1. 程式人生 > >新Windows管理員常犯的10個錯誤

新Windows管理員常犯的10個錯誤

Whether you’re new to network administration or to the Windows environment, a few common oversights and mistakes can trip you up. Deb Shinder explains how to avoid some of the problems new Windows admins often encounter.
無論你是網路管理還是Windows環境的新手,一些常見的疏忽和錯誤可能會讓你栽跟斗。Deb Shinder解釋如何避免一些新Windows管理員經常遇到的一些問題。

《endurer注:1、trip up:(使)犯錯誤,把...絆倒》

Maybe you’re a brand new network admin. You’ve taken some courses, you’ve passed some certification exams, perhaps you even have a Windows domain set up at home. But you’ll soon find that being responsible for a company network brings challenges you hadn’t anticipated.

也許您一個全新的網路管理員。你已經修習了一些課程,您已經通過了一些認證考試,也許你們甚至在家裡設立有了一個Windows域。但是,你很快就會發現,負責公司網路帶來了你有沒有預料到的挑戰。

《endurer注:1、take a course:修一門課》

Or maybe you’re an experienced corporate IT person, but up until now, you’ve worked in a UNIX environment. Now — either due to a job change or a new deployment in your current workplace — you find yourself in the less familiar world of Windows.

或者,也許您是一位經驗豐富的企業IT人,但是到現在為止,你已經工作在Unix環境。現在——要麼因工作變動或您當前工作的新部署——你會發現自己處在不太熟悉的Windows世界。

This article is aimed at helping you avoid some of the most common mistakes made by new Windows administrators.

這篇文章旨在幫助您避免一些新Windows管理員們犯的最常見的錯誤。

#1: Trying to change everything all at once

試圖一下子改變一切

When you come into a new job, or start working with a new technology, you may have all sorts of bright ideas. If you’re new to the workplace, you immediately hone in on those things that your predecessors were (or seem to have been) doing wrong. You’re full of all the best practices and tips and tricks that you learned in school. If you’re an experienced administrator coming from a different environment, you may be set in your ways and want to do things the way you did them before, rather than taking advantage of features of the new OS.

當你來到一個新的工作崗位,或開始以新技術來工作,您可能有各種各樣的好主意。如果您是該工作場所的新手,你立即對那些你的前任(或看起來已經)做錯的事情磨拳擦掌。你腦海中充滿了在學校學到的所有最佳做法、技巧和竅門。如果你是來自不同環境的有豐富經驗的管理員,你可能會設定您的方式,並想沿用按以前處理這些事情的方式,而不是利用新作業系統的特點。

Either way, you’re likely to cause yourself a great deal of grief. The best bet for someone new to Windows networking (or to any other job, for that matter) is give yourself time to adapt, observe and learn, and proceed slowly. You’ll make your own job easier in the long run and make more friends (or at least fewer enemies) that way.

總之,您可能會給自己造成很大的麻煩。對於有人Windows網路(或任何其他的工作,為這一問題)新手,最好的賭注是給自己時間來適應,觀察和學習,並緩慢進行。這樣,假以時日,你將使自己的工作變得更容易,並結交更多的朋友(或至少減少敵人)。

《endurer注:1、Either way:ad. 總之(不管怎樣,反正,兩邊都)》

#2: Overestimating the technical expertise of end users

高估終端使用者的技術知識

Many new administrators expect users to have a better understanding of the technology than they do. Don’t assume that end users realize the importance of security, or that they will be able to accurately describe the errors they’re getting, or that they know what you mean when you tell them to perform a simple (to you) task such as going to Device Manager and checking the status of the sound card.

許多新管理員預計使用者對所用的技術有較深入的瞭解,這期望過高了。不要假設終端使用者瞭解安全的重要性,或者他們能夠精確地描述遇到的錯誤,或者當你告訴他們去執行一個(對你而言)簡單的任務時,例如進入裝置管理器並檢測音效卡的狀態,他們能知道你的意思。

Many people in the business world use computers every day but know very little about them beyond how to operate a few specific applications. If you get frustrated with them, or make them feel stupid, most of them will try to avoid calling you when there’s a problem. Instead they’ll ignore it (if they can) or worse, try to fix it themselves. That means the problem may be far worse when you finally do become aware of it.

商界裡的許多人每天使用電腦,但對於超出如何操作幾個具體應用程式之外的知識的知之甚少,但如果你對他們感到失望,或者使他們感到愚蠢,其中大部分人將在有問題時儘量避免給你打電話。相反,他們會忽略它(如果他們能)或更糟糕的是,試圖自己修復它。這意味著,當你最終注意到這一點時,問題可能更為嚴重。

#3: Underestimating the technical expertise of end users

低估終端使用者的技術知識

Although the above applies to many of your users, most companies will have at least a few who are advanced computer hobbyists and know a lot about technology. They’re the ones who will come up with inventive workarounds to circumvent the restrictions you put in place if those restrictions inconvenience them. Most of these users aren’t malicious; they just resent having someone else in control of their computer use — especially if you treat them as if they don’t know anything.

儘管上面說的適用於您的許多使用者,絕大數公司中至少有一些高階電腦迷並且知道許多技術。當你所做的限制使他們感到不便時,他們會另闢徯徑來繞開。這些使用者中的大部分都沒有惡意,只是不滿別人控制自己對計算機的使用——特別是如果你認為他們一無所知時。

《endurer注:1、come up with:提出;想出
2、put in place:設定,安排
3、treat as:對待》

The best tactic with these users is to show them that you respect their skills, seek out their input, and let them know the reasons for the rules and restrictions. Point out that even a topnotch racecar driver who has demonstrated the ability to safely handle a vehicle at high speed must abide by the speed limits on the public roads, and it’s not because you doubt his/her technology skills that you must insist on everyone following the rules.

對這些使用者最好的策略是向他們表明你尊重他們的技能,尋求他們的意見,並讓他們知道制定規則和限制的原因。向他們指出即使是已經表現出安全操作高速車輛的能力的頂級賽車手們,在公路上也必須遵守車速限制。這並不是因為你懷疑他/她的技術技能,而是每個人都要遵守規則。

#4: Not turning on auditing

未開啟審計功能

Windows Server operating systems have built-in security auditing, but it’s not enabled by default. It’s also not one of the best documented features, so some administrators fail to take advantage of it. And that’s a shame, because with the auditing features, you can keep track of logon attempts, access to files and other objects, and directory service access.

Windows伺服器作業系統內建了安全審計功能,但它預設是不啟用的。它也不是個最值得大書特書的功能之一,因此一些管理員未能加以利用。這是一個遺憾,因為利用審計功能,可以跟蹤登入嘗試,檔案和其他物件的訪問,以及目錄服務訪問。

Active Directory Domain Services (AD DS) auditinghas been enhanced in Windows Server 2008 and can be done more granularly now. Without either the built-in auditing or third-party auditing software running, it can be almost impossible to pinpoint and analyze what happened in a security breach.

在Windows Server 2008中,活動目錄域服務(ADDS)的審計被增強了,並且現在可以做得更細緻。沒有內建的審計或第三方審計軟體的執行,就不可能精確地找到並分析發生了什麼安全漏洞。

#5: Not keeping systems updated

未保持系統更新

This one ought to be a no-brainer: Keeping your servers and client machines patched with the latest security updates can go a long way toward preventing downtime, data loss, and other consequences of malware and attacks. Yet many administrators fall behind, and their networks are running systems that aren’t properly patched.

這一個應該是不假思考的:保持您的伺服器和客戶機使用最新安全更新打上補丁可以大大有助於防止停機、資料丟失、和其他惡意軟體和攻擊的後果。然而,許多管理員落後了,他們的網路正在執行沒有適當打補丁的系統。

This happens for several reasons. Understaffed and overworked IT departments just may not get around to applying patches as soon as they’re released. After all, it’s not always a matter of “just doing it” — everyone knows that some updates can break things, bringing your whole network to a stop. Thus it’s prudent to check out new patches in a testbed environment that simulates the applications and configurations of your production network. However, that takes time — time you may not have.

發生這種情況有幾個原因。人手不足、工作過度的IT部門不能在補丁釋出後立即開始應用。畢竟,這不總是一個“只要這麼做”的問題——-每個人都知道,某些更新可能帶來破壞,使您的整個網路停止。因此,在模擬您的產品網路的應用程式和配置的試驗環境中檢查了新的補丁程式是謹慎的。然而,這需要時間——您可能沒有時間。

Automating the processes as much as possible can help you keep those updates flowing. Have your test network ready each month, for instance, before Microsoft releases its regular patches. UseWindows Server Update Services (WSUS)or other tools to simplify and automate the process once you’ve decided that a patch is safe to apply. And don’t forget that applications — not just the operating system — need to be kept updated, too.

讓該過程儘可能地自動化可以幫您保持這些更新不間斷。例如,在微軟釋出其定期補丁前,讓您的測試網路每月隨時準備。一旦您確定了一個補丁是安全適用的,使用Windows伺服器更新服務(WSUS)或其他工具來簡化和自動化該過程。不要忘記,應用程式—不僅僅是作業系統—也需要不斷更新。

#6: Getting sloppy about security

草率對待安全工作

Many administrators enforce best security practices for their users but get sloppy when it comes to their own workstations. For example, IT pros who would never allow users to run XP every day logged on with administrative accounts think nothing about running as administrators themselves while doing routine work that doesn’t require that level of privileges. Some administrators seem to think they’re immune to malware and attacks because they “know better.” But this over confidence can lead to disaster, as it does in the case of police officers who have a high occurrence of firearms accidents because they’re around guns all the time and become complacent about the dangers.

很多管理員為他們的使用者執行最好的安全措施,但來到自己的工作站時卻很草率。例如,從來不允許使用者每天用管理員許可權帳號執行Windows XP的IT專家們,沒想過他們自己在以管理員許可權做不需要該級別許可權的日常工作。有些管理人員似乎認為他們不受惡意軟體和攻擊的影響,因為他們“知道更多。”但這種過度自信可以會導致災難,與此相同的的情況是槍支走火事故發生率較高的警官,因為他們總與槍支打交道,進而對該危險變得自滿。

《endurer注:
1、Getting sloppy:草率
2、routine work:日常工作
3、be immune to:不受...影響的,對...有免疫力的
4、play around with gun:玩弄槍支》

#7: Not documenting changes and fixes

未記錄變更和修補

Documentation is one of the most important things that you, as a network admin, can do to make your own job easier and to make it easier for someone else to step in and take care of the network in your absence. Yet it’s also one of the most neglected of all administrative tasks.

登入造冊對作為網路管理員的你是最重要的事情之一,可以使您自己的工作更輕鬆,並使其他人在您缺席時更容易參與和照管網路。然而這也是所有管理員任務中最容易被忽視的一個。

You may think you’ll remember what patch you applied or what configuration change you made that fixed an exasperating problem, but a year later, you probably won’t. If you document your actions, you don’t have to waste precious time reinventing the wheel (or the fix) all over again.

您可能認為您將記住您應用的補丁程式或你修復正在惡化的問題時對配置所做的修改,但一年後,你可能就不行了。如果你記下了你的操作,您就不必浪費寶貴的時間重複所有這一切了。

Some admins don’t want to document what they do because they think that if they keep it all in their heads, they’ll be indispensible. In truth, no one is ever irreplaceable — and by making it difficult for anyone else to learn your job, you make it less likely that you’ll ever get promoted out of the job.

一些管理員不想記錄他們所做的,因為他們認為如果他們將這些儲存在他們腦袋中,他們就是不可或缺的。事實上,沒有什麼人是不可替代的——而且通過使其他人難於瞭解你的工作,您讓自己從該工作提拔的希望變小。

Besides, what if you got hit by a truck crossing the street? Do you really want the company to come to a standstill because nobody knows the passwords to the administrative accounts or has a clue about how you have things set up and what daily duties you have to perform to keep the network running smoothly?

此外,如果你在過街時被車撞到怎麼辦?您真的想要公司陷入停頓,因為沒人知道具有管理許可權的賬戶的密碼,或者沒有關於你如何設立的線索,和你必須執行以保持網路順利執行的日常工作?

#8: Failing to test backups

沒有測試備份

One of the things that home users end up regretting the most is forgetting to back up their important data — and thus losing it all when a hard drive fails. Most IT pros understand the importance of backing up and do it on a regular schedule. What some busy admins don’t remember to do regularly is test those backups to make sure that the data really is there and that it can be restored.

家庭使用者最終遺憾的事情之一是忘記備份自己的重要資料-從而在硬碟驅動器壞時失去這一切。大多數IT專業人員理解備份的重要性,並定期做備份。一些繁忙的管理員們不記得的是定期檢驗這些備份,以確保資料確實是在那裡,而且可以被恢復。

Remember that making the backup is only the first step. You need to ensure that those backups will work if and when you need them.

記住製作備份只是第一步。你需要確保這些備份在你需要時能工作。

《endurer注:1、end up:結束,告終》

#9: Overpromising and underdelivering

少說大話,多做實事

When your boss is pressuring you for answers to questions like “When can you have all the desktop systems upgraded to the new version of the software?” or “How much will it cost to get the new database server up and running?”, your natural tendency may be to give a response that makes you look good. But if you make promises you can’t keep and come in late or over budget, you do yourself more damage than good.

當老闆壓迫您給出諸如“你什麼時候能將所有的桌面系統升級到新版本?”或“升級並執行資料庫伺服器要花多少錢?”這樣的問題的答案時,您自然會傾向給予可能讓您看上去不錯的答覆。但是,如果你作出你不能保持,並延遲或超出預算的承諾,你會使自己凶多吉少。

《endurer注:1、He has done more harm than good.他之所為害多於利。》

A good rule of thumb in any business is to underpromise and overdeliver instead of doing the opposite. If you think it will take two weeks to deploy a new system, give yourself some wiggle room and promise it in three weeks. If you’re pretty sure you’ll be able to buy the hardware you need for $10,000, ask for $12,000 just in case. Your boss will be impressed when you get the project done days ahead of time or spend less money than expected.

在任何企業中的好的經驗法則是少說大話,多做實事而不是反其道而行之。如果您認為部署一種新的系統需要2個星期,給自己一些迴旋的餘地,保證在3個星期內完成。如果您相當肯定您需要$10000美元就可以購買硬體,要求10000美元以防意外。當你提前完成專案或花費的錢少於預期時,老闆會留下深刻的印象。

《endurer注:1、rule of thumb:經驗法則(靠經驗估計)
2、wiggle room:迴旋或調整的餘地
3、just in case:以防》

#10: Being afraid to ask for help

害怕尋求幫助

Ego is a funny thing, and many IT administrators have a lot invested in theirs. When it comes to technology, you may be reluctant to admit that you don’t know it all, and thus afraid — or embarrassed — to ask for help. I’ve know MCSEs and MVPs who couldn’t bear to seek help from colleagues because they felt they were supposed to be the “experts” and that their reputations would be hurt if they admitted otherwise. But plunging ahead with a project when you don’t know what you’re doing can get you in hot water, cost the company money, and even cost you your job.

自尊是一個有趣的事情,許多IT管理員投資於自身甚多。當遇到技術性問題,你可能不情願承認你不完全懂,因此感到害怕—或尷尬—去尋求幫助。我知道一些MCSE(微軟認證系統工程師)或者MVP(最有價值專家)不能屈尊下顧向同事尋求幫助,因為他們覺得他們被認為“專家”,如果他們承認不懂,榮譽就會受到損害。但你處在一個專案中,你不知道你在做什麼會讓你陷入困境中,代價是公司的資金,甚至是你的工作。

If you’re in over your head, be willing to admit it and seek help from someone more knowledgeable about the subject. You can save days, weeks, or even months of grief by doing so.

如果你不知道是怎麼回事,樂意承認並向那些在該方面更在行的人請教。這樣做你可以少受幾天,幾個星期,甚至是幾個月的的苦。

《endurer注:1、over one's head:超越某人的理解力》