Kaseya Community

Best Practices for Server / Workstation maintenance

  • Hi all,

    Just a question for you. I am currently setting up Kaseya and have about 450 desktops setup so far. I am not doing anything with them as of yet except audits. I just have a few questions in relation to what all you do in relation to the following

    1. What sort of regular maintenace do people do on pc's (excluding defrag / disk cleanup and spyware removal.

    2. In relation to patch managment are people manually looking at each patch and approving or denying or what is the rule of thumb on this.

    3. I have setup service monitors sets for servers covering DHCP and DNS and other basic services. But I noticed that some servers say don't have DHCP running. Is it the case that I just have to setup Monitor sets for all the million different combinations such as - Domain Controller without DHCP, Domain Contoller with DHCP that sort of thing.

    4. In relation to anti virus - we use generally symantec, I know I can run a script and it gets the definition dates - it then stores it in the machines files folder but what can I do with it then. Can I report every month on the AV status of 60 machines.

    5. On reporting - Do people at the end of a month compile manual reports for their clients or do they just use the scheduled ones in Kaseya. I don't really see anything other than the executive summary that my clients would benefit from. There are lots of reports that I cannot see that they might benefit from such as the AV one above.

    Anyway just some pointers I am after.

    Thanks for all your help

    Michael

    Legacy Forum Name: Best Practices for Server / Workstation maintenance,
    Legacy Posted By Username: mmartin
  • michael.martin@itfocus.ie
    Hi all,

    Just a question for you. I am currently setting up Kaseya and have about 450 desktops setup so far. I am not doing anything with them as of yet except audits. I just have a few questions in relation to what all you do in relation to the following

    1. What sort of regular maintenace do people do on pc's (excluding defrag / disk cleanup and spyware removal.

    2. In relation to patch managment are people manually looking at each patch and approving or denying or what is the rule of thumb on this.

    3. I have setup service monitors sets for servers covering DHCP and DNS and other basic services. But I noticed that some servers say don't have DHCP running. Is it the case that I just have to setup Monitor sets for all the million different combinations such as - Domain Controller without DHCP, Domain Contoller with DHCP that sort of thing.

    4. In relation to anti virus - we use generally symantec, I know I can run a script and it gets the definition dates - it then stores it in the machines files folder but what can I do with it then. Can I report every month on the AV status of 60 machines.

    5. On reporting - Do people at the end of a month compile manual reports for their clients or do they just use the scheduled ones in Kaseya. I don't really see anything other than the executive summary that my clients would benefit from. There are lots of reports that I cannot see that they might benefit from such as the AV one above.

    Anyway just some pointers I am after.

    Thanks for all your help

    Michael


    I recommend you do the Empower courses if you have access as they will answer a lot of questions for you.

    On PCs we do basic maintenance. Which is just the defrag, clean up, spyware etc. There is no need to do anything else. The PCs have to be locked down otherwise you will be forever chasing yourself.

    For those who want backups we provide a full backup per week with incrementals daily and keep 4 full sets. For those who dont want backups our hardware restoration procedure is to get the machine back to a standard "image" that was decided upon on day 1. e.g. Win XP, Office, On the domain, printers added. All important data should be on shared drives on the server(s) anyway.

    We do patch management by machine collections as per the Kaseya Best Practice. We organize collections by different software. So we have Win XP, Win Vista, Office 2003, Office 2007, Quickbooks, Adobe Photoshop, etc.

    Then we image these on our test machines. We set all collections to be "pending approval" in the policy. When new patches come out we test them on each collection in turn and approve or deny them. A machine could be in many collections (eg. Win XP, Office 2007, QB) and until that patch has been approved for all 3 then it wont download onto the machine (which is a great system). If one collection is denied for whatever reason then that machine wont be patched.

    so you are managing patches across a few collections and not across thousands of machines. We then release patches once per week (usually weekends) after we have tested them.

    Split your monitor sets up into smaller ones. Then just add the ones you need to certain machines rather than create different combinations. So dont have DC with DHCP, DC without DHCP, DC with DNS but no DHCP etc. Just have DC, DHCP, DNS then assign multiple sets to the machines.

    Again we use templates and machine collections and views to do this. Normally you can only bring on a few new servers per month and so it is easy to manage. It looks like you are trying to bring everything on in one go.

    I would get some test setups first. Then get your templates set up. Then bring on your best customer. Then slowly transition eveyone else over. Then you can stay on top of it.

    We are pushing KES so cant comment on Symmantec.

    Our reports depend on what is in our SLA. If we have to meet certain response times etc that is how we use it.

    We send the Executive Summary, the Ticketing Summary and the Patch Summary every month. The ticketing summary is the main one. Then they can have details on request.

    We sit down every 3 months and review progress and implement improvements.

    Legacy Forum Name: MSP General Discussion,
    Legacy Posted By Username: Mark Shehan
  • Hi Mark,

    Thanks very much for this information. I think we are trying to get things setup for use with clients but I find it difficult to get information such as above which is just really best practices and real life experiences. I am doing the empower at the moment and already have done quite a few but they just really tell you how to do things but not what types of things to do. Can I ask in relation to your patch management do you test all patches or do you let say security patches through. Would you have a dedicated person looking at patchs. We currently have over 1000 patches listed on our server and there is no way I can test every one. I know some are old ones but just feel the urge to approve all and hope for the best which is obviously so wrong. We normally would let critical patches just install on machines.

    In relation to the DHCP And DNS bit do you not have mountains of monitor sets as there is so many individual items to look at.

    Again though thanks for the feedback the more I get the more fine tuning I can do.

    Michael

    Legacy Forum Name: MSP General Discussion,
    Legacy Posted By Username: mmartin
  • I am at the same stage with the initial setup of Kaseya.

    I have just finished the Kaseya Boot Camp and can vouch that it is well worth the cost.

    The instructor provided a vast array of best practices over the 3 days covering all the different functions of the product.

    Prior to attending I went through the emPower online courses and found that some of the information presented is now considered out of date. The differences aren't going to wreck your installation, but I'm actually glad to see that Kaseya is continuing to evolve the techniques presented to manage the product and your clients machines.

    I think you should give serious thought to attending a boot camp as it will help avoid potential re-work in your Kaseya implementation.

    David Benet
    Melbourne, Australia

    Legacy Forum Name: MSP General Discussion,
    Legacy Posted By Username: smbtechnology
  • michael.martin@itfocus.ie
    Hi Mark,

    Thanks very much for this information. I think we are trying to get things setup for use with clients but I find it difficult to get information such as above which is just really best practices and real life experiences. I am doing the empower at the moment and already have done quite a few but they just really tell you how to do things but not what types of things to do. Can I ask in relation to your patch management do you test all patches or do you let say security patches through. Would you have a dedicated person looking at patchs. We currently have over 1000 patches listed on our server and there is no way I can test every one. I know some are old ones but just feel the urge to approve all and hope for the best which is obviously so wrong. We normally would let critical patches just install on machines.

    In relation to the DHCP And DNS bit do you not have mountains of monitor sets as there is so many individual items to look at.

    Again though thanks for the feedback the more I get the more fine tuning I can do.

    Michael


    Hi Michael

    We have a dedicated Kaseya tech(s). We do over 80% of our business plans as all inclusive (based on certain requirements, such as locked down PC's, standard images etc.). We can do that as our techs are now 100% utilized without waiting on project work so our hourly rates are lower. I suggest doing the business empower courses too (and I did the Quickstart Business course - thanks Len you saved hundreds of hours there).

    We test patches quickly as we test against standard images. We cheat slightly though.

    We put machines into collections governed by their software (eg Vista, Office 07, Quickbooks 07, Custom App1 etc.).

    Machines goes into more than one collection. We have test machines that have these images.

    We have one machine with all the apps on it. (e.g. Vista, Office2007, Quickbooks 07, Custom App1). We then test the patches on that machine. If all is ok then we can approve each individual collection as we know it is good.

    If it fails then we look at the failures and figure out where and why. We either fix it or isolate the app that causes the problem and then release it to the others that are ok (e.g. a problem was found so we isolated to Office 2007. We tested it on another configuration with just Vista and Custom App1 for example and it worked so we approved it for those PC's).

    If you have a lot of old patches i would still setup a quick test machine with as much software on it as you have handy (such as XP Pro, Office etc) and test them against it. IF you have 1000 then do them by groups at a time. If all is ok then it can be approved, rather than blindly approve and hope for the best.

    We have had problems with MS Patches even as close as 2 weeks ago.


    As with all monitoring it depends on what you and the customer want to monitor. There are thousands of items but you aren't interested in them. What do you and your customer want to know with DHCP and DNS?

    Legacy Forum Name: MSP General Discussion,
    Legacy Posted By Username: Mark Shehan