Take Control of Your Users

This requires managing expectations, data and the computing experience.

Your day is all planned. You’ll arrive early and start visiting each of the 250 desktops you’re responsible for to configure the Windows Update service and download the latest critical hotfix from Microsoft. Unfortunately, when you get to work there are two users at your door; one whose documents keep coming out all garbled on his new printer and another whose system keeps locking up from the shareware screensaver she downloaded from the Internet. One of your managers is sitting in your office because the hard drive on the no-name system he bought online has died along with his critical presentation file. Your pager keeps going off with pages from a user who can’t play her music CDs and wants her CD-ROM fixed. (She’s been leaving you increasingly nasty voice mails.) You learn that all the shared documents have apparently been deleted from the Public folder on the file server. The Welchia worm continues to appear on multiple systems throughout the network even though you’ve blocked it at the firewall, and the Macintosh users in the Graphics Department can’t read any of the memos from the VP who uses WordPerfect. Meanwhile, that service pack that you need to install on the mail server still hasn’t been applied and now there's massive congestion in the mail processing queue.

If it wasn’t for all these *%#$! users, you might be able to get some work done!

If this sounds familiar, you may have two choices: 1) Consider a career change, or 2) Learn how to manage your users as well as their computers. As IT budgets continue to contract or remain flat, systems administrators are expected to do more with less, support more users and assume more responsibility for increasingly complex technologies. Computing professionals must have a strategy for proactively managing users or quickly become overwhelmed.

Manage Users’ Expectations
A logical place to begin is by controlling what your users expect in regards to their personal computer use. A wise person once said the cause of all anger is unmet expectations. If you’re able to meet or exceed your users’ expectations, you’re golden; otherwise, you’re just a yellowish rock. The most effective way to manage users’ expectations is through a little tough love: Limit the choices available to users in the area of desktop hardware and software. By doing so, you narrow the scope of what you’re expected to support and can implement efficient strategies for providing that support. Just as children need to be told “no” periodically and given boundaries so they know they’re loved, users need to know where they have freedom in their computing environment and where they don’t.

Setting Standards
Company policy should limit the platforms, manufacturers and models of desktop hardware available to users. This will allow you to have replacement hardware on hand and to know exactly what drivers are needed in troubleshooting situations. In the spirit of Henry Ford, tell your users they can have any color PC they want as long as it’s black.

This approach shouldn’t just apply to hardware. Your organization needs to have standards of what software is acceptable and supported and what isn’t. Some companies have multiple tiers of software standards. For example, Category A is mandatory applications; Category B includes optional, but supported, applications; Category C is permitted, but unsupported software, and Category D is forbidden software. Other companies take a more draconian approach by not allowing users to install their own applications, and limit software to only Categories A and B. Each enterprise must choose what supports its business needs while giving users the tools to get their jobs done.

Desktop Images
By establishing a consistent hardware platform and software standards, you set the stage for creating base images of the OS and applications for the desktops you support. There are a number of ways to accomplish this through hard drive imaging applications such as Symantec Ghost and PowerQuest Drive Image. Using such tools, PCs that experience OS corruptions, driver failures or other such calamities can be quickly returned to a standard base state and users can get on with their work.

Manage Users’ Data
Hardware and software can always be replaced, but users’ data cannot. Protecting your users’ data can make you a hero—or at least save your job.

Back It Up
There are a variety of approaches and considerations to accomplishing this. The simplest way to protect your users’ data is to not allow them to store it on their local hard disks. This is why such things as file servers exist. If all user data is stored on a file server, then you only have to worry about backing up the server. Combine this approach with a standardized hardware/software image and you won’t even have to troubleshoot OS or hardware problems. You can quickly replace the hardware or the OS image and the users’ data won’t be affected. In an Active Directory environment, you can easily redirect My Documents via Group Policy to a user’s personal folder on a file server. If you also employ roaming profiles, your users will experience their own custom desktop settings and data no matter what computer they’re sitting in front of.

Keep It Locked (But Don’t Lose the Key!)
Regardless of where the data is stored, you should be responsible for the security of that data. If user files are kept on a file server, you must ensure unauthorized users don’t have access to the data, while at the same time giving access to those with a legitimate need to know. Basic file- and folder-level security should be employed at the very least, with file encryption a consideration as well. File-level security and encryption can be utilized on local hard drives as well. Just make sure you aren’t locked out of your users’ data, and if encryption is used, ensure that you always have a recovery key.

Manage Users’ Computing Experience
Group Policy in AD is the best thing to happen to network administrators since the tape drive. With Windows Server 2003 and XP on the desktop, some amazing feats can be accomplished through creative Group Policies and manipulating Windows Management Instrumentation (WMI). Combine Group Policy with more robust systems management products like Systems Management Server (SMS), Altiris, Marimba, ManageSoft and so on, and you may never have to visit a desktop again! But even with these great tools at your disposal, it’s important to have a philosophy at work behind them.

Protect Users from Themselves
Don’t let your users play with loaded guns or they’ll invariably shoot themselves (or you) in the foot. Give them the fewest security permissions necessary to get their work done. If you do it right, users should never need to be logged on with Administrator privileges. In general, what they can’t do (to their computers) won’t hurt them. Most Windows-based software today requires Administrator-level permissions for installation, so by not permitting such capability, you can control what applications users install on their systems. Keeping users from running as administrators also prevents them from keeping you out of their systems, so you can effectively manage them.

Lock Down the Desktop
What users don’t see won’t hurt them. Through the wonders of Group Policy, you can remove items that tempt fate like Network Neighborhood (to keep them from exploring other computers where they don’t belong), the Run command and the command prompt (to keep them from invoking applications that could cause trouble), or any other operating system feature you don’t want them to access.

Keep Them Patched and Protected
Keeping users’ systems patched with the latest hotfixes and with current virus definitions has become a full-time job of late. Don’t expect your users to be on top of this. Most users are knowledge workers, not computing professionals. They depend on your skills to keep them safe from viruses and worms. All it takes is one unpatched system to allow a virus or worm to start running amok on your network. There are a number of applications available to automate this task, but if you fail to take an automated, monitored approach to patching, you’ll forever be playing catch-up to the script kiddies of the world.

Keep Users’ Applications Consistent
Hard disk imaging is a great way to roll out new hardware and/or roll back to known, good states, but software upgrades are like a fast-moving train. New versions of even approved, company-standard applications can introduce incompatibilities into your environment and quickly increase the complexity of providing support. With systems management software that allows you to distribute and install applications remotely, you can keep all your users’ applications at the same version and dictate when, and if, upgrades will occur.

Take More Control

 Take Control of Your Network

 Take Control of Your Security

 Take Control of Your Vendors

 Take Control of Your Career

Don’t Let Your Users Manage You
You’ll never get any work done if users can interrupt you any time, any place, to solve their individual problems. While it may not seem as user-friendly, controlling how and when you can be contacted by your users will actually allow you to provide them with better service.

Manage How Users Can Reach You
Give users a Web page or e-mail address to communicate with you. Guard your pager and phone numbers like they’re state secrets. By establishing a one-way channel for support issues, you can diplomatically prioritize the issues you respond to and tackle the mission-critical issues before minor ones.

Give Bosses Special Attention (but Not Too Much)
It can pay dividends to give upper-level managers kid glove treatment, but don’t break all the previously stated rules to do so. If you have to violate the rules of engagement, let managers know that you have done so. Even if you don’t go out of your way to solve their problems, at least let them think that you are!

As annoying as users can sometimes be, remember that without them you wouldn’t have a job. Even if you only follow half of these suggestions, you’ll still be ahead of the game. The more you’re able to manage your users’ computing behavior and how they interact with you, the more time you’ll have to keep up with new technologies and implement additional time-saving techniques. If you’re lucky, that means you’ll also have a life.


comments powered by Disqus

Subscribe on YouTube