I took over supervision of our IT unit. Its been mis-managed for years, and is a real train wreck. We have over 250 computers, approx 150 notebooks and the remainder desktops. Users are all set as administrators on their assigned machine, have access to a shared T1 line for internet and they've been unsrestricted on internet navigation in the past several years.... sure we have an internet acceptable use policy but enforcement was lax and inconsistent.

Last two IT spv's were not computer knowledgeable and were transferred there because they had no one else to put there. They didn't want to be there and it shows.

Unit consists on me, a software specialist for a software suite we use, a radio repair/deployment tech who assists the specialist in minor software support, and a crime analyst who uses the software suite and other software. (It's a police dept.) But we are supported by an IT contractor who has the municipal contract to provide network and computer services to all depts within the city. But we are by far the most computer intensive of the city depts.

The biggest headache I have is that because users were allowed to run wild for so long, so many machines have problems due to being garbaged up with user-candy type bloatware, user installed of course. And bulk of our aging inventory of machines run Windows 2000 because a guy who used to be in the unit hated XP and whenever a new machine was bought he would format it and put 2000 on, this went on as recently as 2005. The problem with that, among other things, is 2000 can't take IE7 and of course there's no pop--up control in IE6, and factor in the unrestricted internet navigation and user ignorance about malicious pop-ups and it is a problem. Next is budget cuts. We have approx 90 machines that are either beyond their 5 year refresh limit or will be by mid-2008. 40 machines needed to be replaced (5 yr refresh) last year and were not. It gets worse: Because the prev IT spv's knew nothing about computers, during the last 5 yrs when they bought computers they bought them with the minimum amount of RAM possible. If I find a machine with 512K it's a jewel. Most have 256K.

I'm working on trying to clean up this mess. This past week I got us under the city-wide Barracuda Web Filter for internet navigation restriction. Rest of the city has been under it since the contractor was brought in 2 yrs ago, but the PD was let to stay outside of it. I had the contractor start suppying me with network bandwidth useage reports and reports on URLs that IP's on our subnet were going to. I translated the info and showed the chain of command things that were going on-- MySpace surfing all over the place, streaming media (radio/music), etc.

End of rant.

 

I sent this to my son, Kiddo, to have a look at. This looks like something right up his alley!

 

I can feel your pain Loan Ranger. I am a IT Systems Administrator for TransAlta (US Operations; www.transalta.com). When I was hired there they had just let go of there entire IT staff.

If you ever need any advise on anything just let me know. I would gladly help you out.

 

I've been working in IT since 1988.

You're best bet to fix the mess. Create a master image for each type of hardware you have and re-image all the PCs & laptops back to a pristine state. I would hope that your department or the contractor has some sort of a deal with MS for mass licensing - that will make things easier.

Some of those machines (513 MB RAM) might be able to run XP if all the eye candy is turned off, but the others won't run it well.

The other problem you have is that MS does not really support Windows 2000 anymore. Even though it's a rock solid operating system, the only support you'll get is security updates until sometime in 2010.

Make sure the Windows 2000 boxes are running SP4.

BTW, there is a pop-up blocker built into IE6.

 

The master images are on file but dated. Quite a bit of our base software loadout has changed or upgraded since the last batch of base images was made via Norton Ghost. Again, a symptom of neglectful prior management.

The IT contractor that provides network support for the entire city is brokering a lease deal on behalf of the city to replace a ton of computers, and they're planning to go with Microsoft Software Assurance to keep in compliance on licensing. Most of the servers are running Server 2003 with a few Server 2000 machines online but scheduled for refresh soon. Total number of computers city/county wide on the primary domain is approx 1800, but again the PD has the most machines of any single city or county dept.

My biggest problem right now is lack of funds. In prior years the city was funding out IT dept's annual computer refresh budget @ $100K/yr but this yr they've only funded $10K, and I've got all these machines aged 5+ yrs that are getting flakey reliability-wise. I do have a parts budget of $2300 total for the year which will mostly be used to buy hard drives because on the old machines the drives go out first.

If the lease deal goes through we should see a lot of machines replaced, but that too will be a project getting the base software loadout on them. Since the lease deal will be for one model of deskptop and one model of notebook what we'll do is take one of each, format it, do a loadout, and then create a base image it and keep it on file, then the IT contractor has the ability to image a batch of (I think they said) 20 machines at at time with ther base image.

Yep, all our 2000 boxes are running SP4. Active Directory Group Policy locks all workstations to recieve Windows Automatic Updates, and also locks down the Symantec Enterprise Edition Norton Antivirus client on each machine so users cannot disable that. The Norton helps but the ltest version, I think it is 10.7.1 is doing something unholy to resources. We only put Norton client version 10 or above on XP machines and 10.7.1 is doing something to choke the machines. I've uninstalled it and put v 10.4.?? back on a few XP machines due to huge performance slowdowns after 10.7. On the 2000 machines version 9 is the highest that is used, due to resources. Even then it still slows them down. But I have no choice on that-- the IT contractor chose Symantec Antivirus Enterprise Edition and that's what they have bought licensing for.

Its going to be a fun year...

 

Sounds like you need to put some Group Policies into effect



Goose

 

I knew you worked for a government entity long before you ever stated it. Yes, we have great access but the majority of the users have no idea how dangerous the internet can be. I really feel for you!

I work for the military and they developed a "standard desktop configuration". Every unit has the same setup and other software is added, if needed for your job. No one but our IT folks have administrator rights. We still have problems with viruses, especially those brought in from home. They have blocked a ton of websites like myspace. I think you're smart in monitoring usage. You can determine who's doing their job and who's surfing all day. Bring that data with you at evaluation time and I bet the practice of surfing changes significantly!

 

We have some, or rather, the contractor has it in place. I just installed the Group Policy Manager and will be examining what we have in place and proposing further.

I have got so much work ahead trying to unscrew this IT Unit that I don't know where to start...

 

Doh, the secret's out!

Yeah the thing is, I'm a cop at heart, I was promoted to Sgt in December and they knew they needed someone with computer knowledge to run IT Unit, I was like well, maybe, and they were like, well YES. Keep in mind in reading my posts that I'm not an IT professional... yet. I'm not even A+ cert although I can take apart notebook pc's and put them back together (most recent repair was wife's HP notebook needed power adapter jack replaced, had to disassemble, use solder vacuum to remove broken power jack from mobo, soldered in new from http://www.laptopjacks.com put her back together and she's back up and running like new except the faulty jack killed the battery).

We use HTE/OSSI (Sungard) public safety suite of software and it requires users be admin on their machine. That is the kicker. Or at least that is the info I am being told by the software specialist. One of the many things on my list is to speak with OSSI tech and make certain that it has to be that way. Because users being local machine admins causes a lot of headaches.

Prior to this assignment I was always in field divisions-- patrol or CID. Support division is an adjustment.

 

Lone Ranger,
Sounds like you really know what your doing on computers, for not having any certs. I'm MCSE 2003 Sec+, with CCNA. You might want to take a boot camp course for an actual certification. I'm working for the government as a contractor now, with a lot of experiance from the Marine Corps. I'm mostly into the network infrastructure, but still work with a lot of server problems. If you need any help, hit me up.