Best Practices in Workgroup Maintenance?

option8 asks: "As the sysadmin for a smallish workgroup (15 or so users) I'm constantly wrestling to balance a regular maintenance regime with the users' continued productivity. As it is, I strive to keep my regular maintenance to a minimum -- optimizing drives, checking for directory and file corruption, permissions repairs, clearing logs, software updates -- after hours, on weekends, or whenever someone goes on vacation. I have a lot of stuff scripted - backups and whatnot go off every night - but there's a lot that requires at least a minimum of my 'monkey clicks the Okay button now' attention. Is this the best way, or do the other BOFHs out there have a better solution to regularly scheduled maintenance for the workgroups/labs/studios they oversee?"

Re:Remote Desktop and Weekends

[TripMaster+Monkey]

I use DameWare myself...glad I was able to talk the boss into it. System administration without DameWare would be a real drag...yes, everything you can do with DameWare can be done with the regular Windows software (Remote Desktop, etc.), but DameWare makes things much more centralized and easily accesable. Bottom line: I'd highly reccomend it.

Hire a monkey.

[green+pizza]

Seriously. You are the sysadmin, not a digital janitor. OK, so even if you can do all of this maintenance work from home via Remote Desktop on a Sunday afternoon -- do you really want to? Is this in your job description? As you pointed out, you still have do do the monkey clicks. Even if you script everything, you'll still need to do basic functional tests after the smoke has cleared.

I know of at least one shop in town that has hired weekend help (usually honest and lonely college students) to maintain their end-user Windows PCs. At the end of the year the monkey salary still adds up so little that it's still cheaper than moving to a new platform (Linux, Mac OS X).

Monkey clicks

[leprasmurf]

I'm not sure which monkey clicks your talking about, but I know for windows patches, if you run them from command line you can put in flags. `KB###### /?` should give you the available options. What we've done at my work on certain occasions is to create a batch file that runs each of the patches, followed by a program that runs at the end to give priority to the proper patches (afraid I can't remember the program, but a google search should reveal). The "At" command also helps with scheduling that batch script. Another option we've explored heavily is PERL scripts.

One thing that is suppose to work well, though we can't use it at my site, is a SUS server. This is suppose to be a middle man for windows update. Allows you to approve patches before installing, and then you point all your windows boxes to the SUS for updates.

I knew a sys admin who could automate just about anything, and was lazy, so if he had to click, it wasn't good enough for him. There are a ton of tools in the windows 2k/2k3 resource toolkits. Hope this helps some.

lazy admin is good admin

[outcast36]

I wanted to reiterate how important scripting is for your sanity. Be sure to check out the resource kits that come with each OS & IIS. These have lots of command-line scripts that lend themselves to some time-saving admin scripting fun.