Hmm do we work for the same company?
Regards, Chris Orovet From: James Rankin [mailto:kz2...@googlemail.com] Sent: Monday, August 31, 2009 3:59 PM To: NT System Admin Issues Subject: Re: Change control (was RE: [On-Topic] Patching with PSEXEC) I've worked for a number of outsourcing companies and the change control is always very tight. It's the only way they can do it, but I admit it is completely inflexible for the client - particularly those that retain IT staff who now have to watch their systems managed by others who don't understand the particular intricacies of the business or the infrastructure. You are right about good change control being right in the middle of the change control spectrum. Can't say I've ever found a company that managed to strike the balance exactly right though. The reason my boss gets away with his cowboy approach is because he is prepared to sit there for 36 hours+ trying to get it working. I, on the other hand, am not. He bodges solutions together and then expects me to sanitize them and make them supportable.I love his approach though - he breaks something, then sends an email out to let users know that it is broken, and then puts the fastest fix in place he can find - usually reverting to where he started. He once deleted a snapshot I took before I'd finished testing, and made me completely unable to roll back my changes. He never seems to face any repercussions because our users (who are probably used to things packing up during the day) are happy as long as they get informed as to what's busted. Things would be much smoother if I could run them my way, but that's unlikely to happen because he is popular amongst the golf-playing directorship (ain't it always the same?) I, on the other hand, prefer boxing to golf and have an unfortunate habit of calling a spade a spade, which seems to preclude me from breaking into the management "click". Ho-hum. Still - it's only ten minutes drive from home :-) 2009/8/31 David Lum <david....@nwea.org> I totally understand the need for change control, but there certainly are efficient ways to implement it. %DAYJOB% has good change control, %FORMERDAYJOB% didn't. To put names to it, I used to work for Textron and they had good change control. After being there 10 years they outsourced *some* of the IT infrastructure (the support portion, not the programmers) to CSC and CSC's change control was insane. I do realize leaving in these economic times is tougher, but it wouldn't stop me from looking.... Does your boss not face any repercussions from deploying w/out testing? I would use them as an opportunity to either work with him or go above him with a plan on "this is how we should handle change, xxx problems happened because we had no process and ExampleA and ExampleB problems would have been prevented, here's how...." Dave From: James Rankin [mailto:kz2...@googlemail.com] Sent: Monday, August 31, 2009 12:09 PM To: NT System Admin Issues Subject: Re: [On-Topic] Patching with PSEXEC The problem is all the companies with these stringent change control processes have been, to speak proverbially, bitten squarely in the ass by a lack of change control. I work for the polar opposite - a company where no change control exists and where the head of IT makes changes, often in the middle of the full working day, for no good operational reason that result in loss of service on other, related systems. I have also worked at companies with very strict change processes and know which one I prefer, if I had to choose an extreme. My boss decided to perform an upgrade to Active Directory 2008 not long ago and WebSense has not functioned properly since, which is annoying when 25% of my users are now browsing the net unfiltered. He upgraded our AppSense server to 2008 and then I spent a week putting it back onto a 2003 system because he hadn't done any testing. I shudder to think what will happen when he turns his upgrade-addicted eyes onto our Exchange 2007 infrastructure. Of course, I am sure people would say "just leave", but we are in the middle of a testing economic time and I have a wife recovering from an operation and two hungry babies to feed. I'd rather work somewhere where change control was a happy medium, but IMHO, tighter than a gnat's ass beats the cowboy approach every time. Apologies for taking the topic off on a tangent :-) 2009/8/31 David Lum <david....@nwea.org> Sounds like they're trying hard not to be around very long if they are so near sighted. Do they change the oil but not the filter on their cars too? Seems a simple matter of "my time at xx/hr = ThisMuch, vs this product + install/setup/hardware = ThatMuch. Do ThisMuch x three months and compare to ThatMuch spead over three months... Seriously, the last job I had I LEFT because they had similar asinine thinking (can't reboot a hung server unless you have it in Change Review Board meeting and yes, you must attend the 1.5hr long meeting. 1.5HRS for a hung system , hellloooo!!) . A company not thinking sensibly is a company I will not work for. Dave From: tony patton [mailto:tony.pat...@quinn-insurance.com] Sent: Monday, August 31, 2009 8:08 AM To: NT System Admin Issues Subject: Re: [On-Topic] Patching with PSEXEC What I mean by no control is two-fold: 1. I don't have any say over most of the policies, only a subset; 2. We have to go through a long-winded change management process to do any changes to GPOs. The things that run at start-up include software installs, reg-settings, short-cut creation, some redundant, some could be better moved to staging ou's. The main issue is due to the majority of PC's being about 5 years old with 512mb ram, sometimes if they went any slower they'd be going backwards. They're still only ordering them in with 1gb rather than spend a little extra to get 2gb, it'll end up costing more in the long term, but they only care about now. Not confusing start-up with logon, that's a whole other issue for another time. Regards Tony Patton Desktop Operations Cavan Ext 8078 Direct Dial 049 435 2878 email: tony.pat...@quinn-insurance.com From: Jonathan Link <jonathan.l...@gmail.com> To: "NT System Admin Issues" <ntsysadmin@lyris.sunbelt-software.com> Date: 31/08/2009 15:30 Subject: Re: [On-Topic] Patching with PSEXEC ________________________________ Out of curiosity, what exactly is running at machine startup (and why can't you control it)? Or are you confusing startup with logon? Startup and logon are two distinct events, despite their close timing. On Mon, Aug 31, 2009 at 10:18 AM, tony patton <tony.pat...@quinn-insurance.com> wrote: The reasoning for not using GPO's is the amount of things that are already running on machine startup, no control over this. Machine shutdown GPO is an option. -sc, the reason I mentioned logging, or lack thereof, is that we're pushing for a proper patch management/deployment system, there is supposedly a project kicking off over the next few months for this. I can log by scripting it, that's not a problem, but we don't want a PSEXEC deployment solution to do everything we need. We only need it in the interim, we don't want it as a long term solution. To use PSEXEC long-term would be a full-time job, and we have enough to do at the minute. Regards Tony Patton Desktop Operations Cavan Ext 8078 Direct Dial 049 435 2878 email: tony.pat...@quinn-insurance.com <mailto:tony.pat...@quinn-insurance.com> From: "Sam Cayze" <sam.ca...@rollouts.com> To: "NT System Admin Issues" <ntsysadmin@lyris.sunbelt-software.com <mailto:ntsysadmin@lyris.sunbelt-software.com> > Date: 31/08/2009 13:35 Subject: RE: [On-Topic] Patching with PSEXEC ________________________________ +1 I just use psexec for the random one-off tasks. Sam ________________________________ From: Kennedy, Jim [mailto:kennedy...@elyriaschools.org <mailto:kennedy...@elyriaschools.org> ] Sent: Monday, August 31, 2009 6:57 AM To: NT System Admin Issues Subject: RE: [On-Topic] Patching with PSEXEC Ok, I am going off in a completely different direction. I did not see the part where you talked to others about PSEXEC so I don't know why you are going in that direction. Why not just script it to the machines via GPO. If it is a machine policy the install/update will run with elevated privs so you will not have any trouble. You can get a run down on almost any app at this site, as far as what switches and what package to use to get them deployed. http://www.appdeploy.com/ <http://www.appdeploy.com/> Your script can log the ip/machine name as it deploys..... From: tony patton [mailto:tony.pat...@quinn-insurance.com <mailto:tony.pat...@quinn-insurance.com> ] Sent: Monday, August 31, 2009 5:59 AM To: NT System Admin Issues Subject: [On-Topic] Patching with PSEXEC Hey all, Following on from IE8 doesn't work thread, management here wants start using PSEXEC to patch applications. I'm a bit hesitant to use it for patching 2800 desktops for Adobe reader, flash, firefox and UltraVNC, fine for running scripts and such, just not sure about patching. Logging is a whole other thing, personally, I don't want to be able to log which machines were successful, failed or not on as there would be no incentive to get a proper patching solution. I can wrap a batch file around it to re-direct output to a file, so the possibility of logging is there. What are the pitfalls that any of you that use this approach have come across? Also thanks to Sam Cayze for the PSEXEC command for Adobe, hadn't attempted to work out the command for Flash but this does it, saved me a bit of work :-) Slightly off-topic, don't know why anyone would want to leave this list, keeps me sane most days. Sorry if this is a bit all over the place, 11am and been here before 7 :-( All information greatly appreciated. Regards Tony Patton Desktop Operations Cavan Ext 8078 Direct Dial 049 435 2878 email: tony.pat...@quinn-insurance.com <mailto:tony.pat...@quinn-insurance.com> ==================================================================== http://www.quinn-insurance.com <http://www.quinn-insurance.com/> -- "On two occasions...I have been asked, 'Pray, Mr Babbage, if you put into the machine wrong figures, will the right answers come out?' I am not able rightly to apprehend the kind of confusion of ideas that could provoke such a question." http://raythestray.blogspot.com -- "On two occasions...I have been asked, 'Pray, Mr Babbage, if you put into the machine wrong figures, will the right answers come out?' I am not able rightly to apprehend the kind of confusion of ideas that could provoke such a question." http://raythestray.blogspot.com ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
