Top things Windows System Administrators should and should not do!顶部事情Windows系统管理员应该和不应该做些什么!
Posted on March 14, 2007 at 1:45 pm发布于2007年3月14日在下午1点45分
As a Systems Administrator for a small company for several years, here are a few things I learned the hard way when it comes to managing IT operations, which I condensed down into the SHOULD and SHOULD NOT !作为一个系统管理员,一个小公司几年来,我们这里有几件事我学到了辛勤的方式,当谈到IT管理上的运作,这点我凝聚态下降到应该和不应该!
As a Systems Administrator you…作为一个系统管理员,你…
1. 1 。 SHOULD NOT update ANYTHING on production servers unless you have tested it in a virtual environment first.不应该更新什么就生产服务器,除非你有测试,它在一个虚拟的环境,首先。 This goes for the obvious patches, service packs, and drivers, but also for any software applications.这一切都为明显的补丁, Service Pack及司机,而且为任何应用软体。 If you can’t test it, then you should not install it.如果你不能测试一下的话,那么你应该没有安装它。 If it is a critical security patch and you are not able to test it in a virtual or lab environment , then you should be absolutely certain you have all the backups needed to fully recover the server in case of a system failure.如果这是一个关键的安全补丁,你无法测试它在虚拟或实验室环境 ,那么你应该绝对肯定你的所有备份需要收回全部服务器在案件的制度失败。
2. 2 。 SHOULD document your current IT configuration including network setup, domain hierarchies , desktop configurations and server configurations.应记录您目前它的配置,包括网络设置,域名等级 ,台式机的配置和服务器配置。 You should have documentation for your DNS configurations, DHCP scopes & scope options, IIS settings, database configurations, and Active Directory/Group Policy configurations.你应该有文件,你的DNS配置, DHCP的范围与规模选项, 非法入境者设置,数据库配置,和Active Directory /组策略配置。 A year after you configure your DNS servers, you may not remember exactly what zones you created or their settings, so when a problem arises, you don’t have to waste time trying to remember what you did.一年后,你配置你的DNS伺服器,你可能不记得,正是带你创造或其设置,因此,当出现问题,你不用浪费时间来设法记住你。
3. 3 。 SHOULD make sure that all computers on the network get the latest security updates installed as quickly as possible.应确保所有网路上的电脑下载最新的安全更新安装工作能尽快进行。 This does not mean all computers should be updated immediately, but after the updates are tested on a set of test machines that match the production network computers and everything is OK , the updates should be released to the rest of the network.这并不意味着所有的电脑 ,应立即更新,但经过更新,测试的一套测试仪器相匹配的生产网络计算机和万事好 ,更新应该被释放到其它网络。
4. 4 。 SHOULD NOT make live changes to a production network.不应该活的变化,以生产网络。 A change in group policy setting may seem trivial, but there are too many services and applications that can be effected with even the simplest change.改变组策略的设置,看似琐碎,但有太多的服务和应用,可以有效地与哪怕是最简单的变化。 You should have test machines that have all of your company software installed and configured, so that when you change a security setting or something else domain-wide, you can test to make sure everything still runs smoothly before releasing the changes.你应该有测试的机器都贵公司的软件安装和配置,因此,当你改变安全设置,还是有其他的域性的,你可以测试,以确保一切仍以顺利释放出来之前的变化。
5. 5 。 SHOULD NOT go wild with logon or logoff scripts that slow down the logon process significantly.不应该去野生登入或登出脚本拖慢登录过程显着。 It is always very tempting to use logon and logoff scripts to do something on a user’s computer since those are built-in points that you can configure system actions easily, but putting too many scripts in at these two points can significantly increase the time it takes for users to logon .它始终是十分诱人的使用登入及登出剧本,做一些对用户的计算机上,因为这些都是内置式点,你就可以配置系统的行动很容易,但把太多的剧本,在这两点可以大大增加比赛时间它为用户登入 。 Try to avoid scripts that transfer data back and forth from the user’s computer to the server.尽量避免脚本传递数据备份,并提出了从用户的电脑到服务器上。
6. 6 。 SHOULD install anti-virus software on every computer on the network.应安装防病毒软件,每一个网络中的计算机。 Having anti- spyware software would also be a good idea.具有反间谍软件也将是一个好主意。 Making sure the anti-virus software is configured correctly is also important.确保防病毒软件,是正确的配置也很重要。 Many real-time scanners can slow down your custom applications significantly and should therefore be excluded from the real-time scanning system.许多实时扫描器,可以放慢你自己的定制的应用显着,因此应当被排除在实时扫描系统。
7. 7 。 SHOULD have all Internet traffic flow through a proxy server that monitors traffic and blocks access to black-listed web sites.应该有所有互联网流量通过一个代理服务器,监控交通和拦截进入黑上市网站。 Even if a user accidentally goes to a bad site, it can be blocked by the proxy server.甚至,如果用户不小心去一个坏网站,它可以阻断由代理服务器。
8. 8 。 SHOULD make sure all user logins on the network have only regular user privileges on their computers.应确保所有登录用户对网络只有经常使用者权限在自己的电脑上。 I have never seen any reason to give users full access to their computers unless they are traveling sales people or something similar.我从未见过有任何理由让用户充分接触到自己的电脑,除非他们是旅行推销员或其它类似的。 Giving full access will only allow viruses and spyware to spread themselves more easily.给予完全访问将只允许病毒和间谍软件传播自己更容易辨认。
9. 9 。 SHOULD create an image of a fresh machine with all company software installed so that in case of a computer failure, a user’s computer can be brought back online very quickly.要创造一个形象的一个新的机器与所有公司的软件安装,以便在一台计算机故障,在用户的计算机上能够被带回在线非常快。 Spending hours re-installing the operating system and applications is unacceptable these days.花费时间重新安装作业系统及应用程式,是不能接受的这些日子。 Also, this point brings me to the next point.此外,这一点使我想到了另一点。
10. 10 。 SHOULD make sure all user profiles and My Documents are redirected to a file server, so that in case a user has to work on another computer due to a system failure, they can continue their work with all of their documents and settings just as before.应确保所有用户配置文件和我的文档将被重定向至文件服务器,以便在用户工作,在另一台计算机上,由于系统故障,他们可以继续他们的工作与他们的所有文件和设置正如之前。
11. 11 。 SHOULD rename the Administrator account on all servers and workstations using group policy.要重命名管理员帐户上的所有服务器和工作站使用组策略。 This is a simple yet effective strategy that has helped save my servers from being hacked into.这是一个既简单又有效的策略,这有助于挽救我的服务器被入侵。 Along with changing the account name, the password should be complex and as long as possible.随着不断变化的帐户名称,密码要复杂,并尽量长的时间。
12. 12 。 SHOULD check the computer logs on critical servers regularly to make sure that there is no unusual activity occurring .应检查电脑原木对关键服务器定时,以确保不会有不寻常活动的发生 。 Checking the System logs may help expose certain problems that you were not aware of before such as time synchronization problems or network issues.检查系统日志可以帮助揭露某些问题,你不知道才如时间同步的问题或网络的问题。
13. 13 。 SHOULD not logon to servers with an Administrator account.不应登入伺服器与一个管理员帐户。 All servers should be logged on with regular user credentials and if any administrative work needs to be done, the RunAs command should be used.所有服务器应登录与经常用户凭证,如果有任何行政工作需要做, runas命令应该使用。 This may help prevent a compromised system from compromising the rest of the network.这可能有助于防止一个妥协的制度,从妥协其余的网络。
14. 14 。 SHOULD make sure that the network is separated from the internet by a hardware firewall.应该肯定地说,网络是分开的,从互联网上的硬件防火墙。 All ports should be blocked except for those needed by services such as FTP, email, web, etc.所有港口应阻止除了那些需要的服务,如FTP ,电子邮件,网页等。
This does not cover everything and if there are more you can think of, let me know!这并不涵盖一切,如果有更多你能想到的,让我知道!
If you enjoyed this post, make sure you 如果你喜欢这个职位,请务必 subscribe to my RSS feed 订阅我的RSS馈送 ! !
» Filed Under »提起下 IT Job Stuff它的工作内容
Related Posts相关职位
- Use Windows SteadyState to manage and lock down user accounts for shared access computers使用Windows SteadyState的管理和锁定用户帐户进行共享访问计算机
- VBS Script for System Administrators - How to backup Outlook email automatically in a login or logoff script vbs脚本系统管理员-如何备份O utlook电子邮件自动登录或登出剧本
- Free IT desktop, helpdesk, and network management software免费的,它的桌面,求助,和网络管理软件
- How to track and monitor who and when someone accesses a folder on your computer!如何跟踪和监控的人,当有人通道的一个文件夹你的电脑!
- Windows Server 2003/Small Business Server hangs on "Applying Computer Settings" Windows服务器2003/small Business Server的好与坏,在乎" ,运用计算机设置"
