As the year comes to an end and New Year’s Day is right around the corner, everyone starts to think about their resolutions for the New Year. Unlike those you are bound to break, like “I resolve to go to the gym every day” and “I will never order extra cheese again,” here are 13 New Year’s Resolutions that every SysAdmin should not only make, but actually keep.
1. I will finally get patch management under control.
For far too long, you have had servers you didn’t patch, workstations you couldn’t patch, and no real way to know just what the status was of any specific machine. And third-party apps? Forget about it. You don’t even want to know how many machines are running out of date Flash. Stop the madness. Make this the year you finally get patch management under control and deploy an app that can handle operating systems and third party applications, so you know everything is fully up to date.
2. I will use hard fails in my SPF records.
It’s so simple. Change one little ~ to a – and you’re done. If it actually does break something… Good! No one should be sending email from your company domain that you don’t know about, so do us all a favor and make this the year you finally start to use hard fails in your SPF records.
3. I will change all those passwords I haven’t changed this decade.
I have a favorite password too. I came up with it in 1997 and consider it nigh unbreakable. But I know it’s not, and you know that password that you’ve been using since a Bush was in the White House is well past its prime. Go change those passwords now – especially the ones that half a dozen ex-employees know because it doesn’t really matter how much you trust them. They don’t work here anymore and shouldn’t know service account passwords.
4. I will actually validate my backups, at least once.
We all smile and nod and say “of course you need to test backups by restoring” but let’s be honest… we never really do. Until now. 2014 will be the year that we all validate our backups by restoring data. And I don’t just mean mailbox databases and home directories. We probably have to restore those every other day. I mean the backups of SQL databases and websites and application installs and Active Directory. Go make sure you really do have valid backups you can use to restore, because otherwise 2014 may be the year your luck finally runs out.
5. I will learn PowerShell.
Whether you spend an hour a night, three lunch breaks a week, or take a five-day crash course, make this year the year you finally learn PowerShell. It’s amazing how powerful a scripting language it really is, and Microsoft is fully committed to making it the management interface for all their products. Even if you can’t code a “Hello World,” you can learn PowerShell. Go do it.
6. I will successfully test our DR plan.
Don’t just test your DR plan… successfully test every aspect of it to make sure it really works. If it doesn’t, revise it and test it again. Unless your DR plan is to update monster.com, you really need to know your plan is sound, works 100%, and you really can get everything up and running again quickly and reliably.
7. I will check every UPS, fan, filter, and cooling system.
Take the first day of the new year to walk every row of the datacenter, open every rack, shine a flashlight in, and make sure every fan is really spinning. Replace every air filter, confirm every cooling system, and test every UPS. It may take a day to do all of that, but it’s a day well worth the effort since those are the simple things that can mean the difference between a system continuing to run, and one that dies.
8. I will run monthly vulnerability assessments.
Get an app, schedule the task, run monthly vulnerability assessments against your internal and external systems, and when you find an issue, remediate it. Trust me… the bad guys are scanning you all the time. Make 2014 the year when you finally know just what it is they see, and you don’t have to worry about it, because you have already covered it.
9. I will have 100% antivirus compliance.
Like patching, this is one of those lies we tell ourselves each year. Sure, all my users are running A/V and all my servers have it too. All my exceptions are properly set up for the applications that my company depends upon, and no SysAdmin has turned off A/V because he thinks his app will run faster. No more. This is the year that everything runs antivirus 100 percent of the time, no exceptions.
10. I will better educate my users.
They are your weakest link, and your early warning system. Why do you continue to let them operate in the dark? This is the year you really can do that monthly security newsletter; those brown bag sessions on patching, and convert your users from part of the problem to part of the solution.
11. I will get more proactive.
Nobody likes those phone calls that come in at 15 minutes before quitting time. But they are not quite as bad as the ones that come in at 2:00 in the morning! If you are waiting on tickets to come in and the phone to ring to discover and fix problems, you’re doing it wrong. Get with the times. Implement monitoring on all your systems that can not only tell you when something is broken but warn you before it breaks, so you can address the issues during the regular business day, and take back your nights.
12. I will upgrade all my old Exchange 2003, and Windows 2003 systems
Take a look at that calendar, will you? 2014! Wow, how time flies. I guess I really have got a great decade worth of service out of those old 2003 bases systems. Since everything from the server operating system to the core applications have gone through two major new releases, it’s time to take anything running a 2003 version and put it out to pasture. They’ve earned their retirement. Let them go. 2014 will be the year of the upgrade for many of you. Resolve to make it count.
13. I will upgrade all my old XP and Office 2003 users.
And speaking of legacy, XP is dead. As of April, it is no more… no more patches, no more security updates. The same goes for Office and plenty of other systems out there. The difference between 12 and 13 on this list is that 12 is the purview of the SysAdmin, who knows he or she needs to upgrade. 13 is going to involve a user who just can’t update because learning new things is hard and it still works, so why replace it. Hey, if they want to drive that ’79 Pinto with 330K miles on it, that’s their business, but they cannot run systems on your network that can no longer be maintained, and both XP and Office 2003 are going the way of the DoDo come April. It’s time to pull the plug. Just make sure you give them 8.1 and Office 2013 so you don’t have to do this again for at least the next several years!
If you don’t want to resolve to give up coffee or take up running, don’t. I’m not about to tell you to do something you don’t want to do, if you don’t have to do it. The resolutions above are not like that. These are all things that are good, good for you, and take less effort than the alternatives will should you choose not to. Getting proactive, taking care of business, and upgrading things you can no longer support will all help to protect your nights and weekends, and hey, you might even have time to hit the gym if each morning is no longer a fire-drill. Have a great, happy, and safe New Year, and resolve to do right by your network and your users.