Best Practices for Administering Windows Systems/Networks
Last Updated: 25 Aug 2004
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
*** PLEASE NOTE: Link(s), If Provided, May Be Wrapped ***
Here's the start of my "Best Practices" list for the
sucessful administration of Windows NT and 2000 based
networks. At some point, I may categorize them.
NT4
• No network is too small for a BDC
• Update your ERDs on a regular basis
WINDOWS 2000/XP/2003
• Always install the Recovery Console
• Backup the System State on a regular basis
• Use a normal account for day-to day work, and use
RUNAS for administrative work.
• The cost of a 2nd domain controller is far less than
the cost of downtime
SECURITY
• Use Strong Passwords
• Enable Auditing
• Change Passwords Regularly
• Firewalls and AntiVirus are well advised for any network
• Always create a password for the Administrator Account
INSTALLATIONS
• Create Slipstreamed CDs
• Use tracking sofware whenever installing software
on your desktop or server
• Test Patches, Fixes, and new software/drivers in
a test environment before going live.
GENERAL
• Defrag your drives
• EIDE for standard desktops; SCSI for Servers and
High-End Workstations
• ATA RAID before Software RAID
• NT/2000/XP makes a much better client OS than Win9x
• NTFS at all times
• Script your changes, so you'll have a record, and
you'll be able to duplicate them easily.
• Switches, YES; Hubs, NO
• Develop a good Backup strategy and test your backups
• Develop a good Naming Convention
• Develop a good Disaster Recovery stratey
• The command line is your friend
• Use strong passwords and a robust password policy
• Use good, reliable, robust hardware
• Use proper power supplies and clean power
• Document your changes
• Redundancy is a good thing!
• Group Policy is a powerful tool
• Document all concerns - CYA at all times
TOOLS (Originally Compiled By Jay Woody)
The following list represents tools and utilites that
can be of great use to a Windows Admin. This should
be helpful checklist for what to get at a new job:
• TOOLS/UTILS
Anti-Virus
Anti-SPAM
Defragger
Documentation Tools
NTFS Boot Utility
Password Cracker
Remote Control
Resource Kit and Support Tools
Scripting Tools
Text Editor
Zip Utility
• SYSTEM MANAGEMENT
Active Directory Management
Cloning/Imaging Software
Deployment Software
Disaster Recovery System
Event Log Monitor
High Availability Software
Inventory Software
Network Analyzer
Network Management & Diagramming
Performance Management
Policy Management
Printer Management
Service Password Management
Storage Management
SysLog Server
User/Domain Management
WebLog Analyzers
• PROTECTION/SECURITY
Encryption Tools
Firewall
Intrusion Detection Systems
Vulnerability Scanners
• MAGAZINES
Windows 2000 Magazine
ComputerWorld
InfoWorld
ENT Magazine
eWeek
Network World
• BOOKS
Inside Windows NT
Inside Windows 2000
Inside Windows 2003 (coming soon)
Mastering Windows 2000
Mastering Windows Server 2003
*any other books by Mark Minasi*
Windows 2000 Sys Admin
Tim Hill's Scripting Books (both WSH & NT Shell Scripting)
*any other books on scritping in Perl or WSH*
Building Linux/OpenBSD Firewalls
CISCO TCP/IP
Internet Security
Computer Networking Essentials
Hack Proofing Your Network: Internet Tradecraft
Securing Windows NT/2000 Servers for the Internet: A Checklist for System Administrators
Hacking Exposed: Network Security Secrets and Solutions
WHITEPAPERS & TECH DOCUMENTS
• http://www.eventid.net/maintenance/categories.asp
• http://www.blkmtn.org/randr.html
• http://www.w2knews.com/index.cfm?id=46&search=your%20system%20admin%20checklists
• http://www.w2knews.com/index.cfm?id=103&search=your%20system%20admin%20checklists
PERSONAL NOTES
• I welcome suggestions for this list
• Whenever possible, you should attempt to use free
tools and scripts for monitoring, logging or other
administrative functions, especially if you don't
have anything else in place as yet. The data you
obtain from these tools/products will allow you to
better select/justify the commercial versions of
these tools if that's what you need to do at some
later point.
• Although Jay's original list included Mailing Lists
and Web Sites, I left them off because they're covered
in the links below...
RELATED SCRIPTS (ALSO IN THIS ARCHIVE)
• http://KB.UltraTech-llc.com/Scripts/?File=Debug.BAT
• http://KB.UltraTech-llc.com/Scripts/?File=IPDebug.BAT
• http://KB.UltraTech-llc.com/Scripts/?File=BackupSS.BAT
• http://KB.UltraTech-llc.com/Scripts/?File=BackupSched.BAT
• http://KB.UltraTech-llc.com/Scripts/?File=OpsLogs.BAT
• http://KB.UltraTech-llc.com/Scripts/?File=SaveLogs.BAT
• http://KB.UltraTech-llc.com/Scripts/?File=SystemOptions.VBS
RELATED TOPICS (ALSO IN THIS ARCHIVE)
• http://KB.UltraTech-llc.com/?File=~Info.TXT
• http://KB.UltraTech-llc.com/?File=Utils.TXT
• http://KB.UltraTech-llc.com/?File=Security.TXT
• http://KB.UltraTech-llc.com/?File=ToolKit.TXT
• http://KB.UltraTech-llc.com/?File=Windows.TXT
• http://KB.UltraTech-llc.com/?File=Win2000.TXT
• http://KB.UltraTech-llc.com/?File=OSBasics.TXT
• http://KB.UltraTech-llc.com/?File=NetBasics.TXT
• http://KB.UltraTech-llc.com/?File=ADNetwork.TXT
• http://KB.UltraTech-llc.com/?File=!Contents.TXT