March 9, 2011, 5:00 AM PST
Takeaway: A recent post about the traits of veteran Unix admins convinced Mark Underwood that there should be a Windows admin counterpart. See if you agree — and add some of your own.
There seemed to be many voices in the choir singing a tunesounded by an archivist of Unix admin traits. Here’s a humble return volley from the Windows corner.
No 1: Editor-free operations
We don’t need no stinking editor. Scripting is fine, and we admire those folks proficient with vi andemacs, but we’d really rather not fuss with it. If we have to script, we have Powershell, but most of us are too busy exercising our other eight traits to learn it.No 2: Elevated-privilege awareness
The fallout from Vista’s evil public persona was that we became acutely aware of the pros and cons of both least-privilege and elevated-privilege operations. To paraphrase Churchill, never did so many suffer so much at the hands of a few. We’re aware of it in our work, and acutely aware of the effects of indifference to it among our user communities.No 3: Workstations count more than servers
Server technologies get the glamor and garner the big bucks, but it’s managing service levels at the workstation that really counts. When the CFO’s Outlook client hangs, we have responsibility for the whole supply chain, from his/her laptop F9 key, through all the switches and routers, and to his Exchange mailbox. Whatever the underlying issue may have been, the Windows admin learns to accept calling it “the Outlook problem” without whimpering.No 4: Google Search, not code
In comparison to other types of admins, we don’t risk inserting security breaches into our systems by writing specialized scripts, even if the affected task involves repetitive, manual tasks. Instead, we assume that someone somewhere has run into the same problem. We hop onto the nearest browser session and search for a fully-tested solution that has worked for someone else. Refer to Trait #1.No 5: We prefer tested solutions
We try to stay off the bleeding edge. While we depend heavily on the world’s largest software firms to vet what we deploy, time-tested solutions usually win out over the latest and greatest. When a user has something really cool to try out, we turn to a new VM on a separate subnet or DMZ.No 6: Postmortems are for consultants
We’re as geeky as the next geek, and marvel as much as the next geek over the elegance of a Stuxnet, but ultimately we’re clannish, organization types. When there’s a problem, we’re as curious as anyone else about the causes - even if research shows that we made a mistake. But more typically, we’re too busy dealing with the next rollout, the next crisis, or the next upgrade to dwell on it. We’re well aware that a sober, balanced, best-practices postmortem is best accomplished by a disinterested third party than an overworked admin.No 7: We know what we don’t know
While we’ve dabbled with Red Hat and Ubuntu, and have worked hard to keep Linux machines happy in our server farm, we know there’s a time to dabble, and there’s a time to admit what we don’t know. We’re content to let other people maintain applications written completely in bash orcsh, especially those with no man page.No 8: We assume the problem is with whomever is asking the question - but keep it to ourselves
We can strut our expertise in server and network products like anyone else, but we’re collaborators within a world of specialists. If we’re CCNA’s, we know better than to tell the Microsoft System Center Configuration Manager how she should be putting new VM’s into her system or manage desktop licenses across her network. Similarly, we expect to field questions from the occasional user who happens to know as much as we do about a specialization, and we see that as a good thing; here’s someone else to call upon when we need another pair of hands.No 9: Network security is job two
Whether we are CISSP holders or not, we make it our business to know as much as possible about all facets of security measures the organization has in place. That includes everything from desktop disk encryption to apps and everything in between. We can’t use the excuse that “Windows is usually the target of attacks” as a reason not to be aware.*Bonus: Know when to hold ‘em, know when to fold (reboot) ‘em
It’s true. Sometimes we have to reboot Windows. We wish we didn’t have to. We’d rather be at home with our spouses, watching a game, or having a beer with friends. We do worry that the latest patches might destabilize things or create new breaches. We console ourselves by reminding ourselves that while the server is off, no one can break into it.[*Editor's update: Updated the duplication of numbers in above list.]
No comments:
Post a Comment