Help Desk Operations for Clients Without Admin Privileges Tim Guilliams Bob Beane.
Post on 29-Dec-2015
213 Views
Preview:
Transcript
Help Desk Operations for Clients Without Admin Privileges
Tim Guilliams
Bob Beane
2 Managed by UT-Battellefor the U.S. Department of Energy
What is Least User Privileged (LUP) computing environment?
• LUP refers to the concept that all users should run their computers with as few privileges as possible
• Benefits of LUP
• Less to do. Systems that are LUP’ed will be 100 percent maintained by the IT department. Over time you, will see the pop-ups to install software such as Adobe, Microsoft and other products go away. This is because IT now has the sole responsibility to manage the patches to your computer.
• Better system security. With limited access rights, malicious code will not have access to perform operations that could crash a machine, or adversely affect other systems.
• Better system stability. Running LUP gives users increased protection against inadvertent system-level damage. 100 percent of the Human Resource department is running LUP, and we have seen a decrease in overall call volume to the ORNL IT helpline.
• Ease of deployment. The fewer privileges an application requires the easier it is to deploy.
3 Managed by UT-Battellefor the U.S. Department of Energy
Redneck Fire Alarm
4 Managed by UT-Battellefor the U.S. Department of Energy
Agenda
• Planning
• Staffing
• Tools
• Help Desk Impact
• Client Impact
• Looking Ahead
5 Managed by UT-Battellefor the U.S. Department of Energy
Planning
• Communication– Technical change & expectations
– Agents involved in daily actions, message boards
• Ticket System Changes– Tracking LUP issues
– Monitoring daily LUP numbers
• Phone Capacity– Capacity to handle increased call volume
– Ability to add agents quickly
• Equipment Availability– Computers
– Desks
6 Managed by UT-Battellefor the U.S. Department of Energy
Staffing
• Normal Staffing Level– Helpdesk– Field support– Training lead time
• Adjusted Staffing Level– Temporary Labor– Subcontracting
7 Managed by UT-Battellefor the U.S. Department of Energy
Tools
• Administrative Rights for support– Helpdesk/Tier 1– Field Support/Tier 2
• Scripts from SCCM
– Local Admin Elevation• Part 1
• Part 2
• Remote support
– Admin Group Pilot• Active Directory Group
– Techs add themselves for temp admin rights
8 Managed by UT-Battellefor the U.S. Department of Energy
Run Advertised Programs SCCM
Tool to gain admin rights for support
9 Managed by UT-Battellefor the U.S. Department of Energy
Requesting Local Admin - Part 1• Helpdesk elevation process
10 Managed by UT-Battellefor the U.S. Department of Energy
Requesting Local Admin - Part 2
• Self-help elevation tool
11 Managed by UT-Battellefor the U.S. Department of Energy
Remote Tools • Bomgar
– Improved support for additional incident types
12 Managed by UT-Battellefor the U.S. Department of Energy
Tools
• Administrative Rights for support– Helpline/Tier 1– Field Support/Tier 2
• Scripts from SCCM
– Local Admin Elevation• Part 1
• Part 2
• Remote support
– Admin Group Pilot• Active Directory Group
– Techs add themselves for temp admin rights
13 Managed by UT-Battellefor the U.S. Department of Energy
Call Volume• What we expected
– Quadruple in daily call volume
• What we got– Almost double volume
1/59/55/51/59/55/51/59/55/51/59/55/51/59/55/51/59/55/51/59/55/51/59/55/51/59/55/51/59/55/51/59/55/51/59/55/51/59/55/51/59/50
50
100
150
200
250
300
350
400
Opened Tickets by Day
14 Managed by UT-Battellefor the U.S. Department of Energy
Ticket Volume - Trends
May Jun Jul Aug Sep Oct Nov Dec Jan Feb Mar Apr0
500
1000
1500
2000
2500
3000
3500
4000
4500
5000
Total Tickets
FY09 FY08
15 Managed by UT-Battellefor the U.S. Department of Energy
Incident Increase
• Type– Software installation– Printer drivers– Cyber Security Requirements
• Impact– Increase in cycle time– Decrease in meeting general SLAs– Huge backlog development
• 3 - 4 months and a contest to bring down to normal
• Still working through lingering issues (it’s a process thing)
16 Managed by UT-Battellefor the U.S. Department of Energy
Client Help for the “simple stuff”
• I know how to do this, why do I need help?
• Common user tasks– Remote desktop– Defrag– Printers– Root file access
17 Managed by UT-Battellefor the U.S. Department of Energy
Where we are headed
• Adjusting Staffing levels
• Modifying support model for more remote support
• Improving tools– Remote support
• Bomgar
• SCCM
• RDP
– Admin access• Improved Tools
18 Managed by UT-Battellefor the U.S. Department of Energy
Other ORNL Presentations of Interest
SharePoint• Monday, 11:45-Using SharePoint UI to Deliver General Use Applications, Connie Begovich• Tuesday, 11:45-SharePoint at ORNL, Brett Ellis
Cyber Security• Monday, 1:30-Development of a Process for Phishing Awareness Activities, Philip Arwood &
John Gerber• Monday, 2:15-How I Learned to Embrace the Chaos, Mark Lorenc• Monday, 4:15-TOTEM:The ORNL Threat Evaluation Method, John Gerber & Mark Floyd
Desktop Management• Monday 4:15-On the Fly Management of UNIX Hosts using CFEngine, Ryan Adamson• Tuesday, 11:00-Implementation of Least User Privileges, Doug Smelcer• Wednesday, 11:45, Microsoft Deployment Using MDT and SCCM, Chad Deguira
Incident Management• Wednesday, 11:00-Helpdesk Operations for Clients Without Admin Privileges, Bob Beane &
Tim Guilliams
IT Modernization• Monday, 2:15-12 Months of Technology, Lara James
19 Managed by UT-Battellefor the U.S. Department of Energy
Questions
top related