HGeneAnthony
07-22-2007, 04:58 AM
I recently took over the domain of a company. About 30 machines with 3 servers. The current setup has an NT4 server running their antique app (Visual Manufacturing). It also has an NT domain running on it but no roaming profiles. The other server is 2000 server hosting all printers and shares. I also have one machine I'm setting up that's identical to the machine hosting the shares and printers. This is going to be my new domain controller and I'm planning on putting everything on here. The network contains mostly 2000 machines, with 3 98 boxes, and a few XP pros. I wanted to make the network all NT so I upgraded 2 of the 98 machines (still haven't gotten to the 1) to 2000. Almost all the machines have no anti-virus (or expired long ago), no anti-spyware, most haven't been patched in years (at least one 2000 running sp1 for 2000 and most sp2). Most of the machines were 98 upgrades and are still on fat32. One machine at least is hosting a share everyone else uses. Oddly the machines I've hit are relatively clean.
I want to upgrade the network. My first goal was to get the machines up to date and get anti-virus, and anti-spyware on them. I want to get the latest service pack on them and make sure they are fully patched. I want to update the components (install the latest msxml, directx, .net frameworks, mdac, etc). I also want the latest acrobat reader, java, flash, etc. I use AutoPatcher to do a lot of this. I want to use a lower privilege system like amust 1 defender to drop browser and email client to user privileges and lock down the hosts file with spyware blaster and spybot to make sure they can't even visit sites known to distribute spyware. Most machines don't get infected after I do the last two. We also upgraded the ram in all the machines to make them at least 512. I want the systems on NTFS but I'm not big on upgrading from FAT to NTFS on a system partition not the least of which because it only uses a 512k cluster size as well as possible permission problems.
The problem is that I'm getting backlash on what I'm doing. One machine was locking up after I did the updates and I locked it down. I found out later it was bad RAM (do to the RAM upgrade) but he blamed it on the stuff I did. I was in again the other day and it crashed and had a memory dump which once again prompted him to blame it on what I did so I removed what I installed hoping if it was an issue it stop. It might of I don't know yet he was leaving around that time. Another machine was having a problem with one part of the antique app they used. On one database it wasn't displaying the records correctly on this one form. It worked on other machines and strangely it worked on different databases on the same machine (I still don't know what could be causing this) but it looks like I installed something and broke it and now I'm trying to fix it. Nothing else is broken. Part of me thinks if it wasn't such a drastic update I had to do I wouldn't be having these issues but these people don't appreciate what I'm trying to accomplish. They are right now in a bad scenario (security wise) and although things are working fine now if they have a serious problem they are pretty screwed in which case they'll blame me for things not being updated or locked down later.
Do you think I'm handling this correctly. Any suggestions?
I want to upgrade the network. My first goal was to get the machines up to date and get anti-virus, and anti-spyware on them. I want to get the latest service pack on them and make sure they are fully patched. I want to update the components (install the latest msxml, directx, .net frameworks, mdac, etc). I also want the latest acrobat reader, java, flash, etc. I use AutoPatcher to do a lot of this. I want to use a lower privilege system like amust 1 defender to drop browser and email client to user privileges and lock down the hosts file with spyware blaster and spybot to make sure they can't even visit sites known to distribute spyware. Most machines don't get infected after I do the last two. We also upgraded the ram in all the machines to make them at least 512. I want the systems on NTFS but I'm not big on upgrading from FAT to NTFS on a system partition not the least of which because it only uses a 512k cluster size as well as possible permission problems.
The problem is that I'm getting backlash on what I'm doing. One machine was locking up after I did the updates and I locked it down. I found out later it was bad RAM (do to the RAM upgrade) but he blamed it on the stuff I did. I was in again the other day and it crashed and had a memory dump which once again prompted him to blame it on what I did so I removed what I installed hoping if it was an issue it stop. It might of I don't know yet he was leaving around that time. Another machine was having a problem with one part of the antique app they used. On one database it wasn't displaying the records correctly on this one form. It worked on other machines and strangely it worked on different databases on the same machine (I still don't know what could be causing this) but it looks like I installed something and broke it and now I'm trying to fix it. Nothing else is broken. Part of me thinks if it wasn't such a drastic update I had to do I wouldn't be having these issues but these people don't appreciate what I'm trying to accomplish. They are right now in a bad scenario (security wise) and although things are working fine now if they have a serious problem they are pretty screwed in which case they'll blame me for things not being updated or locked down later.
Do you think I'm handling this correctly. Any suggestions?