Well, I've had a week and two days with the new job. I'm not getting full-time hours yet because I'm still taking a class, but I have been spending quite a bit of time in Elk City lately. For your enjoyment, I give you my initial impressions.
There is no centralized mechanism for deploying machines. The machines are generally about the bare minimum for running the OS and software put on them—well, they could run on less, but it would be painfully slow. Windows 98 is still running on a lot of machines, even some that were purchased well after the release of Windows XP. Before Windows XP was released I would have switched to Windows 2000 since either is much better suited to a networked environment than Windows 98. Security in Windows 98 doesn't really exist since the FAT32 filesystem doesn't care about things like ownership or permissions. Anyway, back to the deployment issue... Here's the current procedure:
- Setup one machine and install Ghost
- Clone that machine to another
- Finish setting up the other machine with all the software and such and remove Ghost
- Remove the domain membership from machine to be imaged
- Include a RunOnce line in the registry to run NewSID
- Suck the image from the machine with Ghost
- Push the image to all the remaining machines with Ghost
- Go around to each machine and have NewSID do its thing and rename machines
- Go to each machine and join the domain
- Go to each machine and have do anything else you forgot...
Notice a problem? Here's the procedure I'd like to see. We'll assume we have a server dedicated to deployment.
- Setup one machine exactly how you want it
- Grab the image from the central deployment server
- Setup any scripts, etc., for things that need changed per machine
- Push image to clients
Now, if something gets messed up, it should be easily changed on the server machine and pushed back out to the clients. Anyway, this is one of those procedures that is much less complicated in the more reasonable and transparent operating systems, such as Linux and Mac OS X.
Next, there are other security vulnerabilities that I shouldn't discuss here, but trust me, they exist.
Things I would like to do/see in the not-so-distant future:
- Since we're pretty much only running Windows, a more homogenous software environment
- Secure computing policy
- Clean out legacy hardware and OSes
- Detailed inventory
- Increased use of ticketing system, possibly implement a new ticketing system
- Smooth out DNS
- New web site
I'm sure I've forgotten some things, but that's what I thought of tonight. Things I would like to see in the not-as-near future:
- Consideration of alternatives, e.g. Mac OS X, Linux
- True NAS server
- True backup system
- Gigabit
- Increased Internet bandwidth
- Increased implementation of standards
- Increased interoperability
And once again, I'm sure I left out some things. One thing I'm not used to is not having complete control over the machines. It wasn't too long before I had root access on thousands of machines when I was working at RCAC, and at Life@SWOSU I am the main system administrator. I do have quite a bit of access, just not in the same way I'm used to. Once the more trivial tasks are out of the way I'll need more control to really bring the school a more "enterprise"-feeling, managed network.
Don't get me wrong, there are a lot of things that have been done well, but there just lacks a feeling of automation and polish. Therefore it seems like too much time is having to be spent on maintenance or mundane tasks, and not enough time is spent on creative problem solving or on innovation.
Well, I think that's enough for tonight. You might get more later.
roommate
you know, my roommate has this very similar situation... i bet you would get along with him pretty good. i'll give you his number if you want, he could probably help you with some stuff.
Step Aside
Well, if they are telling you how to do it, they should step aside and let you do it your way. You probably know twice as much about it as they do.
Since you are new to this
Since you are new to this job, you must keep in mind that security decisions, policies, and procedures can come from Risk Assessments. It may be possible that you have just not been brought in to the fold of things in order to see the big picture and understand the business objectives and goals. The Risk Assessment will quantify and qualify the reasoning behind the policies and procedures that are implemented. Hang in there since you are still new to the environment, and keep in mind that there is never only one way to do things. Also, policies and procedures between private and public sectors can be greatly different.
While I see your point, it
While I see your point, it doesn't feel like any formal risk assessments were done. Risk Assessment was whether or not the guy they've had doing everything feels that something is or is not a big enough risk to deal with. I am just going along with things for now until I am able to get a better idea of things such as network topology and a more complete inventory. I should probably clarify that I am working for a school district and am the first person hired internally to deal with their technology. This has created a... unique environment where the person with ownership over everything is actually contracted by the school, and I, the guy hired by the school to take care of the technology, has whatever ownership he decides to give me. While I understand the concerns, I've always been given much more control over the machines I work with, even when dealing with thousands of nodes at RCAC, so it's just frustrating when I can't do something like join a machine to a domain because I've exceeded my limit. Anyway, enough about that. I do like the school and the people, I'm just still adjusting and getting integrated into the system.
Post new comment