Essential Windows System Administration
Tasks at MIT
Introduction
This presents an overview of some tasks
that MIT Windows System Administrators
typically perform. These duties need not
be performed by one person, and at many
sites the work is distributed among several
people. However, at least one person should
understand all of the chores and make sure
that someone is doing them.
Adding and Removing
Users
The system admin adds accounts for new
users and removes the accounts of users
that are no longer active. The process
of adding and removing users can be automated,
but certain administrative decisions (where
to put the user's home directory, on which
machines to create the account, etc.) must
still be made before a new user can be
added. When a user should no longer
have access to the system, the user's account
must be disabled. All of the files owned
by the account must be backed up to tape
and removed so that the system does not
accumulate unnecessary baggage over time.
Adding
and Removing Hardware
When new hardware is purchased or when
hardware is moved from one machine to another,
the system must be configured to recognize
and use that hardware. Hardware-support
chores can range from the simple task of
adding a printer to the more complex job
of adding a disk drive.
Performing
Backups
Performing
backups is perhaps the most important
job of the system admin, and it is also
the job that is most often ignored or sloppily
done. Backups are time-consuming and boring,
but they are absolutely necessary. Backups
can be automated and delegated to an underling,
but it is still the system admin's job
to make sure that backups are executed
correctly and on schedule.
Additionally the system admin needs to
understand how all of the software his/her
backup system must inter-operate with.
For example, database servers are typically
setup to be running whenever the server
is up. This can lead to problems backing
up the databases, as the database files
are still in use or otherwise locked by
the database while the backup software
is running.
IS&T recommends the use of TSM
for your local backup needs.
Installing
New Software
When new software is acquired, it must
be installed and tested, often under several
versions of Windows and on several types
of hardware. Once the software is working
correctly, users must be informed of it
availability and location. Local software
should be installed in a place that makes
it easy to differentiate from the system
software. This organization simplifies
the task of upgrading the operating system
since the local software won't be overwritten
by the upgrade procedure.
[Back
to top]
Updating
the Operating System
Approaching Operating System (OS) updating
it is useful to note some of the differences
and similarities between the various versions
of MS Windows.
Windows
Variations
Windows is packaged in two main formats:
a server version and a workstation version.
Each is designed for a system with discrete
functions within a network. Workstations
are designed to be used primarily by an
end-user, although they can optionally
share their resources with other systems.
Servers are designed to provide resources
and services to a collection of systems
(workstations and possibly other servers)
linked together by a local area network;
they can provide computing resources and
facilities (e.g., database services), disk
space, access to printers, networking-related
services (e.g., hostname resolution), and
the like.
Windows groups computers into collections
known as Domains, each overseen by a special
server system - the domain controllers
(DCs). These servers are responsible for
user authentication and other related activities.
Service
Packs and Hotfixes
While major releases of Windows products
are distributed on hard medium such as
CD-ROM, minor releases between major versions,
called service packs (SP's), usually come
by the net. The SPs are applied to the
basic OS, numbered sequentially within
a major release and successive service
packs are usually cumulative, including
all of the changes from the earlier ones
under the major release.
 |
|
Warning:
You probably do not want to be
the first on your block to install
a new service pack as soon as it
becomes available. Most prefer
to wait a bit and monitor Windows-related
newsgroups in order to allow any
problems with it to be identified
and solved (in other words, let
other people troubleshoot it).
Even when you do decide to install
a service pack, it is best to do
so on a test system first, rather
than on a critical production system. |
|
Service packs may be downloaded from the
Microsoft Download Center.
Once the download operation has completed,
run the executable, from either the command
line or the Start menu, or by double-clicking
on its icon. This unpacks it to a new subdirectory
of C:\Temp (assuming that C: is the system
disk) and automatically starts the program
Update. Run the executable
from the command line with the /X option
to unpack it without installing it; you
then can run Update manually
when desired. Once the service pack is
installed, the system must be rebooted.
It is best to allow the installation process
to create an uninstall directory; that
way, you can back out the service pack
changes to the system if problems appear.
 |
|
Note:
Service packs may need to be reapplied
if you add new hardware to the
system, install new software (such
as a new service or network protocol),
or restore a backup created before
updating the system. |
|
You can determine the current OS version
using the System Summary
in the Windows Diagnostics administrative
tool (it can be accessed from the Start
menu via the Run command
WinMSD.exe ). Alternatively,
examine System Properties, easily seen
with a right-click on the workstation icon.
Microsoft also supplies hot fixes to correct
specific problems corrected between service
packs. In general, you should install only
the hot fixes that address problems your
system actually experiences; this caution
is necessary because full regression testing
is not always completed before a hot fix
is released. There is an exception to this
in the hotfixes seen in the Critical Updates
section of Microsoft Update. These Security
Updates generally are patches to the latest
known and exploited holes found in the
OS.
Hotfixes may be downloaded from the Microsoft
Windows Update site (windowsupdate.microsoft.com),
using the current version of MS Internet
Explorer.
Windows
Update
How do I know if I need an update?
Windows Update scans your computer and
provides you with a tailored selection
of updates that apply to only the items
on your computer. During the scan, a list
of categories appears under Welcome to
Windows Update and the number of updates
that are available in each category is
noted in parentheses.
Critical Updates are important!
Any update that is critical to
the operation of your computer is considered
a "Critical Update," and is automatically
selected for installation during the scan
for available updates. These updates are
provided to help resolve known issues,
and to protect your computer from known
security vulnerabilities. Whether a critical
update applies to your operating system,
software programs, or hardware, it is listed
in the "Critical Updates" category.
How does it all work?
Follow a simple, three-step process to
get the updates you need to keep your computer
up-to-date:
- When you enter Windows Update, click
Scan for updates.
- As you browse through the available
updates in each category, click Add
to select the update of your choice and
add it to the collection of updates you
want to install. You also can read a
full description of each item by clicking
the Read more link.
- When you have selected all the updates
you want, click Review and install
updates, and then click Install
Now.
|
|
Note:
Some updates may require a computer
restart. In this case save your
work and close any open programs
before beginning the installation
process. |
|
Have questions about an update?
Each update is accompanied by a brief description
and a Read more link.
Click Read more at any
time to view information that is specific
to each update. Included in this information
are system requirements and, if applicable,
instructions on how to use and how to uninstall
the update.
To see the list of updates you have installed
from Windows Update, click View
installation history.
Related Documentation
System
Monitoring
[Back
to top]
Troubleshooting
Windows systems and its hardware occasionally
break down. It is the administrator's job
to diagnose problems and call in experts
when needed. Finding the problem is often
harder than fixing it.
Maintaining Local Documentation
As Windows is changed to suit organizational
needs, it begins to differ from the plain-vanilla
system described in vendor documentation.
It is the system admin's duty to document
aspects of the system that are specific
to the local environment. This includes
documenting any software that is installed
but did not come with the operating system,
documenting where cables are run and how
they are constructed, keeping maintenance
records for all hardware, recording the
status of backups, and documenting local
procedures and policies.
Auditing and
Security
The system administrator must implement
a security policy and periodically check
to be sure that the security of the system
has not been violated. On low-security
systems, this might involve only a few
cursory log checks for unauthorized access.
On a high-security system, it could include
an elaborate network of traps and auditing
programs. On every system, the best admin
security practice is to remind users to
change passwords regularly.
Helping Users
Although helping users with their various
problems rarely appears in a system admin's
job description, it claims a significant
portion of most admin's workdays. System
administrators are bombarded with problems
ranging from "My program worked yesterday
and now it doesn't! What did you change?"
to "I spilled coffee on my keyboard, so
should I pour water on it to wash it out?"
Keeping Up-to-Date
Like any other OS, Windows is refined continually
by Microsoft to address the many needs
of its user community, and the ever-changing
environment in which it is run. There are
a number of different avenues to keep up
to date with the latest news and features
- web sites, magazines, internet news and
email lists.
[Back
to top]
|
