Windows 10 Migrations, SCCM Admin Staffing, and the 1990’s are Still Calling

I’m back home after a few weeks of on/off travel and finally have time to unwind.  Like the last week, the others were focused on Windows 7-to-Windows 10 migration planning and piloting work with either MDT or Configuration Manager (SCCM).  After getting fisted that many times, oops, I mean, exposed to the internal workings of various customer environments, I often need some time and distance to put it all into an objective perspective.  And that rhymes, so that’s cool too.

Windows 10 Migrations

Thankfully, most of the customers I deal with have a clue.  And if they don’t have all of the questions figured out, they’re at least eager to get answers, either on their own, or by asking around.  That’s always a good thing.  Some however, seem to be content with status quo.

I’ve said it before, and I will say it again:  Stop spending time shoe-horning Windows 10 into another Windows 7.  The same old “new car” metaphor comes to mind:  How would you feel if you went to buy a brand-new vehicle, and the sales person said to you “Your new car will be ready by tomorrow, we need to remove all of the new features so it works just like your 5 year old model.  We figured you couldn’t handle the new features“.  Pardon my Brooklynese, but you’d probably bitch-slap them with a set of brass knuckles.  At the very least, you’d spray them with the coffee in your mouth, and then proceed to another dealership for a better experience.

Your new car will be ready by tomorrow, we need to remove all of the new features so it works just like your 5 year old model.  We figured you couldn’t handle the new features.

So, why would you do the same with “TECHNOLOGY”?  You are handling THE EPITOME of “TECHNOLOGY”, not a vehicle, toothbrush or coffee machine (okay, maybe a coffee machine is more awesome, but stick with me here).  I realize this situation is almost always a cultural one.  As in, business culture.  Years and years of communication degradation and sneering looks while roaming the hallways, between IT and “users”, needs to end.  Time for an olive branch, or a box of doughnuts, or a box of doughnuts infused with Xanax or something.  Anything to stop the old and start the new.  And here’s why:

Settling the passive-aggressive cold war solves multiple problems at once.  First, it paves the way for cooperation, which helps greatly with current and future projects and implementing change in the environment.  Second, it helps OFFLOAD work done by IT into the hands of users.  That’s right, you can offload work into the hands of users.  Repeat that last sentence until your mouth gets dry.  For example, SCCM “Software Center”.  Learn it.  Know it.  Live it.  Use it.  Third, educating users on new features feeds reasons 1 and 2 and helps them find things on their own.  You consider users too stupid?  Okay, find the smartest users in each group and empower them as field reps for your initiatives.

Spending hours and hours shoving shortcuts into specific places using scripts and Group Policy?  Stop!  Show users how to find their own shortcuts and use the “pin” feature.  Sell this as “IT isn’t going to control your desktop world anymore.  We’re giving you FREEDOM and SUPPORT.”  EVERY single place I’ve seen this attempted, it has done wonders.  I believe in it whole-heartedly.

SCCM Admin Staffing

This is ancillary to the above rant, but relevant.  More relevant than the discussions involving MDT at least.  What am I talking about?  I’m talking about customers who either decided on their own, or were mislead by overzealous sales people, on the realistic demands required of people who manage SCCM in a production environment.  There are several factors to consider which impact the amount of time this product demands:

  • The scale/size of the environment (including geographic spread)
  • The existing staffing resources (who, where, how many)
  • The types of assets being managed
  • The specific features to be enabled and leveraged in SCCM
  • The abilities of the people who will manage SCCM

I’m sure there’s a quantifiable method to derive meaningful numbers, but allegory seems to be nearly as effective:

  • Customer A has 5,000 Windows devices spread across 20 locations in 5 countries, with an IT staff of around 6 people.
    • There are 24 distinct hardware models in production
    • On average 2 new models are introduced per year
    • Customer A wishes to implement SCCM for imaging, app deployments, software updates, inventory and reporting and endpoint protection
  • Customer B has 5,000 Windows devices located in 2 locations in the same geographic area, with an IT staff of 2.
    • There are 24 distinct hardware models in production
    • On average 2 new models are introduced per year
    • Customer B wishes to implement SCCM for imaging, app deployments, software updates, inventory and reporting and endpoint protection

Guess which one isn’t going to enjoy coming to work much longer?

Dear managers: STOP TRYING TO BE CHEAP.  Staff your environment like you really want it to be effective.  If you plan to do imaging, and it doesn’t really matter what you intend to use, Acronis, Ghost, or any other shitty outdated trash you like rather than MDT or SCCM, you need to dedicate staff to that role.  Keeping up with drivers, firmware and software, all the glue-sniffing InfoSec stupidity (that should be managed in the environment, not entirely in the image), the Change Control meetings (you do have CC in place, right?), and the subsequent pilot and rollout work, is not something to be expected of anyone devoting 1 hour a week to it.  If you don’t have someone to assign to the role, hire someone.

This also applies to other time-suck roles like software updates, application deployments and reporting.  In some environments, when there are dedicated “business reporting” roles, and they learn about someone having access to pull reports from asset inventory data, they will converge on that person like refugees surrounding a relief truck in a war zone.  If  any of this applies to your environment, and you haven’t already, sit down with your admin folks and ask questions.  Try to learn what the role actually entails.  How much time they typically spend on each part of their job and what could be done to reduce the time.  Maybe you already have the tools to deal with it and just need some training or guidance.  Maybe you need to look for newer/better/different tools.  Regardless, do something.  Don’t sit back and wait for it to automate itself, because that’s not going to happen.

I think I digressed a bit.

The 1990’s

If you’re still writing Kix, Batch or VBScript scripts to semi-automate your chores, why?

Is it because you’re still running them on outdated platforms?  Why?

Is it because “management” won’t approve updates to the platform environment?  Why?

Is it because “management” is afraid of change?  Why?

I’ll just say this:  The longer you continue to focus your attention and efforts on outdated shit, it only reinforces two things:

  • It further suppresses your skill set, and your marketability for applying for other jobs
  • It saves your employer money at the risk of increasing security vulnerabilities and reduced support options from vendors

If your goal is only to stockpile cash from your ridiculously high-paying job, so you can parachute out into something else, fine.  If you’re living paycheck-to-paycheck: get out!

Final thoughts:  The conveyor belt of technology change is not slowing down.  In fact it is speeding up.  Ask anyone who works with cloud services how often their tools are being updated (weekly).  Ask how often things like Windows and SCCM are being updated (monthly).  None of that was even conceivable 5 years ago.  The time to dump all the 10-year old practices isn’t now, it was a year ago.  Get moving!


The IT Professional’s PlayBook


So, you’re growing tired of trying to convince clueless managers about approving your requests to improve IT operations.  Maybe you’ve been doing it like this…

You: “Good morning sir/ma’am.  If we spend some money on upgrading our WAN links, we can get ahead of our backlog of projects by moving all our deployment processes out of the slow lane.”

Them: “I don’t know who WAN links is, but it sounds like Chinese food.  Go away.”

Maybe you should try rehearsing these tried-and-tested proven methods:

You: “Good morning sir/ma’am.  I ran the numbers and found we could save money by upgrading our WAN links.  A one-time cost of $14k would eliminate our need for additional infrastructure, license upgrades, controlled spaces, and lower power and cooling costs at all our remote facilities.  That alone would reduce our infrastructure costs by $5,000 per year, and cut our deployment times from weeks to hours.  The cost could be a tax deduction and we’d recoup that in less than three years.  And, are you losing weight?”

Them: “Yes, I’ve been working on my chip shot all weekend and I think it’s getting me in shape again.  I like you Bob….”

You: “It’s Ben.  Sir.”

Them: “Right, Bill, anyhow, it sounds like you think this WAN links guy is really that good?  Ok. I’ll approve him, if you think he can help with our taxes.”

Another example…

You: “Good morning sir/ma’am. I ran the numbers and it turns out we’re spending 150 hours per week installing apps by hand.  That’s 5 technicians over 150 hours at $7.50 per hour, oops, I mean $5.50 per hour.  That comes to $8,250 per week, and a backlog on other support requests in the queue.  We could spend a quarter of that packaging or wrapping the installers and procuring a product to help deploy them remotely.”

Them: “I like that idea.  We can then cut 3 of those technician’s jobs and reduce our burden rate at the same time!  Great work Bill!  You can call me Mike.”

You: “Actually, uh, no disrespect, but I don’t think we should cut…”

Them: “Consider it done Bobby!” (strong pat on the back)

And another…

You: “Good morning Ma’am.  I would like to request approval to replace Acronis and Ghost and all our other imaging tools with Microsoft Deployment Toolkit.  It’s free.  It’s very customizable.  It would allow us to reduce our image library from 43 individual images to 1 with a task sequence.  And it’s been around for years and battle tested.”

Them: “That sounds interesting.  But I spoke with Sam, who dates my daughter, and he says it’s better to maintain 43 image files every month because the extra care and feeding makes it an important job.  And he graduated from a 2 year tech school.  And he dates my daughter, so you know how that goes.  But really, Bobby, I appreciate your concern.”

You: “It’s Ben.  But thank you.”

And finally…

You: “Good morning Ma’am.  I heard about the big tax changes and how we’re going to save $20 million this year alone.  I was wondering if you had a few minutes to discuss some ideas I have about infrastructure improvements to help streamline our operations and save money?”

Them: “I’m glad you asked.  Yes, but it’s actually around $22 million.  And we already have plans to apply that towards automation, to reduce our dependency on human labor.  Oh, and what was your name again?”

Or, you could just consider a career in the legal or medical field.

Poor Man’s IT Chain Reactions



Make sure every machine in the enterprise (connected to LAN or always-on VPN) has the latest version of psexec.exe on the local C: drive.


Why not?  That’s why.

Option 1:

AKA – the semi-automated, safety switch turned off, fully-loaded, drunk guy holding the trigger option.

  1. Download psexec.exe from (or direct: and place into AD domain SYSVOL scripts folder (e.g. \\\netlogon)

    $WebClient = New-Object System.Net.WebClient
  2. Create Group Policy Object (GPO) with Computer Preferences setting to copy psexec.exe from the SYSVOL share to a location on the local C: drive. Configure to “update” so that future version updates will be passed down to the clients.
  3. Create a Scheduled Task to keep the SYSVOL copy up to date with the latest version.


  • Cheap (free)
  • Fairly automated (just add water, makes it’s own sauce / set it and forget it)


  • Smells like duct tape and coat hanger wire

Option 2:

AKA – The “I have a budget, so kiss my butt” option.

  1. SCCM package or application deployment


  • You look cool pulling it off, but not as geeky as option 1.


  • More moving parts under the hood.
  • May require additional steps to maintain a consistent current version across all devices.

Option 3:

AKA – The “I don’t have a budget, so kiss my butt” option.

  1. Include within image configuration (MDT, SCCM, Ghost, Acronis, etc.)


  • Easy


  • Difficult to maintain a consistent and current version across the enterprise

Option 4:

AKA – the “most fun to laugh about during the next beer-meeting” option

  1. Send the new guy around with a USB thumb drive


  • Great fun in the office


  • Do I really need to spell this out?


Interviews – Common Misperceptions

Q: What is something that you think people assume about you, or your profession, which might surprise them as not being true?

Rob Spitzer

That we know everything about every OS, device, or app that someone is using. Its true that as IT folks we can typically flub our way through and figure out the answer but, just like everyone else, we really only know what we need to know to get our job done. I’m constantly learning new tricks from others.

Johan Arwidmark

That I don’t do mistakes :)”


People assume I served in the Marine Corps.  People assume all IT people are brilliant geniuses.  Wrong on both assumptions.”

Rod Trent

People think I never sleep as it seems I’m online 24 hours a day. While, I *am* online a LOT, and do actually work quite a bit, my work/life balance is actually excellent. I’ve worked from home since around 1999 and have learned to become a high-efficiency person, i.e., everything I do, I’ve taken the time to maximize efforts through efficiency. So, essentially, I’ve found a way to script daily, physical tasks much like I used to do with VBScript/PowerShell in my IT Pro days.

Marc Graham

That because I surf and skate I’m also an extremely avid stoner!

Julie Andreacola

I think sysadmins are assuming that if their systems are patched and they have a good Anti Virus, they are protected from today’s malware attacks. My eyes have been opened to the devastation of today’s malware, and just patching and AV is not enough

Stephen Owen

That I’m always completely certain of the solution to a problem. There is always the opportunity cost of troubleshooting, and sometimes the client cannot afford to find the root cause of their issue. We have to move on, and that’s a shame when it happens.

Mike Terrill

hmm…not sure about that one, although my kids think my job is conference calls since i am on the phone a lot.

Chris DeCarlo

“I’d probably say “one thing people assume about the IT profession is that you need a college degree to get above entry level. I’d say that’s not true. You can get far with finding a section of IT you like and becoming a master in it through certification and many many hours of dedicated research/lab time at home. Showing confidence in your skillset becomes visible to others and you start to become the “go-to” person in your field.


E. All the above.

The 5 Immutable Laws of IT Life

1 – The person you need most will be unavailable when you need them.
2 – The problem will stop as soon as you try to show it to someone else.
3 – The simplest task will end up taking the most time.
4 – The feature you need most will be the least documented.
5 – That which saves you time, will cost more money (and vice versa).

What I’ve Learned from Doing IT Interviews


WARNING: My humor tank is running low today.  This one is a semi-quasi-serious post with sub-humor ramifications and subtle uses of pontificatory inflection.  cough cough…

Like many (most) of you, for years, I’ve been the one sweating through an interview.  I’ve had bad interview experiences, and good ones; maybe even a great one, once or twice.

On the bad list was one with a well-known hardware vendor, where I was introduced to three “tech reviewers” on the call who regularly speak at pretty much EVERY IT conference on Earth, and have written enough books for me to climb a stack and change a light bulb.  I was in over my head, but thankfully, they appreciated my humility and sense of humor (had an interesting follow-on conversation at the end as well, but I’ll leave that for another time).

On the good list was the most-recent interview I had (my current job) where the interviewer took the time to share some fantastic technical advise which helped me on the project I was working on with my previous employer.  More than an interview, it was like a mini-training session.  Needless to say, he liked my mental problem-solving process enough to offer me this job.  Very, very much appreciated.

But this post is really about the flip-side of the interview process; what I’ve learned from interviewing others for various types of positions.  At a former place I was the administrative “lead” of a team of six (6) incredibly skilled people.  Part of my role was to interview new hires for a very uncommon set of skills to fit into that project.

At my current employer, I’ve been interviewing like mad to help a customer fill staffing needs for another set of uncommon skills. Not that the individual skills are necessarily uncommon, but the mix of skills in a single person seems to be uncommon.  I have to say, it’s been both enjoyable, and educational for me.

I hope that this experience helps me with future interviews when I go looking for a new job (or a promotion).

I’ve tried to apply the “good” experiences from my interviewee past as much as possible.  For example, not just grilling candidates to make them sweat, but help them along the way, in a give-and-take discussion.  Not a lecture.  And not a cross-examination.  It’s been eye-opening for me, to say the least.  So here’s what I’ve learned:

1 – Keep it Simple

When asked to respond with a “what would you do if…” scenario, start with the most basic step.  A classic example question is “You have a web server, that relies on a separate SQL host, to support a web application.  After working fine for a while, it now shows an error that it can no longer connect to the SQL host.  What would your first step be?

Bad answers: “I’d check the SQL logs”.  “I’d confirm the SQL security permissions”, “I’d verify that the SQL services were running on the SQL host”, “I’d Telnet to the SQL host”

Better answers: “I’d try to ping the SQL host from the web server”

2 – Know the Basic Basics of your Platform

If the role involves system administration (aka “sysadmin”) duties, you should be familiar with at least the names of features, components, and commands.  You don’t necessarily have to know every syntactical nuance of them, just what they are, and what they’re used for.  For example, “what command would you use to register a DLL?” or “What command would you use to change the startup type of a service?”

If the interviewer doesn’t focus on scripting aspects, then ask if they want to know the command or what PowerShell cmdlet.  Then take it from there.  If they ask about the command, just give them the command.  You don’t need to describe the various ramifications of using the command, or how it would be better/easier/cooler to do it with PowerShell.  If they ask about PowerShell methods, answer with the appropriate cmdlet or just describe the script code at a 100,000 foot level.  That said, if the interviewer is focused on your PowerShell acumen, dive deeper, but ask if that’s what they want to hear first.

3 – Don’t be Afraid to say “I Don’t Know”

If the interview question leaves you stumped, don’t hem and haw, and don’t make up something.  Just say “I don’t know“, but, and I mean BUT…. follow that with some next-step direction.  For example, “I don’t know, but I would research that by going to ___ and searching for ____

4 – Ask Questions

A lot of the time, the interviewer is also looking for indications of how the candidate interacts with a situation, such as an interview.  They want to know if you’re inclined to question and discover each situation, rather than just react to it.  Sometimes, the interviewer will ask you “Do you have any questions?“, and sometimes they won’t.  Regardless, it’s often good to ask at least one or two questions, even if it’s just “what’s the next step?

5 – Get a Critique if Possible

At the end of the interview, unless you feel certain you nailed it, like this, I always recommend asking the interviewer for some feedback how how you did.  Ask if there were any areas you could have responded better.  Don’t worry about getting granular details, just general responses can be very helpful.  Whether it’s technical, personal, or otherwise, anything is pure GOLD when it comes to this.

It’s a rare chance to get some tips that will help you on future interviews.  This is particularly true when you feel pretty sure that the employer isn’t going to make you an offer.  That doesn’t mean you are a failure, it just means you didn’t provide indication for the position they’re looking to fill.