Once IT infrastructure has been installed, IT professionals hired by the school adjust the configurations of devices installed by the engineers and technicians so the network is secure, robust and reliable. They configure settings to authenticate users; give them access to servers, printers, and other devices; and adjust addressing and security functions as devices are added to and removed from the network. Often these are established before the network is installed (network planning is a vital part of upgrade and replacement projects and finds school IT professional and network engineers meeting for many hours to devise and refine the planned installation).
Accounts are granted permissions according to the users’ role in the school and the resources each is authorized to use. The accepted network management practice is to provide individuals who are responsible for managing the school network with two types of accounts; they log on with standard user accounts when simply using the network, but then they log on with an administrator account when they need to change network settings.
In schools, most standard users accounts are assigned to groups such as “school administrators,” “teachers,” and “students.” Student groups are further grouped into organizational units such as “high school students” or “middle school students.” With users being assigned to well-planned organizations units, network administrators can quickly and easily deploy changes by applying them to organizational units.
One commonly used practice for managing user accounts on the network is to avoid recording users’ passwords. If it becomes necessary for a network administrator to log on as a specific user or to restrict a user from the network, then a system administrator can change the user’s password. The user regains control over the account by using a one-time only password from the system administrator, and reset her or his password when first logging on to the system. This step is taken to preserve the user’s privacy and to properly account for the activity. When my password has been changed by the administrator then I am locked out of my account and I cannot be held responsible for changes done under my account. Once I regain control of it, then I am responsible for it.
In addition to managing user’s access to the LAN through user accounts, IT administrators can control devices that are connected to the network by adjusting the network configuration. For example, they can send operating system updates to desktop computers, install and update applications, install printers, and set other configurations from one location. Just as user accounts are placed in organizational units to facilitate management of individuals’ account who have similar needs, computers can be assigned to organizational units, so (for example) all of the computers in a particular computer room can be adjusted by applying changes to the OU to which the computers belong.
One often-used feature of operating systems connected to network that is used to manage devices is remote access. When this is configured, an individual who knows the IP address (or host name) of a device can use client software to log on to a computer or server from different location on the network. This feature allows, for example, technicians at one LAN location (perhaps even in a different building) to take control of a user’s computer to troubleshoot problems or observe symptoms. In rural schools that are separated by many miles, but that are connected via a single LAN, this can be very useful as an IT professional can take control of a computer without the need to travel to the site. This increases the efficiency of technicians and minimizes travel expenses.
A well-designed network built with devices of high quality that are properly configured will typically be reliable and robust with little input from IT managers. Of course, networks are systems, so they do degrade over time. IT managers in schools spend time and other resources to slow the rate at which networks degrade. One important job in keeping systems operational and secure is updating software, including operating system software, applications, and drivers (which is the software that allows computers to communicate with peripherals such as printers). Sometimes these updates introduce conflicts to the system, so those must be identified and resolved as well.
Occasionally, and despite the best work of IT professions, devices fail in sudden and very noticeable ways; this type of sudden degradation is rarer than the on-going degradation that can make introduce gradual failure, but they do happen. System administrators will troubleshoot malfunctioning systems and repair or replace devices that have failed. A well-documented network map will facilitate the work of configuring replacement, so IT managers can restore a robust and reliable network quickly.
Managing the resources and protecting the data on a network also includes ensuring a disaster recovery plan is articulated, familiar to multiple technology and school leaders, and properly followed when (not if, but when) a disaster strikes. A fundamental aspect of disaster recovery is ensuring data and systems are backed-up to servers that are off-site. Many school IT manager contract with services that specialize in backing up the information in organization’s LAN’s on redundant servers.
Managing network resources also includes investigating proposed changes and upgrades to the system to ensure existing functions are preserved and that new systems are compatible with existing systems. Incompatibilities most often become apparent when operating systems reach the end of life, so they must be replaced. Small schools and early adopters of particular technologies are populations that encounter problematic incompatibilities as well. Small schools tend to purchase student information systems, accounting software, and similar data management applications from publishers whose products are less expensive than others, but that are less likely to be updated. The effect is that these users are locked-in to less than optimal systems by the expense of converting records to new systems.