190 likes | 362 Vues
Help Desk Operations for Clients Without Admin Privileges. Tim Guilliams Bob Beane. What is Least User Privileged (LUP) computing environment?. LUP refers to the concept that all users should run their computers with as few privileges as possible Benefits of LUP
E N D
Help Desk Operations for Clients Without Admin Privileges Tim Guilliams Bob Beane
What is Least User Privileged (LUP) computing environment? • LUP refers to the concept that all users should run their computers with as few privileges as possible • Benefits of LUP • Less to do. Systems that are LUP’ed will be 100 percent maintained by the IT department. Over time you, will see the pop-ups to install software such as Adobe, Microsoft and other products go away. This is because IT now has the sole responsibility to manage the patches to your computer. • Better system security. With limited access rights, malicious code will not have access to perform operations that could crash a machine, or adversely affect other systems. • Better system stability. Running LUP gives users increased protection against inadvertent system-level damage. 100 percent of the Human Resource department is running LUP, and we have seen a decrease in overall call volume to the ORNL IT helpline. • Ease of deployment. The fewer privileges an application requires the easier it is to deploy.
Agenda • Planning • Staffing • Tools • Help Desk Impact • Client Impact • Looking Ahead
Planning • Communication • Technical change & expectations • Agents involved in daily actions, message boards • Ticket System Changes • Tracking LUP issues • Monitoring daily LUP numbers • Phone Capacity • Capacity to handle increased call volume • Ability to add agents quickly • Equipment Availability • Computers • Desks
Staffing • Normal Staffing Level • Helpdesk • Field support • Training lead time • Adjusted Staffing Level • Temporary Labor • Subcontracting
Tools • Administrative Rights for support • Helpdesk/Tier 1 • Field Support/Tier 2 • Scripts from SCCM • Local Admin Elevation • Part 1 • Part 2 • Remote support • Admin Group Pilot • Active Directory Group • Techs add themselves for temp admin rights
Run Advertised Programs SCCM • Tool to gain admin rights for support
Requesting Local Admin - Part 1 • Helpdesk elevation process
Requesting Local Admin - Part 2 • Self-help elevation tool
Remote Tools • Bomgar • Improved support for additional incident types
Tools • Administrative Rights for support • Helpline/Tier 1 • Field Support/Tier 2 • Scripts from SCCM • Local Admin Elevation • Part 1 • Part 2 • Remote support • Admin Group Pilot • Active Directory Group • Techs add themselves for temp admin rights
Call Volume • What we expected • Quadruple in daily call volume • What we got • Almost double volume
Incident Increase • Type • Software installation • Printer drivers • Cyber Security Requirements • Impact • Increase in cycle time • Decrease in meeting general SLAs • Huge backlog development • 3 - 4 months and a contest to bring down to normal • Still working through lingering issues (it’s a process thing)
Client Help for the “simple stuff” • I know how to do this, why do I need help? • Common user tasks • Remote desktop • Defrag • Printers • Root file access
Where we are headed • Adjusting Staffing levels • Modifying support model for more remote support • Improving tools • Remote support • Bomgar • SCCM • RDP • Admin access • Improved Tools
Other ORNL Presentations of Interest SharePoint • Monday, 11:45-Using SharePoint UI to Deliver General Use Applications, Connie Begovich • Tuesday, 11:45-SharePoint at ORNL, Brett Ellis Cyber Security • Monday, 1:30-Development of a Process for Phishing Awareness Activities, Philip Arwood & John Gerber • Monday, 2:15-How I Learned to Embrace the Chaos, Mark Lorenc • Monday, 4:15-TOTEM:The ORNL Threat Evaluation Method, John Gerber & Mark Floyd Desktop Management • Monday 4:15-On the Fly Management of UNIX Hosts using CFEngine, Ryan Adamson • Tuesday, 11:00-Implementation of Least User Privileges, Doug Smelcer • Wednesday, 11:45, Microsoft Deployment Using MDT and SCCM, Chad Deguira Incident Management • Wednesday, 11:00-Helpdesk Operations for Clients Without Admin Privileges, Bob Beane & Tim Guilliams IT Modernization • Monday, 2:15-12 Months of Technology, Lara James