# Windows System Administrator



## HalfEatenPie (Jul 21, 2014)

Hey all!

So we are all familiar with Linux and Linux System Administrator work.  That's all fancy and dandy, but in a more corporate environment most user hardwares (and often more critical systems) are Windows based.  

How's Windows System Admining?  What experiences do you have to share for that?  Anyone have some good links or resources for it?  

What do you use for monitoring Windows Servers?  Good powershell scripts?  

How can you run Windows on a potato?

But a semi more serious topic, what are your experiences with Windows Domains?  

/r/talesfromtechsupport and /u/airz23 may or may not have impacted this post.


----------



## rmlhhd (Jul 21, 2014)

Windows System Admining is quite easy, since most Windows Servers have a proper Windows desktop UI and stuff is easy to access (just a click of a button).

I do some work in my local council and everything other than their firewall and VPN's are Windows based. Their system is very complicated although it works well, they have over 2000 users authenticating against AD everyday and transferring 100's of GB's of data between the desktops and servers on a daily basis. 

I've used PRTG in the past to monitor Windows resources and network activity and have seen PowerAdmin be used to monitor services.

I don't use powershell much and don't know many scripts although I like the fact that you can have a powershell based Server 2012 install where all you can see is a powershell console. The advantage of this is it uses a lot less RAM than a server with a GUI.

No, Windows will not run on a potato.

If you have many users with their own desktops/laptops that need access to a central file store as well as their own user accounts for authentication against proxy's, VPN's and even WiFi then using a Windows Domain Controller will be the best thing you've ever done to make your life easier in a large user based environment. 

Bare in mind it's not a good idea to run everything on your domain controller, if the DC goes down then so does your File Server, Proxy, VPN, Web Server, RemoteApp's, DNS and DHCP servers. If your planning on using the DC for a lot of users, setup a failover.


----------



## KuJoe (Jul 21, 2014)

I'm a Windows Admin at my day job and it's a great job as long as you're not in charge of everything surrounding the servers. I don't even remember how many thousands of servers I manage with 1 other person at night, but as long as they get their monthly reboot they tend to be pretty stable unless somebody goes messing with them (and if you're on the team in charge of patching them and making sure they come back online successfully, hopefully you're getting paid well because that's one headache I wouldn't wish on my worst enemy).

I have far less knowledge and experience with Windows than I do Linux, but there's a GUI for everything and Powershell is very Linux-friendly so I can script almost as good in Powershell as I can with bash (with some Google magic of course).

There are a lot of different monitoring scripts out there and if you're working in a corporate environment you're probably spending thousands of dollars on monitoring so don't bother with scripts. SCOM is what I use and it works pretty well now (2012) when people actually put things in maintenance mode but then again, I'm not on the monitoring team so I don't know what all it entails to get it working like it is now.

For running it on a potato, you'll want to look into something like this: http://windowsondevices.com/ (they were giving out free dev boards a few weeks ago, still waiting for mine though).

My experience with Domains is when servers fall off them (which happens quite frequently for some unknown reason). Other than that, I leave Domains to the team who manages the domain controllers.


----------



## HalfEatenPie (Jul 21, 2014)

Hm.

Interesting.  Unfortunate Windows isn't compatible with my potato.  Maybe I should put an embedded device that'll be powered by a potato?

Joking aside.  I recently have a very small-scale deployment in my house (fraternity house?) for fiddling purposes.  We have three Windows machines that requires domain logins and have a central file server on a closet PC that's running everything.  

Our switches runs DHCP and DNS, so this internal server is simply there as a convenience (domain controller, file server, streaming, etc).  Unfortunately we actually have no failover system (while I'm complaining WiFi is constantly faulty, I think the WAP is connected through this server but I'd have to double check later. LAN (which is wired throughout the building and all connected to a switch on each floor) is reliable as hell) and no monitoring whatsoever, which is terrible because for this deployment everything's in a closet and since we've deployed it the closet's been overheating.  We're in the process of moving everything to new hardware that won't generate as much heat or consume as much energy but it's all a learning experience.  

In hindsight, this deployment of ours failed to realize that a closet is a place with terrible circulation, and therefore a more efficient/cooler hardware is needed for the design area.


----------



## TruvisT (Jul 21, 2014)

HalfEatenPie said:


> Hey all!
> 
> So we are all familiar with Linux and Linux System Administrator work.  That's all fancy and dandy, but in a more corporate environment most user hardwares (and often more critical systems) are Windows based.
> 
> ...


Used PTRG and it makes for a great basic setup. I peronally, don't like the UI all that well but it works. I just have a Windows 8 or 2012 machine and use it to connect and monitor with Server Manager. Since we control all updates with WSUS it helps with controlling weird update issues and other problems that can happen.

The real fun begins when you start using AD FS and get involved with mobile device managment.

DirectAccess is also really nice. Way easier and instant then a VPN for end-users. I still prefer a VPN but DA was nice work again done by MS.

As far as Windows Domain goes, that is a big topic. It really comes down to how you want to set the networks up. What I have always done with OUs is create groups based on their locations and then their tasks. From there filter down to the OS version and then apply GPOs specficaly to the machine groups as they need those setups.

Oh yea, we also run roaming domains, which is nice, but we also make sure that people keep their workstations cleaned to needed files only. Don't let someone dump a movie file down and then logoff. That will wreck havoc.

If anyone is looking to really get into WS 2012 and W8 get a good book. It is worth the learning time.


----------



## HalfEatenPie (Jul 21, 2014)

TruvisT said:


> Oh yea, we also run roaming domains, which is nice, but we also make sure that people keep their workstations cleaned to needed files only. Don't let someone dump a movie file down and then logoff. That will wreck havoc.


Back in the Days of Windows XP and my middle school times....  I remember dumping a ton of heavy files onto my desktop.  Then I'd always complain about how loading took way too long.

Yeah...  I learned my lesson with that.


----------



## TruvisT (Jul 21, 2014)

HalfEatenPie said:


> Back in the Days of Windows XP and my middle school times....  I remember dumping a ton of heavy files onto my desktop.  Then I'd always complain about how loading took way too long.
> 
> Yeah...  I learned my lesson with that.


I am not sure if times or better or worse. Everything I have is 1gbps connected. Wireless is the only slow points unless the systems have N or AC. But of course files have also gotten bigger which makes the faster speeds not as fast due to larger media files.

Like they say everyone has a like/dislike with Roaming Profiles. I just try to encourage everyone to use Work Folders or storage shares on the network for all big files and work content. Then the roaming profiles keeps their apps and prefs in-sync.


----------



## iWF-Jacob (Jul 21, 2014)

My other job is a System Analyst for an agency called the Education Service District. It's between a county agency and the state agency of education, so I am in a team of 28 that covers five counties totaling around 30,000 square miles. I go to school districts and provide regular maintenance, as well as "mayday!" calls. All of them are on Windows domains, so I'm quite familiar with domain architecture, FISMO roles, SCCM, WDS, GPO, etc etc.

To continue with the past discussion though, roaming profiles are a thing of the past and almost nobody uses them anymore. It's all about folder redirection now. It's much more efficient, you don't have to wait for it to sync at login / logoff, and in some cases you can do folder redirection to Skydrive, which allows students to access their content at home. Since all O365 schools get a free 1TB Skydrive account per student for 10 years, it works out quite well!


----------



## HalfEatenPie (Jul 21, 2014)

iWF-Jacob said:


> To continue with the past discussion though, roaming profiles are a thing of the past and almost nobody uses them anymore. It's all about folder redirection now. It's much more efficient, you don't have to wait for it to sync at login / logoff, and in some cases you can do folder redirection to Skydrive, which allows students to access their content at home. Since all O365 schools get a free 1TB Skydrive account per student for 10 years, it works out quite well!


Cool!  Could you clarify though and go more into detail on that part though?  Like what's the biggest benefits of it?  What about changes to the profile (e.g. different background images, specific configurations for the Windows user account, etc?)


----------



## blergh (Jul 21, 2014)

PRTG is indeed a god-send when it comes to simple monitoring of Windows hosts. Or well, it's a great "setup and forget"-thing that does what it does very well (at a high price at that)


----------



## iWF-Jacob (Jul 21, 2014)

HalfEatenPie said:


> Cool!  Could you clarify though and go more into detail on that part though?  Like what's the biggest benefits of it?  What about changes to the profile (e.g. different background images, specific configurations for the Windows user account, etc?)


Well, this is probably a bit different in a corporate environment, but in a school environment we restrict students via GPO to be unable to make changes to their profile. In addition we use a product called Faronics DeepFreeze which makes it so that even if the students manage to get around our GPO restrictions, any changes they make will be reverted when the computer restarts (which happens automatically every day). In addition we have scheduled "thaw" times on weekends where the computer gets a WOL message, updates itself, and re-freezes itself. 

In terms of folder redirection: Some of the schools we serve utilize folder redirection to their SAN. Other schools have folder redirection to Skydrive. Here are a couple links:

http://msdn.microsoft.com/en-us/library/cc786749(v=ws.10).aspx

http://technet.microsoft.com/en-us/library/cc732275.aspx

I'd be happy go further in to it if you're curious


----------



## HalfEatenPie (Jul 21, 2014)

iWF-Jacob said:


> Well, this is probably a bit different in a corporate environment, but in a school environment we restrict students via GPO to be unable to make changes to their profile. In addition we use a product called Faronics DeepFreeze which makes it so that even if the students manage to get around our GPO restrictions, any changes they make will be reverted when the computer restarts (which happens automatically every day). In addition we have scheduled "thaw" times on weekends where the computer gets a WOL message, updates itself, and re-freezes itself.
> 
> In terms of folder redirection: Some of the schools we serve utilize folder redirection to their SAN. Other schools have folder redirection to Skydrive. Here are a couple links:
> 
> ...


Huh interesting! So I'm guessing folders such as My Documents on the local computer would be redirected to their account folder on the SAN?

Also, this is totally related to your own setup but are there any linux systems that manage any certain part of the schools' infrastructure? Or is everything done via the Windows Server systems?


----------



## mikho (Jul 21, 2014)

Folder redirection is usefull in terms that you have a powerful computer but it is in a way considered a "dumb terminal" since all important data is stored elsewhere even if it looks like it is local to the user.


Been working as a Windows System Admin for 10-12 years before I decided to try the consultant point of view. So now I do the same thing as before but with other peoples stuff. 


One advantage using redirected folders instead of roaming profiles is thst you can chose which folders to redirect. With roaming profiles you transfer temporary internet files and other temp files that are of no need.


Powershell and web based control interfaces are more and more common now a days, as an example you can look at the changes MS Exchange has gone over since Ex2003 -> 2013.


From doing everything in the GUI to now when you actually need to understand Powershell to use 2013.


----------



## HalfEatenPie (Jul 21, 2014)

mikho said:


> Powershell and web based control interfaces are more and more common now a days, as an example you can look at the changes MS Exchange has gone over since Ex2003 -> 2013.
> 
> From doing everything in the GUI to now when you actually need to understand Powershell to use 2013.


Isn't this like... I don't know... going backwards?

You'd assume more and more people/things would be using UIs than going to Powershell... or am I missing something here?


----------



## iWF-Jacob (Jul 21, 2014)

HalfEatenPie said:


> Huh interesting! So I'm guessing folders such as My Documents on the local computer would be redirected to their account folder on the SAN?
> 
> 
> Also, this is totally related to your own setup but are there any linux systems that manage any certain part of the schools' infrastructure? Or is everything done via the Windows Server systems?


That's correct. My Documents is either redirected to a SAN or to Onedrive/Skydrive/whatever you want to call it now.

Linux -- generally there's either Cacti or Opsview. Occasionally a district will have Observer. But sometimes there's SolarWinds and their suite. It really depends on the school district. I know of one district that uses FreeRADIUS for their AP authentication -- which seems totally ridiculous to me, seeing as you could just add the NPS role to Windows. 

But then again there is still one district that's on Novell. So there's SUSE at that district. They're all kinds of wonky, they use ARIN publicly routable IPs for their DHCP scope. Yup...


----------



## GIANT_CRAB (Jul 21, 2014)

Red Hat seems to be using RHEL in their corporate environment though.

Just saying...


----------



## mikho (Jul 21, 2014)

HalfEatenPie said:


> Isn't this like... I don't know... going backwards?
> 
> 
> You'd assume more and more people/things would be using UIs than going to Powershell... or am I missing something here?


With the possibility to run without a GUI this is the "only" option.


I would like both options, if you only are doing something one time I find it easier to do it with a GUI then to code something up with Powershell.


Posershell is an improvment compared with old school DOS "programming" using bat or com files.


----------



## HalfEatenPie (Jul 21, 2014)

GIANT_CRAB said:


> Red Hat seems to be using RHEL in their corporate environment though.
> 
> Just saying...


True story. But you can't really run RHEL on a potato.


----------



## MannDude (Jul 22, 2014)

Windows for me is completely and utterly frustrating, but then again I really know little about it. I rarely have to interact with it at work, but when I do I am mostly lost. Does anyone know of a crash course into Windows for the hosting industry?

It's just a foreign concept to me, that everything requires a license key and there are different versions of MSSQL, for example, all at different costs with different features. And Plesk, god, I hate Plesk. If it were up to me to setup someone's server with Windows and Plesk I'd be lost and would rather spend time determining if they _needed_ Windows and would try to sell them a Linux equivalent if possible.

The great thing about Linux is I can Google _anything _and get an answer fast. I forget what it was, but for a past company I worked for I was tasked with fixing a Windows related Website Panel issue... All I could find on Google was others with the same issue, but no solution. I posted on forums, no solution was ever found. I think I even contacted WSP directly as well. I think we ended up paying someone to fix the issue for the customer after a couple days of no response or resolution coming from any other source.


----------



## KuJoe (Jul 22, 2014)

One thing I like about Windows is if I have a problem with something and I use Google to find a solution, 9 times out of 10 I'll get a TechNet article that I can forward to the engineers so I don't have to try some duct tape fix that isn't approved by Microsoft and has to be run by our security team and undergo weeks worth of audits before I can fix the problem.

The downside is Windows admins make a lot less here than the Unix (Linux) Admins. Which is crazy because the ratio of servers to admins is over 550:1 for Windows and less than 190:1 for Unix.


----------



## mikho (Jul 22, 2014)

MannDude said:


> The great thing about Linux is I can Google _anything _and get an answer fast.


Same way for me but the other way around. 

Guess it all boils down to experience, somethkng you can only get by working with it.


I've worked with many applications and systems over the years, even Cobol software (today actually). Funny thing is, people I meet always excpect me to know everything about their computer problems since I work as a consultant.


Truth is that I almost always do. 


Another fun fact (boosting my ego) is that the last two years I've been contracted by three innternational companys regarding problems their IT department can't solve.


In two of the cases my first suggestion after listening to the description of their problem turned out to be the solution used.


I'm that good


----------



## mikho (Jul 22, 2014)

MannDude said:


> Does anyone know of a crash course into Windows for the hosting industry?


There is no crash course. You need to pick an application/system and start there.



MannDude said:


> It's just a foreign concept to me, that everything requires a license key and there are different versions of MSSQL, for example, all at different costs with different features.


The Microsoft way of counting licenses and the amount the charge per license is ridicolous.


Two of my customers have been contacted by Microsoft to "assist" in keeping track of the licenses for MS products.


The audit took 3 months per company. Each company has about 30-50 employees. Nothing special.


----------



## TruvisT (Jul 22, 2014)

mikho said:


> There is no crash course. You need to pick an application/system and start there.
> 
> 
> The Microsoft way of counting licenses and the amount the charge per license is ridicolous.
> ...


You know their licensing is complicated when their own people have problems explaining it to you. and when they keep changing how they do it.. ughs.


----------

