More

    Twenty Tricky SysAdmin Tasks… And How to Approach Them

    A SysAdmin has an almost endless list of tasks they must complete on a regular basis. Some are so routine that they can be done while multitasking, others require careful attention to detail and a laser-like focus to ensure that things are done well and completely. While many admins may look at most of the tasks on this list as run of the mill, they frequently present a challenge to others. In this slideshow, Christina Goggi, writing for GFI Software, provides some tips on how to approach them.

    Twenty Tricky SysAdmin Tasks… And How to Approach Them - slide 1

    Click through for tips on approaching 20 tricky SysAdmin tasks, as identified by GFI Software.

    Twenty Tricky SysAdmin Tasks… And How to Approach Them - slide 2

    Maintaining the same DNS namespace across two or more zones tends to drive most admins a little bit nuts. There’s a reason why it has been dubbed a “split-brain” DNS. The key to this task is to perform both the internal and the external updates at the same time. If you have two monitors, run one admin console (or BIND file update) on each monitor, keeping the internal on the left screen and the external on the right one. Get into the habit of also keeping an NSLOOKUP cmd running on the left, and a DIG cmd running on the right, to force that separation while still ensuring that you do both zones at the same time.

    Twenty Tricky SysAdmin Tasks… And How to Approach Them - slide 3

    GPO creation and edits can be very complicated, and if done wrong, can have significant impact on the entire domain. Here are some simple tricks to help make these easier and safer:

    • Don’t add anything into the Default Domain and the Default Domain Controller’s policy. Use them to configure security settings only.
    • Keep an OU for testing, and put a couple of test user accounts and a couple of test machine accounts in that OU. When you create a GPO, link it first to that OU so you can test the results. You can then link it to the production OU or domain as appropriate.
    • Remember that many GPO settings tattoo machines. Deleting a GPO will not reverse those settings. Use that test OU to confirm any reversals you want to make.
    • Document GPO settings and make sure other admins, and the help desk, know when a new GPO setting is about to be applied.

    Twenty Tricky SysAdmin Tasks… And How to Approach Them - slide 4

    Moving users from one domain to another within a forest is usually straightforward, but remember that any domain group memberships will be lost when you move a user. Document those memberships before you begin to ensure that you can add a migrated user back into required global groups.

    Twenty Tricky SysAdmin Tasks… And How to Approach Them - slide 5

    Interforest migrations can result in complete loss of access to required resources. Use SID History to ensure that a user can still access resources in their source domain after they have been migrated. Make sure you disable SID History Filtering to keep users productive.

    Twenty Tricky SysAdmin Tasks… And How to Approach Them - slide 6

    Whether from one domain to another, or simply from one machine to another, keeping a user’s profile intact can be the difference between a happy user and an angry bear. Use the User State Migration Tool to move a user’s settings from one machine to another.

    Twenty Tricky SysAdmin Tasks… And How to Approach Them - slide 7

    Patching is a critical part of systems administration, and can also be a huge pain point for many admins. The key to making patching easy is to follow these three main steps:

    1. Test your patches
    2. Use a patch management application
    3. Verify that patches have been applied to all systems.

    You want to ensure that you test patches before you deploy them, but if you are patching manually, you are doing it wrong. Automation is critical, and a good patch management application will help you handle this task with ease. Ensuring 100 percent compliance also ensures you don’t have any surprises down the road.

    Twenty Tricky SysAdmin Tasks… And How to Approach Them - slide 8

    The secret to clustering involves keeping systems identical. Use only the same hardware (physical or virtual). If you make any changes to configuration settings on one, do the other members of the cluster at the same time, and keep the patching identical on all cluster members. Anything on one that is not exactly the same as the other(s) can make the difference between a cluster that works flawlessly and one that you spend far too much time troubleshooting.

    Twenty Tricky SysAdmin Tasks… And How to Approach Them - slide 9

    Don’t believe the hype that NLB lets you use different hardware. All nodes in an NLB group should be kept as close to the same spec as in a cluster. An external load balancer reduces the configuration challenges that can come with a cluster, but the devil is in the details, and nodes that don’t match will bite you eventually.

    Twenty Tricky SysAdmin Tasks… And How to Approach Them - slide 10

    Get an IP address management application. Period, hard stop. If you are not managing your IP space, you need to be, and if you are using Excel spreadsheets to do it, you’re just causing yourself more work than you should. There are many free and commercial IPAM solutions on the market, and it’s a built-in feature of the upcoming release of Windows Server 2012.

    Twenty Tricky SysAdmin Tasks… And How to Approach Them - slide 11

    Keeping the junk out of users’ inboxes is a never-ending task and is not something you can handle with a single solution, like spam filtering agents in Exchange or your client antivirus program. Spam filtering, and the related tasks of blocking phishing and malware, require a layered defense that will include spam filtering (either in the cloud or at the edge), the best components of Exchange, junk mail filtering in Outlook and user education.

    Twenty Tricky SysAdmin Tasks… And How to Approach Them - slide 12

    Scan early, scan often and investigate any alerts or anomalies. Attackers are probing your network at this very moment, and getting the same view of the landscape they have is the first step towards securing your systems. However, don’t limit yourself to only scanning from the outside. Many hacks are inside jobs, and often malware takes advantage of the same vulnerabilities, and can spread from one infected machine on the inside to all the rest quickly. Scan all your systems from the inside just as diligently, and deal with any findings quickly and completely.

    Twenty Tricky SysAdmin Tasks… And How to Approach Them - slide 13

    Whether you are using Windows, Macs or Linux, at some point as a SysAdmin you are going to edit configuration files. Goggi strongly recommends using a text editor that automatically saves a backup before you begin. You will mess something up, and trying to undo changes can be extremely painful. Finding a pristine version of the original file may prove to be impossible. Simply restoring a copy of the original file can take a disaster and make things all better just like that.

    Twenty Tricky SysAdmin Tasks… And How to Approach Them - slide 14

    No admin maintains good docs. We just don’t. It’s a chronic shortcoming almost all of us share. However, maintaining documentation is one of those tasks we all know we need to do. Whether you use Visio or a whiteboard and markers, start making it a point to draw out what you are doing, and saving drawings and configs files for every system you maintain. Use SharePoint or a wiki, and get anything you can into folders by system to help with the documentation. A cell phone camera picture of a white board sketch is still better than no documentation at all, and maintaining documentation is one of those tasks that you just have to do. Waiting until the end to go back and document it all later is doomed to fail, so don’t even pretend you are going to succeed with that approach.

    Twenty Tricky SysAdmin Tasks… And How to Approach Them - slide 15

    Hardware and software inventories are critical so that you can keep track of what you have in the environment. Whether you are planning for the next round of workstation upgrades for users, or just need to know if you have enough capacity in your VM farm to spin up a test machine, keeping good inventories will make your job easier. Look for systems management applications that can query systems both for their hardware capabilities and installed software, and update physical server and workstation entries with the service tags from the manufacturer, purchase or lease dates, and warranty information.

    Twenty Tricky SysAdmin Tasks… And How to Approach Them - slide 16

    Here’s another task that is very little fun, but is also absolutely critical. Getting out of compliance with your licensing can lead to large fines and legal action, and the unplanned need to buy extra licenses of some software app that everyone installed from that open share can crush your budget. Use that same software inventory to make sure you have enough licenses for all the applications installed on your systems.

    Twenty Tricky SysAdmin Tasks… And How to Approach Them - slide 17

    Repetitive tasks should be scripted as much as possible, both to save time and to eventually automate as many of these as you can. Start a text file or a OneNote notebook now, and save any and all command line tidbits you either create on your own or find online, to build up your own repository of “scriptlets.” Share these with other admins on your team; if you have enough and you have the infrastructure, consider saving them to an internal wiki or SharePoint site. The more you use (and reuse) these, the quicker you will find your scripting skills growing.

    Twenty Tricky SysAdmin Tasks… And How to Approach Them - slide 18

    A wiki or SharePoint site is also a great place to keep your change management information. Goggi doesn’t mean the forms you have to fill out for management approval; she means the running change log you and your fellow admins should maintain through each day about any changes you make to systems, users or groups, so that all the admins can quickly and easily see what has recently changed. Remember that one of the first steps in troubleshooting is to determine what has changed, and having a simple running log of those changes can help everyone quickly fix any issues that come up.

    Twenty Tricky SysAdmin Tasks… And How to Approach Them - slide 19

    Wikis and SharePoint sites can also be a great help in creating and maintaining an internal knowledge base of troubleshooting tips and tricks, as well as how-to documents relevant to your environment. Focus more on content than format, as the idea here is to make it simple to maintain, not necessarily pretty. As each admin or service desk user adds to the content, you can start to work on format and keywords, but both wikis and SharePoint have great search capabilities, so you can quickly find content that can help you resolve issues.

    Twenty Tricky SysAdmin Tasks… And How to Approach Them - slide 20

    Email can be overwhelming, and a distraction that makes it nearly impossible to get other tasks done during your normal day. Here’s what works well for Goggi:

    • Spend the first half hour of your day responding to urgent emails, sorting informative emails you want to keep, and deleting the ones you either don’t need or won’t read.
    • Disable the new email notification when you are working on complex or critical tasks. Just like the DND button on your phone, consider setting your email to work offline, or completely close it, when you need to focus.
    • Set your smartphone to only check emails hourly, or manually, so that constant little buzz doesn’t break your routine.
    • Reserve the last half hour of your day to go through the emails that have accumulated and that you don’t want to make wait until tomorrow.

    Twenty Tricky SysAdmin Tasks… And How to Approach Them - slide 21

    IT is the only career field out there that basically requires you to relearn major aspects of your job every three to five years. Do not short change your learning. If your company does have a training program, take advantage of it. If there’s no budget for it, look for free online training resources, blogs, wikis, how-to posts and anything else you can use to keep your knowledge up-to-date and your skills sharp. If you take lunch at your desk, make sure you spend at least two of those breaks each week learning a new skill or improving an existing one, and never stop making sure your management know that training is a critical part of your job. Spending regular time on developing your own skills helps to keep you relevant, and is also a big part of what makes most IT admins love their jobs.

    Get the Free Newsletter!

    Subscribe to Daily Tech Insider for top news, trends, and analysis.

    Latest Articles