System Administrator Checklist

Daily

Review Audit logs
Tasks
Check application log for warning and error messages for service startup
errors, application or database errors and unauthorized application installs
Check security log for warning and error messages for invalid logons,
unauthorized user creating, opening or deleting files
Check system log for warning and error messages for hardware and network failures
Check web/database/application logs for warning and error messages
Check directory services log on domain controllers
Report suspicious activity to IAO
Tools – Windows Event Viewer

Perform/verify daily backup
Tasks
Run and/or verify that a successful backup of system and data files has completed
Run and/or verify that a successful backup of Active Directory files has
completed on at least one Domain Controller
Tools
Windows Backup Tool

Track/monitor system performance and activity
Tasks
Check for memory usage, Check for system paging, Check CPU usage

Tools – Windows Microsoft Management Console
Performance Log and Alerts, Task Manager, System Monitor
Microsoft Operations Manager

Check free hard-drive space
Tasks
Check all drives for adequate free space take appropriate action as specified by site's Standard Operating
Procedures
Tools – Windows Disk Defragmenter, Disk Management , Disk Quotas


Physical checks of system
Tasks
Visually check the equipment for amber lights, alarms, etc.
Take appropriate action as specified by site's Standard Operating Procedures


Weekly
Archive Audit logs
Tasks
Archive audit logs to a media device with one year retention
Perform/verify weekly backup
Tasks
Run or verify that a successful backup of system and data files has been completed
Tools
Windows Backup Tool

Update Anti-Virus signature file
Tasks
Download and install current Anti-Virus signature files


Run Anti-Virus scan on all hard-drives
Tasks
Scan all hard-drives using current Anti-Virus signature files

Check Vendor Websites for Patch Information
Tasks
Check vendor websites such as Microsoft, Sun, HP, Oracle, etc for
new vulnerability information including patches and hotfixes

Run file system integrity diagnostics
Tasks
Run diagnostic tools to detect any system problems
Tools – Windows
Disk Defragmenter
Error-checking tool
Device Manager

Verify Retina Vulnerability Scan Performed (SCCVI)
Tasks
Verify system scanned by IAO or NSO using Retina tool to detect for
vulnerabilities

Remediate with Citadel Hercules remediation Tool (SCRI)
Tasks
Verify Hercules remediation tool is used on system to correct
vulnerabilities

Check for Password Files
Tasks
Perform file search on system checking for documents containing words such as 'password', 'passwd', 'pwd', etc


Check for Unnecessary Services
Tasks
Check system services for any unnecessary services running

Monthly

Perform Self-Assessment Security Review
Tasks
Review technology checklist for any changes
Run current security review tool
Import results into Vulnerability Management System (VMS)

Tools – Windows
DISA FSO Gold Disk and Scripts
eEye Retina Scanner
Citadel Hercules Remediation Tool

Perform Hardware/Software Inventory
Tasks
Review hardware and compare to inventory list
Review software and compare to inventory list
Update VMS, where applicable

Run Password-Cracking Tool (Domain Controller only)
Tasks
Run (or verify IAO team has run) a password-cracking tool to detect
weak passwords
Provide output to IAO team
Tools – Windows
John-the-Ripper
L0phtCrack
Tools available on DISA FSO Gold Disk (Windows) and
DISA FSO Scripts (UNIX)

Perform/verify monthly backup
Tasks
Run or verify that a successful backup of system and data files has been
completed

Tools
Windows Backup Tool
Veritas Backup Software

Verify User Account Configuration
Tasks
Run DumpSec tool to verify user account configuration
Verify and/or delete dormant accounts with IAO approval
Provide output to IAO team
Tool available on DISA FSO Gold Disk (Windows)

Quarterly

Test backup/restore procedures
Tasks
Restore backup files to a test system to verify procedures and files
Tools
Windows Backup and Recovery Tool
Veritas Backup Software

Annually

Change Service-Account passwords
Tasks
Work with appropriate application administrator to ensure password changes for service accounts such as database accounts, application accounts and other service accounts are implemented

Review appropriate Security Technical Implementation Guides (STIG)
Tasks
Review appropriate STIGs which are updated annually

Participate in STIG Technical Interchange Meetings (TIM), when possible
Tasks
Participate in TIMs to exchange information about updated STIGs, etc.

Review training requirements
Tasks
Review training requirements according to DoD Directive 8570.1

As Required

Test Patches and Hotfixes
Install Patches and Hotfixes
Schedule Downtime for Reboots
Apply OS upgrades and service packs
Create/maintain user and groups accounts
Set user and group security
Subscribe to STIG News

After system configuration changes:
Create Emergency System Recovery Data
Create new system configuration baseline
Document System Configuration Changes
Review and update SSAA
Update VMS for Asset Changes
Update VMS for IAVMs


I didn't want to spend as many hours patching machines with KB824146 exploit
as I did with KB823980, so I tried out mbsafu.

Mbsafu is an automatic remote patching tool that applies Security updates
based on Microsoft Baseline Security Analyzer output.

This will patch NT4, WIN2k, WINXP, WIN2003 machines.

I patched 200-250 machines in our domain in 1Mbsafu. It works! We ran this against desktops and domain controllers.

Before deploying this, TEST IT on a few machines.