Windows Vista : Performing Local PC Administration (part 2) - Performing common workstation administration tasks

10/25/2011 11:49:39 AM

2. Performing common workstation administration tasks

When you administer workstations, you quickly notice that systems administration focuses on three key tasks:

Day-to-day administration of systems, often called proactive administration because it is performed before issues occur.
Building a proper set of tools for administration, both local and remote.
Troubleshooting when issues arise, often called reactive administration because it is performed after an issue has occurred.

The first task is easy because you can schedule its activities between daily, weekly, monthly, and ad hoc timelines. The second task is also easy because this is a one-time operation. The third task is more difficult because you never know when it will occur. However, if you create a proper administration schedule, you should have free time every day that allows you to deal with unexpected issues. And, if you set up your management and administration environment properly, you should be able to limit the occurrence of these unexpected issues.

One key element that greatly limits the number of unexpected issues is user education. Spend as much time as possible showing them how to do things right in Vista. It will save you a lot of time in the end because you won't have to deal with the simplest user issues.

Building an administrative task schedule

Ideally, you will be using a schedule of operations to perform administrative tasks. You have to deal with daily, weekly, monthly, and ad hoc tasks. The best way to do this is to use the following approach:

Daily tasks are performed first thing in the morning.
Weekly tasks are performed on Monday and Wednesday afternoons.
Monthly tasks are performed on Tuesday afternoons.
This leaves Thursday and Friday afternoons for ad hoc tasks.

In addition, you can automate several tasks. For example, you can get the Event Log to forward notifications of low disk space. You can also set a scheduled task to automatically clean temporary files from systems when low disk space notifications occur. Although you still need to monitor this task, it will be performed automatically for you so, instead of performing the task, your responsibility will be to verify that the task has been performed.

Ideally, your schedule will stay firm and if you set everything up right, overtime will be kept to a minimum.

Use Outlook's Task Management features to build your administrative task schedule. It will remind you of all the tasks you need to perform and when you need to perform them.

Table 4 outlines the tasks to perform and their frequency.

Table 4. Windows Vista Administration Tasks
Task Number	Task Name	Frequency	Comment
VA-01	Run As Administrator	Daily	Although this is not really an administrative task, you should make a habit of using a standard user account to perform everyday work and then, use Run As Administrator to perform any administrative task.
VA-02	General System Status Verification	Daily	Review Event Logs on each PC to determine if there are any issues.
VA-03	Security Event Verification	Daily	In secure environments, you need to review auditing information on each sensitive system to identify if any untoward events occur.
VA-04	Anti-malware Update Management Daily	Daily	You need to verify that anti-virus and anti-spyware definitions update work correctly in your environment.
VA-05	Backup Generation and Verification	Daily	User data should be backed up on a regular basis. Ideally, it will be redirected from local PCs to shared folders residing on servers. In addition, you need to provide overall systems protection. Finally, you need to test backups to make sure they work properly.
VA-06	Uptime Report Management	Weekly	Review uptime reports for each system. Identify reboots and find out why.
VA-07	Free Space Verification	Weekly	You need to verify that users are not running out of space on their systems.
VA-08	Network Traffic Monitoring	Weekly	You should regularly monitor network traffic from select points on your network to ensure everything is working properly.
VA-09	Volume Shadow Copy Operation Verification	Monthly	You need to make sure that Shadow Copies are operating properly on your user's PCs so that they can recover data as needed.
VA-10	Search Service Configuration	Monthly	Verify that the search configuration is set properly on each system.
VA-11	Disk Integrity Checking	Monthly	Run the disk checking tool on each system to correct any potential issues.
VA-12	Disk Defragmentation	Monthly	Verify the status of disk defragmentation on each system.
VA-13	Temporary File Cleanup	Monthly	Proactively clean up temporary and other file clutter on each system.
VA-14	Wireless Connection Status Verification	Monthly	Review wireless connectivity in your network and make sure users have full access to this service.
VA-15	Wired Network Connection Setup/Verification	Monthly	Review wired network connectivity and make sure user configurations are set properly.
VA-16	Remote Access Verification	Monthly	Review remote access settings and make sure users have secure access to internal systems.
VA-17	Security Patch Update Management	Monthly	Review security updates, test them and apply them to affected systems.
VA-18	Security Policy Review and Update	Monthly	Review the security policy and determine whether updates are required. Keep user communication on security issues current.
VA-19	Security Template Creation/Modification	Ad hoc	Security templates allow you to control overall security settings on your systems. They often need to be reviewed when untoward events occur.
VA-20	Inventory Management	Monthly	Review inventory details. Determine if components are missing and review changes to overall inventory.
VA-21	Script Generation and Maintenance	Ad hoc	Create scripts for operation automation and make sure they are working properly.
VA-22	Service Pack Deployment	Ad hoc	Review applicable service packs, test their installation and perform their deployment.
VA-23	System Documentation	Ad hoc	Much as you hate to do it, you need to document the state of your environment on an ongoing basis.
VA-24	System BIOS and Firmware Management	Ad hoc	When new firmware and BIOS software is delivered for your systems, you need to test and then apply it.
VA-25	Device Management	Ad hoc	You need to review and approve new devices as they become available for use in your network.
VA-26	PC Rebuilds	Ad hoc	Occasionally, you need to repair a PC that is damaged beyond recovery.
VA-27	User Support through Windows Remote Assistance	Ad hoc	Users will require assistance on an ad hoc basis. You need to be familiar with the procedure.
VA-28	User Password Reset	Ad hoc	Occasionally, you must reset a user password so that they will be able to access the network.
VA-29	PC RDC Management	Ad hoc	You need to properly manage the Remote Desktop Connections you create to access PCs in your network.
VA-30	Software Installation Management	Ad hoc	Occasionally, new software must be deployed to PCs.
VA-31	GPO Management	Ad hoc	Occasionally, you need to create or modify existing GPOs to control more settings on your systems.
VA-32	Computer Object Provisioning	Ad hoc	As new systems are brought on board in your network, you need to pre-populate the Active Directory with their accounts so that when they join the network, they will immediately be subject to appropriate Group Policies.
VA-33	Internet Information Services Operation	Ad hoc	IIS should not be located on a PC except for development or testing purposes. Nevertheless, you need to verify its proper operation when it is installed.
VA-34	System Diagnostics	Ad hoc	When things go wrong on a system, you need to perform diagnostics to discover where the issue lies.
VA-35	Encrypted Folder Recovery	Ad hoc	When users lose access to their encrypted files, you need to use the recovery agent to restore them.
VA-36	BitLocker Drive Encryption	Ad hoc	When users lose access to their encrypted drives, you need to restore them through the recovery agent.
VA-37	Transfer User Settings	Ad hoc	Occasionally, you must change individual user's PCs. When this occurs, you must transfer their settings from one PC to the other.
VA-38	Set Up Accessibility Options	Ad hoc	Some users have disabilities which require different accessibility options. In this case, you must work with them to identify the appropriate settings.
VA-39	Set Up Multilingual Configurations	Ad hoc	If you work in an international organization, you may have to set up different languages for users to work in.
VA-40	Resolve Printing Issues	Ad hoc	In some cases, your users will have difficulty working with printers or print jobs. You will need to assist them in identifying and resolving the issue.

Table 4 lists administrative activities you need to perform on PCs. Networked environments normally host servers and it is these servers that normally provide centralized or shared services. Because of this, this table does not mention items such as Printer Management because printers should not be shared on PCs, but on servers.

Building an administration toolkit

The key to proper systems administration is having the right toolkit. You've already begun to create a standard administration desktop. Now, you need additional tools. Vista offers unparalleled support for comprehensive management tools. For example, you can rely on the Microsoft Management Console version 3.0 to build your own administration console, one that will give you access to almost every tool you need to administer both your own local PC and remote PCs. In addition, you can use the Windows Sidebar to display custom gadgets — gadgets that report information on system performance and on system operation. This turns your desktop into an administrative control system, one that provides a central base of operations for the support of PC operations in your organization.

First, begin by creating a custom console that gives you access to most of the operations you need. As you've seen before, the most useful of existing console is the Computer Management console found in Administrative Tools. Although this is a good general purpose console, it is not an all-encompassing tool. As shown in Figure 5 , Computer Management includes the following capabilities by default:

You can use it to manage either local or remote systems. The console opens the local system by default. To change to a remote system, right-click on Computer Management (Local) and select Connect to another computer. Type in the name of the other computer or select Browse to locate it and click OK. Some minor functionality will not be available on remote systems, but this console still gives you access to almost everything you need.
System Tools lists the Task Scheduler, the Event Viewer, Shared Folders, Local Users and Groups, Reliability and Performance tools and the Device Manager. Shared Folders are seldom used on PCs. Local Users and Groups are used mostly to manage accounts stored in the local Security Accounts Manager (SAM) database. I
Storage gives you access to disk management features for both local and removable storage.
Services and Applications gives you access to installed Services and WMI Control lets you configure the Windows Management Instrumentation settings on a system.

Several of the tasks you perform on an ongoing basis can be performed from here. For example, the Disk Management node gives you access to disk drives and especially their Properties (right-click on the drive). Here you can view free space, perform disk cleanup, check the disk volume, defragment it, and back it up as shown in Figure 6 . You also have access to hardware information for the disk, previous versions to restore data, and security descriptors for the data. These capabilities make Computer Management quite powerful. In addition, Computer Management automatically includes additional console contents as you add Windows Components to the system.

Figure 5. The Details of the Computer Management console

Figure 6. Performing Disk Management from the Computer Management console

However, Computer Management does not provide default access to everything. For this reason, you may want to modify it to create a custom MMC, one which will build on Computer Management's features and add even more tools.

In addition to all the features of the Computer Management console, this custom console should include the following snap-ins:

The Active Directory Users & Computers snap-in
Group Policy Management
NAP Client Configuration for the local system
Print Management for the local system
Security Configuration and Analysis
Security Templates
Windows Firewall with Advanced Security for the local system

You can add more snap-ins if you would like, or simply add them to discover their use. Note that many of the snap-ins listed in the snap-in dialog box are already part of Computer Management. To create this console:

Use Start => Run to execute the following command:
```
mmc /a %SystemRoot%\system32\compmgmt.msc
```
This launches the Computer Management console in editing mode.
Choose File => Save As to save the console as Custom Management Console.msc under the Documents folder. You save it in Documents to ensure it is protected and to make it easier to locate later.
Choose File => Add/Remove Snap-in to open the dialog box.
Click the Advanced button and check the Allow changing the parent snap-in option. Click OK.
Use the drop-down list to select Computer Management (Local) under Parent Snap-in. Doing this places additional snap-ins under Computer Management.
Double-click each of the snap-ins listed earlier. Click OK when done.
Choose File => Options, name the console Custom Management Console, make sure it is set to User mode – full access, and deselect Do not save changes to this console. Click OK when done.
Choose File => Save to save your changes.
Close the console.
Open the Documents folder in Windows Explorer and use the right mouse button to drag the console to the Quick Launch area; select Create shortcut here. Now, you can simply right-click on this shortcut and select Run As Administrator each time you need it.

There are several uses for this console as you will see, but it is basically the most common tool you will use to manage your network of PCs. The resultant console is displayed in Figure 7.

Second, get access to some cool gadgets you can add to yours and end users' Windows Sidebar to display system information. Gadgets can be found at the www.gadgetsforvista.net/site . Some cool gadgets that support system administration include the following:

Battery Gadget: This feature displays battery status information for notebooks and tablet PCs.
Drive Information Gadget: This gadget lists the status of your disk drives in Vista.
Network Utilization Gadget: This gadget shows a graphical display of network throughput from your system.
Remote Desktop Gadget: You can use this gadget to quickly link to any remote desktop.
Uptime Gadget: You can find out how long a system has been running.

This list is not exhaustive, but it displays a selection of tools you can use to make your life as an administrator easier. The resultant desktop including the custom console is displayed in Figure 7.

NOTE

New gadgets come out almost every day. Make sure that you check the www.gadgetsforvista.net/site on a regular basis to discover what other cool tools you can rely on.

Figure 7. Working with a Custom Administration Desktop

Using a standard troubleshooting strategy

Despite your best administrative efforts, your users will run into situations that will either be due to their inexperience or to their use of tools or components they shouldn't normally have access to. When this occurs, you need to troubleshoot the issue and discover how to fix it.

NOTE

Users should not run computers in administrative mode even if User Account Control is enabled. Users should be locked down and have only standard user access rights. Vista has made vast improvements in the ability a standard user has to control the computer environment and this should be sufficient. You'll soon find that if you lock down computer systems, you'll have a much more stable PC environment.

Troubleshooting is usually based on a series of questions you need to answer. Common questions should include:

Who was using the PC when the problem first occurred?
Who else has been using the PC, and have they experienced similar problems?
Who has worked on this problem previously (if it has happened before)?
Who has the same problem on another PC (that you know of)?
When did this problem occur the first time, and has it occurred since?
When was the last time you downloaded or installed application?
When was the last time you installed new hardware?
When did you last clean up the PC with Disk Cleanup or Disk Defragmenter, delete files or cookies, or perform similar deletions of data?
What are your thoughts on what caused the problem?
What have you tried to troubleshoot the problem yourself?
What do you think can be done to solve the problem?
Why do you think the problem occurred?
How do you think the problem occurred?

NOTE

Windows Vista includes a new set of tools for event management. Many of the questions listed above can be answered by reviewing the information in the Vista Event Viewer.

Then, you need to use general troubleshooting procedures to resolve the issue. These procedures should include:

Locate a solution by searching the PC's help and support center
Locate a solution by searching the company's support files
Search manufacturer's Web sites
Search technical sites (MS Knowledge Base, TechNet)

Basically, you need to use a troubleshooting process, as shown in Figure 8 , to resolve the issue. Relying on this process ensures that issues are resolved as quickly as possible, and documenting solutions will ensure you can build a list of solutions for future reference.