Best Practices for Administering Windows Systems/Networks

Best Practices for Administering Windows Systems/Networks
Last Updated: 25 Aug 2004
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

*** PLEASE NOTE: Link(s), If Provided, May Be Wrapped ***


Here's the start of my "Best Practices" list for the
sucessful administration of Windows NT and 2000 based
networks. At some point, I may categorize them.


NT4

• No network is too small for a BDC
• Update your ERDs on a regular basis


WINDOWS 2000/XP/2003

• Always install the Recovery Console
• Backup the System State on a regular basis
• Use a normal account for day-to day work, and use
  RUNAS for administrative work.
• The cost of a 2nd domain controller is far less than
  the cost of downtime


SECURITY

• Use Strong Passwords
• Enable Auditing
• Change Passwords Regularly
• Firewalls and AntiVirus are well advised for any network
• Always create a password for the Administrator Account


INSTALLATIONS

• Create Slipstreamed CDs
• Use tracking sofware whenever installing software
  on your desktop or server
• Test Patches, Fixes, and new software/drivers in
  a test environment before going live.


GENERAL

• Defrag your drives
• EIDE for standard desktops; SCSI for Servers and
  High-End Workstations
• ATA RAID before Software RAID
• NT/2000/XP makes a much better client OS than Win9x
• NTFS at all times
• Script your changes, so you'll have a record, and
  you'll be able to duplicate them easily.
• Switches, YES; Hubs, NO
• Develop a good Backup strategy and test your backups
• Develop a good Naming Convention
• Develop a good Disaster Recovery stratey
• The command line is your friend
• Use strong passwords and a robust password policy
• Use good, reliable, robust hardware
• Use proper power supplies and clean power
• Document your changes
• Redundancy is a good thing!
• Group Policy is a powerful tool
• Document all concerns - CYA at all times


TOOLS (Originally Compiled By Jay Woody)

The following list represents tools and utilites that
can be of great use to a Windows Admin. This should
be helpful checklist for what to get at a new job:

• TOOLS/UTILS
	Anti-Virus
	Anti-SPAM
	Defragger
	Documentation Tools
	NTFS Boot Utility
	Password Cracker
	Remote Control
	Resource Kit and Support Tools
	Scripting Tools
	Text Editor
	Zip Utility

• SYSTEM MANAGEMENT
	Active Directory Management
	Cloning/Imaging Software
	Deployment Software
	Disaster Recovery System
	Event Log Monitor
	High Availability Software
	Inventory Software
	Network Analyzer
	Network Management & Diagramming
	Performance Management
	Policy Management
	Printer Management
	Service Password Management
	Storage Management
	SysLog Server
	User/Domain Management
	WebLog Analyzers

• PROTECTION/SECURITY
	Encryption Tools
	Firewall
	Intrusion Detection Systems
	Vulnerability Scanners

• MAGAZINES
	Windows 2000 Magazine
	ComputerWorld
	InfoWorld
	ENT Magazine
	eWeek
	Network World

• BOOKS
	Inside Windows NT
	Inside Windows 2000
	Inside Windows 2003 (coming soon)
	Mastering Windows 2000
	Mastering Windows Server 2003
	*any other books by Mark Minasi*
	Windows 2000 Sys Admin
	Tim Hill's Scripting Books (both WSH & NT Shell Scripting)
	*any other books on scritping in Perl or WSH*
	Building Linux/OpenBSD Firewalls
	CISCO TCP/IP
	Internet Security
	Computer Networking Essentials
	Hack Proofing Your Network: Internet Tradecraft
	Securing Windows NT/2000 Servers for the Internet: A Checklist for System Administrators
	Hacking Exposed: Network Security Secrets and Solutions


WHITEPAPERS & TECH DOCUMENTS

• http://www.eventid.net/maintenance/categories.asp
• http://www.blkmtn.org/randr.html
• http://www.w2knews.com/index.cfm?id=46&search=your%20system%20admin%20checklists
• http://www.w2knews.com/index.cfm?id=103&search=your%20system%20admin%20checklists


PERSONAL NOTES

• I welcome suggestions for this list

• Whenever possible, you should attempt to use free
  tools and scripts for monitoring, logging or other
  administrative functions, especially if you don't
  have anything else in place as yet.  The data you
  obtain from these tools/products will allow you to
  better select/justify the commercial versions of
  these tools if that's what you need to do at some
  later point.

• Although Jay's original list included Mailing Lists
  and Web Sites, I left them off because they're covered
  in the links below...


RELATED SCRIPTS (ALSO IN THIS ARCHIVE)

• http://KB.UltraTech-llc.com/Scripts/?File=Debug.BAT
• http://KB.UltraTech-llc.com/Scripts/?File=IPDebug.BAT
• http://KB.UltraTech-llc.com/Scripts/?File=BackupSS.BAT
• http://KB.UltraTech-llc.com/Scripts/?File=BackupSched.BAT
• http://KB.UltraTech-llc.com/Scripts/?File=OpsLogs.BAT
• http://KB.UltraTech-llc.com/Scripts/?File=SaveLogs.BAT
• http://KB.UltraTech-llc.com/Scripts/?File=SystemOptions.VBS


RELATED TOPICS (ALSO IN THIS ARCHIVE)

• http://KB.UltraTech-llc.com/?File=~Info.TXT
• http://KB.UltraTech-llc.com/?File=Utils.TXT
• http://KB.UltraTech-llc.com/?File=Security.TXT
• http://KB.UltraTech-llc.com/?File=ToolKit.TXT
• http://KB.UltraTech-llc.com/?File=Windows.TXT
• http://KB.UltraTech-llc.com/?File=Win2000.TXT
• http://KB.UltraTech-llc.com/?File=OSBasics.TXT
• http://KB.UltraTech-llc.com/?File=NetBasics.TXT
• http://KB.UltraTech-llc.com/?File=ADNetwork.TXT
• http://KB.UltraTech-llc.com/?File=!Contents.TXT