System Admin - checklist for Don'ts and Important points please!

openit

@PhlipElder said in System Admin - checklist for Don'ts and Important points please!:

@openit said in System Admin - checklist for Don'ts and Important points please!:

1. Not recommended to convert Physical Server which has Domain Controller to Virtual Machine.
2. Need to choose right Generation (1 or 2) type VM on Hyper-V, because later we can't change the generation.
3. Don't set Static IP of some server/machine without consulting Network Team, to avoid conflicts with existing DHCP scope.

Your inputs matters a lot to me, and might help others in community as well.

Thanks!

4: Group Policy: Follow best practices. Don't touch the Default Domain and Default Domain Controllers policies. Always set up the OU/GPO structure and settings according to the org's needs.

5: Hyper-V standalone: We don't join the host to the guest's domain. It presents a barrier to a ransomware compromise.

6: Backup: A backup is not considered "Good" until it is fully bare metal/hypervisor restored. Spot file/folder restores are not a verification method.

7: No Remote Desktop Protocol (RDP) port forwards (NAT) from the Internet (alternate port) to 3389 on the intended destination. Ever. Use Remote Desktop Gateway and add DUO or other 2FA to the mix.

Thanks @PhlipElder

This kind of reply was my expectation.

Others may say, there could be 100s of Don'ts if we keep discussing, I understand that, but I'm asking you which is very important for Don'ts because you can't revert back, because it could lead to a disaster, or something you learned from your Bitter Experience in past etc.

openit

@scottalanmiller said in System Admin - checklist for Don'ts and Important points please!:

underlying technical reasons

@scottalanmiller
I understand about "figure out underlying technical reasons ", I have been trying for the same, let's say, yesterday I was going deep about BCDR (Business Continuity and Disaster Recovery), which given me clarification on In and Out.

openit

@scottalanmiller said in System Admin - checklist for Don'ts and Important points please!:

@PhlipElder said in System Admin - checklist for Don'ts and Important points please!:

3: The subnet should be documented somewhere. MAC addresses, IP addresses, DHCP scope(s), DHCP settings, and so on. Advanced IP Scanner is free and is a good place to start if none exist. There are other tools out there.

I realize that you (OpenIT) were just making examples

Exactly, those are just some examples, so you people can thrown some valuable info for me, from your past experience, I understand, there could be 100s or 1000s of Don'ts kind of things, but at least some of points from your bitter experience can lead me to understand different perspectives to study or research etc. while I continue my learning through reading articles online, attending courses on Udemy, doing things on my LAB.

@Dashrender @IRJ @JaredBusch @Obsolesce @PhlipElder @scottalanmiller

scottalanmiller

@openit said in System Admin - checklist for Don'ts and Important points please!:

but at least some of points from your bitter experience can lead me to understand different perspectives to study or research etc

Those are tough, because our experiences are unlikely to help you. They will be with specific tech, versions, installations, configurations, etc. and following our experience might not only be non-applicable, but it might be backwards for you.

Example... I've lost data on a RAID 5 that had no business being a RAID 5. If you try to learn from my experience, you might just avoid RAID 5, but your drives, your server, your use case have essentially zero chance of being similar to mine and RAID 5 on modern SSDs might be exactly what you need.

Or you might think from someone's experience that doing an AD DC restore is bad and can't be done, but in your case it might easily be the right thing to do and work just fine.

The point is, in IT you can't ever learn from peoples' experience in this way. Learning the under the hood details and understanding how things work and why experiences mean what they do is necessary for the experiences to be useful. So my RAID 5 experience would be useful to you only when you understand all the ins and outs of RAID and can see my mistake in context of both my setup and how it may or may not apply to yours.

1337

Maybe I'm alone but on the top of my list:

1. Only use Microsoft as a last resort when all other options have been explored.
2. If you get paid by the hour disregard #1.

scottalanmiller

@Pete-S said in System Admin - checklist for Don'ts and Important points please!:

Maybe I'm alone but on the top of my list:

1. Only use Microsoft as a last resort when all other options have been explored.
2. If you get paid by the hour disregard #1.

So, so true.

gjacobse

@Pete-S said in System Admin - checklist for Don'ts and Important points please!:

Maybe I'm alone but on the top of my list:

1. Only use Microsoft as a last resort when all other options have been explored.
2. If you get paid by the hour disregard #1.

Option 1. - What do you say / do when the Owner specifically states, Windows Only environment. NIX and Apply need not apply -

Obsolesce

@gjacobse said in System Admin - checklist for Don'ts and Important points please!:

@Pete-S said in System Admin - checklist for Don'ts and Important points please!:

Maybe I'm alone but on the top of my list:

1. Only use Microsoft as a last resort when all other options have been explored.
2. If you get paid by the hour disregard #1.

Option 1. - What do you say / do when the Owner specifically states, Windows Only environment. NIX and Apply need not apply -

Then it's a last resort scenario and you use Windows.

IRJ

@gjacobse said in System Admin - checklist for Don'ts and Important points please!:

@Pete-S said in System Admin - checklist for Don'ts and Important points please!:

Maybe I'm alone but on the top of my list:

1. Only use Microsoft as a last resort when all other options have been explored.
2. If you get paid by the hour disregard #1.

Option 1. - What do you say / do when the Owner specifically states, Windows Only environment. NIX and Apply need not apply -

Look for another job

scottalanmiller

@gjacobse said in System Admin - checklist for Don'ts and Important points please!:

@Pete-S said in System Admin - checklist for Don'ts and Important points please!:

Maybe I'm alone but on the top of my list:

1. Only use Microsoft as a last resort when all other options have been explored.
2. If you get paid by the hour disregard #1.

Option 1. - What do you say / do when the Owner specifically states, Windows Only environment. NIX and Apply need not apply -

You say "okay, but you are the CIO because you are making the IT decisions and all risks and problems are on you because I'm just pressing the buttons you tell me to press, not running IT."

scottalanmiller

@IRJ said in System Admin - checklist for Don'ts and Important points please!:

@gjacobse said in System Admin - checklist for Don'ts and Important points please!:

@Pete-S said in System Admin - checklist for Don'ts and Important points please!:

Maybe I'm alone but on the top of my list:

1. Only use Microsoft as a last resort when all other options have been explored.
2. If you get paid by the hour disregard #1.

Option 1. - What do you say / do when the Owner specifically states, Windows Only environment. NIX and Apply need not apply -

Look for another job

An IT job, rather an a hobby. An owner doing that is 1) running IT and 2) not trusting you and 3) viewing his "business" as a hobby and approaching everything around his emotions rather than making business decisions.

There's no purpose for IT people in a "business" like that because we don't have any value to add.

openit

@scottalanmiller said in System Admin - checklist for Don'ts and Important points please!:

@openit said in System Admin - checklist for Don'ts and Important points please!:

but at least some of points from your bitter experience can lead me to understand different perspectives to study or research etc

Those are tough, because our experiences are unlikely to help you. They will be with specific tech, versions, installations, configurations, etc. and following our experience might not only be non-applicable, but it might be backwards for you.

Example... I've lost data on a RAID 5 that had no business being a RAID 5. If you try to learn from my experience, you might just avoid RAID 5, but your drives, your server, your use case have essentially zero chance of being similar to mine and RAID 5 on modern SSDs might be exactly what you need.

Or you might think from someone's experience that doing an AD DC restore is bad and can't be done, but in your case it might easily be the right thing to do and work just fine.

The point is, in IT you can't ever learn from peoples' experience in this way. Learning the under the hood details and understanding how things work and why experiences mean what they do is necessary for the experiences to be useful. So my RAID 5 experience would be useful to you only when you understand all the ins and outs of RAID and can see my mistake in context of both my setup and how it may or may not apply to yours.

This given me clarification and agreed!

openit

@IRJ said in System Admin - checklist for Don'ts and Important points please!:

@gjacobse said in System Admin - checklist for Don'ts and Important points please!:

@Pete-S said in System Admin - checklist for Don'ts and Important points please!:

Maybe I'm alone but on the top of my list:

1. Only use Microsoft as a last resort when all other options have been explored.
2. If you get paid by the hour disregard #1.

Option 1. - What do you say / do when the Owner specifically states, Windows Only environment. NIX and Apply need not apply -

Look for another job

Lol