Name: jefton5 Date: August 10, 2007 at 03:24:37 Pacific Subject: IT Policy OS: SBS 2003 CPU/Ram: 4GB Model/Manufacturer: Dell
Comment:
Hi Everyone. I'm in a bit of a pickle. I need to write up an IT Policy for a small company with only about 14 users. We are about to install a Windows SBS 2003 Server domain but I need to write up a Policy be obviously doing that. I need some advice as to where to start. Or templates to work from. Anyone with some advice, ideas, templates etc. will be massively appreciated. Thanks guys
If you're referring to an "appropriate use" policy, the first thing on it should be "nothing illegal" as per your local and federal laws.
Then list the things they're not allowed to do that are legal, like playing games or chatting online during work hours.
I suspect you'll need the big boss (or owner's) input on this since it has to "come from above" right....or at it will least rate some discussion with management.
Hi guys. Thanks very much for the replies. XPUser - Thanks for the link. It does give me a headstart.
Curt R - I don't fully understand what you mean by an 'appropriate use' policy. Maybe I did not phrase it right or explained properly. I need to write a general company IT Policy e.g. like infrastructure in words really together with what I've done on the server. Say a heading like Internet Access - then I explain in use what I've implemented - no access to users during maybe 9 am and 5pm; only to be used for business reasons.
The reason is that I have to make a proposal in writing to the General Manager as to how I think the new Domain should be implemented, what everyones responsibilities is, restriction throughtout etc.
Maybe if you can recommend like a checklist to give to by Manager where he can fill in what can be acessed, by who, who has access to what. Something / checklist from where I can then go and configure the Server according to that 'rules' set or chosen / noted by him. Jefton
Actually it's never easy to implement IT Policy. On one hand when you get too strict, you will be encouraging the best people to look for another job. On the other hand you will have to put up with tech savvy employees. You need to balance the policy between the two.
Another article that may interest you is HERE. It talks about the common challenge that the IT staff face with tech-savvy employees. An ongoing discussion regarding this topic can be found following this article.
XPUser thanks a mil!!! Do perhaps know where I can find a IT Policy template that I can work from a use as a baseline? Or maybe something in a checklist format? Thanks again
As stated in this article you do need to consult an attorney before you implement it or else you will find yourself slapped with expensive lawsuits. Of course Life is a bitch but that's the way it is today - everybody's litiguous.
XPUser. Once again thanks very much. The info you referred me to really was very helpful. I must admit I was maybe underestimating the extent and amount of work involved in writing up an IT Policy. Thanks
Again you're very welcome. No offense intended but I gather it was something you thought of doing to impress your boss, no? If this was the case, take my advice - look the other way around and let your boss fence for himself. Suggesting something like this out of the blue to the company can entice them to take advantage of your good deed and use you as their scapegoat when something go wrong in the IT Department. All bosses are vultures anyway (some take all the trouble to make sure it don't show up in the employees' radars at all.)
I think jefton5 you need to do the old "divide and conquer" method.
You need to document the following; *ip plan *infrastructure plan [how everything connects and server(s) physical configs] *security plan [how you protect the network ie av, spyware checkers...door locks, who has access and at what level, how you protect your backups, etc] *disaster recovery plan [what to do if the server dies, what to do if the building burns down, how you are going to recover, etc] *internet and email appropriate usage policy *computer and network appropriate usage policy [allow usb sticks from home? Take to and from work? Users install programs? etc.] Server config documentation [GPO settings, user rights levels, etc]
Its a lot of work but once it is done its just a matter of updating as changes occur.
Imagine the power if you knew how to internet search
Hi guys. I actually feel overwhelmed by all the advice and info you guys have to share and have given me so far. Thanks a lot. XPUser - I didn't actually suggest anything. I was recruited just for general IT support but mostly to support another guy with web design and search engine optimization. This was however drafted as part of my Job Description to also see to the 'upgrade' to a Domain environment.
And wanderer and JohnCarrJr thanks for your advice also. The thing is that I don't have a problem actually implementing Group Policies, user rights etc., but just with documenting everything and drafting an initial IT Policy. Thanks
I support a small bookstore "on the side". I setup his network and servers and desktops. I only wish I knew about these templates myself back then. He calls me for every little thing, especially when I'm on vacation!
But, the money's good I guess. I always send him bills between $400-1000, and he still pays them! That cash comes in handy sometimes.
As you say, a security template is easy to install and enforce in a domain where only a few people have access to admin. As always you try to run stuff from "run as".
My suggestion is to keep a few old junky live linux cd running computers for internet access. Remove all company's access from the web.
I read it wrong and answer it wrong too. So get off my case you goober.
Hi everyone. I apologise for the late reply and thank you, but I was really busy the last two days.
Once again to everyone who posted solutions and advice, it really is appreciated. I cannot explain how much I've learned here without having to follow the normal route of buying books and reading them like mad.
It all seems too much but any other views / advice still out there will still and always be appreciated. Don't want to drag on too long cause I already feel guilty just taking up so much of your time. THANKS!
The information on Computing.Net is the opinions of its users. Such
opinions may not be accurate and they are to be used at your own risk.
Computing.Net cannot verify the validity of the statements made on this site. Computing.Net and Computing.Net, LLC hereby disclaim all responsibility and liability for the content of Computing.Net and its accuracy.
PLEASE READ THE FULL DISCLAIMER AND LEGAL TERMS BY CLICKING HERE
