Network topology diagrams

All network diagrams should be kept in both hard copy and digital format. Moreover, this document must be closely integrated with the change management process. The change management policy should specifically call for the updating of this document at the conclusion of any change made to the network that impacts the network diagram and should emphasize that no change procedure is considered to be complete unless this update has occurred.

There are two types of network topologies, physical and logical. The physical diagram focuses on the cabling, connections, and locations of devices. The logical diagram illustrates data flows that may or may not follow the physical diagram.

Figure 9.1 shows a physical diagram, while Figure 9.2 illustrates a logical diagram.

Knowledge base/articles

Often in the process of troubleshooting an issue, you may find useful information in a knowledge base article. Vendors share these documents to assist technicians. You should keep these articles and tie them to the issue they solved. This will help solve future instances of the same issue.

Incident documentation

Just as you should keep all technical articles that help to solve an issue, all incidents should be recorded in detail for future reference. This helps to identify recurring issues for which the root cause has yet to be determined. With regard to security incidents, your incident handling policy should support this effort.

Regulatory and compliance policy

It is your responsibility, as an administrator and a professional, to know (or learn) the regulations that exist for dealing with safety. You should know them from the local level to the federal level and be familiar with the reporting procedures for incidents you are faced with.

If employees are injured, for example, you may need to contact the Occupational Safety and Health Administration (OSHA). On its website (www.osha.gov), you can find links to information about issues of compliance, laws and regulation, and enforcement.

When it comes to disposal of hardware, you can find a list of state laws here:

www.electronicsrecycling.org/public/ContentPage.aspx?pageid=14

The Environmental Protection Agency (EPA) offers basic information here:

www.epa.gov/osw/conserve/materials/ecycling/index.htm

Acceptable use policy

The most effective method of preventing viruses, spyware, and harm to data is education. Teach your users not to open suspicious files and to open only those files that they’re reasonably sure are virus-free. They need to scan every disk, email, and document they receive before they open it. You should also have all workstations scheduled to be automatically scanned on a regular basis.

While education is important, in most cases you must also attempt to control what users do. An acceptable use policy (AUP) is a document that specifies what users can and cannot do, and it should be signed by all during the hiring process. This creates a contract that can be used later to form the basis for disciplinary measures. These measures or consequences for noncompliance should be spelled out ahead of time. The AUP should be reviewed at least annually, and if changes are made, personnel should have to re-sign the agreement.

Password policy

One of the strongest ways to keep a system safe is to employ strong password polices and educate your users in the best security practices. In this section, you’ll explore various techniques that can enhance the security of your user passwords.

Inventory management

Inventory management includes knowing what you have. You can’t know that something is missing until you take an inventory, so this should be done on a regular basis. What type of information is useful to record in these inventories? You may choose to record more, but three items should be included for sure.

Exam essentials

Explain the importance of asset management and documentation. List what should be included when creating an asset inventory. Understand the importance of organizing and maintaining documentation. Describe some of the types of sensitive documents that require special treatment.

Documented business processes

As organizations grow and develop, they generate business processes they follow. Sometimes these processes become almost ingrained in users, but over time methods utilized may “drift” away from the original process. For this reason, all key business processes should be recorded and followed, and any change to such processes must undergo the change management examination to ensure that it is beneficial to the entire organization and supports all of its goals.

Purpose of the change

When any change is suggested, the proposed benefit derived from the change must be identified. Otherwise, there is no reason for the change. During the change management process, the relative costs and benefits to the overall organization will be weighed by a change management board or team.

Scope the change

In some cases, a change may be beneficial for some users or groups but not others. In that case, we may limit the change (called scoping) to only those it will benefit. While scoping is not possible with some changes (cases where all must share any changes), it can be utilized in some specific cases where a change can be segregated to only a set of users.

Risk analysis

Sometimes changes bring risk, and these risks must be identified. All changes should undergo a risk analysis process to identify such risks and any controls or countermeasures that can be implemented. The goal of such countermeasures may be either to reduce the risk to a level the organization is comfortable with or to eliminate it entirely.

Plan for change

Once a change has been approved, the timing of the change and its implementation must be carefully planned so as not to disrupt operations. Affected parties should be notified of the change and when it will occur. Any disruptions to service must be announced ahead of time so users can plan for doing without service for the planned period of downtime.

End-user acceptance

The change management board (discussed next) should include regular users so any proposed changes can be assessed for end-user acceptance. This can help to avoid widespread user dissatisfaction after the change.

Change board

The change management or change control board should contain a cross-section of representatives from the company. In this way each change can be assessed by each stakeholder group in the organization. The process should follow these steps:

1. All changes should be formally requested.
2. Each request should be analyzed to ensure that it supports all goals and polices.
3. Prior to formal approval, all costs and effects of the methods of implementation should be reviewed.

Backout plan

During implementation, incremental testing should occur, relying on a predetermined fallback strategy if necessary.

Document changes

Complete documentation should be produced and submitted with a formal report to management.

Exam essentials

Describe the steps in change management. These steps are as follows:

• All changes should be formally requested.
• Each request should be analyzed to ensure it supports all goals and polices.
• Prior to formal approval, all costs and effects of the methods of implementation should be reviewed.
• After they’re approved, the change steps should be developed.
• During implementation, incremental testing should occur, relying on a predetermined fallback strategy if necessary.
• Complete documentation should be produced and submitted with a formal report to management.

Backup and recovery

Preventive maintenance is more than just manipulating hardware; it also encompasses running software utilities on a regular basis to keep the file system fit. These utilities can include scheduled backups, check disks, defragmentation, and updates.

Backup testing

While many backup utilities offer a “verification process,” nothing beats actually attempting to restore the data. While test restorations may not be appropriate after every backup, they should be done often to ensure that you have not been creating corrupt backups for days on end.

UPS

An uninterruptible power supply (UPS) is a solution to a number of power-related threats that can harm computers. Among them are the following:

Blackout This is a complete failure of the power supplied.

Brownout This is a drop in voltage lasting more than a few minutes.

Sag This is a short-term voltage drop.

Spike The opposite of a sag, this is a short (typically less than one second) increase in voltage that can do irreparable damage to equipment.

Surge This is a long spike (sometimes lasting many seconds). Though a surge is typically a less intense increase in power, it can also damage equipment.

The two solutions to know for the power issues on the exam are battery backups and surge suppressors.

Surge protector

A surge suppressor keeps a spike from passing through it and onto the equipment that could be damaged. Tripping occurs when the breaker on a device such as a power supply, surge protector, or UPS turns off the device because it received a spike. If the device is a UPS, when the tripping happens, the components plugged in to the UPS should go to battery instead of pulling power through the line. Under most circumstances, the breaker is reset, and operations continue as normal. Figure 9.3 shows a surge-protector power strip, with the trip button to reset at the top.

Nuisance tripping is the phrase used if tripping occurs often and isn’t a result of a serious condition. If this continues, you should isolate the cause and correct it, even if it means replacing the device that continues to trip.

Surge suppressors (also known as surge protectors), either stand-alone or built into the UPS, can help reduce the number of nuisance trips. If your UPS doesn’t have a surge protector, you should add one to the outlet before the UPS to keep the UPS from being damaged if it receives a strong surge. Figure 9.4 shows an example of a simple surge protector for a home computer.

All units are rated by Underwriters Laboratories (UL) for performance. One thing you should never do is plug a UPS or computer equipment into a ground fault circuit interrupter (GFCI) receptacle. These receptacles are intended for use in wet areas, and they trip easily.

Cloud storage vs. local storage backups

It is an option to store all backups in the cloud. The advantage is that you are protected against any disaster that destroys your local backup tapes. The disadvantage is that when you need the backups, if the cloud is your only option and you have no Internet access (a common occurrence during a natural disaster), you will be unable to access those backups until Internet access is restored. A more prudent approach may be a combination of both local and cloud storage.

Account recovery options

In rare cases users lose access to their accounts. If these accounts reside in your directory service such as Active Directory, you may be able to restore them using restoration procedures that are beyond the scope of this book. You can find more information here:

https://try.netwrix.com/active-directory-object-restore-bing?cID=70170000000lKo3&sID=5328154968&msclkid=5084e540b4e31609f880be847aba4cf2&utm_source=bing&utm_medium=cpc&utm_campaign=US_EN_Paid_Search_Active_Directory_Restore&utm_term=%2Brecover%20%2Bactive%20%2Bdirectory%20%2Baccount&utm_content=Recover%20(deleted)%20ad%20account

If it is a Microsoft account, the recovery procedures can be found here:

https://support.microsoft.com/en-us/help/17875/microsoft-account-recover

Exam essentials

Describe power-related issues. Among them are blackout (complete failure of the power supplied), brownout (a drop in voltage lasting more than a few minutes), sag (a short-term voltage drop), spike (the opposite of a sag, an increase in voltage typically less than second, which can do irreparable damage to equipment), and surge (a long spike, sometimes lasting many seconds, that although typically a less intense increase in power can also damage equipment).

List backup types. Three methods exist to back up information on most systems: full, differential, and incremental. A full backup backs up everything. An incremental backup is a partial backup that stores only the information that has been changed since the last full or incremental backup. A differential backup is similar in function to an incremental backup, but it backs up any files that have been altered since the last full backup.

Equipment grounding

Electrostatic discharge (ESD) is one of the most dangerous risks associated with working with computers. Not only does ESD have the potential to damage components of the computer, but it can also injure you. Failing to understand the proper way to avoid it could cause you great harm.

ESD is the technical term for what happens whenever two objects of dissimilar charge come in contact—think of rubbing your feet on a carpet and then touching a light switch. The two objects exchange electrons to equalize the electrostatic charge between them. If the device receiving the charge happens to be an electronic component, there is a good chance it can be damaged.

The likelihood that a component will be damaged increases with the use of complementary metal-oxide semiconductor (CMOS) chips because these chips contain a thin metal-oxide layer that is hypersensitive to ESD. The previous generation’s transistor–transistor logic (TTL) chips are more robust than the CMOS chips because they don’t contain this metal-oxide layer. Most of today’s integrated circuits (ICs) are CMOS chips, so ESD is more of a concern lately.

The lowest static voltage transfer that you can feel is around 3,000 volts (it doesn’t electrocute you because there is extremely little current). A static transfer that you can see is at least 10,000 volts! Just by sitting in a chair, you can generate around 100 volts of static electricity. Walking around wearing synthetic materials can generate around 1,000 volts. You can easily generate around 20,000 volts simply by dragging your smooth-soled shoes across a carpet in the winter. (Actually, it doesn’t have to be winter to run this danger; it can occur in any room with very low humidity. It’s just that heated rooms in wintertime generally have very low humidity.)

It would make sense that these thousands of volts would damage computer components. However, a component can be damaged with as little as 80 volts. That means if your body has a small charge built up in it, you could damage a component without even realizing it.

Just as you can ground yourself by using a grounding strap, you can ground equipment. This is most often accomplished by using a mat or a connection directly to a ground.

Proper component handling and storage

When handling computer components, such as motherboards, network cards, and such, it is easy to damage the delicate circuitry with the static electricity that builds up in your body in certain environments. In this section, we’ll talk about how you can protect these components and how you should store them when not in use.

ESD straps

There are measures you can implement to help contain the effects of ESD. The easiest one to implement is the antistatic wrist strap, also referred to as an ESD strap. You attach one end of the ESD strap to an earth ground (typically the ground pin on an extension cord), or to the metal case, and wrap the other end around your wrist. This strap grounds your body and keeps it at a zero charge. Figure 9.5 shows the proper way to attach an antistatic strap.

If you do not have a grounded outlet available, you can achieve partial benefit simply by attaching the strap to the metal frame of the PC case. Doing so keeps the charge equalized between your body and the case so that there is no electrostatic discharge when you touch components inside the case.

ESD mats

It is possible to damage a device simply by laying it on a bench top. For this reason, you should have an ESD mat (also known as an antistatic mat) in addition to an ESD strap. This mat drains excess charge away from any item coming in contact with it (see Figure 9.6). ESD mats are also sold as mouse/keyboard pads to prevent ESD charges from interfering with the operation of the computer.

You can also purchase ESD floor mats for technicians to stand on while performing computer maintenance. These include a grounding cord, usually 6 to 10 feet in length.

Vendors have methods of protecting components in transit from manufacture to installation. They press the pins of ICs into antistatic foam to keep all the pins at the same potential, and circuit boards are shipped in antistatic bags, discussed earlier. However, keep in mind that unlike antistatic mats, antistatic bags do not drain the charges away—they should never be used in place of antistatic mats.

Toxic waste handling

Many of the components in a computer should not simply be thrown in the trash because they contain toxic materials. In this section, you’ll learn about proper handling and disposal of these components and materials.

CRT

While most CRT monitors have been disposed of already, you may find yourself with a number of them that you need to get rid of. These cannot be thrown in the trash. The contents of the device are under pressure, and if something breaks the glass screen, there will be glass and other materials sprayed out with a force that could injure someone.

The monitor uses a lot of power as it directs electrons on the screen via a strong magnet. The electrons and magnet require a considerable amount of voltage to be able to do their task. Like power supplies, monitors have the ability to hold their charge a long time after the power has been disconnected.

You should never open a power supply or a monitor for the reasons discussed here. The risk of electrocution with these two devices is significant.

If you are not sure whether electricity is present, or its voltage, use a voltmeter. Figure 9.7 shows a simple voltmeter capable of working with both AC and DC currents.

Many states have laws that govern the disposal of monitors since they are often classified as hazardous. CRT monitors contain high amounts of lead and other harmful materials such as arsenic, beryllium, cadmium, chromium, mercury, nickel, and zinc. To dispose of a monitor, contact a computer recycling firm and let them get rid of the monitor for you. CRT monitors must be disposed of according to the environmental regulations.

Personal safety

There is nothing on a computer, a server, a router, and so on, that cannot be replaced or repaired. The same, however, is not true for you. It is imperative that you protect yourself from harm and follow safety procedures when working with computers.

Compliance with government regulations

It is your responsibility, as an administrator and a professional, to know (or learn) the regulations that exist for dealing with safety. You should know them from the local level to the federal level and be familiar with the reporting procedures for incidents you are faced with. For more information, see the section “Regulatory and compliance policy” earlier in this chapter.

Exam essentials

Understand ESD. Electrostatic discharge occurs when two objects of unequal electrical potential meet. One object transfers some charge to the other one, just as water flows into an area that has a lower water level.

Understand the antistatic wrist strap. The antistatic wrist strap is also referred to as an ESD strap. To use the ESD strap, you attach one end to an earth ground (typically the ground pin on an extension cord) and wrap the other end around your wrist. This strap grounds your body and keeps it at a zero charge, preventing discharges from damaging the components of a PC.

MSDS documentation for handling and disposal

It is important that you know the potential safety hazards that exist when working with computer elements and how to address them. It is imperative that you understand such issues as material safety data sheets (MSDSs) and know how to reference them when needed. Any type of chemical, equipment, or supply that has the potential to harm the environment or people has to have an MSDS associated with it. These are traditionally created by the manufacturer, and you can obtain them from the manufacturer or from the Environmental Protection Agency at www.epa.gov.

These sheets are not intended for consumer use but are aimed at emergency workers and employees who are exposed to the risks of the particular product. Among the information they include are such things as boiling point, melting point, flash point, and potential health risks. They also cover storage and disposal recommendations and the procedures to follow in the case of a spill or leak.

Temperature, humidity level awareness, and proper ventilation

Three items closely related to an environmentally friendly computing environment are temperature, humidity, and ventilation. We will cover the most important elements with all three.

Temperature Heat and computers don’t mix well. Many computer systems require both temperature and humidity control for reliable service. The larger servers, communications equipment, and drive arrays generate considerable amounts of heat; this is especially true of mainframe and older minicomputers. An environmental system for this type of equipment is a significant expense beyond the actual computer system costs. Fortunately, newer systems operate in a wider temperature range. Most new systems are designed to operate in an office environment.

If the computer systems you’re responsible for require special environmental considerations, you’ll need to establish cooling and humidity control. Ideally, systems are located in the middle of the building, and they’re ducted separately from the rest of the heating, ventilation, and air conditioning (HVAC) system. It’s a common practice for modern buildings to use a zone-based air conditioning environment, which allows the environmental plant to be turned off when the building isn’t occupied. A computer room will typically require full-time environmental control.

Humidity Level Another preventive measure you can take is to maintain the relative humidity at around 50 percent. Be careful not to increase the humidity too far—to the point where moisture starts to condense on the equipment! It is a balancing act keeping humidity at the right level since low humidity causes ESD and high humidity causes moisture condensation. Both extremes are bad but have completely different effects.

Also, use antistatic spray, which is available commercially, to reduce static buildup on clothing and carpets. In a pinch, a solution of diluted fabric softener sprayed on these items will do the same thing.

At the least, you can be mindful of the dangers of ESD and take steps to reduce its effects. Beyond that, you should educate yourself about those effects so you know when ESD is becoming a major problem.

Ventilation Rounding out temperature and humidity is ventilation. It is important that air—clean air—circulate around computer equipment to keep it cool and functioning properly. Server rooms require much more attention to ventilation than office spaces but are the subject of other exams (Server+, for example) and not test fodder for A+.

What is test fodder is the topic of ventilation within the computer itself—an inadequate flow of internal air within a computer is a common cause of overheating. To prevent this, know that all slot covers should remain in place and be replaced if a card is removed from the system. Know as well that internal fans should be periodically cleaned to ensure proper air flow. A missing slot cover or malfunctioning fan can lead to inadequate flow of internal air.

Power surges, brownouts, and blackouts

A number of power-related threats can harm computers. For more information, see the section “UPS” earlier in this chapter.

Protection from airborne particles

Computers don’t do well with airborne particles. To protect them from such, you can use enclosures for your sensitive equipment and air filters to condition the air.

Dust and debris

One of the most harmful atmospheric hazards to a computer is dust. Dust, dirt, hair, and other airborne contaminants can get pulled into computers and build up inside. Because computer fans work by pulling air through the computer (usually sucking it in through the case and then pushing it out the power supply), it’s easy for these items to enter and then become stuck. Every item in the computer builds up heat, and these particles are no exception. As they build up, they hinder the fan’s ability to perform its function, and the components get hotter than they would otherwise. Figure 9.8 shows the inside of a system in use for only six months in an area with carpeting and other dusty surroundings.

Vacuums

Dust can build up not just within the computer but also in crevices on the outside. Figure 9.9 shows USB ports on the back of a system that have become a haven for small dust particles. These ports need to be blown out with compressed air, or cleaned with an electronic vacuum, before being used, or degradation with the device connected to them could occur.

Compliance to government regulations

As careful as you try to be, there is always the possibility for accidents to occur. Accidents can be environment-related (for example, a flash flood no one could predict suddenly overtakes the server room and shorts out the wiring) or caused by humans (someone mixes the wrong cleaning chemicals together to try to make their own concoction). Regardless of the cause or circumstances, one thing is written in stone: You must fully and truthfully document the problem.

That documentation must be seen by internal parties (managers, human resources, and so on), and it may also need to be seen by external parties. The latter depends on the type of industry you are in and the type of incident that occurred. For example, if a large amount of battery acid is spilled on the ground, you should contact the Environmental Protection Agency (see reporting procedures at www.epa.gov). Always understand any hazards that come with the industry you work in and make sure that the proper reporting procedures are followed or OSHA, EPA, or other governmental entity may fine the company.

Exam essentials

Know what an MSDS is. An MSDS is a material safety data sheet containing instructions for handling an item. It can be acquired from the manufacturer or from the EPA.

Know that you may need to report incidents. When incidents happen, you must always document them, and every attempt should be made to do so both fully and truthfully. Depending on the type of incident, you may also need to report it to other authorities, such as the EPA.

Know what components are not suitable for a landfill. Batteries, CRTs, and circuit boards are all examples of items that should not be thrown away normally because of the elements used in them. Batteries contain metals such as lead and nickel, circuit boards contain lead solder, and CRTs contain phosphors.

Know the safety procedures to follow when working with computers. Be careful when moving computers or working around any electrical components. Know that liquids and computers don’t mix, and keep the systems as clean and dust-free as possible to ensure optimal operation.

Incident response

The extent to which a security event causes harm to your network largely depends on the speed and quality of your response to the incident. By following a structured incident response policy, you greatly enhance the chances of minimizing the damage and the likelihood that you will be able to bring parties to justice in the case of illegal activity. The following sections cover some important guidelines regarding the incident response process.

Licensing/DRM/EULA

While many in the IT community would like to think that software, music files, and movie files should be free, that is not the case. Using any of these items without paying for them is illegal. Operating systems, application software, and many third-party utilities require a license to legally use the software. It also requires that you accept an end-user license agreement (EULA) whereby you agree to use the software as described in that agreement.

Music and movie files, on the other hand, are protected by digital rights management (DRM). This is a system that maintains control over these files and ensures that they are installed only on devices that belong to the person who purchased the file, with the end goal being to prevent users from sharing and giving these files away without paying for them.

Not all software requires a license. In the next sections, we’ll talk about software that doesn’t require a license and also discuss the differences between personal and enterprise licenses.

Regulated data

Some data types require special attention because they are regulated. This means their proper handling is specified by regulation. In this section we’ll look at some of these types of data.

Follow all policies and security best practices

Every organization should have a security policy that drives all security-related activities and clearly spells out how sensitive data is handled and what specific operations the users are allowed to perform. The acceptable use policy is a document that each user should sign when hired and serves as a contract between the user and the company in detail. Moreover, this document, as well as the security guidelines that network technicians must follow, should be driven by well-established best practices. The following are some of the guidelines that should be included:

• Password policy
• Acceptable use policy
• Access control policy
• Remote access policy

Part of your job is to educate users about the importance of these security policies and to monitor the environments for any violations of the policies.

Exam essentials

Report prohibited content and activities. You have an obligation to report prohibited activities and content to the appropriate authorities when you uncover them. You must ascertain which authority is prohibiting the actions and notify them.

Document and preserve the evidence. It is imperative that the evidence be documented and preserved until turned over to the appropriate authority. In some cases, this can include commandeering a removable drive, a computer, or even a server. Failure to do so can leave you facing fines and other punishments.

Use proper language and avoid jargon, acronyms, and slang, when applicable

Avoid using jargon, abbreviations, slang, and acronyms. Every field has its own language that can make those from outside the field feel lost. Put yourself in the position of someone not in the field, and explain what is going on using words they can relate to.

Be honest and fair with the customer, whoever that is, and try to establish a personal rapport. Tell them what the problem is, what you believe is the cause, and what can be done in the future to prevent it from recurring.

Alert your supervisor if there is a communication barrier with the customer (for example, the customer is deaf or does not speak the same language as you do). This is particularly important if the barrier will affect the problem resolution or the amount of time it will take.

If you’re providing phone support, do the following:

• Always answer the telephone in a professional manner, announcing the name of the company and yourself.
• Make a concentrated effort to ascertain the customer’s technical level, and communicate at that level, not above or below it.

Maintain a positive attitude/project confidence

Maintain a positive attitude. Your approach to the problem, and the customer, can be mirrored back. Moreover, project confidence in dealing with the issue because that engenders more cooperation and patience from the customer, both of which have a direct impact on the success of your troubleshooting efforts.

Actively listen (taking notes) and avoid interrupting the customer

Good communication includes listening to what the user, manager, or developer is telling you and making certain that you understand completely what they are trying to say. Just because a user or customer doesn’t understand the terminology, syntax, or concepts that you do doesn’t mean they don’t have a real problem that needs addressing. You must, therefore, be skilled not only at listening but also at translating. Professional conduct encompasses politeness, guidance, punctuality, and accountability. Always treat the customer with the same respect and empathy you would expect if the situation were reversed. Likewise, guide the customer through the problem and the explanation. Tell them what has caused the problem they’re currently experiencing and offer the best solution to prevent it from recurring.

Listen intently to what your customer is saying. Make it obvious to them that you’re listening and respecting what they’re telling you. If you have a problem understanding them, go to whatever lengths you need to in order to remedy the situation. Look for verbal and nonverbal cues that can help you isolate the problem. Avoid interrupting the customer because that telegraphs that what he has to say is not important enough to listen to.

Be culturally sensitive

It is important as well to be culturally sensitive—not everyone enjoys the same humor. Moreover, be mindful of the difference in the way business is conducted in different cultures and be flexible in your approach based on this. When you sense that the customer prefers a more formal relationship with you, try to reflect that in your approach.

Be on time (if late, contact the customer)

Punctuality is important and should be part of your planning process before you ever arrive at the site. If you tell the customer you’ll be there at 10:30, you need to make every attempt to be there at that time. If you arrive late, you have given them false hope that the problem would be solved by a set time. That false hope can lead to anger when you arrive late and appear to not be taking their problem as seriously as they are. Punctuality continues to be important throughout the service call and doesn’t end with your arrival. If you need to leave to get parts, tell the customer when you’ll be back, and then be there at that time. If for some reason you can’t return at the expected time, alert the customer and inform them of your new return time.

In conjunction with time and punctuality, if a user asks how much longer the server will be down and you respond that it will up in five minutes only to have it remain down for five more hours, you’re creating resentment and possibly anger. When estimating downtime, always allow for more time than you think you’ll need, just in case other problems occur. If you greatly underestimate the time, always inform the affected parties and give them a new time estimate. Here’s an analogy that will put it in perspective: If you take your car to get the oil changed and the counter clerk tells you it will be “about 15 minutes,” the last thing you want is to be sitting there 4 hours later.

Avoid distractions

It is important that you avoid distractions while working on a customer’s or user’s problem. Those distractions can come in the form of personal calls, talking to co-workers, or personal interruptions.

If you arrive at the site to troubleshoot a problem and there are distractions there of the customer’s making (children present, TV on, and so on), you should politely ask the customer to remove the distractions if possible. If the area you will be working in is cluttered with personal items (mementos from the state fair, stuffed animals, and so on), ask the customer to relocate the items as needed or ask them if it is OK to do so before you relocate the items.

Set and meet expectations/timeline and communicate status with the customer

Customer satisfaction goes a long way toward generating repeat business. If you can meet the customer’s expectations, you’ll almost assuredly hear from them again when another problem arises. If you can exceed the customer’s expectations, you can almost guarantee that they will call you the next time a problem arises.

Customer satisfaction is important in all communication media—whether you’re on-site, providing phone support, or communicating through email or other correspondence.

Share the customer’s sense of urgency. What may seem like a small problem to you can appear to the customer as if the whole world is collapsing around them.

Deal appropriately with customers’ confidential and private materials

The goal of confidentiality is to prevent or minimize unauthorized access to files and folders and disclosure of data and information. In many instances, laws and regulations require specific information confidentiality. For example, Social Security records, payroll and employee records, medical records, and corporate information are high-value assets. This information could create liability issues or embarrassment if it fell into the wrong hands. Over the last few years, there have been several cases in which bank account and credit card numbers were published on the Internet. The costs of these types of breaches of confidentiality far exceed the actual losses from the misuse of this information.

Just as confidentiality issues are addressed early in the design phase of a project, you as a computer professional are expected to uphold a high level of confidentiality. Should a user approach you with a sensitive issue—telling you their password, asking for assistance obtaining access to medical forms, and so on—it’s your obligation as part of your job to make certain that information passes no further.

Exam essentials

Use good communication skills. Listen to the customer. Let them tell you what they understand the problem to be and then interpret the problem and see whether you can get them to agree to what you’re hearing them say. Treat the customer, whether an end user or a colleague, with respect, and take their issues and problems seriously.

Deal appropriately with confidential data. You—as a computer professional—are expected to uphold a high level of confidentiality. No confidential information should ever be disclosed to outside parties.

Script file types

Script files can come in various file types. In this section we’ll look at these file types.

Environment variables

Environmental variables are default locations for various objects like the TEMP folder, for example. They are usually set during system startup by the system init script. They can be altered within a script or command from the default. In Microsoft Windows, each environment variable’s default value is stored in the Windows Registry or set in the AUTOEXEC.BAT file. Some examples of environmental variables are as follows:

Linux/Unix

• $HOME contains the location of the user’s home directory.
• $PWD points to the current directory.

Windows

• %CONFIG holds the symbolic name of the currently chosen boot configuration.
• %TEMP% (and %TMP%) contain the path to the directory where temporary files should be stored.

Comment syntax

Within a script you can include comments that are intended to be read by people but not to be processed. These might explain the rationale behind a script or give some historical perspective to the script. When including one, you indicate that the line is a comment (and not to be executed) by some sort of character set. For example, any text between // and the end of the line will be ignored by JavaScript (will not be executed). In PowerShell V2, <# #> can be used for block comments.

Basic script constructs

Within a script there are several tools or techniques you can use to make the script more efficient. Let’s look at two of these tools.

#!/bin/bash
for i in 1 2 3 4 5
do
   echo "Welcome $i times"
done

Basic data types

When creating scripts, you use two data types.

Exam essentials

Identify script file types. These include .bat, .ps1, .vbs, .sh, .pyc, and .js.

Understand scripting terms. These include strings, variables, integers, and basic loops.

RDP

Remote Desktop, which is not included in the Home editions of the Windows operating systems, allows members of the Administrators group to gain access to the workstation. (You can specifically allow other users as well.) By default, Remote Desktop is not enabled on Windows 7, but you can enable it from Remote Settings in the Control Panel applet System And Security. To enable Remote Desktop connections in Windows 7, follow these steps:

1. Right-click the Computer icon and choose Properties, or you can type system into the Start menu search box and then find the entry for System.
2. Click the Remote Settings link on the left side.
3. Select one of the two options allowing Remote Desktop connections, as shown in Figure 9.10.

To enable Remote Desktop connections in Windows 8, 8.1, and 10, follow these steps:

1. Open the desktop Control Panel and find the System panel there, or you can search for Remote Access in the Start menu or Start screen.
2. Click Allow Remote Access To Your Computer.
3. When the System Properties dialog box appears, select to allow Remote Desktop connections, as shown in Figure 9.11.

Telnet

Although a Telnet client comes on every Windows machine, the client is not installed by default. It is a handy tool to have, as it allows you to connect to a device at the command line and work at the command line. You should know, however, that Telnet transmits in clear text, so you would not want to use it to perform any sensitive operations (like changing a password). In Exercise 9.1, you will install the Telnet client on a Windows 10 computer.

SSH

If you don’t need access to the graphical interface and you just want to operate at the command line, you have two options, Telnet and SSH. While Telnet works just fine, it transmits all of the data in clear text, which obviously would be a security issue. Therefore, the connection tool of choice has become Secure Shell (SSH). It’s not as easy to set up, because it encrypts all of the transmissions, and that is not possible without an encryption key.

While the commands will be somewhat different based on the operating system, you must generate a key, which is generated using some unique information about the server as seed information so that the key will be unique to the server (the encryption algorithm will be well known). Once configured, the connection process will be similar to using Telnet, with the exception of course that the transmissions will be protected.

Third-party tools

There are also third-party tools that sometimes include screen and file sharing features. Let’s briefly discuss these capabilities.

Security considerations of each access method

Except for Telnet, which is completely insecure, RDP and third-party methods are generally secure and encrypted. However, you should ensure the following about the solution you select:

RDP Ensure that all passwords are complex and that rights are restricted to the minimum to do the job.

SSH Ensure that all passwords are complex and that rights are restricted to the minimum to do the job.

Third-Party Methods Ensure that you understand the security capabilities and the shortcomings of the specific method under consideration.

Exam essentials

Describe common remote access tools. These include Telnet, RDP, SSH, and third-party screen and file sharing tools such as LogMeIn and Go To My PC.