22.02.2004
Life as a win32 Network/System Administrator
It can be a very frustrating time to try and do your best in a win32 world. Particularly when you have to manage an old forest which has :
- No automated software distribution to servers
- No automated reporting
- No patch management of any sort
- No defined AV updating methodology
So to try and make my job easier, I’ve now implemented most of the above in the test part of the this forest (45+ servers, 9 domains, 5 application servers total used, maybe 5 users). Using SUS. MBSA and some vb scripts I’ve whipped up, I’ve now got the whole test forest doing daily checks of SUS and everything aside from some critical DCs do automatic reboots. Using MRTG, I can monitor what is happening with these boxes (cpu, network, uptime, diskspace).
I’ve also implemented an automated AV updating and scanning setup but haven’t really worked out how to report properly on that. I can at least report via html/csv what the definitions are which is a huge advance over what we had before (nothing).
My manager and co are rather happy about this as this takes rather a weight off them (they now only have to worry about the legacy NT4 stuff - 77 days to patch everything with ms04-007 apparently - horrible isn’t it). My comment to him when he asked about implementing something like that into NT4 land was “If it doesn’t have terminal services and WMI, I’m not touching it.” Meant seriously but also in jest. These two technologies combined with a scripting languages like Perl and vbscript along with technologies like SUS definitely ease the pain.
Now to think some more on how to get AV logs rotated and reported on. Then plan how to implement this into production (yes, it is Sunday….).