Taking over IT for a small business
-
@pmoncho said in Taking over IT for a small business:
@Dashrender
Do they have a backup strategy for their pharmacy software?Good question - I haven't gotten that far yet.. currently, it's not my domain, but I'm assuming it will quickly become part of it.
Side Note - In small medical offices, when they ask how to shore up security, my statement is, "I will have a much better idea how to fill the security gap if I can see your HIPAA policies and most recent security assessment." I get some interesting reactions. Hard to be HIPAA compliant without those items. Plus, you may get extra billable hours.
yeah - so in regards to that - they told me "we want all machines to be nearly identical - when I sit at any computer, I want all the same websites (in favorites) with the passwords already remembered, etc."
I then reminded them that wasn't legal from HIPAA perspective - that all users need to have their own logons for systems that house PHI (I know for example, they are all sharing a single logon to someone else's EHR system - I wonder if that company knows that?) They were taken aback by that realization, then told me they would work to get everyone their own logon for that EHR, and their their pharmacy software already had an account for each person. -
@Dashrender said in Taking over IT for a small business:
@jmoore said in Taking over IT for a small business:
There is a powershell module "windowsupdate" that works ok for me here. I schedule that here along with chocolatey updates for our free stuff.
Why do you kick windows update - do the systems not auto update themselves on a semi-regular basis?
The big question is - do the systems auto force movement to the next version - which I know they eventually will force... but timing is a kinda a big deal to most offices.. they don't want windows kicking off a 2 hour update when the employee logs in at 8 AM.
Keep in mind I'm talking about my environment here and this is what I've seen. Yours or theirs could be different. The systems here will auto-update and do regular security and app updates eventually, but it usually takes a long time, sometimes months. I like to keep things more up to date than that. I havent had any issues scheduling windows updates for every 2 weeks here.
The other big reason why I schedule the updates is so I can control when they happen. I schedule for the evening and so far no has had to wait 2 hours to log in or be interrupted at 9am with a large update. I was told that used to happen a lot. Users would arrive at 8am, turn computer on, have it start configuring a large update and not be able to log in for 2 hours.
I am not sure but I don't believe the large feature updates( such as 1903) happen on their own. At least I have not seen anything do one yet. Its possible I don't wait long enough to see if it happens. For my environment, I don't have a reason to.
i am not sure
-
@jmoore said in Taking over IT for a small business:
@Dashrender said in Taking over IT for a small business:
@jmoore said in Taking over IT for a small business:
There is a powershell module "windowsupdate" that works ok for me here. I schedule that here along with chocolatey updates for our free stuff.
Why do you kick windows update - do the systems not auto update themselves on a semi-regular basis?
The big question is - do the systems auto force movement to the next version - which I know they eventually will force... but timing is a kinda a big deal to most offices.. they don't want windows kicking off a 2 hour update when the employee logs in at 8 AM.
Keep in mind I'm talking about my environment here and this is what I've seen. Yours or theirs could be different. The systems here will auto-update and do regular security and app updates eventually, but it usually takes a long time, sometimes months. I like to keep things more up to date than that. I havent had any issues scheduling windows updates for every 2 weeks here.
The other big reason why I schedule the updates is so I can control when they happen. I schedule for the evening and so far no has had to wait 2 hours to log in or be interrupted at 9am with a large update. I was told that used to happen a lot. Users would arrive at 8am, turn computer on, have it start configuring a large update and not be able to log in for 2 hours.
I am not sure but I don't believe the large feature updates( such as 1903) happen on their own. At least I have not seen anything do one yet. Its possible I don't wait long enough to see if it happens. For my environment, I don't have a reason to.
i am not sure
The large updates will eventually force their way on - it might be a year later.. for example, when 1903 was released, 1709 went out of support, and Windows was forcing people to 1903 (assuming no blocks).
I wouldn't expect the 2 hour updates in general except for the large bi-annual updates (i.e. 1903).
How are you dealing with machines that people turn off at night?
-
@Dashrender said in Taking over IT for a small business:
How are you dealing with machines that people turn off at night?
By having a company policy put in place that they are to be left powered on. Logged off, or locked, yes. But not powered off.
-
@JaredBusch said in Taking over IT for a small business:
@Dashrender said in Taking over IT for a small business:
How are you dealing with machines that people turn off at night?
By having a company policy put in place that they are to be left powered on. Logged off, or locked, yes. But not powered off.
Same here.
-
@Dashrender said in Taking over IT for a small business:
How are you dealing with machines that people turn off at night?
Change the defaults in windows to "sleep" instead of "shutdown".
Send Wake On LAN packet if you need to start it.Remove hibernate unless it's a laptop. Frees up some disk space too.
Also, basically set all machines to go to sleep after X minutes of inactivity. It could be an hour or whatever. Saves on power and if someone forget to turn it "off" (sleep) it will automatically sleep.
-
@Dashrender said in Taking over IT for a small business:
How are you dealing with machines that people turn off at night?
Most people do not turn machine off but occasionally(every couple months) I'll use wmic to make sure machines are getting updates somewhat regularly. It shouldnt be critical in any way to miss a few weeks updates but I just make sure someone hasnt gone 3 months or something like that. I have every department in a text file list and I use those a lot for various things.
-
@Dashrender said in Taking over IT for a small business:
How are you dealing with machines that people turn off at night?
If you can't change policy easily then maybe just schedule sometime during lunch and give people a heads up.
-
@jmoore said in Taking over IT for a small business:
@Dashrender said in Taking over IT for a small business:
How are you dealing with machines that people turn off at night?
If you can't change policy easily then maybe just schedule sometime during lunch and give people a heads up.
This would be much more likely - but lunch is not a set time thing around here. It literally changes daily, based upon a floating schedule, so there would be no way to schedule it over lunch.
-
@Pete-S said in Taking over IT for a small business:
@Dashrender said in Taking over IT for a small business:
How are you dealing with machines that people turn off at night?
Change the defaults in windows to "sleep" instead of "shutdown".
Send Wake On LAN packet if you need to start it.Remove hibernate unless it's a laptop. Frees up some disk space too.
Also, basically set all machines to go to sleep after X minutes of inactivity. It could be an hour or whatever. Saves on power and if someone forget to turn it "off" (sleep) it will automatically sleep.
2/3's of my fleet is laptops, so yeah.. wake-on-lan is not an option, I'm not sure sleep is even wake-able on a laptop on WiFi?
-
@Dashrender said in Taking over IT for a small business:
@Pete-S said in Taking over IT for a small business:
@Dashrender said in Taking over IT for a small business:
How are you dealing with machines that people turn off at night?
Change the defaults in windows to "sleep" instead of "shutdown".
Send Wake On LAN packet if you need to start it.Remove hibernate unless it's a laptop. Frees up some disk space too.
Also, basically set all machines to go to sleep after X minutes of inactivity. It could be an hour or whatever. Saves on power and if someone forget to turn it "off" (sleep) it will automatically sleep.
2/3's of my fleet is laptops, so yeah.. wake-on-lan is not an option, I'm not sure sleep is even wake-able on a laptop on WiFi?
WoL is useless unless you have a known on system to send commands from
-
@JaredBusch said in Taking over IT for a small business:
@Dashrender said in Taking over IT for a small business:
@Pete-S said in Taking over IT for a small business:
@Dashrender said in Taking over IT for a small business:
How are you dealing with machines that people turn off at night?
Change the defaults in windows to "sleep" instead of "shutdown".
Send Wake On LAN packet if you need to start it.Remove hibernate unless it's a laptop. Frees up some disk space too.
Also, basically set all machines to go to sleep after X minutes of inactivity. It could be an hour or whatever. Saves on power and if someone forget to turn it "off" (sleep) it will automatically sleep.
2/3's of my fleet is laptops, so yeah.. wake-on-lan is not an option, I'm not sure sleep is even wake-able on a laptop on WiFi?
WoL is useless unless you have a known on system to send commands from
In my environment it would be a server or my desktop to to never sleep.
In this customer's - from a power POV, I could easily designate a single machine as an always on machine for this purpose - I love using ScreenConnect to send WoL commands to other sleeping machines.
-
@Dashrender said in Taking over IT for a small business:
@JaredBusch said in Taking over IT for a small business:
@Dashrender said in Taking over IT for a small business:
@Pete-S said in Taking over IT for a small business:
@Dashrender said in Taking over IT for a small business:
How are you dealing with machines that people turn off at night?
Change the defaults in windows to "sleep" instead of "shutdown".
Send Wake On LAN packet if you need to start it.Remove hibernate unless it's a laptop. Frees up some disk space too.
Also, basically set all machines to go to sleep after X minutes of inactivity. It could be an hour or whatever. Saves on power and if someone forget to turn it "off" (sleep) it will automatically sleep.
2/3's of my fleet is laptops, so yeah.. wake-on-lan is not an option, I'm not sure sleep is even wake-able on a laptop on WiFi?
WoL is useless unless you have a known on system to send commands from
In my environment it would be a server or my desktop to to never sleep.
In this customer's - from a power POV, I could easily designate a single machine as an always on machine for this purpose - I love using ScreenConnect to send WoL commands to other sleeping machines.
Stop conflating your stuff. The point here is for not your environment, specifically.
I mean yeah, ideas can work both places. but focus please..
-
Is windows an actual requirement? Maybe Chrome OS or Ubuntu would work if all they use are web apps
-
Even discussing power management on 5-10 desktops is a complete waste for a business IMO. 24/7 for management purposes is the way to go. Just set them to lock
-
Also for you guys that do this kind of stuff on a small scale like this, do you create policies for the client? It seems like you could cover alot of these in policies that can be used in a cookie cutter fashion to work with other customers.
Handing a manager or ceo a best practice policy and asking for valid reasons for exceptions is a good way to get a good security posture.
-
@Dashrender said in Taking over IT for a small business:
@Pete-S said in Taking over IT for a small business:
@Dashrender said in Taking over IT for a small business:
How are you dealing with machines that people turn off at night?
Change the defaults in windows to "sleep" instead of "shutdown".
Send Wake On LAN packet if you need to start it.Remove hibernate unless it's a laptop. Frees up some disk space too.
Also, basically set all machines to go to sleep after X minutes of inactivity. It could be an hour or whatever. Saves on power and if someone forget to turn it "off" (sleep) it will automatically sleep.
2/3's of my fleet is laptops, so yeah.. wake-on-lan is not an option, I'm not sure sleep is even wake-able on a laptop on WiFi?
It's called WoWLAN. Windows supports it but I haven't tried it.
-
@Dashrender said in Taking over IT for a small business:
In this customer's - from a power POV, I could easily designate a single machine as an always on machine for this purpose
I always set one or more machines to power on at 10:00pm (bios)
One if they prefer not to leave them on, then I use WoL to power the others up when I need to (updates).All if they don't have a preference and it's a small office.
-
@JasGot said in Taking over IT for a small business:
@Dashrender said in Taking over IT for a small business:
In this customer's - from a power POV, I could easily designate a single machine as an always on machine for this purpose
I always set one or more machines to power on at 10:00pm (bios)
One if they prefer not to leave them on, then I use WoL to power the others up when I need to (updates).All if they don't have a preference and it's a small office.
That is a crazy amount of work I don’t wanna do that
-
@JaredBusch How so?
