Advertisement
So I’m a fairly new IT guy… been at the same company for almost 8 months now and it’s my first true IT job. I don’t get paid very well and have an even shorter budget but I guess without a college degree (currently) that’s just how life goes.<\/p>\n
I like to believe that I am fairly decent with computers and what I do not know I can quickly learn. I am truly enjoying the opportunity to learn what I can here at my job since this is the first time I’ve been on a fairly large scale network.<\/p>\n
We currently have about 70ish computers but are growing all the time. Our purpose is to manufacture quality concrete/cement silos, augers, bins, etc… and we’re always having to find more space for new people we have to keep hiring (which means more computers).<\/p>\n
I have thoroughly enjoyed reading stuff here on spiceworks and truly hope that eventually I will become a pretty good expert at using it as well as an expert at my current network.<\/p>\n
My company has had a great person running the computer systems (my boss) but as of late they hired one person who was fixing computers, helped them move into the modern era of Windows SBS 2003 and an HP Proliant server (well, two of those anyway). He decided to move on and do other things and so left me this network that is very disorganized and yet never enough time to fix things because we’re growing and NO ONE here really cares for change.<\/p>\n
My boss does agree that we have a serious problem and we need to figure something out but I honestly don’t know what to do. The most I’ve done is finally gotten a ‘master list’ of computers up on our Active Directory. Before that we had about 50 or 60 old computers that we never even had anymore on active directory AND many of the names of each computer did not fit any sort of standard so I went from one computer to another, found it’s purpose and named it accordingly and removed the computers we no longer had.<\/p>\n
My goal now is to…
\n1.) Find a way to set up computers ‘on-the-fly’ where I can run some sort of script and it will install all of our usual programs with the settings predefined (UltraVNC, MS Office 2003, MAS90, Adobe Acrobat Reader 8, etc).<\/p>\n
2.) Keep the current computers maintained, up to date and fix them so they ARE set as the ‘standard’ (Some don’t have programs like UltraVNC and those that do have different passwords and such… that’s just an example). I figure Spiceworks can help keep me maintained but I still have a handful of unknowns that I have asked for the communities help on (here’s 1: http://community.spiceworks.com/topic/3469<\/a> ) and WSUS is doing a decent job keeping all the computers updated with the latest windows updates.<\/p>\n 3.) Find ways to consolidate our data on our servers. The stuff is currently just thrown on there in a very disorganized fashion… unfortunately this is part where many people wouldn’t want to change since they know how to get to certain things a certain way but what about the new people that come? It takes them an awfully long time to figure things out.<\/p>\n 4.) Organize our software… We have many software apps on our network and just as many disks… How do I keep track of the disks that come with our computers? Currently my boss feels we are too small to do any type of “bulk-purchasing” so we buy our computers one at a time on eBay. (Don’t get me wrong… we buy Dell Optiplex GX620 so we do okay, but… so many disks).<\/p>\n 5.) Keep everything from manuals to licenses (and the agreements) to pretty much every piece of paper set up in an orderly fashion… so that way we can find things easily when necessary.<\/p>\n I’m sure there is more, but starting with that would be AWESOME… If it was possible for me to get everything above taken care of I think I’d be setting really well here. Unfotunately our budget is the smallest you can possibly imagine… especially since we’re considering moving to a different accounting software (rather than MAS90, we may move to something else).<\/p>\n Maybe you guys could share your experiences and advice on what I could do… even if you have advice on stuff not mentioned above, I would GLADLY listen. I am buying books when I can and reading when I can (currently am swamped with a million things in life but a couple weeks down the road may be a lot better for reading and such)… I guess I’m just asking for advice on being an IT person… the only IT person.<\/p>\n Thanks for the help!<\/p>","upvoteCount":40,"answerCount":87,"datePublished":"2007-07-13T10:51:29.000Z","author":{"@type":"Person","name":"samreeves7636","url":"https://community.spiceworks.com/u/samreeves7636"},"acceptedAnswer":{"@type":"Answer","text":" Greetings.<\/p>\n Congratultions. It is good to see that you are kicking butt and taking names. Here are some comments on your recent post:<\/p>\n MReeves wrote:<\/p>\n 1.) Developed a list of common maintenance tasks I need to perform and then developed a list of slow computers and performed these tasks. A very efficient way of cleaning things up without doing a total reformat. This, unfortunately, was supposed to be done on every machine but it took way too much time and I narrowed it down only to the essentials. I’m in the process of thinking of a way to create a way for users to submit “slow-down” requests where I can do some quick maintenance run-through every x-amount of months.<\/p>\n<\/blockquote>\n One thing which some of my clients have asked of me is to go in during their holidays and slap their networks around. This may not be appealing to you, as it would mean that some of your holidays become fun-filled battles between ancient punch-card systems and their offspring, but it is a sweet time to run around the office blaring music of your choice and whipping your network into shape.<\/p>\n If even on a weekend, it may prove worthwhile.<\/p>\n 2.) I have given them a proper name for me and others to easily understand. It has become widely useful to a few members of our company and even to those not in IT. I developed a naming scheme of DEPT-INITIALSOFUSER. If I am in the middle of swapping or testing, I swap out DEPT with “OLD” or “NEW” or “TEST” as is appropriate until I have made a final decision on where a computer ends up. (If the computer is used by multiple people all the time, I simply say DEPT-#, where # is the computer number I have assigned, such as 1, 2, or 3).<\/p>\n<\/blockquote>\n I am sure you have thought this through, and i will try to be as constructive as i can right now, but this is creating a little more work for you, or the IT Department, when employees either leave the company or move to different departments or such. One suggestion here would be to name the systems somethink akin to:<\/p>\n DEPT-X####-EMPLOYEETITLE<\/span><\/p>\n Where X is either D for desktop, N for notebook, or some other letter for other devices. (Servers should be sacred and named unique names … like names of character classes from WoW … hunter, rogue, druid, mage, warlock … et cetera. Or maybe if you like trees, names of trees, or latin words, or whatever.)<\/p>\n The #### is an internal “ID” for either all computers in the company, or for all computers in that department.<\/p>\n However, if your company likes to “promote” employees by simply changing their titles a lot, then the whole employee title thing breaks, unless they get new boxes with their promotion.<\/p>\n I have been to some networks where the IT people know the troublesome users by their computer names. “Oh, ACCT-0135 just tried to connect to a torrent server again.” Where they know that ACCT-0135 is Joe Random, in Accounting … because ACCT-0135 has popped up so many times.<\/p>\n Either way, i suggest you try to use a naming scheme which is more static, and does not create more work for you or the IT Department at large.<\/p>\n 3.) I am in the middle of slapping serial numbers on every computer that was found by spiceworks. This will allow me to then keep track via Excel or, if easily possible, via Spiceworks even when I swap computers out with different users. As you could tell, this is essential to keep track of a computer since my naming scheme requires a rename of the computer when it is moved throughout the company.<\/p>\n<\/blockquote>\n<\/blockquote>\n Did i suggest that you try to set things in place which do not create more work for you?<\/p>\n 4.) I have installed UltraVNC on every machine, although there were a few issues with 1.0.2. I am waiting for the final release of UltraVNC to become “stable,” (so long as it happens in the next couple of months, otherwise the latest RC version will be used), and I will place UVNC on every machine and ensure the security for VNC is optimal.<\/p>\n<\/blockquote>\n<\/blockquote>\n SWEET!<\/p>\n How do you push these out with new releases and new installs?<\/p>\n 5.) Ensure maximum security on computers. This is pretty vague because I still have much to learn about the best security methods.<\/p>\n<\/blockquote>\n<\/blockquote>\n I know a chap who was hired as THE security guy for their terrifyingly-hugerifically-large international network. When i asked where in the metaverse he would begin, he simply said he would draw a circle around himself, and push it outward.<\/p>\n I think i touched on this in earlier posts to this thread, but in regards to security, there are a lot of requirements which must be in place first. When they are not in place, you are in a war zone. And even then, there may be met requirements which are available to you if absolutely needed.<\/p>\n It seems as though your network is taking a good form. To secure your network, pick a subnet, or pick a single box/server, and start there, hardening that one subnet, or that one box/server.<\/p>\n Hopefully by now, you have shown your management that you are competent and that you are serious about maximizing your company’s ROI from their network(s). Security is unfortunately an area where IT has to sometimes tell management to keep their hands off. By this i mean, that to properly secure a network, one may have to cash in some points to be able to lock out everyone in the company from a server or even just a share, until they prove they need access to it. Which is exactly what i suggest you do.<\/p>\n From a security perspective, everyone should have no access by default. Then, once they prove they need access, they can have it … for a time, until it is reviewed if they still need that access.<\/p>\n For a lot of my clients, they do not want to pay me for a truly secure network, but for those who do, i tell them they may not understand, but they must trust me. Then, i lock them out. I make a day … or week … or whatever it takes … of it. They can log into the network, but that is about it. Then, they ask for permission to use the mouse buttons and i use pre-established guidelines to determine if they truly need to be able to click … anything or whatever they want to click. Eventually, they can get their job done, and they do not realize they are able to function with less then 10% of their old access. Then, when this is all done, i show the management what has happened, and they usually learn a lot about how their company operates. Usually, they give their assistants pay raises because they realize that they do just about everything in the universe … well, this is an exaggeration, but hopefully you get my point.<\/p>\n Security … hardening … does not include felt gloves.<\/p>\n 6.) All computers have been given the same local password for the three of us who deal with administrative items to be able to easily access a computer even if the domain is unavailable for some reason. We had huge problems with this before. I am thinking about changing the administrator username as I have heard this could be a more secure method. Any thoughts?<\/p>\n<\/blockquote>\n Do not change the Administrator username. Completely useless. If a perp is in your network, they do not need the username to know who is in the Admin groups. It is a lame misconception that changine the admin username adds any security to a system. It may protect from pathetic attacks, but pathetic attacks will be caught elsewhere and will not have the chance to hit a server or such.<\/p>\n Do not have common Administrator passwords. This lends itself towards blame-shifting. Instead, give the three entities Domain Admin rights, or whatever they need to do their job, so they can flex that right throughout the network. If you need to give them local accounts, then give them local accounts and make that local account a member of the local admin group(s).<\/p>\n With great power comes great responsibility … was it spidey’s grandpa that said something like that? Anyhow, people are humans, and humans are not perfect. It is a good practice for users to only know THEIR login information. When logs are checked, they can be properly audited.<\/p>\n Since you digital buck stops with you, then you will know more than just your login credentials, but quite honestly if someone logs in with improper credentials then it is your problem, for which you are responsible.<\/p>\n The day i see that an Administrator has logged into a box, is the day i know something bad is happening.<\/p>\n 7.) I have one computer left to upgrade to WinXP. This is organizational because it is much easier and more secure to handle all XP machines rather then 2000. The jump to Vista will likely be made after I have left the company.<\/p>\n<\/blockquote>\n<\/blockquote>\n Where are you going?<\/p>\n Make sure to have insanely awesome documentation for whoever follows you, otherwise they can and will redirect all problems to that bozo who used to be in charge of IT. Oh, and if the management has a copy of that documentation, the replacement IT head cannot lose or fiddle with it.<\/p>\n 8.) I have ensured every desktop utilizes a “My Documents” redirect. I say this is ongoing because I am in the process of figuring out how to redirect the “My Music” folder back to the local machine as we do not want a user’s music on our server for various reasons. Any thoughts on this?<\/p>\n<\/blockquote>\n<\/blockquote>\n Delete the My Music folder.<\/p>\n Since the above may not fly … At one company, i found that so many people used music to get them through the day that we actually put up a music server, with a aslkdjfqlkhwetklwhetakshdfakshdk—byte of storage space (a lot), then shared the whole thing for the entire company to peruse. (with read-only access of course) One person was in charge of ripping CD’s which took a long time, but once that was done, life was glorious.<\/p>\n 1.) Maintenance is the same issue as with workstations, but with laptops being in and out all the time it has been much harder to get them going strong.<\/p>\n<\/blockquote>\n<\/blockquote>\n It may be worthwhile to obtain a “spare.” Then when Joe Random comes in from his trip to asia, you can snag his laptop while he is in a meeting snobbing it up with the big cheese, and you can move his data from his crusty notebook to your spare clean and up-to-date notebook. Then, when he gets out of the meeting, when he is out of his meeting, you can hand him his “new” notebook, and he feels good because he is soooo kewl he gets a new notebook, and you feel good because you can wipe his old one and reimage it to a current state for the next guy coming in tomorrow from europe.<\/p>\n 2.) I have a naming convention of LAPDEPT-INITIALSOFUSER I know that it’s pretty easy to determine which computers are laptops, but this makes it even easier for me so that I can sort them easily. To me, laptops are a different breed then workstations. Some people clump them together, but think about it… a server can do a workstations job, but we all know to separate them out. Laptops are no different. There isn’t a soul at this place that doesn’t have a laptop that they use primarily as their computer, except for one guy who doesn’t even have his own office and is rarely here anyway. Therefore, separating the laptops in this fashion seems very beneficial to me.<\/p>\n<\/blockquote>\n I touched on this above.<\/p>\n I do want to stress however, do not make more work for yourself when you do not need to do so.<\/p>\n 3.) In the process of utilizing Untangle box with OpenVPN, ( www.untangle.com<\/a> ), to create a secure VPN connection for our computers. All our laptops will soon have this functionality where they haven’t had it before. Our laptop users have been begging for the opportunity to access their files on the road and they will now have it.<\/p>\n<\/blockquote>\n<\/blockquote>\n You rock. Open source rocks!<\/p>\n 4.) Upgraded all laptops to meet the demands of our mobile users. We still have a small ways to go, but most of our laptops are running relatively well, (although not the best and greatest, they do the job designed of them).<\/p>\n<\/blockquote>\n<\/blockquote>\n Nice.<\/p>\n 5.) Laptops have been given the same password as desktops, however, I have begun to think it might be a wise idea to give them a separate password. This would mean that if their computer got stolen or hacked into via some unsecured wireless network, then that password could only be used on the rest of our laptops… computers which already have very limited security rights. So the reason this is “to do” is merely to change it from our desktop computer local passwords and also to think about changing the administrator username as well in this case.<\/p>\n<\/blockquote>\n<\/blockquote>\n This is a huge issue with a lot of my clients.<\/p>\n As i mentioned earlier, do not waste your time renaming the Administrator username.<\/p>\n I know this may go counter to the spiceworks mantra, but for notebooks, they should have their own unique admin passwords. Just keep track of them in something like KeePass.<\/p>\n If you created an account for Spiceworks within AD, and gave it near god rights on the network, then create another account called something like SpiceworksM within AD, and give it near god rights for a set number of computers … and place all of your laptops in that group. This way even if SpiceworksM is compromised, they may have an admin account in the network, but only for other notebooks. Then, when you learn that a notebook is lost, you only have to change the SpiceworksM password, update all notebooks, and move on. No one else will even notice.<\/p>\n Simply processes as much as possible, and do not create more work for yourself.<\/p>\n 6.) I felt I should say this… I did not believe that utilizing the My Document redirect was a wise idea. It just did not seem to fit well, regardless of the idea of the redirect originating from the need for laptops. Besides, with VPN capabilities on the way, it seems even less necessary. And one other reason is that users will use their laptops for personal use while on the plane or downtime in the hotel room and having all that extra stuff in our servers would not be, I believe, a good idea. And one other thought is that most of these laptop users have desktops and I was uncertain how the reaction would occur if they were working on their desktop PC and brought back their laptop but never decided to hook it up to our network… things, to me, would become “lost.” Thoughts on this would be greatly appreciated.<\/p>\n<\/blockquote>\n I do not see an issue here.<\/p>\n Notebook users know they are taking a piece of the network with them. If they do not, it is your job to educate them. Notebook users should know that part of the price for having the perk of taking this piece of the network around the world with them is that when they get back into the office, with all of the normal people, they have to synchronize their files. However you have them do this is up to you, but it is a simple process and can be nearly invisible to them if done properly.<\/p>\n They should also know that before they fire up their desktop, they should synchronize their notebook files.<\/p>\n As to storing extraneous non-work related data, they should know better, but yeah, it is a part of having a network with mobile devices. I am sure that if they have company phones they will store family names and numbers in their phones … such is the way of things. They should also know that because it is a company device at any time you or the IT department may and can wipe anything non-work related, and that you and/or the IT department have no obligation to store, backup, recover or otherwise deal with non-work related data.<\/p>\n Also, as part of any Acceptable Use Policies, or other policies, you may want to include that if they are storing anything illegal that the company is immune from legal persecution, and that the company cannot be held accountable for this in any way shape of form. Also, the company can fire, or press legal charges against them if they are using their corporate assets for illegal purposes. Um, all of that in legalese of course.<\/p>\n 1.) Organize AD Users & Computers into proper OU groups. I still have yet to do this, primarily due to the fact that I believe number two must be completed first AND because I still need to decide how best to set up our OU groups… how does everyone else do it? What should I watch out for?<\/p>\n<\/blockquote>\n<\/blockquote>\n You’re killin’ me Smalls.<\/p>\n 2.) Finish organizing the files on the servers. Where this seemed impossible before, it now seems more likely as we move into a new era of setting up a new ERP system and reworking the way a lot of things are being done. While we are reworking this, I want to set up a standardization of network mapped drives and where files should and should not be stored. Currently we’ll have W drive for half our computer users and the other half will not understand it… And the W drive for that half will be anything from our engineering share to the production share and even the shop share. Standardization on what should be engineering thought the -entire- user interface and other shares is a must… and most likely what needs to happen is a W, (which stands for “WorK”), should go to a ‘dept’ folder and then from there only those with proper security can enter the certain folders.<\/p>\n<\/blockquote>\n<\/blockquote>\n Good direction. This is such a specific needs type of issue, you are the best judge of how to handle this.<\/p>\n 3.) Do an upgrade to all our programs. It seems like I got hit with upgrades for everything and so to keep myself organized and secure, I need to perform upgrades for certain software programs utilized by the server.<\/p>\n<\/blockquote>\n<\/blockquote>\n How do you handle these? Do you push them out, or what?<\/p>\n 4.) This kind of ties into #2<\/span>, but basically have a plan for each server. We currently have three W2K3 servers and one Debian server and we need to have a plan for these four servers. I have pretty much set up that server A hosts our email, tape backup server, AVG central management and our old ERP system as well as our legacy department folders… Server B will host all our files, including the setup and design of new department folders as is requested by project 2 of the servers. This server also includes WSUS and our replication program. Server C will host our new ERP server exclusively including the databases and other information regarding the new ERP system. Server D, the linux server, will perform misc. tasks including tasks I deem a necessary fit for linux and it will also hold our archive of information we rarely get to, such as old emails or old autocad drawings. So this task seems pretty well complete and ready for #2<\/span> to take place.<\/p>\n<\/blockquote>\n … and server 5, also a Debian linux server, handles all of our music via SAMBA. 5.) I have attempted to make our server names obscure, but not illegible. They are pretty easy to figure out the naming scheme but at the same time they aren’t as simple as “production server” or “file server,” etc…<\/p>\n<\/blockquote>\n Well, if they are not DEPT-xyz then they are probably servers. Or, if they have a gang of traffic to/from them, they are probably servers. Or, if nmap or such determines their OS is a server class OS, they are probably servers. Or, if they are in sacred IP ranges, they are probably servers.<\/p>\n I commented on naming of servers earlier. Server naming should be fun. It is a perk of the job.<\/p>\n I have one company logging into servers named after David’s mighty men … David, from the Bible, as in, David and Goliath. It makes my job a lot of fun when that client tells me they are having an issue with “Adino,” but that “Shammah” and “Eleazar” are working just fine!<\/p>\n 1.) We currently have a Watchguard firewall system that we are not utilizing all the services, including G/AV, IDS, Web Blocker, etc… I want to configure these to work well. I also plan to install Untangle which will provide an extra layer of protection and detection and will also include our new VPN services.<\/p>\n<\/blockquote>\n<\/blockquote>\n Woo hoo! More security! You go!<\/p>\n Heck, throw in some invislbe OpenBSD boxen between critical networks, as in between a router and it’s outside network (internet), and you can easily monitor all traffic, live, and play with the traffic as well.<\/p>\n 2.) Thanks to the new idea of double-firewalls and such, I may decide ultimately to create a DMZ with more then one subnet in our network. Currently our network is flat and if we utilize the functions of placing our Web server and E-mail server between the two firewall systems, this may ultimately secure us very well. What are your thoughts?<\/p>\n<\/blockquote>\n<\/blockquote>\n Depending on how you do this, you may create holes in your own security schema.<\/p>\n Do a lot of reading on this, and be sure of what you decide to go with before you actually go with it.<\/p>\n 3.) I have organized myself by utilizing the spiceworks helpdesk and inventory. It would be nice to eventually have a knowledge base so that I can have the power of three, but for now I do what I can. With the helpdesk, I organize my thoughts on what I need to get done and I use the inventory page and reports to help me achieve my job most effectively. A knowledge base would add to that organization by placing problems I have had before inside this database so that I, or others, can refer to them later. Hopefully Spiceworks will develop one sometime in the nearest possible future.<\/p>\n<\/blockquote>\n<\/blockquote>\n Make sure your Spiceworks box and all of its data is being properly backed up! It would not be good if all of your “thoughts” were mangled with an overheated HDD or such.<\/p>\n Well, I think I have pretty much done a good update on my network. Does there appear to be anything you wish to know more about?<\/p>\n<\/blockquote>\n What is your favorite color? j/k<\/p>\n Did I miss anything I should be doing or I am doing wrong? Please, let me know!! My next post, (not tonight), will include a quick summary of what has been mentioned here on this thread already by other users so that those who come visit this thread can quickly view it.<\/p>\n Anyway… enjoy and thank you for reading and helping out!! Mike, if you are game, whenever you are ready, we should get together and write a book. I am confident it would sell. There is a huge market out there consisting of IT professionals who have been thrown into the deep end.<\/p>","upvoteCount":2,"datePublished":"2008-03-13T14:20:17.000Z","url":"https://community.spiceworks.com/t/keeping-things-organized/1787/44","author":{"@type":"Person","name":"nje","url":"https://community.spiceworks.com/u/nje"}},"suggestedAnswer":[{"@type":"Answer","text":" So I’m a fairly new IT guy… been at the same company for almost 8 months now and it’s my first true IT job. I don’t get paid very well and have an even shorter budget but I guess without a college degree (currently) that’s just how life goes.<\/p>\n I like to believe that I am fairly decent with computers and what I do not know I can quickly learn. I am truly enjoying the opportunity to learn what I can here at my job since this is the first time I’ve been on a fairly large scale network.<\/p>\n We currently have about 70ish computers but are growing all the time. Our purpose is to manufacture quality concrete/cement silos, augers, bins, etc… and we’re always having to find more space for new people we have to keep hiring (which means more computers).<\/p>\n I have thoroughly enjoyed reading stuff here on spiceworks and truly hope that eventually I will become a pretty good expert at using it as well as an expert at my current network.<\/p>\n My company has had a great person running the computer systems (my boss) but as of late they hired one person who was fixing computers, helped them move into the modern era of Windows SBS 2003 and an HP Proliant server (well, two of those anyway). He decided to move on and do other things and so left me this network that is very disorganized and yet never enough time to fix things because we’re growing and NO ONE here really cares for change.<\/p>\n My boss does agree that we have a serious problem and we need to figure something out but I honestly don’t know what to do. The most I’ve done is finally gotten a ‘master list’ of computers up on our Active Directory. Before that we had about 50 or 60 old computers that we never even had anymore on active directory AND many of the names of each computer did not fit any sort of standard so I went from one computer to another, found it’s purpose and named it accordingly and removed the computers we no longer had.<\/p>\n My goal now is to… 2.) Keep the current computers maintained, up to date and fix them so they ARE set as the ‘standard’ (Some don’t have programs like UltraVNC and those that do have different passwords and such… that’s just an example). I figure Spiceworks can help keep me maintained but I still have a handful of unknowns that I have asked for the communities help on (here’s 1: http://community.spiceworks.com/topic/3469<\/a> ) and WSUS is doing a decent job keeping all the computers updated with the latest windows updates.<\/p>\n 3.) Find ways to consolidate our data on our servers. The stuff is currently just thrown on there in a very disorganized fashion… unfortunately this is part where many people wouldn’t want to change since they know how to get to certain things a certain way but what about the new people that come? It takes them an awfully long time to figure things out.<\/p>\n 4.) Organize our software… We have many software apps on our network and just as many disks… How do I keep track of the disks that come with our computers? Currently my boss feels we are too small to do any type of “bulk-purchasing” so we buy our computers one at a time on eBay. (Don’t get me wrong… we buy Dell Optiplex GX620 so we do okay, but… so many disks).<\/p>\n 5.) Keep everything from manuals to licenses (and the agreements) to pretty much every piece of paper set up in an orderly fashion… so that way we can find things easily when necessary.<\/p>\n I’m sure there is more, but starting with that would be AWESOME… If it was possible for me to get everything above taken care of I think I’d be setting really well here. Unfotunately our budget is the smallest you can possibly imagine… especially since we’re considering moving to a different accounting software (rather than MAS90, we may move to something else).<\/p>\n Maybe you guys could share your experiences and advice on what I could do… even if you have advice on stuff not mentioned above, I would GLADLY listen. I am buying books when I can and reading when I can (currently am swamped with a million things in life but a couple weeks down the road may be a lot better for reading and such)… I guess I’m just asking for advice on being an IT person… the only IT person.<\/p>\n Thanks for the help!<\/p>","upvoteCount":40,"datePublished":"2007-07-13T10:51:29.000Z","url":"https://community.spiceworks.com/t/keeping-things-organized/1787/1","author":{"@type":"Person","name":"samreeves7636","url":"https://community.spiceworks.com/u/samreeves7636"}},{"@type":"Answer","text":" oh and one more thing… I was wondering if there was a way to be able to log network and internet activity? Something I could run a report at the end of the day and see which users have been to which websites and which files have been accessed on the network?<\/p>\n The internet thing would be a definite need, the network thing would be a great tool to see what people are doing to keep are network fairly slow.<\/p>\n Oh and while I’m asking for all these things, if anyone wants to ship me a Supersized Big Mac with a DIET coke, I’d be greatful! THANKS!<\/p>","upvoteCount":0,"datePublished":"2007-07-13T11:07:03.000Z","url":"https://community.spiceworks.com/t/keeping-things-organized/1787/2","author":{"@type":"Person","name":"samreeves7636","url":"https://community.spiceworks.com/u/samreeves7636"}},{"@type":"Answer","text":" Greetings.<\/p>\n I apologize for the lapse in responses.<\/p>\n Back to business …<\/p>\n You have some work cut out for you … yessiree.<\/p>\n MReeves wrote:<\/p>\n … helped them move into the modern era of Windows SBS 2003 and an HP Proliant server (well, two of those anyway).<\/p>\n<\/blockquote>\n I personally do not like SBS, but so be it.<\/p>\n My boss does agree that we have a serious problem and we need to figure something out but I honestly don’t know what to do.<\/p>\n<\/blockquote>\n Your boss may at some time read this, so i will refrain from the blatant political tactics you could consider. I do think that subliminal messages are just dandy though. MReeves deserves a raise.<\/p>\n That shared, your boss is perhaps your strongest resource. I do not know your bosses role in the company, but either way, you report to him, so you need his 100% support. You need him to cover your six. Basically, build a rough plan, then take him out to lunch and lay it out there. Tell him you know what needs to take place in order for your company to increase profits, as IT can be a huge drain on funds, but it can also have a beautiful ROI. Tell him you need his full support to make things work.<\/p>\n Once you have his full support, keep him in the loop. Face-time. Meet every morning for five minutes or such, and make sure your boss sees value in the meetings. Also, as a united front, branch out and talk with other board members, executives, and managers. You, as the lower chap on the organizational charts, should also be out mingling with the people who actually make the company work, ie people who are not board members, executives, and managers. Build relationships, and listen.<\/p>\n While all of that is going on …<\/p>\n The most I’ve done is finally gotten a ‘master list’ of computers up on our Active Directory. Before that we had about 50 or 60 old computers that we never even had anymore on active directory AND many of the names of each computer did not fit any sort of standard so I went from one computer to another, found it’s purpose and named it accordingly and removed the computers we no longer had.<\/p>\n<\/blockquote>\n Documentation is important. You must not only be a network ninja, but you must also be a kick butt take names paper warrior, and documentation is how you keep your blades sharp and your reflexes sharper.<\/p>\n Keep your lists as simple as possible. You know … KISS. Spiceworks is a wonderful resource for this.<\/p>\n My goal now is to…<\/p>\n<\/blockquote>\n That’s the spirit! Goals!<\/p>\n 1.) Find a way to set up computers ‘on-the-fly’ where I can run some sort of script and it will install all of our usual programs with the settings predefined (UltraVNC, MS Office 2003, MAS90, Adobe Acrobat Reader 8, etc).<\/p>\n<\/blockquote>\n I am going to skip this one for now. Perhaps someone else will comment on it. I personally believe it is a secondary issue which may be clearer once you handle some other issues. See #4<\/span>.<\/p>\n 2.) Keep the current computers maintained, up to date and fix them so they ARE set as the ‘standard’ (Some don’t have programs like UltraVNC and those that do have different passwords and such… that’s just an example). I figure Spiceworks can help keep me maintained but I still have a handful of unknowns that I have asked for the communities help on (here’s 1: http://community.spiceworks.com/topic/3469<\/a> ) and WSUS is doing a decent job keeping all the computers updated with the latest windows updates.<\/p>\n<\/blockquote>\n I like the tie-in to the other thread. As to #2<\/span>, i will skip this one as well, as it too seems secondary. See #4<\/span>.<\/p>\n 3.) Find ways to consolidate our data on our servers. The stuff is currently just thrown on there in a very disorganized fashion… unfortunately this is part where many people wouldn’t want to change since they know how to get to certain things a certain way but what about the new people that come? It takes them an awfully long time to figure things out.<\/p>\n<\/blockquote>\n Of the items you listed as Goals, i believe #3<\/span> is a solid place to plant your flag and fight.<\/p>\n Before you do anything that may cause ripples to go outside of your trusted circle, which by the way is made up of you and your boss, CYA. Actually, always CYA, even when dealing within your trusted circle. (PS, secret handshakes are cool, and MReeves deserves a bonus.) CYA … Cover Your Assets … sorta. Anyhow, before you do something that the rest of the company will see or feel, make sure you are prepared. In regards to #3<\/span>, this means make sure your Active Directory entries for users, groups, and such is clean and efficient.<\/p>\n Log into your server, and make sure that the users are all properly configured. Worry about tightening security and such later, just make sure that things are organized well inside of Active Directory. Also, make sure that you are comfortable in AD. You do not need to be a Group Policy guru, just know that it exists and perhaps even how to look at GP settings. Nothing fancy. KISS.<\/p>\n Open the Active Directory Users and Computers mmc and press F1. Then, read.<\/p>\n An example of a basic KISS layout:<\/p>\n OU: Divisions OU: Groups Move the Active Directory User accounts to their respective Division OU. So, your account should be in the IT Division OU. Your boss should be in the Executive Division OU, unless he is just an IT Manager, or such. Executives are CEOs, CFOs, and so forth. Have a company organization chart handy. Also, in smaller companies, sometimes roles carry into multiple divisions, and in such cases, it may be necessary to create a unique group for their role, but try to avoid this when possible. Also, just because someone is in the Financial group/division, does not mean they are entitled to full rights in that group, so you may want additional groups for each divisions management. Before you solidify anything, perhaps draw it out on paper, and keep in mind that data storage may somewhat mimic the AD structure. Try to keep it as KISS as possible, but at the same time, cover all your bases and have reinforcements just over the embankment.<\/p>\n Once your AD structure is sound, then determine where you can store your corporate data. By this time, you will probably have a better understanding of how your company is divided, and applying that knowledge to the data then becomes the issue to take down, which really should not be too much work, considering how deep you will be into the matter by that point. Basically, start with a generic mimic of the AD Divisions structure, and branch out accordingly. For managers and such use the specific management groups mentioned earlier on selected folder hierarchies.<\/p>\n Share just the basic “root” folder, to minimize shares to manage. Map drives to specific departments/divisions.<\/p>\n Set aside a location, on the network, for software applications. Be very<\/em> careful as to who has access to this folder. At times, it may be acceptable to give read-only rights out to general users, but do so sparingly. See #1<\/span>, #2<\/span>, and #4<\/span>.<\/p>\n 4.) Organize our software… We have many software apps on our network and just as many disks… How do I keep track of the disks that come with our computers? Currently my boss feels we are too small to do any type of “bulk-purchasing” so we buy our computers one at a time on eBay. (Don’t get me wrong… we buy Dell Optiplex GX620 so we do okay, but… so many disks).<\/p>\n<\/blockquote>\n Once you place as much software as possible onto the network, you will basically just need a CD folder (physical) to store CDs. Access from then on should be through the network.<\/p>\n If you want to keep discs physically organized with specific machines, you are somewhat setting yourself up for a lot of work. But we have clients that demand this, and in such cases, we recommend clear plastic folders labeled with the device name and/or serial number/inventory ID. Any hardcopy stuff that has to do with a specific device goes into that devices folder. I recommend they be clear, because it is easier to go through them that way, especially when trying to read discs and the likes. You could try to document everything, but i think you should save that for when you have an assistant.<\/p>\n 5.) Keep everything from manuals to licenses (and the agreements) to pretty much every piece of paper set up in an orderly fashion… so that way we can find things easily when necessary.<\/p>\n<\/blockquote>\n\n
\n
\n
\n
\n
\n
\n
\n
\n
\n
\n
\n
\n
\n
\n
\n
\n
\n
\n
\n
\n
\n
\n
\n
\n
\n
\n
\n
\n
\n
![\":wink:\"](\"https://emoji.discourse-cdn.com/twitter/wink.png?v=12\" "\\":wink:\\"")
<\/p>\n\n
\n
\n
\n
\n
\n
\n
\n
\n
\n–Mike Reeves<\/p>\n<\/blockquote>\n
\n1.) Find a way to set up computers ‘on-the-fly’ where I can run some sort of script and it will install all of our usual programs with the settings predefined (UltraVNC, MS Office 2003, MAS90, Adobe Acrobat Reader 8, etc).<\/p>\n![\":stuck_out_tongue:\"](\"https://emoji.discourse-cdn.com/twitter/stuck_out_tongue.png?v=12\" "\\":stuck_out_tongue:\\"")
<\/p>\n\n
\n
\n
\n
\n
\n
<\/p>\n\n
\nOU: Divisions: IT
\nOU: Divisions: Executive
\nOU: Divisions: Sales
\nOU: Divisions: Marketing
\nOU: Divisions: Financial
\nOU: Divisions: Production<\/p>\n
\nMake a group for each Division that has it’s own OU, as above. Later you can create a “general employee” type of group, but it’s not mission critical at this point.<\/p>\n\n
\n