documenting a schools pcs and network (voluntary)

windows documentation

This is a pretty tough question -- it's hard to come up with a "standard" template because every site is a little different, even schools (which are largely similar). I can give you the steps I typically follow.

Physical Audit

If the school already has an asset management system that should help with the physical bits: Every device should have an asset tag. If not, getting that in place should probably be your first step. This can be as simple as an Excel spreadsheet, and can grow in complexity to something like OCS Inventory NG or RackMonkey.

Logical (Network) Audit

The next step would be documenting your network's configuration (subnets, vlans, routers, firewalls) -- If there's already a network diagram GREAT, if not, not-so-great. There's plenty of network mapping software that can help you here (Spiceworks is one, InterMapper is another -- I know the latter has good deals for educational institutions).

Logical (Software) Audit

To do the "Identifying each PC" & running software bit you have at least two options:

  • nmap can scan all the identified subnets and give you a list of machines and what OS it suspectsthey're running.
    (This has the benefit of being free)
  • Nessus can do similar things, and give you vulnerability assessments.
    I don't believe there's a free version of this.

There are also plenty of tools available that can query each computer for its installed software, but I don't have a list off the top of my head, and most of them require an agent on each machine being checked...

Users and Passwords

The last part, documenting users & passwords, is the hardest IMHO: If your previous "admin" parent was good there's a list somewhere. If they weren't, conduct a VERY thorough exit interview with them and get as much data as you can.
Further auditing can then be done by dumping Active Directory Users & Computers information, assuming the school has an AD domain set up (or in a Mac/Linux/Unix world by perusing the equivalent NIS or LDAP domain, or the password files).

Really you only need passwords for things like switches, routers & firewalls -- You may also want them for certain databases/database users (like your SQL Server DBA account) -- collecting passwords for every account is obviously impractical (and a bad security practice).
Best practices also dictate changing all the passwords you receive from the previous admin, even if he's a stand-up trustworthy guy :-)

Related

Do all mirrored pairs in a RAID 10 configuration need to be homogeneous in size?
Release Management for Infrastructure [closed]
Members of "Remote Desktop Users" group cannot login
Is there a Windows 2003 Server Service Pack 3?
convert 1x2TB HDD with LVM into 2x2TB HDD with RAID1+LVM or with LVM mirroring?
How do I use ldapdelete to delete an improperly set up olc database?
Apache deflates .xml.gz files
Remote Desktop Connection Data Usage
Unable to see Samba server by netbios name
Users can't change password trough OWA for Exchange 2010
Cannot open IIS 7 applicationHost.config in 64-bit Windows with 32-bit text editor
OpenLdap synchronize home directory between client and server