IT Employment

Documentation list: What the new IT guy needs to find out

TechRepublic member jdclyde has a new job, and one of his biggest tasks is documenting all of the systems. Take a look at his documentation checklist, and add suggestions of your own.

This post was written by TechRepublic member jdclyde.

At the beginning of the year, after 10 years on the job, I was laid off because of a slowdown caused by the housing slump. I took a month to just get my head together and look at training options, but when I found they were limited, I started looking for another job. My other guest contributor posts, which highlight this process, are listed below.

The job I accepted was a part-time position, as the first in-house tech. Even though the company has been in business for over 50 years, they previously outsourced their IT work to a consultant. As they've grown, they've learned about the double edge of technology. It can definitely make you more efficient, but you also become dependent upon it being available.

Since consultants typically have more than one customer, a day or two delay is not uncommon when a problem is encountered or help is needed to expand a network. So, the decision was made to bring in someone to handle all IT needs. Enter JD to save the day!

Did I mention that there isn't anyone at any of the three locations that knows anything about the systems? They've been spoon fed up until now, and nothing is documented. Fun, fun! Has anyone else ever started a new job that didn't have the systems documented?

Here's the list I made to help walk me through the process of mapping out what we have, so we can see what it will take to go forward from here.

Note: This list is also available as a PDF download.

Make a full list of all servers
  • What is the hardware?
  • What software is installed?

- What versions?

- What is the licensing?

- What services are running and why?

* Each service takes up system resources. If a service is no longer used, it should be disabled (improves server performance, security and stability)

* Each service running is another avenue of potential attack. The less services running, the less exposed we are to compromise.

- What services are exposed to the Internet and why?

  • Document systems, as well as any maintenance tasks
  • What anti-virus is installed, is it current, and what is its status?
  • Perform updates of software
  • Apply patches to servers
  • Check system resources (CPU usage, memory usage, disk space usage)
Make a full list of all PCs
  • What is the hardware?
  • What software is installed?

- What versions?

- What is the licensing?

- What services are running and why?

- Document systems, as well as any maintenance tasks

  • What anti-virus is installed, is it current, and what is its status?
  • Perform updates of software
  • Install new software as needed
  • Apply patches to servers
  • Check system resources (CPU usage, memory usage, disk space usage)
  • Upgrade hardware as needed

- Possible memory upgrades on other systems to improve performance and reduce system crashes

Make a full list of network equipment
  • What firewalls?

- What version of firmware?

- How are they configured?

- What are they allowing into the network and why?

  • What switches?
Network connections
  • Document the network connections for each location

- IP addresses

- Connection speeds

- Cost

* Confirm that we are getting the speed we're paying for

  • Evaluate connections. Prices change, but providers will not notify you of price drops or faster connections.
Make and maintain a full list of all contacts
  • Contact list for each network provider
  • Contact list for each software package
  • Contact list for server support
  • Contact list for AV support
  • Contact list for firewall support
  • Contact list for LAN-ACES (Office-Logic e-mail system)
Make and maintain a list of ALL service contracts
  • What is covered by each service contract?

- How long is the coverage?

- When will it need to be renewed vs. replaced?

- How much does the coverage cost?

* How much for new equipment that comes with 1+ years of support vs. renewal?

As you can see, I have my work cut out for me. Do you think this list is complete? Have I missed anything? What would you do differently? I'm also interested to hear stories from my TR peers who have had similar experiences. Chime in the discussion.

More posts from jdclyde:

About

Sonja Thompson has worked for TechRepublic since October of 1999. She is currently a Senior Editor and the host of the Smartphones and Tablets blogs.

105 comments
concernedITpro
concernedITpro

I've been to several locations since 1998 and if you all recall the (non)fiasco of "Y2K" we all had to document the hell out of our software. With that exeperience and walking into locations that were under or very nearly under a software audit, I learned very quickly you have to document the software and your licensing that goes with it. I can't begin to count the number of times I have found illegally installed software, in small and large companies either by ignorance or on purpose. Failure to have proper documentation on your software licensing can bankrupt any size company.

SundayBiker
SundayBiker

Good for you, good luck with your new job! Everything was already said, my coment would be to have all the passwords and all the lists with all accounts and equipment in Excel format rather than printed, they are way easier to update and search (like your printer support numbers or VPN access passwords). Also, the rules for access to folders and files and restrictions, who has access to what, I've seen terminated employees that still had accounts on routers. Plan to make a list or folder with all the licenses for all the software, somebody will ask about it someday. Ans the servers or PCs waranties, they tend to break a few days after the expiration date :-) !

tomskittee2
tomskittee2

Great list, but I would also add to that network maps and the infinite "keys" (read as passwords) to the various devices/apps, etc. Of course, keys have to stored in a secured, encrypted applications, such as CyberArk.

Excelmann
Excelmann

Where is the list when you need it? Two copies should be offsite with your tapes -- one hardcopy and one electronic in a common, easy to open format.

lastchip
lastchip

I'm pleased for you that you've found employment in a relatively short space of time. I do also appreciate, your TR post focuses on lack of documentation, but surely the very first thing to do, is talk to your users. Ultimately, they are your new clients and a half a day talking to them, may lead you straight to some problems that need to be sorted first. I'm not suggesting documentation isn't important, just that the user is more so. Further, as they have never had an on site techie before, it may help to break down any perceived barriers and ultimately, help you, help them.

Osiyo53
Osiyo53

Sounds like an interesting, new job. I kind of like it when I'm given a bag-of-worms assignment and have the task of getting it all sorted out and make things work correctly. I see this as a good opportunity for you. In a previous job I held I was assigned to a branch office of a large corporation. This branch office was geographically remote from any of the corporation's main facilities. And while it was a very successful branch, in the big scheme of things it was a very little fish in a very big pond. Net result ... they were just about at the bottom of corporate's priority list and awareness. The branch had perhaps 50 employees, all with desktops, and no full time or even part-time IT person. IT support was done via phone call and an occasional visit by IT types from another main branch. Meaning that if something drastic went wrong requiring an on-site visit, the soonest that could happen was the next day. AND ... those visiting IT sorts didn't like to make those visits, and made them as brief as humanly possible. This branch I'm speaking of was considered to be way out in the "sticks", in "nowhere" land. In fact it was usual for anyone wanting to visit the place from any of the large and important offices to have to call us first and ask how the hell they could get there. Once, a couple executive VIPs decided to visit from corporate HQ, flew in on a corporate jet, and not only landed at the wrong airport ... it was the wrong state. Net result, things were kind of a mess at that branch office. When I went to work there, I was actually, originally hired for other primary duties. But I didn't even have my desk all set up, nor a real grasp of my new duties before, while taking a coffee break, I overheard the local manager's secretary talking about an issue with her boss's system. I listened in, then chimed in with the fact that I could probably fix that fairly easily. She'd been set up to call in an IT support type, from the next state over to the east. But decided to let me have a look first. I did, had the guy's problem fixed in a short time. Couple days later, she came running to find me. Mentioned that their local server had crashed. She'd called the remote help desk, they'd tried to talk her through rebooting and diagnostics, but she couldn't even understand what they were saying. Asked if maybe I would get on phone with them? Maybe I'd understand the tech jargon? Not a problem. I wasn't in the least familiar with their setup, at this point didn't even know they had their own network closet/server room, etc. Anyway, got the system back up and running for them pretty ASAP. Problem was an overheating issue and a hard drive that was starting to fail. Overheating I solved by rearrangement of components and moving a lot of junk they had stored in there, plus repositioning an air diffuser. Gave the unit a good cleaning while I was at it. Failing drive I noticed by virtue of it finding bad sectors on a check, plus I could hear bad bearings as it spun. Got them to give me some cash out of petty cash funds, ran and got a new drive and got it installed. Nothing spectacular. But you'd have thought I was Moses returning from the mountains around there. Branch manager called me in and said that as of now, part of my duties were to be their IT guru for that branch. And if I needed to do overtime to accomplish that task plus my regular duties, no problem ... bill him for the extra time. The thing is, they were so thrilled that they actually had someone around who had a clue, and that they didn't have to spend hours, or days waiting for problems to be resolved ... that it didn't take much to be a hero around there. For instance, I checked, and their backup system was all but non-existent. Workers backed up important files locally on their PCs to floppy ... when they remembered, if they remembered. I implemented a system of imaging each PCs hard drive to tape, and then doing a systematic backup of data files at routine periods. Wasn't long before there was a crash of someone's PC, requiring a drive replacement, which I accomplished in short order (I'd laid in a small stock of spare parts), ran the tape for that PC and restored OS, apps, data files, etc and had that person back up and running with minimal fuss and time wasted. And with minimal data lost. This was just standard stuff, a monkey could do. But these were USERS, not tech types. They thought I was the best thing to come along since sliced cheese. But besides the obvious type of things. Backups, records, developing contingency plans and the means to implement them, and so forth ... I did something else. When I could, I started learning what those folks actually did, as well as learning about the people themselves. The reason? As I said, they were simple users of applications. And in fact did not know a great deal about them, or the OS, etc. As I discovered what they did and how, I started making suggestions as to how they could do it better and easier. i.e. They used word processors and spreadsheets, but their knowledge of same was quite limited. As I saw the various things they needed to accomplish using those apps, which I was very familiar with, I started teaching this one and that various shortcuts, how to use macros, and so forth. Ended up with the branch manager paying me extra to hold some after hours classes for his folks. (And he paid them to attend those.) I also on several occasions made up custom batch files and some custom apps using various programming languages with which I was familiar to also make some tasks easier/faster for various folks. It became almost embarrassing for me to work there. They acted as if I walked on water. And the fact is I didn't do anything that a LOT of folks could not have done at least as well, and probably better. They'd simply not had a chance to have proper, readily available IT support before. Anyway, this note isn't about me. What I'm trying to point out is that you have opportunity in front of you. An opportunity to shine and to help your new employer do business better ... and to realize what advantage they've gained by having you around. By best wishes for your good luck.

CG IT
CG IT

what has been delegated and to whom? What group policies are in place and why? IIRC you have citrix and Windows and AD. daunting task ahead JD... been there and done that.

Robbi_IA
Robbi_IA

Congrats on finding a position in Michigan in this climate JD! Everything I would have suggested appears to have been covered by everyone above me. I'd like to add to Robert's comments regarding Information security. Personally, I would be checking with the company owners to see if there are any policies in place regarding acceptable use, new employee, terminated employee, etc. Best to know these things in advance.

rufusion
rufusion

If you're the only IT guy, you probably just became the only Information Security guy, too. Access control is a good place to start with this. Make a list of all the systems that have independent authentication. You're kind of vague on what your new employer does or what sort of network it is, but generally speaking this will include: - Network logon (Active Directory?) - Application logons (unless they're using single sign-on, most apps have their own user table) - Remote access logons (again, unless they're integrated to the network logon using AAA/RADIUS) - Wi-fi access keys (ditto for the AAA/RADIUS) - IT administrative logons (admin and superuser accounts for AD, apps, local accounts for computers, network equipment, etc.) Sooner or later, someone's going to get fired or laid off, and they're going to want to make sure that person can't get back into their systems. It'll help if you already know how and where to revoke access. And if you find a better opportunity somewhere else, when you turn in your resignation here you can also hand in a document with all the passwords to administer the system for the next guy. You did change the passwords when you took over, didn't you?

Diane Gardy
Diane Gardy

I think you should contact the company that has been doing the work (they were paid for it) and ask for an itemized list of what was done. That way you can see what wasn't done (you know service packs, upgrades etc). But, more important, you might find you have one area that has a history of breaking down or a bottleneck some place that occurs regularly.

kenneth_erard
kenneth_erard

One large thing that I would add is a section for printers and the like. I'm in a very similar situation where I work - nothing, from servers to endpoints, is documented. I've been talking to the newer Network Technician (whose previous job I now have) and he's been dealing with standardizing configurations for printers on a seperate campus. Since there's no up-to-date documentation for anything, he can't move on his task (creating IPP objects). The best he has is an old set of DNS records. I would suggest serial numbers, model numbers, purchase date, warranty length, firmware version, and driver versions present in the environment. I really like the content of your article and will probably use it and build upon it. *Edited for misspellings.

santeewelding
santeewelding

Sweeps clean. How long do you figger you slip into sloth?

Neon Samurai
Neon Samurai

Seems tomorrow will be restarting my documentation project at work.

jdclyde
jdclyde

over not having their licensing in order? I have NEVER heard of this happening, even though I have heard repeatedly how important this is.....

Al K
Al K

If you are unlucky enough to have to support sofware that requires a dongle and is mission critical, either get a physical backup or get a soft hack that you have tested and salt them away. Also, have the late night emergency numbers of your local harware suppliers and and all night delivery services on the list. Finally, get duplicates of the main keys on your key ring and place them in a secure location that you can call for them or retrieve them from after you lock your self out and keys in by mistake.

jdclyde
jdclyde

Thanks for the well wish. As for the documentation, that is what I work on while not working on a major project. My boss had asked if I had enough to keep myself busy while waiting to hear back from a vendor, so I showed her the list I had made (on my own) as what to work on in the gaps. She was impressed that I had done that on my own without being told, AND was kind of shocked there was so much to do. Not being technical, she had no idea how little they knew about their systems.

jdclyde
jdclyde

What could go wrong with 9 pc's all running in admin mode? No Citrix, but 5 of them do use Terminal Services. I really need to go through that server!

jdclyde
jdclyde

But finding out what you have to work with comes first. After you know what you have to manage, THEN you can work on security to what you manage. horse and cart.

jdclyde
jdclyde

Depending on the network people are working with, will depend on what direction to go on this. I have a small network with a total of 9 pc's. There is no AD controller, and I don't think we would end up with one. As for passwords, the first thing I did was kill access to the LAN via PCanywhere and VNC that were setup before. Working on the rest.

bewald
bewald

Even though you may not be a DB Admin you will be in charge of the box it sits on, backups, restores, etc. The best Director I worked for said "If it is that important back it up twice." Since the life of a company usually resides in the database make sure you know where that is and if the server is running RAID5. One backup to tape and one file backup to another server. Read a little about db restore and transaction logs before something happens in the future. Also for your documentation make sure you have the database password as you will need it in an emergency. Your documentation list is good, make sure you have the software CD's and make backups of them too just in case you have to do an emergency reinstall. Document your time so the company knows how dedicated you are and you could use that when you ask for some classroom training ($$$).

sara-augsburg
sara-augsburg

When I started my job 9 years ago, not one word was written down about the systems in use at that time. Since then I have developed a fairly complex Access database. It includes information about Computers, including what software/version is installed, the specific hardware components, the principal user, location, which monitor it's connected to, and hyperlinks to purchase and repair receipts and most importantly a Word log file where I document changes I've made to a particular computer. There are also separate tables for monitors, printers, receipts, software, notwork port connections, users and periferals. Many of the tables contain relationships to one another (I can look at the monitor or printer list and see which computer it's attached to). I also have a file folder where I save descriptions of various procedures. Thankfully I don't have to maintain the physical network infrastructure (we're part of a larger domain), but with 5 servers, 90+ computers and about 100 users, my 30 hours a week are more than full. I used to make a Visio drawing of the physical network and update it once a year (this overview always impressed the bosses) but I haven't had time to update it for a couple of years--and now it's too big for an A3 piece of paper. Someday... Good luck!

jdclyde
jdclyde

And it intentionally is not a complete list of everything ever that needs to get documented, and not intended to be such. A good worker in any field learns how to identify projects, and break them down into manageable sections. I welcome all the additions people come up with, and glad you like the list.

jdclyde
jdclyde

depends. The better I am treated, the more productive I am. The advantage of getting paid to do your hobby, huh?

jdclyde
jdclyde

didn't mean to create work for you! :D

neilb
neilb

Who would have one of their juniors run round the building firing up their software on thirty PCs off one license start-up floppy disk. They were caught when one of the idiot users called up for support with the manufacturer. It cost them a lot of money in back-dated support, upgrades and so on (basically, a bribe) but they avoided being prosecuted. To be honest, I was thinking of grassing them up myself after I had a run-in with one of the senior partners over a licensing issue with some other software.

JamesRL
JamesRL

When I worked for one company, they had a MS license for Office on every computer in the place. One division, smaller one, broke away and formed a new independant business. They were required to buy their software as they were no longer covered by corporate license. They had the RCMP in the building a year later and had 24 hours to get legal or face huge fines. In another one of my customers called, when the RCMP were in the building, and made arrangements to get legal withint 24 hours. You wanna avoid that as much as possible. James

gadgetgirl
gadgetgirl

why are they running in admin mode? I'd be pressing the panic button. Admin mode + (l)user = disaster. They can delete/change/amend/destroy anything they like.... .....without even knowing it...... GG

Robbi_IA
Robbi_IA

I simply meant to find out what was already in place. Of course you will want to start working on things like policies after you have everything sorted out. I find that knowing where the boss stands is the horse part of the equation.

TonytheTiger
TonytheTiger

[i]access to the LAN via PCanywhere and VNC that were setup before.[/i] I know I tend toward the lax side of security, but that's just SCARY!

ctaylor
ctaylor

I would want to have a clear list identifying which systems (if any) contain protected health information (a/k/a PHI) as this data is subject to extra protections through the HIPAA statute. I would also want to know which (if any) store HIV data as additional protections are required by law to protect this data. Once you know which systems, youwill want to know where the data is actually stored. The next thing you could work on (if management buys into the proposal) would be a categorization of risk based upon the NIST publication FIPS-199 (http://csrc.nist.gov/publications/fips/fips199/FIPS-PUB-199-final.pdf). By clearly identifying the types of data and the amount of damage that could be seen if the data is compromised or unavailable provides the intelligence necessary to adequately prioritize and protect information systems. Working on FIPS-199 documentation could be one of many opportunites for you to actively engage all business units, meet the key players, and begin to realize where synergies and partnerships may be realized to benefit then entire organization.

santeewelding
santeewelding

Now, to figger how to wangle bucks pestering you. (I've been at it a while. "Adventure" comes close. Good enough word for, "hobby"?)

Neon Samurai
Neon Samurai

Not so much creating work as rejuvenating a task on my list. Documentation.. bah.. but it's gotta get done and I'm the lucky one. ;)

jdclyde
jdclyde

The reason I asked about people getting in trouble is because the management questioned this, wanting to know if it is a valid use of my time to get this information together. I had to validate it as part of the audit of company assets because I couldn't site a single time I have ever heard of a local company going through the audit by the software police. I have a few users that need to communicate with a customer using Office07, so I just ordered 3 copies. I threw OO3 on the rest of the systems. Good enough is good enough. B-)

richard.goodwin
richard.goodwin

Spiceworks is a great tool for software auditing - it'll show you what is installed, and even pull the license keys out of a lot of apps. Yes, companies DO get taken to court for running unlicensed software. I've had to run an audit for Microsoft before now. Bottom line is: Running unlicensed software is illegal, and do you want to be responsible for, or to be seen as condoning any sort of illegal activity? If you do, then fine. Otherwise, understanding your license position is one of the early steps when you inherit somebody elses environment.

JamesRL
JamesRL

If the PCs have the correct COA, then you are fine with that. Office is another matter. We sell servers with Terminal services enabled, and I can't tell you how many times we have discovered they bought one copy and then allowed everyone to access it. One of our competitors tried to convince one of our customers it was legal, and used their Microsoft Gold Partner program as proof. It took me all of 5 mins on the MS site to prove them wrong. I would be most concerned about server licensing. James

jdclyde
jdclyde

I started working on this to find the copies of XP (came with each system) to get the records straight. I was asked why keeping track was important and if I had ever heard of anything happening to anyone that did not have the documentation to prove them legal. As far as I can determine so far, everything IS legal, but no one knows where the media is yet or the licenses. "in a box, somewhere out in the warehouse". As each system has the windows sticker and are name brand boxes, I am not concerned about the windows. Office? Only on a few systems, and not the same version. If they were pirating, the latest/greatest would be on each, right? After I finish my server/firewall upgrade project, finding the SERVER licensing will be a priority. I have still never seen a place (especially a small shop) get in trouble over licensing, but my work ethic will not allow me to install illegally.

jdclyde
jdclyde

that I can not answer other than it was simpler for the consultant. Will need to make major changes, as long as the project I am working on is successful. And after my AAAAAAAAAAAA discussion friday, I think they are going to follow what I say a little closer. :D

jdclyde
jdclyde

that covers anything from misuse of company cars to company computers and everything in between. Of course, as far as computers go, it is more of a CYA for the company, as they were never in a position to find violations. I have configured the sonicwalls to allow everything, but to log anything the content filers don't like. After a month, I will bring up any problems that I see, AFTER I have the logs.

jdclyde
jdclyde

"fine, what is the IP address for this company, so I can allow pcanywhere from that one address......"

Robbi_IA
Robbi_IA

A doctor's office that I once consulted on. When quoting a new Sonicwall, they wanted me to leave an opening for PCAnywhere for their billing company. A medical billing company that uses PCAnywhere to access patient records and billing and insurance files? Hmmmmm....

jdclyde
jdclyde

when talking to the consultant, he tried saying that the rules allowing them were not enabled.... oooookkkkkkaaaaayyyyyyyyyy

jdclyde
jdclyde

I feel like I am on a roller coaster, and have just reached the top of the first HUGE hill. You can see what is down there, but you are just hanging there waiting to drop. Todays plan. Three locations on site-to-site VPN. Changing over to all new firewalls (and hoping the VPN's come up). I preconfigured the other two, boxed them up, and have users that will be putting the remotes in place. The twist, the central location is also changing internet providers, so I have to deal with all the DNS crap getting moved over. Oh yeah, have a new server that has to be configured and installed today. Oh yeah, have a process on an existing server needs to be fixed today. Oh yeah, have to move a process from one server to the new server today. Oh yeah, the first location we have to move today has a DSL account, but no one knows the password, so we have to go through tech support and rest that, THEN move to the new firewall, THEN walk the user through the firewall to enter the new DSL password. No problem. B-)

KSoniat
KSoniat

This experience will be a nice addition to that resume if you do need to get it back out. :) I'm also really glad to hear that things are going well. It has been an interesting ride.

jdclyde
jdclyde

Big project that I am working on, which is the reason they NEEDED someone in-house now. If we get the contract, I am sitting pretty. If we don't get the contract, well, still got that resume. :D

santeewelding
santeewelding

Sure glad, for one, that you find it so. (Followed every word of your travails for the past months...I am, to put it mildly, relieved at word of your success..I was growing anxious) Now I relax enough to pester you. Knowing that you are not that yet relaxed. Has more zing that way. I have to be careful here. I'm on a leash.

jdclyde
jdclyde

get a new job as the expert. :D Once I work my way to full time, I will have achieved a 25% pay increase from my last job of 10 years. B-) If I can get 30 hours a week, I will be at the same wage as the last salary job. life is good. ;\

Neon Samurai
Neon Samurai

Some people love writing docs and as you get higher up in my chosen area, you do more docs and policy rather than implementation and testing. My less than love of highschool English class haunts me yet again. :D

jdclyde
jdclyde

It's Documentation day! Woo Woo! funny how we create in our minds what are fun jobs and which suckass..... ;\

Editor's Picks