[Lias] Seeking Recommendation for Tech Support Company
Les Bell
lesbell at lesbell.com.au
Mon May 24 16:37:01 UTC 2004
Robert McLeay <robert at fearthecow.net> wrote:
>>
As far as I can see, the main problem with this network is that it isn't
very consistent - you're supporting 4 different desktop operating
systems, some of which are ancient (NT 4, 98). There would be a fairly
high amount of time required wandering around to patch/fix these all.
<<
Got it in one, Robert. Just supporting roaming profiles on a mixture of NT
and 2K/XP is reckoned to be a death-defying stunt, according to what I've
read. The NT boxes have got to go. And as you say, wandering around is
incredibly time-consuming.
>>
For the patching of windows 2000 and XP, you should be able to set up a
SUS server to automate the patching
<<
Yep - just after I'd set up a set of scripts to install the right patches
in the right places, DET installed a SUS server and sent out a "Desktop
Security Upgrade Toolkit" CD with some required patches, Symantec Antivirus
Corporate Edition and the SUS client-side config on it. We're rolling that
out onto the 2K/XP systems at the moment, and that should ease our pain
somewhat.
>>
If you block 137-139, 445, 5000 and a few other ports at your gateway,
and ban staff from plugging in laptops from home (or force them to use a
highly locked down VLAN) you should fix most of the problems with
viruses/worms, especially if you use a SUS server or Altiris/the like to
roll out patches.
<<
Unfortunately, we have no control over the gateway (there's a Cisco 4500
switch in there, but I have no idea what ACL's are in it, etc.). Likewise,
we're stuck with DET addressing conventions which leaves us very little
room to maneouvre in terms of adding a firewall. It's crossed my mind a few
times, but it's not so much a technical issue as a political one. ;)
>>
Have you thought about grabbing a final (or later) year uni student to
handle the more complicated stuff like managing switches, vlans,
servers, etc and grabbing some TAFE work exp. students to handle desktop
support? I don't really know how complex your set up is, of course, but
many uni students should be able to handle this stuff easily, especially
if you're using common gear.
<<
It's on the agenda, but right now, the principal wants someone on call and
is happy to pay for a high level of support. (Since I've been doing it for
free so far, I whole-heartedly agree ;) ). Maybe once we get things under
control there'll be scope for us to involve some TAFE students etc. on some
development work and more interesting stuff.
>>
Imaging computers is your friend! You mention that you're joining
machines to the domain - if they're part of a domain, you should be able
to force an update policy on them, to avoid requiring people wandering
around with CDs of patches.
<<
Correct. Unfortunately, there's a mix of hardware in there, but we're
working on that now.
>>
And yes, here too, the Linux servers are by far the
most reliable as well. :)
<<
Yep. There's an interesting project management lesson there: don't
introduce something new and unfamiliar to non-technical management (like
Linux) while at the same time making large changes to other parts of the
infrastructure. Linux will get unfairly blamed for Windows problems. . .;)
Thanks for your comments, there's some good thoughts there. . .
Best,
--- Les Bell, RHCE, CISSP
[http://www.lesbell.com.au]
More information about the lias
mailing list