Ongoing Network Maintenance

What are some good actions to assure high availability of workstations AND servers through regular, proactive maintenance, including schedule/frequency and whether such work will be done on-site or through remote access to the network.

Network administrative functions to specifically include event log reviews, performance monitoring, disk maintenance, and user account management.

Network security functions, including but by no means limited to, antivirus and spam management and backup monitoring and file test restores.
Cyber ITEngineerAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Good Day,

seems you are moving in the right direct, but in order to answer this question you may want to provide a little more information about the network.  What do the work stations do?  What are the server functions? do all of the workstations connect to the server.  Is all of the equipment on site or spread out to different branch offices?  Any other info will greatly help in getting the best possible response.


Cyber ITEngineerAuthor Commented:
It is a network that is running a small business server 2003 domain w/exchange server 2003 and blackberry server. Another server running windows server 2003 which has SQL Server 2005 for an ACCESS database.

There are about 85 workstations; desktop and laptops. conference room workstations have attached projectors. (39 staff, 35 client, 3 conference room, 5 laptops)
11 networked printers
7 local printers

There are three locations:
Two locations have staff members, two computer labs, a resource room and training/workshop classrooms ... these locations are connected through a fiber optic line.
Other location has 4 workstations with attached printers... this location is connected by a point-to-point VPN tunnel.

All staff members connect to the database.
Cyber ITEngineerAuthor Commented:
These workstations/laptops are all Pentium II with at least 512MB of RAM running XP Pro, Office 2003, IE7, Symantec Antivirus Corporate Edition and Brightmail Antispam.  The client PCs also run Mavis Beacon.

I feel the need to update the staff PCs to a P4 and 2GB of RAM. Im also considering on getting rid of Symantec Antivirus Corporate Edition and going with Symantec Endpoint Protection Small Business Edition due to the end of support and it is deployable and manageable from a server.
The Ultimate Tool Kit for Technolgy Solution Provi

Broken down into practical pointers and step-by-step instructions, the IT Service Excellence Tool Kit delivers expert advice for technology solution providers. Get your free copy for valuable how-to assets including sample agreements, checklists, flowcharts, and more!

Cyber ITEngineerAuthor Commented:
Not sure about Brightmail Antispam 6.0 yet.

 I would have to say you have a ton of different options out there.  I'll go ahead and take a stab at it.

1. I assume with your domain controller you are using active directory. Also I am assuming you are using a per user licensing.  If so I would create a log off script that will run a disk cleanup to erase any history on the workstations when the user logs off.  That way the workstations stay clean with little maintenance.

2.  Second I would set up a firm back-up schedule of the servers as they will be taking most of the load. I would create a separate backup server and always have two back ups.  I don't know if you have already but I would separate the active directory and exchange servers.

3. The anti-virus and anti spam software is good you should have no issues with that.  IF you are running the internet from one location and distributing it or running Terminal Services I would use a hardware solution.

4.  I didn't see any mention of a firewall and this should be your number one priority right next to backing up the system.  If you do not have a firewall solution in place I would look into this asap.  With all of that data being passed around you don't need some kid in his moms basement poking around in your system.

5.  you mentioned event logs I use the mmc snap in on server 2003 to administer the event/perfomance logs and I check them anytime I notice something off on the network.   Usually I have them up and running on a second PC at my desk.

If done right you should be able to administer this network very easily and from one workstation with very little on-site work.

***Remember these are only suggestions and I wish much luck to you on your forthcoming adventure


Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Cyber ITEngineerAuthor Commented:
Thank you for your suggestions...

1. A logoff script that will run a disk cleanup to erase history on the workstations sounds like a good ideas ... have any pointers on how to do that?

2. So what you are saying is have another server basically mirroring the main server just in case the main server went down? I believe you are also suggesting to seperate the the exchange server from the small business server ... instead of having two servers, have three which the third would be the exchange server with blackberry enterprise.

Forgot to mention that currently in place is a HP StorageWorks Ultrium 448 Internal Tape Drive system for backups.

What do you mean by two backups?

3. The version of Antivirus will soon not be supported by Symantec which is why Im thinking about going with Symantec Endpoint Protection Small Business Edition or the Enterprise Edition.

4. Forgot to mention currently in place is a Cisco PIX 515E and 506E.

5. Yes I like the idea of the mmc snap-ins.

How would the remote access work without any user interaction? I guess I could use a VPN connection and then use RDP for the servers and client workstations.  While on-site I could just use RDP to the clients workstation. I was also considering a program like LogMeIn.  What do you think?

I was also considering a SANS and start using VMware for the servers. Would you suggest a SANS with Windows Server 2003/2008 or a Small Business Server 2003?

After your suggestions it would be the following:

1-Small Business Server running active directory and print server
1-Small Business Server or Windows Server running Exchange Server and Blackberry Enterprise
1- Windows Server 2003 running SQL Server 2005
1- Small Business Server acting as a backup server (mirror)
Cyber ITEngineerAuthor Commented:
How do you assure that there is high availability of access to the internet and VPN resources with a point to point for other offices are in top shape with an ISP?

Being that there are three locations... two of them are connected through a fiber optic line. the other location is connected through a point-to-point VPN tunnel. Id like to make sure these offices have high availability of access to the internet, databases, and VPN resources.
Cyber ITEngineerAuthor Commented:
Would you create a backup server of the server running active directory and a backup server of the server running SQL Server??  so two more servers?
1. I would search for log off scripts or create one yourself(this way you can customize it to your network).  Here is an example

2.  yes I wouldn't keep active directory and exchange on the same server.  If something happens you are in dbl trouble and your phone would never stop ringing.

2 backups- on-site and off-site back ups, this way if a natural disaster happens or you get a disgruntled employee you have a safe set of off-site back-ups.  This is essential in a great disaster recovery plan

3.  That exactly what I was getting at the endpoint protection software should work great for you.

4. Great! you do have a firewall solution, and a fine one at that.

5.  This wiki explains mmc snap ins pretty well - 

RDP is good, but I use PC Anywhere to remote in - the reason being is it is very easy for some of the executives to use and it has some great features I can use behind the scenes when someone is on the terminal.  (I.E. command prompt, file transfer, and etc....)  All of these features can be done with RDP and command prompt, but it is easier for me to load the remotes in one file and give that to the managers and executives that need to use it.

SANS - How much data are you working with?  You may want to consider a more econmical option such as a NAS.

"1-Small Business Server running active directory and print server
1-Small Business Server or Windows Server running Exchange Server and Blackberry Enterprise
1- Windows Server 2003 running SQL Server 2005
1- Small Business Server acting as a backup server (mirror) "

The above server setup looks much more efficient, but the forth one down is by mirror do you me your Active Directory replication server? If so then it appears you are on the right track.

As for high availability of internet and resources I would call your ISP of the company that laid the fiber and see who they use for a consultant on those issues.  With out being on-site I cannot give recommendations, and I usually use a consultant for this just because they have the resources and access to test equipment.

Yes again I would mirror active directory and I'm sorry, but SQL is not a solution I use here so I cannot offer to much assistance.

Have fun!

It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Microsoft Legacy OS

From novice to tech pro — start learning today.