Today instead of talking about the Mac, iOS, Linux, or Newton, I wanted to switch gears and discuss Windows administration. I started my career in graphic design, but quickly moved into Macintosh administration because of the needs I found in every design studio visited.1 It is not that designers are poor computer users. Far from it. It is just that most designers I know (especially print designers) are more concerned more about their art, and less about the complex tools they rely on everyday.
In addition the technology landscape when I started my career is much different than it is now. The classic Macintosh operating system was still the default standard. Mac OS X was more of a curiosity than a participant, and all the arcane rituals and technology traditions we practiced in the past were still a part of everyday life in 2002.
Extension collisions still ran rapid. Font conflicts occurred often, cooperative multitasking was the norm, and the memory requirements for individual applications still had to be managed by hand. When a system crash occurred it usually brought down the entire system, and believe it or not 100 MB Zip disks were still the default means for transporting and backing up the work of the day. Pray people didn’t save to them directly. Between rebuilding Desktop Files, and migrating workflows to Mac OS X there was a lot to do as a Mac administrator in the early 2000’s.
But a lot of that has changed, and in some ways the need for Macintosh administration have dried up. As Apple Stores have become more prevalent the Genius bar has become the central location for Macintosh support and repair. The internet has allowed more employees to work from home, negating the need for a centralized support structure. In addition to working from home more people are bringing their home Macs to work with them, giving IT teams new challenges, but less to keep track of. Finally the move to Mac OS X for so many people has made them more independent computer users. Less goes wrong on modern Macintosh operating systems, and when it does internet connected Macintosh users are more prepared to fend for themselves finding their own solutions. After all most of us have been doing it ever since we started using a Mac.
Windows users are different though. Enterprise Windows users never had to fend for themselves. They never made a meaningful transition to the new and different. They stuck with what the company gave them, the clear and popular choice, and never identified themselves by the technology they were provided. Relegated to having to ask for administrative rights to do anything on their computers, most Enterprise Windows users never learned to take an interest in administering their own machines because they never could. This lack of understanding, and the security vulnerabilities of early Windows operating systems made Windows users the primary targets of malicious software and phishing attacks. Worst still, companies reactions to these threats have been less about user education and more about tightening controls. This gave Windows users even less of a incentive to learn about the machines they sit in front of 40 hours a week.
As Mac administration jobs have dried up I have found myself moving more towards the Windows side of things. First at Boston Children’s Hospital where I specialized in deploying PC workstations for Radiology imaging, and later at MIT where I command a 160 PC office environment. If over the last seven years of working with PCs has taught me anything it is the value of the rebuild.
My current Windows Deployment Strategy starts with this promise.
No user will be down for any client-side computer issue for more than an hour.
This means that no matter what the problem is, hardware or software, I have thirty minutes to reproduce, diagnose and correct the issue. And if I am not able to fix the problem I have thirty minutes to replace the machine. Windows is too complicated to troubleshoot difficult conflicts. If I can’t find a clear answer on the internet in under half an hour I am wasting my customers time, and what Windows PC wouldn’t benefit from a little rebuild now and then. With the exception of mandated Enterprise Antivirus software I don’t mess with malware solutions. If a machine is infected I replace it.
In order to accomplish this goal a couple of preparations need to take place.
- Move as many people as possible to the same kind of business class computer.
- Make sure the warranty for said machines is three years minimum, and that the manufacturer does not drastically change the design more than once a year.2
- Census all the computers you are responsible for, recording their name, network information, user, specialized applications, model, and serial number. Keep this census up to date at all times.3
- Consider your user base. How many machines are you likely to rebuild in a day? Take that number and double it. Now you know the amount of spares you have to maintain.4
- In addition to spare machines purchase a generous number of spare hard drives to use for the backlog of customer data. You are going to need it.
- Finally perfect an imaging process where machines can be built unattended in no more than one hours time.5 The image should include most, if not all of the applications used by your group. With installers for specialty applications stored locally for quick deployment.
When a PC fails, exhibits unacceptable slowness, experiences application conflicts, or becomes infected I replace it. The same is true for substantial software upgrades. I put the original PC aside, deliver a newly imaged PC in its place, and transfer the customer’s data using their original hard drive, a USB drive adapter, and drag and drop. After the user has logged in, all of their data has been transferred, and their printers, Outlook profile and drive shares have been restored. I preserve their untouched original hard drive for at least two weeks6, and rebuild their old machine for immediate redistribution using one of the spare hard drive I keep in stock.
This form of Windows administration gives enterprise users what they want. A consistent computer experience free of half ass fixes, and void of the lingering affects of unresolved malware. It treats the computer like a replaceable appliance, and regains trust with users who are normally pray to the whims of the PC guy. With a backlog of perfectly imaged PCs you don’t have to be a Windows guru to support a department full of Windows users. You just have to learn to rebuild.
It is one thing to correct IT issues as they arise. It is another to prioritize deployment, renewal, and consistency. I got my job at Apple because of a paper I wrote on NetBoot best practices and benefits. ↩
This is a common arrangement between Dell, HP, and Lenovo. ↩
My census is in the form of a Numbers spreadsheet I can access from my Mac, or my iPhone using iCloud. ↩
I keep four spares are all times, with two of those spares being the latest model. ↩
I use a Windows Autounattend.xml file and batch scripts for imaging, but cloning is a valid alternative for complex deployments. ↩
If something goes wrong I can always restore them to their original setup. ↩