owned?”. > I know our SE’s that patch their servers (yes we have two sets of servers > some are mine, some aren’t) and never check on why Server A didn’t get > patch D, they accept stuff in WSUS and move on, and it won’t get attention > unless something blows up from it, or if I happen to bring it up. Most of > them go after the “latest and greatest project” an nobody but me seems to > care about run and maintain – there’s no glory in that. > > *David Lum** **// *SYSTEMS ENGINEER > NORTHWEST EVALUATION ASSOCIATION > (Desk) 971.222.1025 *// *(Cell) 503.267.9764 > > *From:* Brian Desmond [mailto:[email protected]] > *Sent:* Wednesday, December 02, 2009 3:12 PM > > *To:* NT System Admin Issues > *Subject:* RE: Capacity planning > > > > *So what’s the root cause for each of those little problems? That’s what > I’d be digging at. * > > * * > > *As far as hires/fires – what are you doing by hand for them? * > > * * > > *Thanks,* > > *Brian Desmond* > > *[email protected]* > > * * > > *c – 312.731.3132* > > * * > > *From:* David Lum [mailto:[email protected]] > *Sent:* Wednesday, December 02, 2009 5:01 PM > *To:* NT System Admin Issues > *Subject:* RE: Capacity planning > > > > I get very few tickets via ticketing system, I just get ones escalated that > the Service Desk guys can’t do. I love to automate as much as I can, what it > boils down to is fixing the seemingly endless “exceptions”, as in the SMS > push works to all but 4 machines, doing an AD inventory I find 7 machines > don’t talk to WSUS, a couple machines don’t talk to the McAfee ePO server if > VPN’d in but are OK otherwise, McAfee rogue sensor find a couple PCs’s with > no agent…lots of stuff like that, and troubleshooting just a few of these > can take the better part of a day all said and done. Making SMS packages etc > also falls into this same hourly count. Then there’s the occasional GPO > addition or change, server data migration from one server to another…it adds > up. We also have a fair amount of churn here – we bring on an average of 5 > new people/week between new hires and contractors, and after a few months, > those contractors leave and new ones come on board. > > > > I’m pretty lazy, if I have to do something more than 2-3 times and I can > script or otherwise automate it, I will J. > > *David Lum** **// *SYSTEMS ENGINEER > NORTHWEST EVALUATION ASSOCIATION > (Desk) 971.222.1025 *// *(Cell) 503.267.9764 > > > > > > > > *From:* Brian Desmond [mailto:[email protected]] > *Sent:* Wednesday, December 02, 2009 2:44 PM > *To:* NT System Admin Issues > *Subject:* RE: Capacity planning > > > > *Do you get tickets for this work via a ticketing system? If so have > whoever runs that add queues or categories for these different work groups > if they aren’t already broken out and then start charging time in the > tickets. Most systems I’ve dealt with can do this (or custom fields can be > added and you can run a report/export a CSV to Excel).* > > * * > > *Your estimate doesn’t sound off to me although I bet you could reduce > that time if you grouped up repetitive tasks, defined the inputs, and > figured out how you could automate some of it. * > > * * > > *Thanks,* > > *Brian Desmond* > > *[email protected]* > > * * > > *c – 312.731.3132* > > * * > > *From:* David Lum [mailto:[email protected]] > *Sent:* Wednesday, December 02, 2009 9:01 AM > *To:* NT System Admin Issues > *Subject:* Capacity planning > > > > So…my team has been asked to estimate some time we spend on various > projects and other work. I have 100 Windows servers and 400 workstations > (PC’s and laptops). I am the sole person in charge of keeping the desktops > patched, up to date on McAfee, report into WSUS, SMS, etc. I do most of the > Active Directory maintenance when it comes to creating new security groups > for access (Service Desk does main these groups once I have created them). > > > > Basically if it related to central desktop management and server > management, it’s just me. I have estimated I spend 3 hours every day on > these administrative tasks. 400 systems and about 250 users, that doesn’t > sound excessive, does it? Sometimes troubleshooting why ONE system isn’t > getting say, the Tivoli backup client pushed to it via SMS can be 3 hours > right there. > > *David Lum** **// *SYSTEMS ENGINEER > NORTHWEST EVALUATION ASSOCIATION > (Desk) 971.222.1025 *// *(Cell) 503.267.9764 > > > > > > > > > > > > > > > > > > > > > > > > -- "On two occasions...I have been asked, 'Pray, Mr Babbage, if you put into the machine wrong figures, will the right answers come out?' I am not able rightly to apprehend the kind of confusion of ideas that could provoke such a question." http://raythestray.blogspot.com ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
