Discussion on best practices with Microsoft servers and some common sense tips

bugenigmaSoftware and s/w Development

Oct 30, 2013 (4 years and 2 months ago)

84 views

IT Professionals SIG

Larry Copeland

February 16, 2008

Discussion on best practices with
Microsoft servers and some common
sense tips

Larry Copeland


SIG Leader


Over 20 years experience with enterprise systems from
Mainframes, minis, LANS, down to Pocket PCs.


Holder of two bachelor’s degrees (History and Comp
Science)


Training in Apple, DELL/EMC, IBM, Novell, and
Microsoft products


Currently employed full time by a local university that
can’t be named due to security concerns. Job function is
mostly system administration with some consulting and
project management.


Larry Copeland


SIG Leader



Past employers include Litton Industries,
Piggly

Wiggly, Kraft Foods, Hunt Oil Company, CSSI (Now
Buchanan Associates),Textron, EDS, Perot Systems,
BancTec and 3 Texas universities.


Started IBM PC User’s Group at East Texas State
University while a student


Have been in and out of the NTPCUG since the early
90s


Believer in the User Group Concept of users helping
users

Secure the server physically


Lock

access

doors


Lock server case


Screen

saver password


Keyboard

lock


Fingerprint scan

Firewalls


Router


Cisco Pix


Software


Checkpoint


Server
-

ISA

Environmental Security


Air control


Control the hot spots


Temperature

control


Control

physical access


Video

funny accident in a server farm
http://www.youtube.com/watch?v=3jnqieV0m_s



Check the power


UPS


Power conditioner


Diesel Power generators

When building many servers


Consider using a standard image


Makes it easy to restore


Microsoft Automated Deployment Service is one way
to do this


Server names ( Microsoft code names)


Some names to
avoid:


Payroll Server


Customers


Inventory Accounts


Hard to spell names


Some
Cool

names:


Animal names


cougar, lion, tiger, etc


Enterprise,
Zorg
,
Xfiles
, Captain Kirk



Administrator accounts


Using care on who gets server admin rights


harder to
keep system under control


Local admin name


probably should be renamed


Firmware updates


Check with hardware vendor


Perc



Dell


Flash drivers for HBAs

Software patches


Test before installing


Push through automated process


Zen works


WSUS


SMS


Backups


Make sure they run


Test occasionally




Virus Protection


Making sure it is up to date


Make sure it is turned on


Read system notes


FTP


Use

Care (Data is sent in clear text)


Can use a Secure FTP



Document, document, document


Put in some Visio diagrams


Inventory hardware



Upcoming presentations


Certificate Discussion (New Horizons)



Mar 15


Enterprise Server Trends






Apr 19


IT Security (David Wood)





May 17


Server Automation






June 21


Network Applications





July 19