4667-8 ch11.f.qc 5/15/00 2:01 PM Page 373 11 C H A P T E R Change Control and Policy and Workspace Management T his chapter discusses workplace management and change control services ✦ During the writing of this chapter, one of our clients almost lost a small fortune in business due to the lack of change control Our client is a small (only five people) insurance broker One of the brokers, Dave, writes marine insurance, and on a fine cool January day in Florida, he got the break the company was waiting for an order for a policy to insure a $10 million yacht the premium would be a killer He returned from the marina shaking and shivering, realizing that he was about to write the policy of his career The commission would be staggering, and from this many more deals would flow You get a name for writing big policies like this Nothing would stand in his way nothing but his faithful workstation Dave likes to fiddle with his computer When he is not looking for insurance business, he likes playing around with his desktop settings, fonts, resolution, and more Dave lives in Control Panel more than his apartment We had maintained a “loose” change management policy in this company In other words, we maintained minimal desktop control because Dave was the only wild card and was considered an advanced user The company had been our client for several years, and we had never had an issue with users changing anything that could cause a problem ✦ ✦ In This Chapter Group Policy Overview Creating Policy and Change Management Plans Applying Group Policy ✦ What Is Change Control? ✦ ✦ ✦ ✦ 4667-8 ch11.f.qc 374 5/15/00 2:01 PM Page 374 Part III ✦ Active Directory Services On the day that Dave needed to write up his policy, his desktop went berserk He logged into his workstation as usual, but when he opened the insurance application, the application began to tremble and then the session froze If you know insurance, you know that if you cannot write the policy, the client will make another call Dave was getting ready to jump off the jetty with an anchor around his neck We jumped in and disabled Dave’s account And because we were deploying the Windows Desktop and agency software applications through terminal services, we were able to get Dave back to his policy writing in record time He admitted that he had changed his font again and some other “things” that he could not remember The client learned a lesson and advised that no employee (all four of them) was allowed to tamper with the applications or desktop sessions But we learned a bigger lesson Change control is as important for our small clients as it is for the big ones It cannot be ignored anywhere Change control on Windows NT and other server environments has been lacking since the invention of client/server Policy and profile maintenance is possible on Windows NT and Windows 9x desktops, but it is not secure, and users can override settings with little effort A Windows NT workstation/server environment is more secure But change control empowerment is still lacking Windows 2000 and Active Directory change all this with the introduction of Group Policy Group Policy governs change control policy on many facets of the operating system These include the following: ✦ Hardware configuration and administration ✦ Client administration and configuration (desktop settings, logon, connection, and more) ✦ Operating system options and policy, such as IntelliMirror and remote OS installation ✦ Application options and policy (such as regional settings, language and accessibility, deployment, and more) ✦ Security options and policy ✦ Network access We are not going to take you through every detail of creating and managing Group Policy objects because the Windows 2000 Help system adequately handles that But we will show you how to take control of the change control issue, apply security policy, and more But before we get to that, let’s discuss the science and philosophy of change control and management 4667-8 ch11.f.qc 5/15/00 2:01 PM Page 375 Chapter 11 ✦ Change Control and Policy and Workspace Management Understanding Change Management In our highly complex worlds of information technology and information systems, the only constant is change The more complex and integrated our IS systems become, the more important it is to have change control Managing change has thus become one of the most important MIS functions in many organizations If you not manage change, the unexpected results of an unmanaged change could render you extinct Processes, routines, functions, algorithms, and the like not exist in vacuums or some form of digital isolation from the rest of the universe Just as in life, all processes depend on or are depended on by other routines or processes When you change the way a process behaves, you alter its “event course.” In other words, you alter its destiny Altering the event course of a process is in itself not the problem Problems arise when processes dependent on a particular course of events are no longer afforded the opportunities they were expecting Think about how you feel and are inconvenienced when a person you were going to meet does not turn up or cancels the engagement unexpectedly In software and computer systems, such events can have catastrophic results They in turn fail, and their event courses are also altered When processes begin to crash, an unstoppable domino effect takes place, leading to systems failure and disaster from one end of the system to the other Besides the first example when Dave’s job was almost toasted, here are other examples: ✦ The FTP service on a server is turned off AS/400 connections expecting to find the connection up are not able to transfer route information to a network share A process that was expecting the information to be in the FTP folder cannot calculate the daily routes for orders that need to go out The trucks not arrive, and the orders not get established The orders are not shipped Clients place more than $10 million in business elsewhere ✦ A software engineer makes a change in source code that reintroduces the Millennium bug into the process pool Programs begin to collapse because the receiving data function does not know how to deal with data that appears to be more than a hundred years old ✦ A user downloads new software from the Internet onto his company’s notebook computer The new software contains a backdoor virus that silently attacks the notebook’s anti-virus suite It inserts a replacement file into the anti-virus software and causes the software to reload the old inoculation data file, which is akin to taking an antibiotic that has expired When the user connects back to the corporate network, the hostile code moves to the network servers and does the same thing Once on the servers, the virus shuts down the company systems, and the company almost goes insolvent as a result 375 4667-8 ch11.f.qc 376 5/15/00 2:01 PM Page 376 Part III ✦ Active Directory Services These examples sound far-fetched, but they are not We have seen all three of them on our networks Such is the need for change control In fact, the unit of time in which no change takes place is too small to be studied by humans So, we have to control change; we have to manage it in such a way that the effects of change are planned for and that all dependencies are informed and allowed to compensate when change comes In a nutshell, no change can be allowed to take place without a) the proposed change being put to a board of change management for consideration; b) the consequences of the change are fully investigated, and the change is deemed necessary Because change is always inevitable, another factor comes into change control — contingency planning, of which disaster recovery is a part In the past, problems caused by unmanaged change affected standalone systems Because computers were once islands and isolated, the effects of the change were local and confined When we started to network, change control problems began to affect the global corporate or organizational environment But the effect was, and still is to a large extent, confined to the corporate or enterprise information network However, in the world of e-commerce, change control has become critical because any change that causes an unplanned-for new course of events will affect the external environment where systems crashes can have catastrophic results and cause untold damages and liability In the world of Internet banking, for example, a change control disaster can affect many people who have no relationship with the bank besides its innocent account holders In various parts of this book, we have also discussed service level and quality of support As you know, more and more people are signing service level agreements that guarantee availability of systems all the time These agreements have to be covered with effective change control management The change control or change management board reviews all changes and, based on the board’s research, consultation, and findings, a change request is either approved or denied (In the companies we consult for, all change management approvals have to be signed off by the officer in charge.) But the problems arise when you have a fully functional board and compliant team leaders, but no means of enforcing change control policy at all levels of the enterprise To figure out how this all comes together, let’s look at change control conceptually The respective parts of change control or change management systems resemble the justice system, or at least the enforcement parts of it They include the items listed in Table 11-1 4667-8 ch11.f.qc 5/15/00 2:01 PM Page 377 Chapter 11 ✦ Change Control and Policy and Workspace Management Table 11-1 Change Control Description Purpose Change Control Board A group of people in an organization responsible for reviewing change requests, determining validity, deciding change of course or procedure, and so forth This board also determines regulation and enforcement protocol and deploys change management resources Change Management Functions to manage signed-off or approved change or contingency Change management may include lab tests, sandpit projects, pilot projects, phased implementation, incremental change, performance monitoring, disaster recovery, backup/restore, and so on Change Control Policy Rules, and the formulation thereof, governing change control and management Change Control Rules and Enforcement The enforcement of policy and the methods or techniques of such enforcement Change Control Tools On Windows 2000 networks, this includes local security policy to protect machines, Group Policy to enforce change policy throughout the forest, security policy throughout, auditing, and so on Change Control Stack The change control “stack,” which comprises the various layers that are covered by change control To better understand where in the information systems environment change control needs to be enforced, consider the change control stack in Figure 11-1 At the bottom of the change control stack (CCS) is the hardware (physical) area Objects in this layer that you place under change control enforcement are all hardware, computer components, and hardware requirements The following list provides an idea of what is covered by change control at the hardware or physical layer: ✦ Hardware compliance with the existing infrastructure ✦ Hardware acquisition and determination of hardware needs ✦ Technology deemed necessary or not ✦ Protection and security of storage, and access to media (such as FDDs and CD-ROMs) 377 4667-8 ch11.f.qc 378 5/15/00 2:01 PM Page 378 Part III ✦ Active Directory Services OS and Applications Network Hardware Layer Figure 11-1: The change control stack ✦ Protection of network interface cards ✦ Access to memory and system components ✦ Availability and stability of hardware device drivers ✦ Hardware problem abandonment point (when you give up trying to fix a part or computer and buy a new one) ✦ Parts replacement (such as procedure for replacing media, and so on) ✦ Hardware availability (such as RAID, clustering, load balancing, and so on) Next up is the network layer, which encompasses change control on the data link, network, transport, and session layers of the OSI model Note According to Newton’s Telecom Dictionary, The Open Systems Interconnect (OSI) model of the International Standards Organization (www.iso.ch) is the only accepted framework of standards for interconnection for communication between different systems made by different vendors The OSI model organizes the communications process into a system of layers OSI has become the foundation model for many frameworks in both software and computer hardware engineering The OSI model is also referred to as the OSI stack 4667-8 ch11.f.qc 5/15/00 2:01 PM Page 379 Chapter 11 ✦ Change Control and Policy and Workspace Management The following list includes areas that are targets of change control at the network layer of the CCS: ✦ Security needs (encryption, IPSec, access to routers, circuits, hubs, and so on) ✦ Quality of service ✦ Network bandwidth ✦ Topology ✦ Transport technology (Ethernet, SNA, Token Ring) ✦ Routing, bridging, switching As we get higher up the CCS, the number of variables begins to increase (there are more opportunities for change and thus change control, because we are getting into the area where the user lives) The following list includes areas that are targets of change control at the operating systems and applications layer of the CCS: ✦ Logon/user authentication ✦ Network services ✦ File systems and storage ✦ Network protocols ✦ Device driver installation and version control ✦ Device operation ✦ Application services ✦ Disaster recovery services ✦ Internet/intranet services ✦ Media services and telephony ✦ File transfer ✦ Sharing and access control ✦ Virus protection ✦ Directory services ✦ User levels/access to resources ✦ Communications ✦ Desktop configuration (menus, shortcuts, icons, access to folders, and so on) ✦ Access to information (such as access to the Internet) ✦ Cultural and regional options 379 4667-8 ch11.f.qc 380 5/15/00 2:01 PM Page 380 Part III ✦ Active Directory Services ✦ Accessibility ✦ Access to software/applications ✦ Access to data Not only are there more factors or “opportunities” for change control in this top layer, but also it is the most vulnerable of the layers While certain parts of the operating system and the lower layers provide a barrier to entry due to their complexity, this does not mean that change control should be any more lax or less important The more obscure the service, regardless of the layer it resides in, the higher the risk of a skilled attacker doing undetectable and lasting damage However, it goes without saying that the biggest threat to the stability or health of IT/IS systems comes from users Most of the time, it is just a case of “curiosity killed his computer” (remember Dave) But users also generate security threats, introduce viruses, download hostile applications (most of the time unwittingly), and so on The User First, the term user rarely refers to a single biological unit This is why we have security groups, as discussed in Chapter 10 As soon as you define or categorize the levels of user groups that you need to support in your organization, you will be able to apply change management procedures that can be enforced on those groups If you are involved in client management, you should make an effort to become a member of the change control team You should also get to know your users, the type of software and applications they need, and how they work with their computers, treat their computers, and interact with their computers There are two main types of user or worker, as discussed in the following list: ✦ Knowledge workers: Your knowledge workers are usually the workers who are applying a particular skill set or knowledge base in their job These people are your engineers, technical support people, accountants, lawyers, designers, and so on Knowledge workers usually have a permanent office These people use their computers for most of the day Their machines are constantly in use, and losing them would be costly for the company They can be considered advanced users ✦ Task-oriented workers: These workers are data entry personnel, receptionists, office assistants (to varying degrees), order takers, and so on Most of these users would not need more than a terminal and a terminal service account to perform their duties These users can be considered your basic users 4667-8 ch11.f.qc 5/15/00 2:01 PM Page 381 Chapter 11 ✦ Change Control and Policy and Workspace Management The two main types of user are further broken down into the following categories (by computer resource used): ✦ Stationary (office) workstation user: This user (usually a knowledge worker) does not need a notebook computer because he or she only needs the machine at work This machine is usually a small-footprint workstation running Windows 9x, Windows NT Workstation, or Windows 2000 Professional ✦ Remote workstation user: This worker connects to the network from home or a remote office, over a WAN connection or modem The user still uses a fixed desktop computer because he or she does not move around ✦ Notebook/docking station user: This user uses his or her computer at work and at home The user is usually accommodated with a docking station at home and at the office, which makes it easier to connect and disconnect from the network ✦ Multi-user workstation: This computer does not belong to any specific user Users making use of this resource are usually guests, users that move around from location to location, temp staff, shift staff (such as call center or customer service representatives), and so on ✦ Mobile computer: This is usually a notebook or laptop computer, sans docking station, that spends most of its life in a carrying case stuffed inside the cubby of a jetliner Mobile users can either connect to the office from the road (such as a hotel or conference center) or from branch locations where they will be able to connect to the corporate network In each of these cases, you will need to establish workstation and user management policy with respect to each user and computer Also note that it often makes more sense to further tag your user as being advanced or basic in the literacy level of computer usage We have had knowledge workers who cause endless problems for the administrators, and basic workers who should be writing software instead of using it Create a list or database of these categories and in each category list a computer name and a user name (pay close attention to these lists because we will return to them later) For example: Mobile Computers ✦ Mobile Computer Accounts MCPD98 MCPD99 MCPD100 MCPD101 381 4667-8 ch11.f.qc 382 5/15/00 2:01 PM Page 382 Part III ✦ Active Directory Services ✦ Mobile Computer Users Henry R James Catherine H Anderson Jill J Smith Michael F Wolf User Applications You now need to create another list underneath each user that determines what each requires in terms of software and hardware to perform his or her functions You will create two lists The first is for basic users who need no more than the standard applications adopted by the enterprise For example, if your company has adopted Microsoft Exchange 2000, then Outlook 2000 will be on that list, as will MS Word, Excel, and other applications if the company has standardized on Microsoft Office components, which is very common A second list next to the first one will be an advanced user choice list The user (if policy allows) will be able to choose a specialized list of software for which he or she must justify deployment This justification, by the way, is presented to change control or management for review A good example is a software engineer who is hired to create a certain application He or she will then request that a development tool or component be installed or made available to complete the task Managing software is a daunting task for anyone In a small organization, one person can typically be saddled with the job of managing anywhere in the region of 10 to 20 applications In large companies, the number of software components can run into the thousands Defining and enforcing policy regarding installation and configuration of applications is thus critical Why you have to this? Consider the following if you allow users to install their own applications: ✦ The application may be unstable and could damage existing systems For example: During the early beta testing of Windows 2000 Professional, a technical support engineer at one of our clients installed the Release Candidate code on his workstation to check it out The code corrupted the databases belonging to help desk and shut down the call center for three days ✦ Applications may not be legally obtained If you not enforce change control policy, your enterprise may be risking lawsuits and criminal charges You cannot claim ignorance of users using illegal or pirated software Your boss goes away for 20 years or more if your users steal software ✦ The act of installing the software can introduce viruses and security risks to the network If the user installs from a source on the Internet, there is the risk that the download may bring with it hostile applications We have seen backdoor viruses pop out of downloaded zip files and kill a machine in under a minute ... backup/restore, and so on Change Control Policy Rules, and the formulation thereof, governing change control and management Change Control Rules and Enforcement The enforcement of policy and the methods... philosophy of change control and management 4667-8 ch11.f.qc 5/15/00 2:01 PM Page 375 Chapter 11 ✦ Change Control and Policy and Workspace Management Understanding Change Management In our highly... 11 ✦ Change Control and Policy and Workspace Management Table 11-1 Change Control Description Purpose Change Control Board A group of people in an organization responsible for reviewing change