As a follow-up to this regular and manual maintenance tasks post, let’s focus on tasks that are scheduled and automated. To make management a bit easier, there are a few things that I like to do before setting up the first task.
Setting Up A Scheduled Task Server
First, where possible – run your tasks from a central dedicated VM with dedicated user(s) accounts. In the past, I’ve setup these tasks on my workstation with my user. When my machine messed up or I changed my password (or any other number of things), the tasks stopped working. Now, I like to use a VM with dedicated service users delegated the permissions required for their task. For example, you might have a user for AD changes, SCCM management, and syncing to outside services. Or you might be comfortable with one account delegated only the permissions that it needs. Either way, your service account(s) most likely do not need domain admin permissions and should not be used elsewhere.
Second, make sure that you have a backup strategy for your maintenance machine. We often forget to include these types of side servers in DR plans. As you centralize tasks, they become critical to your environment.
Automatic Tasks for Your Server
Here is a list of tasks that I have running. Item without a link are custom scripts that I haven’t polished enough to publish here. 🙂
- AD – Add Objects to Groups Automatically
- AD – Create Users from SIS
- AD – Find Computers with Broken Trusts
- AD – Move Computers to OU by IP or Name
- AD – Prevent Accidental Deletions
- AD – Set and Update Manager Attributes
- AD – Stale Object Cleanup
- File Servers – Create Student Classwork Folders
- File Servers – Create Substitute Lesson Plan Shares
- File Servers – Reduce Picture Size
- File Servers – Reduce Video Size
- O365 – Change Default Reply All to Reply
- O365- Hide Users in Global Address List
- O365 – Set Default Language and TimeZone
- Print Servers – Set Printer IP in Comments
- Print Servers – Set Printer Deployment Group Descriptions
- SCCM – Remove Disabled/Deleted Computers
- SCCM – Remove Computers from OSD Groups after deployment
- SCCM – Sync Collections to AD Security Groups
Those are the main tasks that keep our environment humming along. What automatic tasks do you use?
Downloading and parsing CSV files from several sources (mailbox, sftp, …).
Installation of pre-approved software from a network share (think of it as an in company appstore on our intranet).
Pulling data from several applications and merge relevant data into a new readonly dataset (made available internally via an API).
…
I’m the programming sysadmin 😀
Would you mind explaining a bit more about your pre-approved software app share?
Sure, no problem.
I have a set of applications in a shared folder on a NAS. Users however cannot install the software due to the lack of administrator rights on their machines.
What my ‘system’ allow is for the user to drop a file in a shared folder which contains 4 fields:
The hostname of the computer
The name of the application
The users email
The session number of the user on his computer
The file is picked up by a scheduled task running a C# app (by an account with installation permissions on client computers) on my script server.
The file is read and the application name is validated against a list which contains the full path for the installer and possible switches (mostly used for silent installation and settings).
If the request is valid another task is fired. This is a psexec session to the machine of the user.
Above installation is then run within the users desktop session (this allows for error dialogs during install to be visible).
Upon completion the user receives a mail that the installation has been completed.
That is a pretty cool home-grown setup! Thanks for sharing that!!