Friday, July 29, 2011

SOP Friday: Local Docs, My Docs, and Storing Files on the Server

Where are your clients' files stored? This seems like it should be a simple question to answer. But the answer affect network security, keeping track of files, network speed, customer satisfaction, backups, disaster recovery, and more.

We have a very simple process for making most of these potential issues into non-issues.

- Overview -

In the good old days, there was a network operating system called Novell. It worked great for what it did. It really made the modern era of servers and workstations possible. In the days when the Novell ruled the world, there was a primary share on the server (for example, the i: drive or g: drive) and all client data was stored within that.

For example:

At some point, Windows NT began taking over the world. Then Microsoft introduced one of the most cumbersome and ridiculous schemes ever invented to lose data, bloat backups, and create a complete layer of management that was previously unheard of: The "My Documents Folder" - and, worse, the redirection of My Documents to the server!

Very simply, this is one of the stupidest things ever.

I think it's another example of Operating System envy with Apple.

Somebody somewhere came up with the concept that users are too stoopid to manage their own data. They can't know where it "really" is . . . it should just be there. That's fine, if you want to do that on your home computer or you have no server. But in a business environment, it is perfectly okay to know where your data are located, how much there is, and who should have access to it.

Those in favor of redirecting My Documents to the server say, "You can just take care of this with AD and GP." Which sounds great in theory. But there's a still some hassle involved in setting up group policies. And there have been problems from time to time with file redirection and offline files. So it's not trouble-free maintenance.

We have a simple policy: Our clients don't use "my documents" and we don't redirect my docs to the server. Period. End of story.

The primary reason for this is NOT that it can have problems. The truth is, those problems are rare. The primary reason is that Clients are HORRIBLE at managing data. The secondary reason is that clients have low tolerance for the slow networks they create with their bad habits.

Clients synch their video cameras and digital cameras with My Docs.

Clients sometimes protect themselves by saving an entire copy of their C: drive to My Documents.

Clients make backups of backups of backups. Some do this and then get loss in the catacombs they created, so they end up using a backup as the actual "live" source files.

Clients store their MP3's in "documents" instead of "music" as soon as they learn you've excluded "music" from the files being synchronized to the server.

Clients do weird stuff if you let them.

Then they never log off at night because logging ON in the morning takes 97 minutes. They don't know why. It's not their job to know why. But since they never log off and they never log on, they also never get a complete synch. So their mission-critical database is never copied to the server. It's never backed up. And if something goes wrong, they will never see it again.

So we don't let them do that.

- Implementation Notes -

Our basic policy is very straight forward:

1) All company data is stored on the server, in an appropriate folder

2) Desktops are not backed up

3) If you have something on your desktop and you don't store it on the server, then we assume it is not important and we will not worry about it if there's a disaster recovery.

4) Sensitive data (such as finances or personnel) will be in specific folders on the server with security assigned by appropriate groups.

5) If users need folders, we will create them. BUT our very strong preference is that data be in an appropriate folder open to everyone in the appropriate group.

Companies should operate based on the roles people fill, not on the people who fill the roles.

6) On extremely rare occasions, there are files that must exist on a specific machine. These are robocopied to the server each night.

This policy has an advantage in that users are free to have "their stuff" on the local machine and not affect the business. At the same time, you can create a place for "their business stuff" on the server.

- Benefits -

One of the biggest advantages of avoiding the My Documents tangle is that profiles are easy to move during migrations. See Network Migration Workbook for discussion about moving profiles . . . and taking the migration opportunity to move data off the desktops and on to the server where it belongs.

Our experience is that clients really don't care where their data is. That's why they're horrible data managers. It's not important to them. So, putting it on the server in standard directories actually allows you to work with one key employee to manage their data, archive as necessary, and develop a backup strategy that makes sense.

More and more, we want to have systems that use the desktop as a simple access device. In other words, if any desktop computer goes down, the user should be able to log onto any other workstation and just pick up where they left off. That's NOT going to happen if they rely on a roaming profile to synchronize 30 GB of data, 99% of which is totally irrelevant to the job they're doing today.

If we have to manage mini data farms all over the office because people have mission critical files on their desktops, that adds security concerns and backup concerns to the desktop maintenance. Everything's easier, faster, and more secure if we manage it on the server.

- Forms -

There are no specific forms for implementing this SOP. In a future post we'll discuss documenting your backup strategy. There are forms for that. In this case, you just need to write up a nice policy based on the points outlined above.

You should have a discussion with your key contact about moving data to "where it belongs" on the server, backing it up, etc. We like to start this conversation with the phrase "We like to see . . .." That's a powerful tool.

"We like to see . . ." tells your client that you've thought about this. It gives the impression that you've got a standard operating procedure that works. It gives you the confidence to talk in confident terms of about how you can protect the client's data.

Try it. You'll like it.

Your Comments Welcome.

- - - - -

About this Series

SOP Friday - or Standard Operating System Friday - is a series dedicated to helping small computer consulting firms develop the right processes and procedures to create a successful and profitable consulting business.

Computer consultants tend to be very good with computers, of course. But that doesn't make them good with the business side of the business. This series is intended to give you a big step up in creating the business you want to be. After all, the best way to become the business you want to be is to start behaving that way now.

This is also a debate at times. So feel free to post your comments and recommendations. If you have alternative "standard" operating procedures, please share them as well.

This series started May 13th. You can find the whole series by simply entering SOP Friday in the search box above (the one for this blog, not necessarily Google search).

We have also created an index to the SOP Friday series at Small Biz Thoughts.

- - - - -


Check Out the #1 Best-Selling book on Managed Services ever!

Managed Services in A Month
by Karl W. Palachuk

3nd Edition - Newly Revised and Updated with TEN new chapters

Paperback - Ebook - Audio Book

Unlike some books with old copyrights that sell for $60 or more, this book is 100% up to date and is only $29.95.

Now includes information on making cloud services part of your managed service offering!

Learn More!

Thursday, July 28, 2011

Seminar: Making Money in the Small Business Cloud

SMB Nation Preday Event
- September 29, 2011

Well, it's time to re-launch the SMB Preday site - the one location for info on "preday" events for the SMB Nation conference. Please visit

We have our seminar up. As we learn about additional opportunities, we'll post those as well.

Please join me in Las Vegas for the big SMB Nation Preday show. We will focus entirely on moving into cloud services AND making money while doing it.

The program starts at 9 AM on September 29th.
Location: The Imperial Palace Casino/Hotel
The price of admission includes six hours of education, plus lunch!

We are very pleased to have Intel join us as a sponsor.

Six hours of content - all focused directly at cloud services.
Making Money in the Small Business Cloud
Learn about the best tools and services to combine in your cloud service offering.

Many of us have made a living selling, installing, and maintaining Microsoft's Small Business Server. But now as we begin to integrate cloud services we need to figure out how to make that transition in an orderly - and profitable manner.

Please Register Today

Early Bird Registration: Only $199 per person.
Among other things, we're going to talk about . . .
  • Specific offerings you can use to make money
  • Marketing and promotion
  • The effect on your personnel and operations
  • The practical side of building your own, reselling others' solutions, and simply being an agent for another product
  • How to restructure what you do for greater success in the cloud
  • and more!
Plan Now to arrive a day early and add some major laser-focused content to your SMB Nation experience.

Many of us have made a living selling, installing, and maintaining Microsoft's Small Business Server. But now as we begin to integrate cloud services we need to figure out how to make that transition in an order - and profitable manner.
- - - - -
Register now for this GREAT event! Register Right Now
Buy Now

Money-Back Guarantee:

If you are not 100% satisfied with the content of this seminar, we will happily refund the entire cost of your registration!
Small Biz Thoughts Seminars are guaranteed to provide you with useful information that will Make or Save you money right away!

About Karl:
Karl W. Palachuk has been an I.T. consultant in Sacramento, CA since 1995. He owns KPEnterprises, and is the Senior Systems Engineer at America's Tech Support in Sacramento, CA. He has experience running support services for companies from one person to some of the largest companies in the world.

As a leader in the development of network documentation and managed services, Karl is a very popular speaker in the SMB Consulting Space. Since January of 2010, Karl has been the host of the The Cloud Services Roundtable, a broadcast / podcast dedicated to spreading information about cloud services to the SMB Community.

Karl has developed a series of successful and profitable cloud service offerings at KPEnterprises and America's Tech Support.
- - - - -

Register now for this GREAT event!
Register Right Now
Buy Now

For less than the cost of two hours of technical support, you'll receive four hours of focused training AND lunch. What a great way to kick off your SMB Nation experience.


Monday, July 25, 2011

Google TV Goes Out with A Whimper

There's an old maxim in business: Shout victories from the hilltops and quietly walk away from failures.

Last Fall, after spending some time with no TV, I bought a TV and a "Google TV" Sony Blue Ray DVD player. I had Internet only from the cable company. No phone. No TV service.

Google TV promised me the world, as delivered by programming over the Internet. This is cool because the technology clearly exists. I can get programs galore on Netflix, Amazon on Demand, and Hulu. It had the added bonus of instant Pandora.

But the real promise of Google TV is that they were going to strike deals with ABC, NBC, CBS, Fox, Hulu, and others. In other words, they were going to let to buy all those channels individually and in packages. No crappy cables. No extra boxes. No extra remote controls.

Now, after almost a year, . . . I got nothin.

Netflix works great. I pay for that separately. Manage it through my computer. But I could be watching Netflix over the Internet with my Wii. So I don't need Google TV for that.

Hulu hasn't struck a deal with Google.
ABC hasn't struck a deal with Google.
NBC hasn't struck a deal with Google.
CBS hasn't struck a deal with Google.
Fox hasn't struck a deal with Google.
MS-NBC hasn't struck a deal with Google.
Turner hasn't struck a deal with Google.
ESPN hasn't struck a deal with Google.


I can't event browse to those places with the built-in Chrome browser and watch their Free over-the-Internet programming because they block it from that device. You can hack the device, but they keep figuring out the hacks and blocking again. Spy vs. Spy.

The bottom line: Google has quietly died while no one was watching (so to speak).

Their blog is dead. Their support forums are abandoned.

Netflix is easier on the Sony Blue Ray box than on the Wii, but not enough to justify owning it.

Like Microsoft TV before it, Google TV just couldn't put it all together. The funny thing is, delivering TV by the old method makes absolutely no sense in the 21st Century. So this kind of technology just has to win eventually.

My suspicion is that it will work perfectly as soon as

1) "Internet TV" is pushed by a major cable company
2) They start selling into territories owned by other cable companies

Current law prohibits that. But that law was created to please the cable companies. The law that replaces it will have the same lobbyists on staff.


Sunday, July 24, 2011

SOP Friday: Index to the Series

Note: This original post only listed articles published as of that day. The permanent index to the series is at

- - - - -

The SOP Friday series has been very popular. Thank you to everyone who gave me feedback and props. I appreciate it. Please tell your friends, post it on forums, Tweet about it, and shoutout on Facebook. Thank you.

In case you missed it, I've been doing a series since May of this year called SOP Friday - or Standard Operating Procedure Friday. It's a series dedicated to helping small computer consultants develop the right processes and procedures to create a successful and profitable consulting business.

The 12th article in the series is scheduled to post on Friday, July 29th. So it makes sense to give you some kind of an index by subject so you don't have to go looking through the blog to find the content you're looking for. I have posted the table of contents for the series at
Small Biz Thoughts on a static page so it's easy to find.

Of course you can always subscribe to this blog on Feedburner and you'll never miss a post.

The official table of contents page for the blog series has links to all the articles. But here's a plain list in case you're interested in knowing what you missed so far:

Original Date / Article Title

May 13 = SOP Friday: The !Tech Directory

May 20 = SOP Friday: Date Formats

May 27 = SOP Friday: Working in Real Time

June 3 = SOP Friday: Service Ticket Updates

June 10 = SOP Friday: Approved Tools

June 17 = SOP Friday: Nuking and Paving

June 24 = SOP Friday: Used Equipment and Warranties

July 1 = SOP Friday: New PC Checklists

July 8 = SOP Friday: Troubleshooting and Repair Logs

July 15 = SOP Friday: Router and Firewall Configurations

July 22 = SOP Friday: Responding to Viruses

And here is the schedule of articles to be published in the month ahead:

July 29 = SOP Friday: Local Docs, My Docs, and Storing Files on the Server - Coming Soon

Aug 5 = Hourly vs. Salary Employees

Aug 12 = Service Ticket Statuses to Use and When to Use Them

Aug 19 = Setting Job Priorities

Aug 26 = How Do Service Requests Get Into Your System?

Please bookmark that page, check back often, and let me know if you have any feedback on the series.


Friday, July 22, 2011

SOP Friday: Responding to Viruses

Ugh. We all hate viruses. They represent that rare I.T. problem that can be challenging but not rewarding. When you conquer most problems, you emerge with a better system, a faster network, more storage, . . . or something worthwhile. When you conquer a virus, you just get to use your computer again.

Modern viruses (worms, trojans, etc.) can be almost unbelievably destructive. They can infect every pore of a system - dll's, registry, O.S. files. Everything.

And more importantly, modern viruses can can HUGE amounts of time to fix. And sometimes they can't be fixed. And that means they can be extremely unprofitable! When a new computer with a fast processor and all the software you need is less than $1,500, there's a limit to how many hours you want to spend "fixing" viruses.

A standard operating procedure is in order.

SOP Friday: Responding to Viruses

- Overview -

Unlike the SOPs we've discussed so far, this one is strictly defensive in nature. How do you restore the machine, keep the client happy, provide a timely response, and make money (or at least not lose money)?

More than anything, virus protection is most successful when you are very well prepared. That means the right hardware, the right software, the right configurations, the right customer training, and the right practices. All of that makes it possible for you to have the right response. Without adequate preparation, there may be no good response. Let divide this world of preparation so we can conquer it.

First, you need to lay the groundwork with hardware and software. If you're a managed service provider, your life gets pretty easy here. If you're not, then you just have to convince your clients.

Note: Some of these "policies" are really the essence of Standard Operating Procedures. We recommend one way of doing things. We push. We cajole. We quote the right tools, etc. We can't force a client to protect their systems. Which leads to one of my favorite sayings:

We can't care more about the client's network than they do.

Our managed services contract (see Service Agreements for SMB Consultants) specifically requires that the client have a good, working firewall that's under warranty or covered by a maintenance agreement. In other words, it's the latest and greatest, and can protect them from new attacks that show up unannounced.

It's amazing how effective hardware firewalls can be at detecting and stopping viruses - even the ones where clients are tricked into "installing" the Anti-Virus 2011 virus. Now, let's be honest. We're talking about a $750 firewall, NOT a $49 firewall. See the discussions around last week's SOP Friday discussion.

As for software . . .

This has two components. First, there's anti-virus software. This one is fairly obvious and takes very little convincing. The main decision is whether you're supplying and annual renewal or a monthly subscription. If you have annual renewals, you need ticklers to remind you to send the invoices.

The other piece of the software puzzle is Newer Programs. Old programs - like Microsoft Office 97 and Windows XP have some vulnerabilities that will never be fixed. Newer programs and operating systems are inherently more secure. Moving clients to the newer stuff is a never ending battle. We are constantly reminding clients that modern software is part of their security.

Hardware, operating systems, and software, must all be kept patched and updated. That means you need to have those processes as part of your maintenance plan, whether on managed services or not.

Imaging Machines

We do not currently image desktop machines. Our policy is that machines should be properly maintained, we limit our exposure to virus incidents, and we fix machines when a virus hits.

On related notes, it is our policy that we do NOT redirect My Documents to the server. We don't encourage clients to use My Docs. All information that's important needs to live on the server. Period. The server is on redundant drives and backed up. The desktops are essentially disposable.

Having said that, I have often heard people say that they image desktops and use them to restore from virus attacks. This sounds great as long as the desktop never changes. If you need to restore an image and then run all the updates since the image was refreshed, it may not save you any labor.

Imaging is a viable option. We just don't happen to practice it.

Note: We DO allocate space to let Windows store previous versions so we can roll back to before the Virus hit. That has saved our bacon more than one. Just remember to do it.

Client Education

There are two kinds of client education related to viruses. First, there's education on your contract/agreement and what your response will be. Second, there's training on how to avoid viruses and what to do when one hits.

Our contact is very clear on this point: All maintenance, including all software installations, must be performed by an employee of America's Tech Support. So, when a client installs a virus on their computer, it is not covered by the managed services agreement.

Now, the truth is, we're going to believe the client that it's an accident and fix the first incident for free. But we're also going to make it very clear that they next one is on THEM. They'll get a bill for X hours at $00.00/hour. But we'll also make sure they know the next one will be for $150/hour.

Client education consists of emails, memos, newsletters, harping, haranguing, and whatever else we need to get across a few simple points:

1) You already have an anti-virus program. You don't ever need to install another one, no matter what pops up in front of you.

2) Whenever you receive an email with an attachment and you did not ask that person to send you that attachment, Delete It!

Period. I don't care if it's your mother or your boss. If need be, email them back and ask if they sent it.

3) Whenever you receive email with links that look urgent, do not click on them. Go to the appropriate web site yourself by typing the regular address into your browser (e.g., your bank). Log in. If there's an urgent matter that needs your attention, it should be flashing in front of your face. Delete the email.

4) If you're browsing the web and a window opens up by itself, click the Red X in the upper right hand corner. Do not click . . .

- Yes
- No
- Accept
- Decline
- Close
- Unsubscribe

or anything else. Just click the Red X to close the window. If you feel violated, reboot your computer.

5) If you get an infection, log off of your computer. If you can't log off, restart the computer (force a power down and restart) and do NOT log on. We need the computer on to connect remotely.

The Bottom Line: Educating your client about your policies and their expected behavior will help limit your liability/exposure during a virus infestation.

Stand Firm by your processes and procedures. 99% of modern viruses are stopped by almost any anti-virus software . . . until the user clicks OK. In other words, it is almost always the user doing this to themselves. They need to understand that.

Standardized Response

So . . . when you finally get a service ticket about a virus infection, what do you do? Here's a rough outline of our process.

1. As with any ticket, determine the urgency and assign a priority level.

2. Have a discussion with the client. Remind them about the policies. Verify the maximum number of hours we will put into fixing a machine before we move to billable labor. Request how many hours of billable labor are acceptable before the client wants us to stop working on the issue and simply re-install the O.S.

It is very important that you agree on limits to your time and to what happens when you reach those limits.

3. Connect to the machine remotely and log on in safe mode.

We do this with Zenith Infotech and LogMeIn. Other programs may provide similar functionality, including machines with Intel V-Pro network cards and LogMeIn.

If you don't have such remote access, then you'll need to be onsite. In either case, log on in safe mode. This will stop user-specific viruses from continuing to cripple the machine.

4. Attempt to clean the machine with your standard company-approved tools. These may include Trend, Symantec, AVG, Hit Man Pro, or whatever your decides is the best fit for you.

5a. If that appears to work, reboot the machine, log on as the user, and attempt to verify that the virus is gone.

5b. If that appears not to work, attempt to restore the machine to an earlier version running the tools built into the operating system. If you know the day the machine was infected, you should be able to restore to a previously working version.

6. If you believe the virus has been cleaned, apply all appropriate updates, and create a new restore point.

- Implementation Notes -

Implementing this policy can be very troublesome. Many clients insist that local users have admin rights. That's now always in their best interest. If you're losing money every time they get a virus, then it's not in your best interest either.

If a client allows themselves to be infected more than once, you really need to take them out of the local administrator's group. This might mean that the client needs to pay you to install a few programs here and there, but the cost is very small compared to a four-hour bill for fixing viruses.

As I mentioned earlier, an appropriate response means the right hardware, the right software, the right configurations, the right customer training, and the right practices. That means you need to really think through these processes and push them on to employees and clients every time there's a virus.

Note on "All You Can Eat"

I have never been a fan of "All you can eat" managed services. After sixteen years in this business, I know "all" some clients can eat is my entire company! Fighting viruses is a perfect example of that. You need to limit your losses with good processes and policies.

- Forms -

There are no specific forms for implementing this SOP. You might write up a brief description of the procedure and put it into your SOP or binder.

This kind of policy requires that everyone on the team

1) Be aware of the policy

2) Practice the policy

3) Correct one another's errors

4) Support one another with reminders

Your Comments Welcome.


Want to figure out how to make money with Cloud Computing?

Join the Cloud Services Roundtable today and listen a great series of podcasts!

Friday, July 15, 2011

SOP Friday: Router and Firewall Configurations

In the last several SOP Friday postings we've tackled some of the bigger-picture policies for the your I.T. company. This week, and for the next few weeks, we'll look at some very specific policies. I want to make sure you see that SOPs - Standard Operating Procedures - are not just big, bold statements.

Sometimes, the most important policies and the little, daily routines that can save your bacon in the long run.

A great example of this is Router Configurations and Firewall Configurations. Note: I might sometimes use the term "router" by itself. Assume we're talking about routers and firewalls throughout.

SOP Friday: Router and Firewall Configurations

- Overview -

Routers and Firewalls are interesting equipment. They are critical to our success, critical to the client's network, and completely ignored. At least they're ignored when they work perfectly!

If there's any general "problem" with modern routers, it's this: They almost NEVER need attention. But when they do, it's needed urgently. As a rule, we set up routers and firewalls when they're new. They we don't touch them until a specific changed is needed (e.g., mapping at external IP to an internal IP), or the client changes ISPs.

Aside from being competent to configure these devices (not the topic here), you really only have two issues with routers and firewalls:

1) You can't get in because you don't have the logon credentials

2) The configuration gets nuked (by electronics, by accident, by a fool who works for a company other than yours)

Luckily, these can be solved with documentation and a couple of very simple SOPs - Standard Operating Procedures.

Documentation Rules!

Okay, let's be honest. One of the most frustrating things about this profession is to come across a router that is totally useless because the previous technician . . .
1) Didn't change the passwords
2) Didn't write down the passwords, OR
3) Left and won't give you the passwords.

This happens ALL the time. I don't know why these people aren't sued by business owners every day. It's amazing to me. I know they think they're somehow protecting their jobs. But the fact that you're here cracking into their router suggests that they've lost that battle.

Anyway . . . Grrr . . .

We have an easy way of never losing the passwords and logon information to the routers/firewall: Use your label maker to put the logon credentials on the bottom of the device. As long as you're at it, label the Router "Router" and label the firewall "Firewall." That will help your clients locate them when you need to walk them through a reboot over the phone.

Some people get in an uproar about putting the password on the bottom of the device. Unless this client ALSO has a web cam connected to a web site, pointed at the bottom of the router, there's no way for someone on the Internet to break into their system just because you put a label on the router. It can't happen.

But what CAN happen is that you get hit by a bus and your client (or another tech) can't get into their own firewall.

The next level of documentation is to fill out the Router or Firewall configuration form (see sample forms in The Network Documentation Workbook). Basically, this form includes logon info, IP addressing, route mapping, access rules, QOS information, etc. The Router or Firewall configuration form goes in the Network Specs section of the Network Documentation Binder.

The final step of documentation is to add this information into your PSA system. We have documentation divided into various categories. Routers and Firewalls go under "hardware" and include a summary of all relevant configuration information. The most important piece of this is the administrator user name and password.

Backup Rules!

Once you have a router/firewall set up - or any time anyone changes anything - you need to back up the configuration. Our standard procedure is this:

- Before you make any changes, back up the router to the c:\!Tech\Hardware\Network directory on the primary server. This is always accessible from the inside network, so it's a perfect place to put it. The file name should be in the format of YYYYMMDDxx, where xx is an increment for the day.

For proper date formats, see SOP Friday: Date Formats.

- After you make any changes, back up the router to the c:\!Tech\Hardware\Network directory on the primary server. Same file name format.

This before/after routine makes absolutely certain that you can go back to where you were before you touched the device. Yes, according to this procedure there should be a backup already. But you're being very cautious because it takes three minutes and you're a belt-and-suspenders kind of technician!

Note the increments: You might need to make several changes, test them from outside the network, reboot lots of equipment, etc. You may have three or four configurations if you get into a troubleshooting mode. the xx increment is very important. Don't keep backing up over the same file: If something goes wrong you could lose the new and the last version. Slow down, get more done.

Once you're done for the day, you can upload this config file to your PSA system as a document. That way, you have just one more backup in case something happens to that server.

Note on file names: You might also append a note to the file name. For example, "2011071502 firewall after new terminal server install.config"

Note on cheap firewalls (routers). If you have a firewall (router) that does not have a tool for backing up the configuration, send an email to your sales manager, asking him to send the client a quote for a real firewall (router).

A Couple More Notes

We also have a couple of minor SOPs to make life a little easier with firewalls and routers.

First, we really try to stick with two brand name vendors and only sell business-class equipment. I don't want any clients relying on $40 firewalls and wondering why they're not getting the performance they deserve. I want something with a good warranty, good documentation, and a good reputation with partners.

Second, we configure routers and firewalls so that they can only be configured from inside the network. That means we have to be on site, or we remote into the server and then open the firewall configuration page. Most ISPs require that they can get to your router from the outside, but most lock this down to access from within their network. So that's cool.

We also have policies about IP Address allocation and configuration, but that's a topic for a future SOP Friday.

- Implementation Notes -

You will need a configuration checklist for routers and one for firewalls. You will also need the configuration form discussed.

The checklist and configuration forms should be printed at the same time since you'll go through them together. The checklist will lay out all of the steps we mentioned above as well as specific procedures for your company. You may even have one for each brand (e.g., SonicWall vs. WatchGuard) so you can be very precise in you click-by-click instructions.

When you first start to deploy with this method, you might even put specific instructions in the service ticket. Call out that the tech will back up the configuration, map the IP addresses, change the access rules, save the config, and backup again.

If there has ever been a great argument for why you need a printed Network Documentation Binder, it's router configurations. When there's no Internet, or you're between ISPs, then keeping this information on your cloud drive or SharePoint is totally worthless.

Depending on your forms, you might have a little extra space. That's a good place to list out some commonly used port numbers as a reference for your technicians. This is particularly true with SBS and some newer technologies that use non-universal port numbers.

Who Needs To Know?

At the beginning of this article I mentioned that we tend to set up routers (firewalls) and then not touch them for a long time. As a result, you are NOT likely to remember every setting on every router at every client. Documentation is extremely important. Documenting the PROCESS that makes that documentation possible is also critically important.

You probably have one tech who is the "guru" and handles most router/firewall configurations. It doesn't have to be that way, especially with modern equipment, which is pretty easy to configure. Having a good SOP allows you to train other techs very easily.

Your Comments Welcome.


SMB Books, Audio Programs, and More 

100% Small Business I.T. Focused 
- Technical - Business - Marketing - 
- Managed Services - Cloud Computing - 
- Network Migrations - Sales - 

All these resources and more. 

SMB Books is THE resources for the small business IT consultant who wants to move up to the next level. 

Sunday, July 10, 2011

News and a Boatload of Resources From Suzanne Lavine

Got a message from my old friend Suzanne Lavine, now Partner Territory Manager for the NorCal territory of Microsoft.
If you're not on her mailing list, do yourself a favor and get on it. Email [email protected]. the resource list at the end of this email should give you a hint of why you should be on her list.
    Hello Northern California Partners!
    It’s the beginning of Microsoft’s new fiscal year and with a new year come some changes. Beginning this month, I’ll be back in the NorCal territory as the Partner Territory Manager (= teaming with resellers and Cloud partners).
    Below is a list of resources for all partners. If you are a reseller and need additional information, please feel free to email me. As many of you know, I’m a mobile employee working from Southern Oregon. My plan is to be in the Bay Area approximately every 6 weeks. If you would like to meet in person, please let me know.
    To be deleted from any future email notifications, just reply with “remove” in the subject line. If you know of others in your organization who would benefit from staying in touch with me, please pass on my contact information.
    Suzanne Lavine

[email protected]
Microsoft West Region Partner Territory Manager
415 972 6434 office
Heads Up! I will be at our Worldwide Partner Conference through July 15th so please do not expect quick response during this time. Also on vacation July 18 & 19 – rafting the Rogue.

• Microsoft Partner Network (MPN) Experts at 1-877-254-6825 or [email protected]

• 1 800 MPN SOLVE / 1 800 676 7658

• Competitive Sales Assistance (CSA) 800 426 9400 6 am – 6 pm PST, Registered Partners ext 88827 - Certified/gold Partners ext 82973

• Business Critical Support 888 677 9444 Issue Resolution

• Microsoft OEM Internet Business support team [email protected]

• License Activation Team (888) 571-2048 Sales Opportunities

• COIT Resource Page:

• Renewal Center: Websites

• BPOS – Business Productivity Online Suite

• Microsoft Gear Up (Sales info, configurators, Product info, Training, etc ) • Small Business Channel Community

• Subscriptions & Profile Center

• West Region & Local Event Notification

• Pre-Sales Competitive Sales Support

• Join IAMCP (International Association of Microsoft Certified Partners) – Get Networked!

• Frontline Partnership (HP & Microsoft) Training

• Partner Learning Center

• Microsoft Partner Learning Plans

• Partner Marketing

• Ready To Go Campaigns

• Marketing Services for Partners and

• Resource for volume license special offers

• Ordering Logo Items for Partners: Local Event Notifications via Email Newsletter

• Training & Other Local Events via Newsletter - email name, address, company name & partner level to your area’s PCM.

• West Region information email [email protected]

• NorCal site for presentation materials, training Small Business Specialist Certification

• For more information:

• To enroll:

• Small Business Customer

• User Group

• Small Business Summit:

• Licensing Webcasts: Details, links, & times on Blog:


• SBS-Community:

• Some SBS blog links:
Karl Palachuk -

Stuart Crawford -

Dave Sobel -

Erick Simpson -

Vlad Mazek -

Mark Crall -

Arlin Sorenson -

Tavis Patterson -

• SA benefits issues: [email protected] or by phone at: 1-866-230-0560 English


• Authorized Distributors:

• Download current Open License Business ERP Pricelist at:

• Download full SA benefits chart at:

• Resources you should use:

• Find out more about Open License Programs at: 

• MS Financing –

• Small Business Desktop Advantage Sales Forums:

• Open Business (

• Open Value (

• MVLS Web site (

• eAgreement tool (

• Influencer Program: Feedback

• Certified and Gold partners can submit their own issues to the Response Management Team at Promote Your Business/Teaming with Other Partners


• To Find a Partner to Team with:


Friday, July 08, 2011

SOP Friday: Troubleshooting and Repair Logs

In the last SOP Friday post - New PC Checklists - I mentioned the TSR Log or Troubleshooting and Repair log.

The TSR Log is an extremely valuable tool for tracking issues, working with tech support from vendors, and documenting your work. We use a TSR Log whenever we build a server, when we call any vendor, and when a tech has worked on any issue for more than 30 minutes without making progress.

For newer technicians, we might require a TSR Log for any issue that causes more than 15 minutes work without progress.

In addition to being a GREAT documentation tool, the TSR Log is a great way to learn troubleshooting. It forces the user into thinking rigorously and documenting in such a way that you can effectively seek assistance from your co-workers or "tech support" on the other end of the phone.

SOP Friday: Troubleshooting and Repair Logs

- Overview -

A few years ago, I posted a commentary about one of our key philosophies for success: Know What You Know. One of the important tools you have to help in this endeavor is the TSR Log.

With a TSR Log, you can state very clearly what you've tried and what the results were. You can make a change and then undo it with confidence because you have a map of where you've been. This is perfect for working with a manager, another technician, or a vendor.

If you own the Network Migration Workbook, you'll find a sample TSR Log in each of the checklists. We use a TSR Log every time we build a new server. It's great documentation . . . and more.

If anything goes wrong, you’ll be able to document exactly what happened and where it happened in the process. This is very handy if you find yourself rebuilding that server from scratch some day. You’re going to hit the same snag and it will be very handy to have quick access to the solution.

A TSR Log helps you keep very accurate information about how long it actually takes to build a server. This number will change over time as you gain experience and Microsoft releases updates. But even though this is a bit of a moving target, the more accurate your information, the more profitable you can make your next migration! (This is true because your time estimates will be more accurate.)

From that book, here's part of our description of the TSR Log:
    "First, we need to make sure that we’re not continually performing the same 'fixes' again and again. If you keep track of what you’ve tried, in a systematic manner, you can eliminate causes for whatever problem you’re troubleshooting. Second, when someone comes to help you (a team member, an outside consultant, or a vendor), you can relay exactly what you have and have not tried. Sometimes vendors insist on going over the same ground, but you can stop them from going over the same ground more than once! Excellent records about what you’ve done can also help you get a problem escalated more quickly (sometimes). Third, when you need to go over a problem with a client, you will have excellent records about what you did, what you didn’t do, who was involved, and how long it took. This is all good information."

- Implementation Notes -

Implementation of this SOP is easy to initiate. But it can be difficult to get everyone on the team to go along with. Over time, you need to support one another by asking "Did you have a TSR Log?" For us, this is important enough to impact quarterly reviews. If the service manager asks to see a TSR Log and there isn't one, that's a potential career-ending incident!

First, you'll need a form (see next section). We post ours in .pdf format on our SharePoint site so technicians can access it easily. We also require technicians to carry one printed out and ready to go at all times. We require them to use a TSR Log whenever they have been “stuck” on a problem for any amount of time.

Second, to use the TSR Log, you need to simply fill out some key data and then proceed to take notes. There are two "triggers" for taking notes. One is whenever something significant happens. For example, when the server is rebooted, when a change is made, when an error occurs.

The second reason you enter something in the log is simply when you pass a fifteen-minute mark. Never let more than 15 minutes pass without an entry. It might simply be "Setup continued to unpack files." That way you know you didn't simply forget the log. But, more importantly, it will really help you pinpoint when things "go wrong" during an installation, configuration, troubleshooting, etc.

Once you have TSR Logs that have actually been used by technicians to solve problems, you'll need to deal with them properly. That means keeping all related notes together with the TSR Log. If you worked with a vendor to solve a problem, request a copy of their notes by email. This is true of Microsoft, Trend, HP, or anyone else you deal with.

Over time you'll see that your notes are MUCH better than theirs! Attach a copy of those notes to this document.

When the issue is resolved, three hole punch this document and place it in the Tech Notes section of the Network Documentation Binder (see The Network Documentation Workbook for a description of the Network Documentation Binder.

No. Having a PSA system does NOT eliminate the need for an NDB. In the PSA, annotate any related Service Tickets with a brief description of the problem and final resolution. Then simply refer to this TSR log by log number for full details on the issue.

For migration projects and server builds, you should probably keep a photocopy of the TSR Log in a file cabinet at your office. You can file by client/date, or simply keep all TSR logs together in one file drawer. Just make sure you can find it if you need it later.

- Form -

The TSR Log has three sections. At the top are sections for the client and the vendor (if relevant). After that, you simply need a series of lines with a place for date stamps and a line for notes.

Section One: Client
- Client
- Date
- Contact
- Technician
- Phone
- Log #
(The Log Number should be created as follows: # i.e. 2011.07.08.01)
- Description of Issue

Section Two: Vendor
- Support Service
- Required Numbers or Codes
- SR(X)
- Phone Number
- Service Contract
- Date and Time Initiated

Section Three: Notes

____:____ ________________________________________

- Final Notes -

If you're not used to TSR Logs, or rigorous note-taking, this one might be difficult to execute. But stick with it and everyone on the team will get better at some of the most important things you do.

Remember: Most of your LOST labor comes from re-work and disorganized troubleshooting. TSR Logs can help you address both of those issues.

We all know that computers don't act randomly. They can't. So when someone says that errors occur "randomly," they can't be correct. There's a pattern or a cause. We just can't see it.

With TSR Logs, we have a good chance of finding the pattern - and solving the problem - a lot faster!

Your Comments Welcome.


Check Out the Managed Services Operations Manual

Four Volume Set
The Managed Services Operations Manual

by Karl W. Palachuk

Over 1,100 pages - plus lots of juicy downloads

Paperbacks - Ebooks - Audio Books

Standard operating procedures, policies, and practical advice for IT consulting companies of all sizes.

From the author of Managed Services in a Month.

Learn More!

Thursday, July 07, 2011

How to Contact Me

Something major has changed in my life: my email.

Since 1995 I have used one primary email address: karlp @

If there's a fingerprint on the Internet, it's an OLD email address. I used that email back when there were less than 1,000 web sites. Really. It's all over newsgroups. Oooops. No one remembers news group. Real news groups.

My NIC Handle for that email address is KP28. If you're not old enough to remember NIC handles, I assure you that's impressive. It means I'm the 28th person with the initials KP to register a domain on the Internet.

I will personally buy a beer for every person with a two-letter NIC handle with a number less than 28. Send me an email. ;-)

Anyway, that email was founded 14 seconds after I decided on a domain name for my new business - - in 1995. It's posted on web sites, Yahoo groups, meetups, Facebook, twitter, old newsletters archived by spiders on the Internet. It's everywhere.

And now it will begin to fade away.

The branding for our I.T. business is now America's Tech Support. The web site will be at and my email will be karlp@ that address. If you send an email to the old address, I'll see it eventually, but any response you get will be from

The best way to get ahold of me is at That's where you'll find my blog, links to Great Little Book Publishing, etc. karlp at that domain will go straight to my inbox. Of course I might not see it until AFTER Lana, Monica, and John have picked through it looking for emails relevant to their piece of the business. But eventually I'll see it.

How to NOT Contact Me

Please don't send me a note on Facebook (or Twitter or LinkedIn) and expect a response in a timely fashion. Seriously. I can't figure out why people do that. My email is not a secret. A quick Google search of "Karl Palachuk" returns more than 35,000 pages. My email's all over them.

I recently responded to a note my girlfriend sent me on Facebook. She gave me a bad time because she sent that note five months ago. Ooops. Trust me: If I don't respond to her for five months, you have no chance for success. :-)

Anyway . . . is out. is in. is your best bet.

Telephone, Fax, Mail, etc.

There are plenty of other means of contacting me. U.S. postal (snail) mail is certainly going to get my attention. Not an ad or slick, because Mike and Monica will throw those away before I see them. But a sealed envelope with my name on it.

We own a fax machine. It is used primarily for communication with the 1990's. We keep it primarily because we use the phone line for the security system. At some point we'll move to a cell-based connection for that. We just haven't done it.

I don't ever instant message anyone ever. One time I started a program and it started instant messaging. Pretty soon Vlad popped up on my screen with a simply inquiry: "Are you lost?" (True story.) Yes. I was lost. I apologized and disconnected.

At KPEnterprises, I have no telephone. At Americas Tech Support, I have no telephone. I used to have one, but I never used it. I never checked the messages. My voice mail greeting actually said that you need to call Monica if you want to get a message to me. So one day I moved my desk and left the phones behind.

I haven't had a telephone on my desk for most of this year. As far as I know, this has had zero impact on my business.

For Small Biz Thoughts, I have VOIP phone at home that is connected up with the office. This is used primarily for conference calls. I'm not listed on the phone tree. If you accidentally dial my extension, rest assured that leaving a message will do you no good. In June I went through the 17 voicemails left since December. None of the issues were still relevant.

Of course I have a cell phone. As a general rule, I don't answer it. Sometimes I put it on silent mode and forget to change it back for days. I use it for keeping up on email, text messaging, business alerts, and sometimes for Facebook.

Bottom Line: Telephone is not the way to reach me.

- - - - -

I don't think I'm particularly difficult to get ahold of since lots of people manage to accomplish it every day. But I am a firm believer that I am in charge of which communication methods I want to use. Most of these technologies are based on interruption. I prefer not to work based on responding to whoever is most effective at interrupting what I'm doing.

How do you communicate?


Wednesday, July 06, 2011

ChannelPro-SMB . . . Digital Edition

Just in case you didn't get the email . . .

ChannelPro-SMB, one of the great magazines for the SMB consultant, has released their digital edition for July. You need to subscribe, but that's free and easy.

Topics this month include:

- The 5 Most Glaring Gaps in SMB IT. What customers don’t know will hurt their businesses—and maybe yours too.

- Public vs. Private Cloud—Which is Safer? Not surprisingly, the choice is not clear cut. Find out why and then how you should proceed from there.

- E-Learning Solutions in Your Arsenal. Increase revenues and differentiate your business among the competition using an e-learning platform to train customers on your solutions.

With the digital issues, you can easily flip through articles, click hotlinks for direct access to online content, and hope over to advertiser web sites.

To check it out, go to ChannelPro Online. On the right you'll see a button that says

Subscribe to the magazine.


Tuesday, July 05, 2011

Service Agreements Sold Out

I have a bit of happy/sad news to report.

As of this morning, we have exactly two copies left of Service Agreements for SMB Consultants left on the shelf.

We have been working on a reprint, but we have been getting large orders from Amazon. A supply that was supposed to last the Summer is gone.

Our big change includes a few minor differences in delivery.

With the old printer we printed books 1,000 at a time. We also pressed 1,000 CDs and stuck them in the back of the book. As you can imagine, that's a pretty big outlay of cash for a thousand finished books.

Our new printing system is "print on demand" or "publish on demand" - and we'll deliver the electronic content via the shopping cart and web site. As a result, we have minimal up-front costs and only pay for production when books are ordered.

Of course nothing's ever simple. :-)

So, with our new printer, we have to move to a slightly smaller size (1/2" difference in width). That means we need to reformat the text and sample paragraphs a bit. Then, of course, we need to resize the cover, upload it all to the printer, and verify that it all works with the new packaging.

Oh, and the pages number will be different. So the index needs to be re-done so that it remains accurate.

The Bottom Line

If you want a copy of this book right now, then order right now. Amazon asked for a large shipment and we told them we're out of stock for now. We've got a couple of copies on the shelf for direct sale. After that, it will probably be about two weeks before we have more books to sell.

You can buy the electronic version of this book and take delivery right away. But if you want the hard copy, there may be a delay.

If you order the printed version and we're out, Lana will send you a note and ask whether you want the e-book version, a refund, or want to wait for the printed book.

Note: There is no new content in this book. The "new" printing is completely cosmetic and due to the circumstances notes above.

About Service Agreements for SMB Consultants

This book really is "A Quick-Start Guide to Managed Services."

This great little book does a lot more than give you sample agreements. I start out with a discussion of how you run your business and the kinds of clients you want to have. The combination of these -- defining yourself and defining your clients -- is the basis for your service agreements.

Every client engagement is covered by contract law -- whether you write the contract or not.

Your contracts or service agreements are the very definition of the services you offer and the prices you charge. They are the formal definition of your relationship with your clients. There is always the personal side, of course, and that's what keeps small businesses in business. But the basic description of how you operate is defined by your service agreements.

The book includes sample contracts with commentaries. All text, as well as some other great resources, are on the CD-ROM.

Copyright (C) 2005 by Karl W. Palachuk

85 pages


Friday, July 01, 2011

SOP Friday: New PC Checklists

We've all had the "nightmare install" of a new computer. Everything should just work, but it doesn't. Everything should be smooth, but it isn't. Everything seems to be working now . . . until you drive away.

There are few example of Standard Operating Procedures (SOPs) that are more important to an I.T. consultant than the New PC Checklist. If you want to set up every machine the same way, no matter which tech does the work, and have a "perfect" install each time, you need a New PC Checklist.

Let's take a look.

SOP Friday: New PC Checklists

- Overview -

A "New PC Checklist" is just what is sounds like: A checklist for setting up a new computer at a client office. If you don't have one, start today!!!

Setting up new computers is a very common thing in any business. Whether it's a new PC or moving people to new workstations, you need to make sure the hardware and software is set up so your client can sit down and just start working.

You have a certain way that you want machines set up. So do I. The chances that they're the same is about . . . 00.000001%. There are too many variables. Even within your office, different technicians will set up machines differently.

This is bad for several reasons. Uniformity always means greater efficiency. Even doing setup tasks in a different order can increase the time needed to complete the job. Many clients have strange requirements (like a specific combination of patch levels) that need to be maintained.

In addition, of course, every client has a unique set of requirements. One client uses Adobe Acrobat; another uses PDF Complete. Some clients map all printers for all users; others map specific printers for each department. And so forth.

- Benefits -

Checklists also have the following benefits:

Sharing work.
One of the great benefits of any checklist is the ability to put down a job and then hand it off to someone else. One person can start a job at 4 PM and another can pick it up at 8 AM without duplicating work, forgetting anything, or having to start over. This makes it easy to hire temporary assistants from the local I.T. Pro user group. Yes, they could set up a computer "their" way. But with a checklist, they can now set it up YOUR way.

Guarantee that everything gets done.
At small as this sounds, it is critically important. Did you remove all the "free" junkware that shipped with the computer? Did you install the Adobe Reader? Did you remember the shared printer for the label-maker on Josie's workstation?

Guarantee that everything is done in the correct order.
Almost as important as the last point: It can make a huge difference to perform tasks in a specific order. For example, we like to keep machines disconnected from the network until fairly late in the process. That allows us to install all the software before we install the anti-virus. Few things will slow down an install more than a virus scan. Plus, of course, some software works best if you know the optimal order of installation so that newer .dll files don't get replaced by older files due to a poorly-behaved installation program.

You can handle more clients because you don't have to remember the peculiar setup of each one.
Huge. Once you have a template checklist for each client, you can free up your brain cells to work on other things. Knowing that you can just print off a checklist and knock out an installation for any client is a very powerful tool to have in your tool belt.

The bottom line: Consistency. Consistency means profit.

Without a checklist, even you will set up a machine differently every time. The client has no hope.

- Implementation Notes -

First, you need a master New PC Checklist. This will probably be 3-4 pages long, depending on how detailed you are. The master should be good enough to guarantee a good, clean installation on most new (or existing) clients. After all, 90% of what you and I do is the same. It's how we do it, the order in which we do it, and the peculiarities of the specific job that make the difference.

Second, you will create a unique New PC Checklist for each client. The client-specific checklists will include their IP address range, their printer configurations, their software products, and so forth. These lists should be stored on your server. Either on your sky drive, SharePoint, or wherever your company stores files for technicians to access. You can keep a copy at the client site, but "the" master file for each client should be on your server. This is primarily for consistency, but is also handy when you make a change across all lists (clients).

Third, when you start a new installation, the first thing you will do is to read through and make corrections to the New PC Checklist. This is true whether you're setting up one machine or 25. Have you revved from Vista to W7? Is there a newer procedure for the anti-virus? Did the client environment change in some way that affects workstations?

Fourth, if you are setting up more than one machine, you should execute the (revised) New PC Checklist as you set up one machine. That allows you to make notes about all updates and changes. Then you can update the master New PC Checklist for that client and run off copies for each new machine.

Fifth, you print out this checklist and tape it to each machine. At that time, you enter the machine name on the New PC Checklist. This guarantees that there's only one checklist per machine, and you know exactly where it is. Whoever sits down at that machine can begin at the beginning or pick up where someone left off.

Using a Checklist

As strange as it sounds, you need to agree on ONE WAY to use a checklist. You'd be surprised what people come up with. Here's what I recommend:

1) Read the task
2) Execute the task
3) Check the box

I know, I know. What else would you do? But I'm telling you: people are clever.

The worst offenders are those who go through three or four steps and then check the boxes.

The worst offenders are people who "know what they're doing" and execute steps out of order.

The worst offenders are those who sit down, check all the boxes, and then proceed to execute the steps.

See what I mean? The worst offenders are those who want to go fast and NOT follow the process. The process exists for a reason. Trust the process. Love the process. Use the process. The process is your friend. The process will make you rich!

Sixth, if you're working in a team, someone will be the "clean up" expert who tackles the weird stuff that comes up (even though it never should). That person must be able to sit down at any machine in the office and know for an absolute fact what has been done and what has not been done. They may need to back-track a bit. But they will know exactly where they are in the process.

And when that person is not killing monsters, they'll need to be able to jump in as just another technician . . . and pick up exactly where someone else left off.

Seventh, you'll take notes as you go along so you can update the checklist. It's amazing how fast things change. After only 30 days, you'll find that some thing's different. Windows, Office, anti-virus, Internet settings, spam filter, . . . something. So you'll update the checklist and load the update onto your server.

PLEASE don't put this off. You're there. You're in the middle of it. Your mind is fresh. And right now, today, it's billable. If you want a day or two, your notes may be less useful. And you might feel bad about charging for it. Just do it. Make a little, save the client some money in the long run, and make yourself more profit in the long run. Just do it.

- Forms -

The basic form for this is one you probably have in your head. You can begin creating a new one by simply use a Trouble Shooting and Repair log (see discussion and example of TSR log in The Network Migration Workbook). You can also use a blank writing tablet.

Simply write down every single thing you do. Remove the PC from the box. Make sure the cards and memory are tight. Plug into UPS. Etc.

Every little detail.

Wherever you skip specific details, the technician will do whatever makes sense at the moment. Sometimes that's fine. Sometimes is adds an hour to the job, which costs you money.

Once complete, begin using the checklist per the instructions above. Ideally, every technician will have the skills and common sense to improve the checklist every time it's used. Once you put this process in place, it is self-perpetuating because the last item on the checklist is Update the checklist!

This kind of policy requires that everyone on the team

1) Be aware of the policy

2) Practice the policy

3) Correct one another's errors

4) Support one another with reminders

Your Comments Welcome.


Check Out the #1 Best-Selling book on Managed Services ever!

Managed Services in A Month
by Karl W. Palachuk

3nd Edition - Newly Revised and Updated with TEN new chapters

Paperback - Ebook - Audio Book

Unlike some books with old copyrights that sell for $60 or more, this book is 100% up to date and is only $29.95.

Now includes information on making cloud services part of your managed service offering!

Learn More!