documenting a schools pcs and network (voluntary)
This is a pretty tough question -- it's hard to come up with a "standard" template because every site is a little different, even schools (which are largely similar). I can give you the steps I typically follow.
Physical Audit
If the school already has an asset management system that should help with the physical bits: Every device should have an asset tag. If not, getting that in place should probably be your first step. This can be as simple as an Excel spreadsheet, and can grow in complexity to something like OCS Inventory NG or RackMonkey.
Logical (Network) Audit
The next step would be documenting your network's configuration (subnets, vlans, routers, firewalls) -- If there's already a network diagram GREAT, if not, not-so-great. There's plenty of network mapping software that can help you here (Spiceworks is one, InterMapper is another -- I know the latter has good deals for educational institutions).
Logical (Software) Audit
To do the "Identifying each PC" & running software bit you have at least two options:
-
nmap can scan all the identified subnets and give you a list of machines and what OS it suspectsthey're running.
(This has the benefit of being free) -
Nessus can do similar things, and give you vulnerability assessments.
I don't believe there's a free version of this.
There are also plenty of tools available that can query each computer for its installed software, but I don't have a list off the top of my head, and most of them require an agent on each machine being checked...
Users and Passwords
The last part, documenting users & passwords, is the hardest IMHO: If your previous "admin" parent was good there's a list somewhere. If they weren't, conduct a VERY thorough exit interview with them and get as much data as you can.
Further auditing can then be done by dumping Active Directory Users & Computers information, assuming the school has an AD domain set up (or in a Mac/Linux/Unix world by perusing the equivalent NIS or LDAP domain, or the password files).
Really you only need passwords for things like switches, routers & firewalls -- You may also want them for certain databases/database users (like your SQL Server DBA account) -- collecting passwords for every account is obviously impractical (and a bad security practice).
Best practices also dictate changing all the passwords you receive from the previous admin, even if he's a stand-up trustworthy guy :-)