Error in deserializing body of reply message for operation 'Translate'. The maximum string content length quota (8192) has been exceeded while reading XML data. This quota may be increased by changing the MaxStringContentLength property on the XmlDictionaryReaderQuotas object used when creating the XML reader. Line 1, position 15629.
Introduction
Most IT support staff don't have either the inclination or time to keep accurate and up to date documentation, a lot of information ends up being held in peoples heads or recorded in places that aren't known outside of IT support staff. Should a key member of IT staff leave, with this information then it could have a serious impact on company operation.
In this paper we provide information about what the key information is for most small - medium size businesses, and a form to be filled in, so that you can ensure ( and really importantly get someone to test ) that you have captured this information.
Not only does this apply to in-house staff, but a lot of small companies rely completely upon external support companies to maintain their IT systems, and it is quite common at the time where you decide to change support companies that you find that the new company doesn't have the information required to continue to maintain your systems. If you are in dispute with your previous supplier than the fact that they hold this information is a strong bargaining point for them.
What could happen if someone leaves the company with key information only known to them?
We appreciate that most of the below would be illegal, but if you have a disgruntled employee, or someone with problems this is altogether realistic:-
They could remotely connect into your network, and erase all company information stored on in-house servers, stop all emails. - unless you have the information to ensure that all passwords & access are changed upon someone leaving, and that there are no backdoors.Company domain name ( eg abc.co.uk) could expire, and be sold to someone else ( eg a competitor), even if a legal battle ensues the domain name ( so web site and emails ) could be down for some time.New users couldn't be added to the networkThey may be able to copy and read all of your and everyone else in the companies emails.Key Information Required.
For the purposes of this document, we have broken down the key areas into:-
In house servers & licensesEmail & InternetRemote access & securitySuppliersIn house Servers & Licenses
All servers have an administrator or "root" user and password. This user normally has complete access to all information, or at least the ability to change things such that they can get it. This may include the ability to read and copy everyone's emails ( typically by exporting the emails from Microsoft exchange to PST files).
It is key that you always know the latest user name & passwords for the administrator. It's also really important that this is only known to the minimum of people. Quite often external support companies know, and are in charge of these passwords - so be warned!
Without the password, you would really struggle to continue to maintain your systems.
Most windows servers and applications were activated and built with CDs / DVD's and license codes. Without these you cannot easily rebuild servers. It is key that all of licenses and media that your company has bought is stored in a safe place, and that you have copies of all license keys.
Without this, how do you know that you are not running illegal software?
Servers are usually key pieces of hardware, and should one break you need it fixing fast. Most new servers come with 3 years on-site maintenance from the manufacturer ( eg Dell, HP). If you have servers without a warranty then getting them repaired could be costly and take a long time. Make sure you have warranty details and expiration dates.
Software such as Anti Virus is usually renewed every 1-3 years, you need to know when the software licenses are up for renewal, to ensure that your PCs remain protected.
Email & Internet
In order for emails to come in to most organisations, your domain name hosting ( eg it-support-guy.org) has an entry that points to a mail server.
The hosting of the domain name is typically carried out by your internet service provider ( eg BT), or a registration company such as reg-123. The domain should be registered to your company, not a third party ( like web developer), and you should have full login to manage the domain.
The same domain name hosting ( dns) is also in charge of directing visitors to your web server. Updating of this DNS information is usually done with an online account with username / password.
Without this information you can't change mail server, or web server information, or someone else could easily disable all access to your email & web sites.
You should also have a record of when your domain names are due to expire ( typically every 2-3 years they need renewing), and what you have to do to renew them. There have been a couple of high profile cases where high street names have forgotten do to this!
Most companies in the UK use ADSL for their internet access. In order to connect to the internet you normally have a router, which is programmed with a user name and password from your internet service provider, eg BT. Without this information if the router breaks, you won't be able to configure a new one up, and there will be delay before you get back on the internet ( ie by the time you've found out who the ISP is, then phoned them up etc).
Some companies use "hosted emails", this is where your mail gets delivered elsewhere ( eg BT, Google) and your PC pulls the email back. In order to pull the email back each user typically has a user name and password specific to the mail system ( sometimes this is POP3 or IMAP). It is important that you have this information - eg if you need to rebuild a PC, or what the procedure is to add / remove users.
Remote Access and Security
Most organisations now have remote access, so that users can access files and emails whilst out of the office, or working from home. It is very common for IT support staff to have this, so that they can perform out of hours maintenance work, or emergency support.
Also software and systems suppliers typically will have access to your systems remotely for the same reason.
Therefore it is key that you have details of who has remote access, how do they get remote access ( typically through some kind of firewall), and what is the master logon to control this. So, for example, if a member of staff leaves then you can immediately prevent them from remote accessing the network.
An experienced IT person can set up many different kinds of access, so if you fear that an ex-IT employee is going to try and get remote access then you may well need professional help to audit your systems.
Suppliers
Most small companies rely upon external support companies to manage their IT systems. It is also common with larger companies to allow software suppliers remote access, as we've stated above.
If you rely upon a supplier for support, then it is key that they provide you with complete and accurate documentation for their systems, or if they manage the whole of your IT, that they give you all the key information - some of which we list below.
It is quite common for a supplier not to provide this information, and software disks, license codes etc. You must insist that you have this information and that is updated regularly.
Check-list
The best way to find out how good your company's documentation is, is to ask your IT manager, or if you use an external company the company, to provide you with the below information in 10 minutes. If they can't do that then ask them.. how much of the information do they have documented now, and ask for that. Otherwise ask them how long it will take to provide it.
Remember the information recorded below should be treated as confidential, and kept in a secure place.
For each item below record if you've got the following information:
Administrator user name and passwords for all servers / PCs
Logon for firewalls & adsl routers
ADSL account login & password
Installation disks ( or logon to on-line source, eg Microsoft account) for all key software, including license keys and license details
Details of who has remote access, and what rights, and how to modify
Domain Name details - expiry dates, confirmation of ownership, DNS hosting login
Email usernames / passwords if applicable
Server Warranty details and expiration dates
Software subscription details, and expiry dates ( eg Anti Virus)
Key contact details ( eg suppliers, support organisations)
Wendy R is an up and coming blogger hosting a variety of sites. Her new site http://www.it-support-guy.org/ aims to provide hints and tips from experienced IT support staff, including tips on WordPress, sugarcrm and general IT support.
0 comments:
Post a Comment