The end of the year is a good time to review management procedures for Windows systems and to update any policies, applications, and processes that affect ongoing performance and uptime.
As the year draws to a close, many businesses slow down for the holidays. But as anyone who's ever worked in IT will tell you, there's no rest for the tech staff--and the end of the year is no different for them than any other time of the year.
With that said, there usually is some reduction in the amount of work the average IT professional will see during these last few weeks of the year, making it the perfect time to assess systems, policies, and procedures in place and make changes to them, test out solutions, and generally double-check functions to ensure that systems stay operating as smoothly as possible when things wind up again after the new year.
The list is not meant to be exhaustive, and by no means should the end of the year be the only time these bullet points are being reviewed. Truth be told, this should be revisited throughout the year, constantly managed and adjusted so that processes stay on target with business objectives. The aim is to be as proactive as possible given the state of your particular business operations.
1. OS upgrades/deployment
Deploying OSes, or upgrading to a newer one, always includes downtime. While this is inevitable, this is a good opportunity to perform these types deployments, particularly thick imaging-based ones that require time to test the initial deployments and to push the OS out to the various devices.
Prior to upgrading or performing a clean install, due care must be taken to ensure that the new OS works with existing applications and mission-critical processes. In addition, ensure against potential upgrade-related issues that may lead to data loss by backing up pertinent data on devices prior to or during the upgrade process itself.
2. Patch management
Keeping the operating system and applications consistently updated is one of the most essential processes IT pros have in their arsenal to protect devices and the data they contain. While this does little to protect against zero-day attacks, several of the most recent large-scale attacks had patches developed several weeks to months prior to the attacks that compromised millions of devices worldwide.
One critical but often overlooked step to consider is updating the drivers on your devices. Regardless of whether the OS has been upgraded or cleanly installed, ensure that the latest drivers are used to maximize compatibility while minimizing bugs that could lead to system instability or larger security issues.
SEE: IT pro's guide to effective patch management (free TechRepublic PDF)
3. Application cleanup
Following up with the patching of applications and drivers to make sure that they have the latest updates to protect against any known attack vectors, there is the buildup of unused applications, outdated drivers from devices no longer being used, and remnants left over from previously updated or uninstalled apps--all of which serve nothing more than to accumulate over time and gunk up your system, making it run slower and if left unchecked, weaken security and leave it open to compromise.
The best place to start is by uninstalling all applications that are no longer in use. Next, move on to applications that have been updated, checking that both have been fully removed and haven't left behind any remnants of their former selves. Following that, scour Device Manager for any drivers that may be still loaded for devices that are no longer used, such as plug-and-play devices. Also, don't forget to enable viewing of hidden devices that have been removed from the system but have their device drivers still loaded. Lastly, locate any errant registry keys that may exist for previously installed applications, as these entries may still try to make communication with remote servers and attempt to download components that could introduce instability or use up resources needlessly.
4. System hardening
In the spirit of removing outdated software and obsolete drivers, an important part of optimizing a system's performance--while simultaneously limiting its attack surface--is the removal of unused services and applications. For services that can't be removed outright due to their close integration with the underlying system components, stopping these services, turning them off, and modifying their default configurations works well to slim down the computer's profile and avoid wasting precious resources on those features that will go unused.
In addition to configuring default instances of features and components, system settings should be addressed in accordance with best practices and modern security recommendations and with regard to any regulations that may govern your industry. Finally, don't overlook the BIOS settings, especially those on newer devices that utilize UEFI and may contain legacy BIOS settings too. Both should be locked down for maximum protection.
SEE: IT pro's guide to the Windows 10 Fall Creators Update (free TechRepublic PDF)
5. Endpoint security
If you're reading this and feeling as though the overarching theme here is security, you'd be right, as that is precisely the central concern that binds all these categories together. Endpoint security refers to any software that protects your system against malware of all types, provides packet inspection and intrusion prevention, and secures network transmissions over unsecured networks.
While these apps alone won't keep your data protected, since they won't be able to protect against all attacks against your system, not having them installed will only serve to leave a system open to compromise from most attack vectors. Antivirus protection with active and heuristic scanners can detect known threats and identify unknown threats through behavioral analysis. Host-based firewall and intrusion detection systems can filter network traffic for potentially malicious data, while also protecting against known attack types. And VPN software can create a tunnel for securing data in transit while connected to untrusted networks.
6. Data protection
Data is the life's blood of any computing device. Without it, computers would be reduced to paperweights made of plastic, glass, and aluminum. In fact, data is more important than the device it's created on, as far as IT is concerned. Computers can be replaced, but once data is lost, that's that.
In an effort to best manage devices, data is sometimes overlooked. This is a grave mistake. Efforts are made to protect data in transit through VPNs and data in use by way of secured coding processes in software development--but what of data at rest? BitLocker encryption is built into every modern version of Windows. Yet many systems aren't taking advantage of it, leaving most data at rest ripe for the picking by anyone who can get their hands on the device, online or offline. Implementing BitLocker takes only a matter of minutes, and the payoff extends far into the lifecycle of the data itself.
SEE: Use BitLocker to encrypt your system drive (ZDNet)
7. Disaster recovery
Disaster Recovery Plans, or DRPs, are designed to follow a plan in the event of catastrophic failure of a device and still be able to recover any data lost. While most end-users are familiar with the concept of backing up their data, how often the process is put into place correctly is a different matter altogether. Manually copying data from your computer to a backup drive whenever you remember to do so is better than nothing, but if the data is not backed-up frequently, then data loss should it occur could be permanent.
Moreover, even the best laid data backup plans won't amount to much if they aren't periodically tested for functionality. The day a failure occurs is not the day to check to see if your data is recoverable. Verifying that backups created work properly to recover data is just as important as automated, "set it and forget it" backup schemes work best to ensure that the data is consistently being backed up to an external source. Furthermore, introducing redundancy into the scheme by selecting more than one backup location, such as a physical external hard drive and a secondary cloud-based location will further ensure that data is protected at two different sources.
- Windows 10 security overhaul: Microsoft lays out the most important new features (TechRepublic)
- Windows 10 power tips: Secret shortcuts to your favorite settings (Tech Pro Research)
- 10 things you should do before, during, and after reinstalling Windows (TechRepublic)
- 10 ways to protect your Windows computers against ransomware (TechRepublic)
- 10 essential first steps after installing Windows (TechRepublic)
What are your end-of-year maintenance procedures? Share your tips for keeping your systems protected and operating properly throughout the year.