Wednesday, March 27, 2013

Automation Potential - If Only...

After years (too many to count, or even want to count actually) of working in the IT field, I've come to realize that 99 percent of what holds back businesses, schools, organizations of all kinds from achieving even minor automation benefits from the tools they already have at their disposal is their own lack of leveraging some of their most basic features.  If only...

  1. The "Managed By" field for User accounts were populated consistently in Active Directory (AD).  
  2. Computers were named consistently with respect to function and disposition using parse-able syntax.
  3. The "Location" field were filled out consistently for Computers, and Printers in AD.
  4. The "Description" field were not only paid a little attention, but used consistently in AD.
  5. A little time were set aside to clean up File shares and storage folders.
  6. A basic set of tools were included in the base image of every desktop and laptop computer.
Filling out the 'Managed By' field for user accounts makes it easy to generate automatic organization charts using Visio or other chart tools.  With Visio you can not only automate the org charts, but automate publishing to an intranet location.  The "managed by" association can also be used to automate workflow operations in all sorts of applications, such as System Center Service Manager.

Note: Even if you don't use Exchange or any internal e-mail system, filling out user account fields makes it easy to automatically generate look-up tools for finding employees by name, location, title, department, and more.

When computers are named with a parse-able syntax, it opens the door for all sorts of automation tricks.  From automatic naming processes during MDT and OSD provisioning, to Group Policy targeting (WMI-filtering, etc.), to scripting, to inventorying, to whatever.  A parse-able name is one that is constructed by concatenating codes that represent specific attributes.  

For example "SVDB10012" might represent "Server", "Virtualized", "Database Role", asset number "10012".  Another example might be "DNVA4034" to represent "Desktop computer", "Norfolk, Virginia office", asset number "4034".  The potential code schemes is limitless, as long as you don't violate DNS or WINS naming limitations.

One customer I've worked with uses a scheme similar to the following (modified to protect the innocent, of course):

Device Code: 
D = Desktop
L = Laptop
T = Tablet
M = Mobile device / Smartphone
S = Server
Functional Code:
P = Physical
V = Virtual
C = Cloud hosted
Location Code:
NN = Office location code (numbers or letters)
Asset Code:
nnnnn = 5-digit asset number assigned in inventory and purchase tracking system
Additional "codes" might include organization (division, department, etc.), project or program association, security category (classified, non-classified), regulatory compliance scope (SOX, HIPAA, etc.), shared usage (kiosk, conference room, etc.), infrastructure role (telephony, scanning, CAM operations, etc.), and so on.  You can use these codes to control script behavior, Group Policy filtering applicability, OSD task sequence automation, AD queries, inventory reports, and on and on.

Whether you use Symantec Ghost, MDT, Configuration Manager OSD, or some other tool to prepare, maintain and deploy a "standard" operating environment for your desktops, laptops and tablets, don't forget to include some basic tools to help with troubleshooting and even client-side automation.  Some suggestions might include a few Sysinternals utilities, Trace32 or CMTrace log viewers, Intel or AMD processor diagnostic tools, and so on.  You don't have to do this if it doesn't benefit you, but if you discover that you've been copying certain apps or files to computers each time you troubleshoot problems, you might want to consider making those items part of the standard installation.

I'm not suggesting that you should immediately run out and start doing these things.  I am only suggesting that you stop and think carefully about how you are managing things now, and what you could do to make it possible to automate certain tasks later on as a result of the work you put in up front.  If you make some small changes now, it can open up incredible potential later on for automating tasks that otherwise can be very difficult and time-consuming.

No comments: