So much to learn, so little time… and my week at DSM

Just finished a week of ad-hoc patch management at DSM again.

Its amazing to me that a company that needs to be as secure as DSM, would allow so many of their mission-criticle pc's to go completely unmanaged, and thus unpatchedm and un-backuped.

This time round, used my proxy account to update most of the pc's via Windows update. Its slower than the CD I used previously, but certainly more reliable.

Also on the Windows update front, Windows XP Service Pack 2 has now started being distributed via Windows update to XP Pro users, thought they have capped downloads, to prevent their servers dying (its an 80mb download!).

I was somewhat suprised to learn about Microsoft delaying this update because it wanted to give companies time to stop the service pack auto-downloading to their clients, or giving them time to test it. I mean..  I have been running the Release Candidate 2 of SP2 for over 2 months now.. the first beta came out in March or so..  you would think that companies would be prepared.

Well of course, some will be, no doubt.

But it just annoys me that their are apparently so many admins out there, that seem to be completely ignorrent of what is going on out there in IT land. I see admins like this via my work all the time, admins that just seem to be completely uninterested in the most basic things they should be keeping tabs on; Software/anti-virus updates, security threats, end-user experience, actually using IT to meet business needs, new developments, integration and collaboration, etc...etc...etc.

I often think about being at a company as an in-house admin, and wondering if I will actually do all that I preach, (or at least try to do when I am at a customer), or turn out like all those kind of admins.. so 'settled' in my job and position, so lazy and comfortable, that I end up not really caring about any IT outside my own shappy network that I can't be bothered to get working right..

Its an image that genuinly discusts me, and its a strong motivation to stay in the outsourcing scene.

On a similair strain of thought, and taking into considderation that I will have another week of study ahead, as my employer doesnt have a new job for me, I have been contemplating my knowlegde and skillset when it comes to IT. There are really a few things, technologies I mean,  that I feel I must get to grips with sooner rather than later, in order to 'advance' to the next level of what I can do.

I am going to list some of those subjects here.. and why I feel they are important.

Visual Basic Scripting.

The more I get into complex administrative tasks, the more I see a genuine need for me to become proficiant at scripting. I put down VB here, because it seems to me to be becoming the most widely used scripting language out there in the admin field, and in that regard, overtaking Kix, at least, this is my impression based on what I am seeing on clients networks. Also the support base for VB script is absolutely massive, and Microsoft puts a lot of effort and resources into selling it as the defacto scripting language for Windows, even though I have heard that there are other very good scripting languages out there, such as Perl. Now I have been contemplating getting into VB script for a while now, but just never had the willpower to actually get down and DO it..  (a common problem for me). However, I did purchase these two titles, and I am still looking forward to getting down and dirty with them:
Microsoft® Windows® Scripting Self-Paced Learning Guide
Microsoft® Windows® 2000 Scripting Guide

A good, fundamental knowledge of VBScript, and by association technologies like WMI and ADSI, are going to make my life a hell of a lot easier as I become more involved in bigger, active directory-based networks.

Public Key Infrastructures (PKI)
Now I will actually come across this quite extensivly in the third module of my MCSE (if I ever get passed the dreaded second module). The reason I mention this technology in particular, is because it represents a very cool security solution, that can encompass basicly anything you wish to authenticate or secure in an IT enviroment. A great example I would really love to get to implement, is a two-factor authentication system for a large company, where people dont have to remember long and strong passwords, that they are going to write down any way, but where all they need is their card (and of course, for ease of use, this would be the same card they use to enter the building/pay for lunch/idenify themselves with, and a simple pincode. Two-factor authentication: Something you have, (the card, actually the digital certificate), and something you know (the pincode). Its truly the best of both worlds; easy and hassle-free for users, and more secure than just passwords. Its been around for many years now in one form or another, but its amazing to me that it hasn't been picked up by major companies yet.. they would have so much to gain. The only client of ours I have seen using it is Shell, but it was shabby and ad-hoc, and not standard or common.

Now in order to achieve all this, you would need a PKI, where you can generate certificates, and load them onto users cards. Of course to login, they would require a cardreader. But if you used a card that could also store other information in a seperate aea, then tadaaaa, you have a great alternative  for the floppy drive, and this would help justify the costs as well. They must be companies out there than offer cards or systems based on combining all these technologies and requirements.. I know that at least the technology is getting a boost by all those pc manufactureres stucking USB ports on the front of desktops, instead of just the back. It makes that hardware part of Two-Factor so much easier to deal with.

Of course, most of us know Public Key Infrastructures and certificats from browsing secured sites, where globally trusted Certificate Authorities gurantee the validity of certificates given to you by secures sites. But certificates can also be used to sign software. Think of that.. You have have a requirement as an IT department, that any line-of-business software produces for your company, is digitally signed. Securing software distribution and instalation using certificates helps insure that only approved software can be run on your network! I mean.. way cool! Its just a really exiting technology to me, and I dont know near enough about it!

Web design and publishing
To me this is a no-brainer. No selft respecting sysadmin should be content with being totally ignorrent of websites, web-design, web-based applications, web-services, etc.
Now I am not chanting that every sysadmin become and web-dev, I just recognize that we are moving more and more to an IT world, where the line between classical system administration, web development and database administration is becoming increasingly blurred.

As a sysadmin on Windows, knowledge of IIS, and by extention web-technologies like ASP, .NET, ADO, SOAP, HTTPS, etc. is a must. We as admins are being asked to support ever more comple web-based scenarious, and we need to be familiar with this field.. very familiar.

Oke, I am tired of typing for now.. Perhaps more in a later post.

Leave a Reply